From 00213cac1d62b9bcd8b8acd5632351f86db7024c Mon Sep 17 00:00:00 2001 From: Elysa Hall Date: Thu, 23 Oct 2025 23:07:43 +0000 Subject: [PATCH 01/37] CLI examples for cloudformation. --- .../create-generated-template.rst | 50 +++++++++++++ .../cloudformation/create-stack-refactor.rst | 16 +++++ .../delete-generated-template.rst | 10 +++ .../describe-generated-template.rst | 62 ++++++++++++++++ .../cloudformation/describe-resource-scan.rst | 38 ++++++++++ .../describe-stack-refactor.rst | 20 ++++++ .../cloudformation/execute-stack-refactor.rst | 10 +++ .../list-generated-templates.rst | 41 +++++++++++ .../list-resource-scan-related-resources.rst | 47 ++++++++++++ .../list-resource-scan-resources.rst | 30 ++++++++ .../list-stack-refactor-actions.rst | 71 +++++++++++++++++++ .../cloudformation/start-resource-scan.rst | 14 ++++ 12 files changed, 409 insertions(+) create mode 100644 awscli/examples/cloudformation/create-generated-template.rst create mode 100644 awscli/examples/cloudformation/create-stack-refactor.rst create mode 100644 awscli/examples/cloudformation/delete-generated-template.rst create mode 100644 awscli/examples/cloudformation/describe-generated-template.rst create mode 100644 awscli/examples/cloudformation/describe-resource-scan.rst create mode 100644 awscli/examples/cloudformation/describe-stack-refactor.rst create mode 100644 awscli/examples/cloudformation/execute-stack-refactor.rst create mode 100644 awscli/examples/cloudformation/list-generated-templates.rst create mode 100644 awscli/examples/cloudformation/list-resource-scan-related-resources.rst create mode 100644 awscli/examples/cloudformation/list-resource-scan-resources.rst create mode 100644 awscli/examples/cloudformation/list-stack-refactor-actions.rst create mode 100644 awscli/examples/cloudformation/start-resource-scan.rst diff --git a/awscli/examples/cloudformation/create-generated-template.rst b/awscli/examples/cloudformation/create-generated-template.rst new file mode 100644 index 000000000000..9f321fcba5c1 --- /dev/null +++ b/awscli/examples/cloudformation/create-generated-template.rst @@ -0,0 +1,50 @@ +**To create a generated template from scanned resources** + +The following ``create-generated-template`` example creates a generated template named ``MyTemplate`` from scanned resources. :: + + aws cloudformation create-generated-template \ + --generated-template-name MyTemplate \ + --resources file://resources.json + +Contents of ``resources.json``:: + + [ + { + "ResourceType": "AWS::EKS::Cluster", + "LogicalResourceId":"MyCluster", + "ResourceIdentifier": { + "ClusterName": "MyAppClusterName" + } + }, + { + "ResourceType": "AWS::AutoScaling::AutoScalingGroup", + "LogicalResourceId":"MyASG", + "ResourceIdentifier": { + "AutoScalingGroupName": "MyAppASGName" + } + }, + { + "ResourceType": "AWS::EKS::Nodegroup", + "LogicalResourceId":"MyNodegroup", + "ResourceIdentifier": { + "NodegroupName": "MyAppNodegroupName" + } + }, + { + "ResourceType": "AWS::IAM::Role", + "LogicalResourceId":"MyRole", + "ResourceIdentifier": { + "RoleId": "arn:aws::iam::123456789012:role/MyAppIAMRole" + } + } + ] + +Output:: + + { + "Arn": + "arn:aws:cloudformation:us-east-1:123456789012:generatedtemplate/7fc8512c-d8cb-4e02-b266-d39c48344e48", + "Name": "MyTemplate" + } + +For more information, see `Create a CloudFormation template from resources scanned with IaC generator `__ in the *AWS CloudFormation User Guide*. diff --git a/awscli/examples/cloudformation/create-stack-refactor.rst b/awscli/examples/cloudformation/create-stack-refactor.rst new file mode 100644 index 000000000000..0e2d974df7d6 --- /dev/null +++ b/awscli/examples/cloudformation/create-stack-refactor.rst @@ -0,0 +1,16 @@ +**To create the stack definition for a stack refactor operation** + +The following ``create-stack-refactor`` example creates the stack definition for stack refactoring. :: + + aws cloudformation create-stack-refactor \ + --stack-definitions \ + StackName=Stack1,TemplateBody@=file://template1-updated.yaml \ + StackName=Stack2,TemplateBody@=file://template2-updated.yaml + +Output:: + + { + "StackRefactorId": "9c384f70-4e07-4ed7-a65d-fee5eb430841" + } + +For more information, see `Stack refactoring `__ in the *AWS CloudFormation User Guide*. diff --git a/awscli/examples/cloudformation/delete-generated-template.rst b/awscli/examples/cloudformation/delete-generated-template.rst new file mode 100644 index 000000000000..817305663b49 --- /dev/null +++ b/awscli/examples/cloudformation/delete-generated-template.rst @@ -0,0 +1,10 @@ +**To delete a generated template** + +The following ``delete-generated-template`` example deletes the specified template. :: + + aws cloudformation delete-generated-template \ + --generated-template-name MyTemplate + +This command produces no output. + +For more information, see `Generating templates from existing resources `__ in the *AWS CloudFormation User Guide*. diff --git a/awscli/examples/cloudformation/describe-generated-template.rst b/awscli/examples/cloudformation/describe-generated-template.rst new file mode 100644 index 000000000000..e66305302b62 --- /dev/null +++ b/awscli/examples/cloudformation/describe-generated-template.rst @@ -0,0 +1,62 @@ +**To describe a generated template** + +The following ``describe-generated-template`` example describes the specified template. :: + + aws cloudformation describe-generated-template \ + --generated-template-name MyTemplate + +Output:: + + { + "GeneratedTemplateId": "arn:aws:cloudformation:us-east-1:123456789012:generatedTemplate/7d881acf-f307-4ded-910e-f8fb49b96894", + "GeneratedTemplateName": "MyTemplate", + "Resources": [ + { + "ResourceType": "AWS::EC2::SecurityGroup", + "LogicalResourceId": "EC2SecurityGroup", + "ResourceIdentifier": { + "Id": "sg-1234567890abcdef0" + }, + "ResourceStatus": "COMPLETE", + "ResourceStatusReason": "Resource Template complete", + "Warnings": [] + }, + { + "ResourceType": "AWS::EC2::Instance", + "LogicalResourceId": "EC2Instance", + "ResourceIdentifier": { + "InstanceId": "i-1234567890abcdef0" + }, + "ResourceStatus": "COMPLETE", + "ResourceStatusReason": "Resource Template complete", + "Warnings": [] + }, + { + "ResourceType": "AWS::EC2::KeyPair", + "LogicalResourceId": "EC2KeyPairSshkeypair", + "ResourceIdentifier": { + "KeyName": "sshkeypair" + }, + "ResourceStatus": "COMPLETE", + "ResourceStatusReason": "Resource Template complete", + "Warnings": [] + } + ], + "Status": "COMPLETE", + "StatusReason": "All resources complete", + "CreationTime": "2025-09-23T19:38:06.435000+00:00", + "LastUpdatedTime": "2025-09-23T19:38:10.798000+00:00", + "Progress": { + "ResourcesSucceeded": 3, + "ResourcesFailed": 0, + "ResourcesProcessing": 0, + "ResourcesPending": 0 + }, + "TemplateConfiguration": { + "DeletionPolicy": "RETAIN", + "UpdateReplacePolicy": "RETAIN" + }, + "TotalWarnings": 0 + } + +For more information, see `Generating templates from existing resources `__ in the *AWS CloudFormation User Guide*. diff --git a/awscli/examples/cloudformation/describe-resource-scan.rst b/awscli/examples/cloudformation/describe-resource-scan.rst new file mode 100644 index 000000000000..bda035638add --- /dev/null +++ b/awscli/examples/cloudformation/describe-resource-scan.rst @@ -0,0 +1,38 @@ +**To describe a resource scan** + +The following ``describe-resource-scan`` example describes the resource scan with the specified scan ID. :: + + aws cloudformation describe-resource-scan --region \ + --resource-scan-id arn:aws:cloudformation:us-east-1:123456789012:resourceScan/0a699f15-489c-43ca-a3ef-3e6ecfa5da60 + +Output:: + + { + "ResourceScanId": "arn:aws:cloudformation:us-east-1:123456789012:resourceScan/0a699f15-489c-43ca-a3ef-3e6ecfa5da60", + "Status": "COMPLETE", + "StartTime": "2025-08-21T03:10:38.485000+00:00", + "EndTime": "2025-08-21T03:20:28.485000+00:00", + "PercentageCompleted": 100.0, + "ResourceTypes": [ + "AWS::CloudFront::CachePolicy", + "AWS::CloudFront::OriginRequestPolicy", + "AWS::EC2::DHCPOptions", + "AWS::EC2::InternetGateway", + "AWS::EC2::KeyPair", + "AWS::EC2::NetworkAcl", + "AWS::EC2::NetworkInsightsPath", + "AWS::EC2::NetworkInterface", + "AWS::EC2::PlacementGroup", + "AWS::EC2::Route", + "AWS::EC2::RouteTable", + "AWS::EC2::SecurityGroup", + "AWS::EC2::Subnet", + "AWS::EC2::SubnetCidrBlock", + "AWS::EC2::SubnetNetworkAclAssociation", + "AWS::EC2::SubnetRouteTableAssociation", + ... + ], + "ResourcesRead": 676 + } + +For more information, see `Generating templates from existing resources `__ in the *AWS CloudFormation User Guide*. diff --git a/awscli/examples/cloudformation/describe-stack-refactor.rst b/awscli/examples/cloudformation/describe-stack-refactor.rst new file mode 100644 index 000000000000..fa3612dd6982 --- /dev/null +++ b/awscli/examples/cloudformation/describe-stack-refactor.rst @@ -0,0 +1,20 @@ +**To describe a stack refactor operation** + +The following ``describe-stack-refactor`` example describes the stack refactor operation with the specified stack refactor ID. :: + + aws cloudformation describe-stack-refactor \ + --stack-refactor-id 9c384f70-4e07-4ed7-a65d-fee5eb430841 + +Output:: + + { + "StackRefactorId": "9c384f70-4e07-4ed7-a65d-fee5eb430841", + "StackIds": [ + "arn:aws:cloudformation:us-east-1:123456789012:stack/Stack1/3e6a1ff0-94b1-11f0-aa6f-0a88d2e03acf", + "arn:aws:cloudformation:us-east-1:123456789012:stack/Stack2/5da91650-94b1-11f0-81cf-0a23500e151b" + ], + "ExecutionStatus": "AVAILABLE", + "Status": "CREATE_COMPLETE" + } + +For more information, see `Stack refactoring `__ in the *AWS CloudFormation User Guide*. diff --git a/awscli/examples/cloudformation/execute-stack-refactor.rst b/awscli/examples/cloudformation/execute-stack-refactor.rst new file mode 100644 index 000000000000..e083bd3b913e --- /dev/null +++ b/awscli/examples/cloudformation/execute-stack-refactor.rst @@ -0,0 +1,10 @@ +**To complete a stack refactor operation** + +The following ``execute-stack-refactor`` example completes the stack refactor operation with the specified stack refactor ID. :: + + aws cloudformation execute-stack-refactor \ + --stack-refactor-id 9c384f70-4e07-4ed7-a65d-fee5eb430841 + +This command produces no output. + +For more information, see `Stack refactoring `__ in the *AWS CloudFormation User Guide*. diff --git a/awscli/examples/cloudformation/list-generated-templates.rst b/awscli/examples/cloudformation/list-generated-templates.rst new file mode 100644 index 000000000000..30ae27d0d65d --- /dev/null +++ b/awscli/examples/cloudformation/list-generated-templates.rst @@ -0,0 +1,41 @@ +**To list generated templates** + +The following ``list-generated-templates`` example lists all generated templates. :: + + aws cloudformation list-generated-templates + +Output:: + + { + "Summaries": [ + { + "GeneratedTemplateId": "arn:aws:cloudformation:us-east-1:123456789012:generatedtemplate/7fc8512c-d8cb-4e02-b266-d39c48344e48", + "GeneratedTemplateName": "MyTemplate", + "Status": "COMPLETE", + "StatusReason": "All resources complete", + "CreationTime": "2025-09-23T20:13:24.283000+00:00", + "LastUpdatedTime": "2025-09-23T20:13:28.610000+00:00", + "NumberOfResources": 4 + }, + { + "GeneratedTemplateId": "arn:aws:cloudformation:us-east-1:123456789012:generatedTemplate/f10dd1c4-edc6-4823-8153-ab6112b8d051", + "GeneratedTemplateName": "MyEC2InstanceTemplate", + "Status": "COMPLETE", + "StatusReason": "All resources complete", + "CreationTime": "2024-08-08T19:35:49.790000+00:00", + "LastUpdatedTime": "2024-08-08T19:35:52.207000+00:00", + "NumberOfResources": 3 + }, + { + "GeneratedTemplateId": "arn:aws:cloudformation:us-east-1:123456789012:generatedTemplate/e5a1c89f-7ce2-41bd-9bdf-75b7c852e3ca", + "GeneratedTemplateName": "MyEKSNodeGroupTemplate", + "Status": "COMPLETE", + "StatusReason": "All resources complete", + "CreationTime": "2024-07-16T20:39:27.883000+00:00", + "LastUpdatedTime": "2024-07-16T20:39:35.766000+00:00", + "NumberOfResources": 4 + } + ] + } + +For more information, see `Generating templates from existing resources `__ in the *AWS CloudFormation User Guide*. diff --git a/awscli/examples/cloudformation/list-resource-scan-related-resources.rst b/awscli/examples/cloudformation/list-resource-scan-related-resources.rst new file mode 100644 index 000000000000..1150d4799d30 --- /dev/null +++ b/awscli/examples/cloudformation/list-resource-scan-related-resources.rst @@ -0,0 +1,47 @@ +**To list related resources from a resource scan** + +The following ``list-resource-scan-related-resources`` example lists resources from the specified resource scan that are related to resources in ``resources.json``. :: + + aws cloudformation list-resource-scan-related-resources \ + --resource-scan-id arn:aws:cloudformation:us-east-1:123456789012:resourceScan/0a699f15-489c-43ca-a3ef-3e6ecfa5da60 \ + --resources file://resources.json + +Contents of ``resources.json``:: + + [ + { + "ResourceType": "AWS::EKS::Cluster", + "ResourceIdentifier": { + "ClusterName": "MyAppClusterName" + } + }, + { + "ResourceType": "AWS::AutoScaling::AutoScalingGroup", + "ResourceIdentifier": { + "AutoScalingGroupName": "MyAppASGName" + } + } + ] + +Output:: + + { + "RelatedResources": [ + { + "ResourceType": "AWS::EKS::Nodegroup", + "ResourceIdentifier": { + "NodegroupName": "MyAppNodegroupName" + }, + "ManagedByStack": false + }, + { + "ResourceType": "AWS::IAM::Role", + "ResourceIdentifier": { + "RoleId": "arn:aws::iam::123456789012:role/MyAppIAMRole" + }, + "ManagedByStack": false + } + ] + } + +For more information, see `Create a CloudFormation template from resources scanned with IaC generator `__ in the *AWS CloudFormation User Guide*. diff --git a/awscli/examples/cloudformation/list-resource-scan-resources.rst b/awscli/examples/cloudformation/list-resource-scan-resources.rst new file mode 100644 index 000000000000..1b072381806a --- /dev/null +++ b/awscli/examples/cloudformation/list-resource-scan-resources.rst @@ -0,0 +1,30 @@ +**To list resources from a resource scan** + +The following ``list-resource-scan-resources`` example lists resources from the specified resource scan, filtered by resource identifier. :: + + aws cloudformation list-resource-scan-resources \ + --resource-scan-id arn:aws:cloudformation:us-east-1:123456789012:resourceScan/0a699f15-489c-43ca-a3ef-3e6ecfa5da60 \ + --resource-identifier MyApp + +Output:: + + { + "Resources": [ + { + "ResourceType": "AWS::EKS::Cluster", + "ResourceIdentifier": { + "ClusterName": "MyAppClusterName" + }, + "ManagedByStack": false + }, + { + "ResourceType": "AWS::AutoScaling::AutoScalingGroup", + "ResourceIdentifier": { + "AutoScalingGroupName": "MyAppASGName" + }, + "ManagedByStack": false + } + ] + } + +For more information, see `Create a CloudFormation template from resources scanned with IaC generator `__ in the *AWS CloudFormation User Guide*. diff --git a/awscli/examples/cloudformation/list-stack-refactor-actions.rst b/awscli/examples/cloudformation/list-stack-refactor-actions.rst new file mode 100644 index 000000000000..1e0c4e06ae16 --- /dev/null +++ b/awscli/examples/cloudformation/list-stack-refactor-actions.rst @@ -0,0 +1,71 @@ +**To list actions for a stack refactor operation** + +The following ``list-stack-refactor-actions`` example lists actions for the stack refactor operation with the specified stack refactor ID. :: + + aws cloudformation list-stack-refactor-actions \ + --stack-refactor-id 9c384f70-4e07-4ed7-a65d-fee5eb430841 + +Output:: + + { + "StackRefactorActions": [ + { + "Action": "MOVE", + "Entity": "RESOURCE", + "PhysicalResourceId": "MyTestLambdaRole", + "Description": "No configuration changes detected.", + "Detection": "AUTO", + "TagResources": [], + "UntagResources": [], + "ResourceMapping": { + "Source": { + "StackName": "arn:aws:cloudformation:us-east-1:123456789012:stack/Stack1/3e6a1ff0-94b1-11f0-aa6f-0a88d2e03acf", + "LogicalResourceId": "MyLambdaRole" + }, + "Destination": { + "StackName": "arn:aws:cloudformation:us-east-1:123456789012:stack/Stack2/5da91650-94b1-11f0-81cf-0a23500e151b", + "LogicalResourceId": "MyLambdaRole" + } + } + }, + { + "Action": "MOVE", + "Entity": "RESOURCE", + "PhysicalResourceId": "MyTestFunction", + "Description": "Resource configuration changes will be validated during refactor execution.", + "Detection": "AUTO", + "TagResources": [ + { + "Key": "aws:cloudformation:stack-name", + "Value": "Stack2" + }, + { + "Key": "aws:cloudformation:logical-id", + "Value": "MyFunction" + }, + { + "Key": "aws:cloudformation:stack-id", + "Value": "arn:aws:cloudformation:us-east-1:123456789012:stack/Stack2/5da91650-94b1-11f0-81cf-0a23500e151b" + } + ], + "UntagResources": [ + "aws:cloudformation:stack-name", + "aws:cloudformation:logical-id", + "aws:cloudformation:stack-id" + ], + "ResourceMapping": { + "Source": { + "StackName": "arn:aws:cloudformation:us-east-1:123456789012:stack/Stack1/3e6a1ff0-94b1-11f0-aa6f-0a88d2e03acf", + "LogicalResourceId": "MyFunction" + }, + "Destination": { + "StackName": "arn:aws:cloudformation:us-east-1:123456789012:stack/Stack2/5da91650-94b1-11f0-81cf-0a23500e151b", + "LogicalResourceId": "MyFunction" + } + } + } + ] + } + + +For more information, see `Stack refactoring `__ in the *AWS CloudFormation User Guide*. diff --git a/awscli/examples/cloudformation/start-resource-scan.rst b/awscli/examples/cloudformation/start-resource-scan.rst new file mode 100644 index 000000000000..5b26692dd015 --- /dev/null +++ b/awscli/examples/cloudformation/start-resource-scan.rst @@ -0,0 +1,14 @@ +**To start a resource scan** + +The following ``start-resource-scan`` example starts a resource scan that scans all existing resources in the current account and Region. :: + + aws cloudformation start-resource-scan + +Output:: + + { + "ResourceScanId": + "arn:aws:cloudformation:us-east-1:123456789012:resourceScan/0a699f15-489c-43ca-a3ef-3e6ecfa5da60" + } + +For more information, see `Start a resource scan with CloudFormation IaC generator `__ in the *AWS CloudFormation User Guide*. From 2cb1a049369aed1853ac34cc2960c1fc76296cd9 Mon Sep 17 00:00:00 2001 From: SamRemis Date: Wed, 10 Dec 2025 10:12:53 -0500 Subject: [PATCH 02/37] Adds support for expanding host prefix to the BaseRpcV2Serializer class (#9901) --- .../bugfix-Serializers-42643.json | 5 ++ awscli/botocore/serialize.py | 4 ++ tests/unit/botocore/test_serialize.py | 51 +++++++++++++++++++ 3 files changed, 60 insertions(+) create mode 100644 .changes/next-release/bugfix-Serializers-42643.json diff --git a/.changes/next-release/bugfix-Serializers-42643.json b/.changes/next-release/bugfix-Serializers-42643.json new file mode 100644 index 000000000000..58f08a046bd9 --- /dev/null +++ b/.changes/next-release/bugfix-Serializers-42643.json @@ -0,0 +1,5 @@ +{ + "type": "bugfix", + "category": "Serializers", + "description": "Adds support for host prefix to BaseRpcV2Serializer class" +} diff --git a/awscli/botocore/serialize.py b/awscli/botocore/serialize.py index 55a536cf35c7..1b436c7b75c3 100644 --- a/awscli/botocore/serialize.py +++ b/awscli/botocore/serialize.py @@ -989,6 +989,10 @@ def serialize_to_request(self, parameters, operation_model): if input_shape is not None: self._serialize_payload(parameters, serialized, input_shape) + host_prefix = self._expand_host_prefix(parameters, operation_model) + if host_prefix is not None: + serialized['host_prefix'] = host_prefix + self._serialize_headers(serialized, operation_model) return serialized diff --git a/tests/unit/botocore/test_serialize.py b/tests/unit/botocore/test_serialize.py index c05805f2e957..f28228490221 100644 --- a/tests/unit/botocore/test_serialize.py +++ b/tests/unit/botocore/test_serialize.py @@ -614,3 +614,54 @@ def test_restxml_serializes_unicode(self): self.serialize_to_request(params) except UnicodeEncodeError: self.fail("RestXML serializer failed to serialize unicode text.") + +class TestRpcV2CBORHostPrefix(unittest.TestCase): + def setUp(self): + self.model = { + 'metadata': { + 'protocol': 'smithy-rpc-v2-cbor', + 'apiVersion': '2014-01-01', + 'serviceId': 'MyService', + 'targetPrefix': 'sampleservice', + 'documentation': '', + }, + 'operations': { + 'TestHostPrefixOperation': { + 'name': 'TestHostPrefixOperation', + 'input': {'shape': 'InputShape'}, + 'endpoint': {'hostPrefix': '{Foo}'}, + }, + 'TestNoHostPrefixOperation': { + 'name': 'TestNoHostPrefixOperation', + 'input': {'shape': 'InputShape'}, + }, + }, + 'shapes': { + 'InputShape': { + 'type': 'structure', + 'members': { + 'Foo': {'shape': 'StringType', 'hostLabel': True}, + }, + }, + 'StringType': {'type': 'string'}, + }, + } + self.service_model = ServiceModel(self.model) + + def test_host_prefix_added_to_serialized_request(self): + operation_model = self.service_model.operation_model('TestHostPrefixOperation') + serializer = serialize.create_serializer('smithy-rpc-v2-cbor') + + params = {'Foo': 'bound'} + serialized = serializer.serialize_to_request(params, operation_model) + + self.assertEqual(serialized['host_prefix'], 'bound') + + def test_no_host_prefix_when_not_configured(self): + operation_model = self.service_model.operation_model('TestNoHostPrefixOperation') + serializer = serialize.create_serializer('smithy-rpc-v2-cbor') + + params = {'Foo': 'bound'} + serialized = serializer.serialize_to_request(params, operation_model) + + self.assertNotIn('host_prefix', serialized) From 8ac838528faa8596ad798c1f07ab172d1eb2778c Mon Sep 17 00:00:00 2001 From: Ahmed Moustafa <35640105+aemous@users.noreply.github.com> Date: Wed, 10 Dec 2025 12:31:55 -0500 Subject: [PATCH 03/37] Update model-validation tests to describe violations in custom properties (#9823) --- tests/functional/botocore/test_h2_required.py | 13 +++-- .../botocore/test_paginator_config.py | 48 +++++++++++-------- .../botocore/test_supported_protocols.py | 8 +++- tests/functional/test_no_event_streams.py | 14 ++++-- tests/functional/test_shadowing.py | 15 +++++- 5 files changed, 67 insertions(+), 31 deletions(-) diff --git a/tests/functional/botocore/test_h2_required.py b/tests/functional/botocore/test_h2_required.py index 97aa73b58bd5..c0673d8116a7 100644 --- a/tests/functional/botocore/test_h2_required.py +++ b/tests/functional/botocore/test_h2_required.py @@ -19,8 +19,8 @@ 'qbusiness': ['Chat'], 'kinesis': ['SubscribeToShard'], 'lexv2-runtime': ['StartConversation'], - # Added only to keep a record of this feature being incompatible - 'bedrock-runtime': ['InvokeModelWithBidirectionalStream'], + # Added only to keep a record of this feature being incompatible + 'bedrock-runtime': ['InvokeModelWithBidirectionalStream'], } @@ -53,16 +53,21 @@ def _all_test_cases(): @pytest.mark.validates_models @pytest.mark.parametrize("h2_service", H2_SERVICES) -def test_all_uses_of_h2_are_known(h2_service): +def test_all_uses_of_h2_are_known(h2_service, record_property): # Validates that a service that requires HTTP 2 for all operations is known message = f'Found unknown HTTP 2 service: {h2_service}' + # Store the service name in a PyTest custom property + record_property('aws_service', h2_service) assert _KNOWN_SERVICES.get(h2_service) is _H2_REQUIRED, message @pytest.mark.validates_models @pytest.mark.parametrize("h2_service, operation", H2_OPERATIONS) -def test_all_h2_operations_are_known(h2_service, operation): +def test_all_h2_operations_are_known(h2_service, operation, record_property): # Validates that an operation that requires HTTP 2 is known known_operations = _KNOWN_SERVICES.get(h2_service, []) message = f'Found unknown HTTP 2 operation: {h2_service}.{operation}' + # Store the service name and operation in PyTest custom properties + record_property('aws_service', h2_service) + record_property('aws_operation', operation) assert operation in known_operations, message diff --git a/tests/functional/botocore/test_paginator_config.py b/tests/functional/botocore/test_paginator_config.py index 313486e7eb65..8bc38803e306 100644 --- a/tests/functional/botocore/test_paginator_config.py +++ b/tests/functional/botocore/test_paginator_config.py @@ -151,14 +151,23 @@ def _pagination_configs(): @pytest.mark.parametrize( "operation_name, page_config, service_model", _pagination_configs() ) -def test_lint_pagination_configs(operation_name, page_config, service_model): +def test_lint_pagination_configs( + operation_name, page_config, service_model, record_property +): + # Store common details of the operation + record_property('aws_service', service_model.service_name) + record_property('aws_operation', operation_name) _validate_known_pagination_keys(page_config) _validate_result_key_exists(page_config) _validate_referenced_operation_exists(operation_name, service_model) - _validate_operation_has_output(operation_name, service_model) + _validate_operation_has_output( + operation_name, service_model, record_property + ) _validate_input_keys_match(operation_name, page_config, service_model) _validate_output_keys_match(operation_name, page_config, service_model) - _validate_new_numeric_keys(operation_name, page_config, service_model) + _validate_new_numeric_keys( + operation_name, page_config, service_model, record_property + ) def _validate_known_pagination_keys(page_config): @@ -185,10 +194,14 @@ def _validate_referenced_operation_exists(operation_name, service_model): ) -def _validate_operation_has_output(operation_name, service_model): +def _validate_operation_has_output( + operation_name, service_model, record_property +): op_model = service_model.operation_model(operation_name) output = op_model.output_shape if output is None or not output.members: + if output: + record_property('shape', output.type_name) raise AssertionError( "Pagination config refers to operation " f"that does not have any output: {operation_name}" @@ -212,13 +225,9 @@ def _validate_input_keys_match(operation_name, page_config, service_model): limit_key = page_config['limit_key'] if limit_key not in valid_input_names: raise AssertionError( - "limit_key '{}' refers to a non existent " - "input member for operation: {}, valid keys: " - "{}".format( - limit_key, - operation_name, - ', '.join(list(valid_input_names)), - ) + f"limit_key '{limit_key}' refers to a non existent " + f"input member for operation: {operation_name}, valid keys: " + f"{', '.join(list(valid_input_names))}." ) @@ -238,7 +247,8 @@ def _validate_output_keys_match(operation_name, page_config, service_model): else: if output_key not in output_members: raise AssertionError( - f"Pagination key '{key_name}' refers to an output " + f"Pagination key '{key_name}' for operation " + f"{operation_name} refers to an output " f"member that does not exist: {output_key}" ) output_members.remove(output_key) @@ -255,16 +265,15 @@ def _validate_output_keys_match(operation_name, page_config, service_model): f.write(f"'{key}',\n") raise AssertionError( "There are member names in the output shape of " - "{} that are not accounted for in the pagination " - "config for service {}: {}".format( - operation_name, - service_model.service_name, - ', '.join(output_members), - ) + f"{operation_name} that are not accounted for in the pagination " + f"config for service {service_model.service_name}: " + f"{', '.join(output_members)}" ) -def _validate_new_numeric_keys(operation_name, page_config, service_model): +def _validate_new_numeric_keys( + operation_name, page_config, service_model, record_property +): output_shape = service_model.operation_model(operation_name).output_shape for key in _get_list_value(page_config, 'result_key'): current_shape = output_shape @@ -279,6 +288,7 @@ def _validate_new_numeric_keys(operation_name, page_config, service_model): and (service_model.service_name, operation_name) not in KNOWN_PAGINATORS_WITH_INTEGER_OUTPUTS ): + record_property('shape', current_shape.name) raise AssertionError( f'There is a new operation {operation_name} for service ' f'{service_model.service_name} that is configured to sum ' diff --git a/tests/functional/botocore/test_supported_protocols.py b/tests/functional/botocore/test_supported_protocols.py index f14bb9a2ec97..901202e47a88 100644 --- a/tests/functional/botocore/test_supported_protocols.py +++ b/tests/functional/botocore/test_supported_protocols.py @@ -51,9 +51,11 @@ def _single_protocol_test_cases(): _multi_protocol_test_cases(), ) def test_services_with_protocols_trait_have_supported_protocol( - service_name, supported_protocols + service_name, supported_protocols, record_property ): message = f"No protocols supported for service {service_name}" + # Store the service name in PyTest custom properties + record_property('aws_service', service_name) assert any( protocol in PRIORITY_ORDERED_SUPPORTED_PROTOCOLS for protocol in supported_protocols @@ -66,7 +68,9 @@ def test_services_with_protocols_trait_have_supported_protocol( _single_protocol_test_cases(), ) def test_services_without_protocols_trait_have_supported_protocol( - service_name, supported_protocol + service_name, supported_protocol, record_property ): message = f"Service protocol not supported for {service_name}" + # Store the service name in PyTest custom properties + record_property('aws_service', service_name) assert supported_protocol in PRIORITY_ORDERED_SUPPORTED_PROTOCOLS, message diff --git a/tests/functional/test_no_event_streams.py b/tests/functional/test_no_event_streams.py index fd3fbcb457cc..72ae95ff8976 100644 --- a/tests/functional/test_no_event_streams.py +++ b/tests/functional/test_no_event_streams.py @@ -20,7 +20,7 @@ @pytest.mark.validates_models -def test_no_event_stream_unless_allowed(): +def test_no_event_stream_unless_allowed(record_property): driver = create_clidriver() help_command = driver.create_help_command() errors = [] @@ -31,18 +31,24 @@ def test_no_event_stream_unless_allowed(): op_help = sub_command.create_help_command() model = op_help.obj if isinstance(model, OperationModel): - full_command = '%s %s' % (command_name, sub_name) + full_command = f'{command_name} {sub_name}' if ( model.has_event_stream_input or model.has_event_stream_output ): if full_command in _ALLOWED_COMMANDS: continue + # Store the service and operation in + # PyTest custom properties + record_property( + 'aws_service', model.service_model.service_id + ) + record_property('aws_operation', model.name) supported_commands = '\n'.join(_ALLOWED_COMMANDS) errors.append( - 'The "%s" command uses event streams ' + f'The {full_command} command uses event streams ' 'which is only supported for these operations:\n' - '%s' % (full_command, supported_commands) + f'{supported_commands}' ) if errors: raise AssertionError('\n' + '\n'.join(errors)) diff --git a/tests/functional/test_shadowing.py b/tests/functional/test_shadowing.py index 34060573226b..4ae8c89ba069 100644 --- a/tests/functional/test_shadowing.py +++ b/tests/functional/test_shadowing.py @@ -11,6 +11,7 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. import pytest +from botocore.model import OperationModel from awscli.clidriver import create_clidriver @@ -29,7 +30,9 @@ def _generate_command_tests(): @pytest.mark.parametrize( "command_name, command_table, builtins", _generate_command_tests() ) -def test_no_shadowed_builtins(command_name, command_table, builtins): +def test_no_shadowed_builtins( + command_name, command_table, builtins, record_property +): """Verify no command params are shadowed or prefixed by the built in param. The CLI parses all command line options into a single namespace. @@ -58,13 +61,21 @@ def test_no_shadowed_builtins(command_name, command_table, builtins): errors = [] for sub_name, sub_command in command_table.items(): op_help = sub_command.create_help_command() + model = op_help.obj arg_table = op_help.arg_table for arg_name in arg_table: if any(p.startswith(arg_name) for p in builtins): + if isinstance(model, OperationModel): + # Store the service and operation in + # PyTest custom properties + record_property( + 'aws_service', model.service_model.service_id + ) + record_property('aws_operation', model.name) # Then we are shadowing or prefixing a top level argument errors.append( 'Shadowing/Prefixing a top level option: ' - '%s.%s.%s' % (command_name, sub_name, arg_name) + f'{command_name}.{sub_name}.{arg_name}' ) if errors: raise AssertionError('\n' + '\n'.join(errors)) From 1d0341aa8ff75658c79925f5e23b31916adaa332 Mon Sep 17 00:00:00 2001 From: aws-sdk-python-automation Date: Wed, 10 Dec 2025 19:10:45 +0000 Subject: [PATCH 04/37] Update to latest models --- .../api-change-bedrock-90236.json | 5 ++ .../api-change-billingconductor-95611.json | 5 ++ .../api-change-cloudwatch-73795.json | 5 ++ .../next-release/api-change-odb-43630.json | 5 ++ .../api-change-opensearch-78342.json | 5 ++ ...pi-change-partnercentralselling-58382.json | 5 ++ .../next-release/api-change-signer-46149.json | 5 ++ .../data/bedrock/2023-04-20/service-2.json | 34 ++++++-- .../2021-07-30/service-2.json | 35 ++++++-- .../data/cloudwatch/2010-08-01/service-2.json | 12 ++- .../data/odb/2024-08-20/service-2.json | 86 +++++++++++++------ .../data/opensearch/2021-01-01/service-2.json | 20 ++++- .../2022-07-26/service-2.json | 12 +++ .../data/signer/2017-08-25/service-2.json | 14 +-- 14 files changed, 199 insertions(+), 49 deletions(-) create mode 100644 .changes/next-release/api-change-bedrock-90236.json create mode 100644 .changes/next-release/api-change-billingconductor-95611.json create mode 100644 .changes/next-release/api-change-cloudwatch-73795.json create mode 100644 .changes/next-release/api-change-odb-43630.json create mode 100644 .changes/next-release/api-change-opensearch-78342.json create mode 100644 .changes/next-release/api-change-partnercentralselling-58382.json create mode 100644 .changes/next-release/api-change-signer-46149.json diff --git a/.changes/next-release/api-change-bedrock-90236.json b/.changes/next-release/api-change-bedrock-90236.json new file mode 100644 index 000000000000..17174e022322 --- /dev/null +++ b/.changes/next-release/api-change-bedrock-90236.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``bedrock``", + "description": "Automated Reasoning checks in Amazon Bedrock Guardrails is capable of generating policy scenarios to validate policies. The GetAutomatedReasoningPolicyBuildWorkflowResultAssets API now adds POLICY SCENARIO asset type, allowing customers to retrieve scenarios generated by the build workflow." +} diff --git a/.changes/next-release/api-change-billingconductor-95611.json b/.changes/next-release/api-change-billingconductor-95611.json new file mode 100644 index 000000000000..05c0cc005ecb --- /dev/null +++ b/.changes/next-release/api-change-billingconductor-95611.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``billingconductor``", + "description": "Launch itemized custom line item and service line item filter" +} diff --git a/.changes/next-release/api-change-cloudwatch-73795.json b/.changes/next-release/api-change-cloudwatch-73795.json new file mode 100644 index 000000000000..25ec5f3d1742 --- /dev/null +++ b/.changes/next-release/api-change-cloudwatch-73795.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``cloudwatch``", + "description": "This release introduces two additional protocols AWS JSON 1.1 and Smithy RPC v2 CBOR, replacing the currently utilized one, AWSQuery. AWS SDKs will prioritize the protocol that is the most performant for each language." +} diff --git a/.changes/next-release/api-change-odb-43630.json b/.changes/next-release/api-change-odb-43630.json new file mode 100644 index 000000000000..4f78b3463bc8 --- /dev/null +++ b/.changes/next-release/api-change-odb-43630.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``odb``", + "description": "The following APIs now return CloudExadataInfrastructureArn and OdbNetworkArn fields for improved resource identification and AWS service integration - GetCloudVmCluster, ListCloudVmClusters, GetCloudAutonomousVmCluster, and ListCloudAutonomousVmClusters." +} diff --git a/.changes/next-release/api-change-opensearch-78342.json b/.changes/next-release/api-change-opensearch-78342.json new file mode 100644 index 000000000000..2fab1dc29d39 --- /dev/null +++ b/.changes/next-release/api-change-opensearch-78342.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``opensearch``", + "description": "The CreateApplication API now supports an optional kms key arn parameter to allow customers to specify a CMK for application encryption." +} diff --git a/.changes/next-release/api-change-partnercentralselling-58382.json b/.changes/next-release/api-change-partnercentralselling-58382.json new file mode 100644 index 000000000000..c3ec7091a97a --- /dev/null +++ b/.changes/next-release/api-change-partnercentralselling-58382.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``partnercentral-selling``", + "description": "Adds support for the new Project.AwsPartition field on Opportunity and AWS Opportunity Summary. Use this field to specify the AWS partition where the opportunity will be deployed." +} diff --git a/.changes/next-release/api-change-signer-46149.json b/.changes/next-release/api-change-signer-46149.json new file mode 100644 index 000000000000..246bf7dcc8b9 --- /dev/null +++ b/.changes/next-release/api-change-signer-46149.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``signer``", + "description": "Adds support for Signer GetRevocationStatus with updated endpoints" +} diff --git a/awscli/botocore/data/bedrock/2023-04-20/service-2.json b/awscli/botocore/data/bedrock/2023-04-20/service-2.json index 1be90576d715..a1e66c00a4f2 100644 --- a/awscli/botocore/data/bedrock/2023-04-20/service-2.json +++ b/awscli/botocore/data/bedrock/2023-04-20/service-2.json @@ -2754,7 +2754,8 @@ "BUILD_LOG", "QUALITY_REPORT", "POLICY_DEFINITION", - "GENERATED_TEST_CASES" + "GENERATED_TEST_CASES", + "POLICY_SCENARIOS" ] }, "AutomatedReasoningPolicyBuildResultAssets":{ @@ -2775,6 +2776,10 @@ "generatedTestCases":{ "shape":"AutomatedReasoningPolicyGeneratedTestCases", "documentation":"

A comprehensive test suite generated by the build workflow, providing validation capabilities for automated reasoning policies.

" + }, + "policyScenarios":{ + "shape":"AutomatedReasoningPolicyScenarios", + "documentation":"

An entity encompassing all the policy scenarios generated by the build workflow, which can be used to validate an Automated Reasoning policy.

" } }, "documentation":"

Contains the various assets generated during a policy build workflow, including logs, quality reports, test cases, and the final policy definition.

", @@ -3510,8 +3515,8 @@ "required":[ "expression", "alternateExpression", - "ruleIds", - "expectedResult" + "expectedResult", + "ruleIds" ], "members":{ "expression":{ @@ -3522,13 +3527,13 @@ "shape":"AutomatedReasoningPolicyScenarioAlternateExpression", "documentation":"

An alternative way to express the same test scenario, used for validation and comparison purposes.

" }, - "ruleIds":{ - "shape":"AutomatedReasoningPolicyDefinitionRuleIdList", - "documentation":"

The list of rule identifiers that are expected to be triggered or evaluated by this test scenario.

" - }, "expectedResult":{ "shape":"AutomatedReasoningCheckResult", "documentation":"

The expected outcome when this scenario is evaluated against the policy (e.g., PASS, FAIL, VIOLATION).

" + }, + "ruleIds":{ + "shape":"AutomatedReasoningPolicyDefinitionRuleIdList", + "documentation":"

The list of rule identifiers that are expected to be triggered or evaluated by this test scenario.

" } }, "documentation":"

Represents a test scenario used to validate an Automated Reasoning policy, including the test conditions and expected outcomes.

" @@ -3545,6 +3550,21 @@ "min":0, "sensitive":true }, + "AutomatedReasoningPolicyScenarioList":{ + "type":"list", + "member":{"shape":"AutomatedReasoningPolicyScenario"} + }, + "AutomatedReasoningPolicyScenarios":{ + "type":"structure", + "required":["policyScenarios"], + "members":{ + "policyScenarios":{ + "shape":"AutomatedReasoningPolicyScenarioList", + "documentation":"

Represents a collection of generated policy scenarios.

" + } + }, + "documentation":"

Contains a comprehensive entity encompassing all the scenarios generated by the build workflow, which can be used to validate an Automated Reasoning policy.

" + }, "AutomatedReasoningPolicySummaries":{ "type":"list", "member":{"shape":"AutomatedReasoningPolicySummary"}, diff --git a/awscli/botocore/data/billingconductor/2021-07-30/service-2.json b/awscli/botocore/data/billingconductor/2021-07-30/service-2.json index 32696ec288ab..452850cee75d 100644 --- a/awscli/botocore/data/billingconductor/2021-07-30/service-2.json +++ b/awscli/botocore/data/billingconductor/2021-07-30/service-2.json @@ -832,6 +832,18 @@ }, "documentation":"

The key-value pair that represents the attribute by which the BillingGroupCostReportResults are grouped. For example, if you want a service-level breakdown for Amazon Simple Storage Service (Amazon S3) of the billing group, the attribute will be a key-value pair of \"PRODUCT_NAME\" and \"S3\".

" }, + "AttributeValue":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[a-zA-Z0-9]+" + }, + "AttributeValueList":{ + "type":"list", + "member":{"shape":"AttributeValue"}, + "max":1, + "min":0 + }, "AttributesList":{ "type":"list", "member":{"shape":"Attribute"} @@ -1130,7 +1142,10 @@ "ComputationRuleEnum":{ "type":"string", "documentation":"

The display settings of the custom line item

", - "enum":["CONSOLIDATED"] + "enum":[ + "ITEMIZED", + "CONSOLIDATED" + ] }, "ConflictException":{ "type":"structure", @@ -1931,8 +1946,7 @@ "type":"structure", "required":[ "Attribute", - "MatchOption", - "Values" + "MatchOption" ], "members":{ "Attribute":{ @@ -1946,13 +1960,20 @@ "Values":{ "shape":"LineItemFilterValuesList", "documentation":"

The values of the line item filter. This specifies the values to filter on. Currently, you can only exclude Savings Plans discounts.

" + }, + "AttributeValues":{ + "shape":"AttributeValueList", + "documentation":"

The values of the line item filter. This specifies the values to filter on.

" } }, "documentation":"

A representation of the line item filter for your custom line item. You can use line item filters to include or exclude specific resource values from the billing group's total cost. For example, if you create a custom line item and you want to filter out a value, such as Savings Plans discounts, you can update LineItemFilter to exclude it.

" }, "LineItemFilterAttributeName":{ "type":"string", - "enum":["LINE_ITEM_TYPE"] + "enum":[ + "LINE_ITEM_TYPE", + "SERVICE" + ] }, "LineItemFilterValue":{ "type":"string", @@ -2590,7 +2611,10 @@ "MarginPercentage":{"type":"string"}, "MatchOption":{ "type":"string", - "enum":["NOT_EQUAL"] + "enum":[ + "NOT_EQUAL", + "EQUAL" + ] }, "MaxBillingGroupCostReportResults":{ "type":"integer", @@ -3504,6 +3528,7 @@ "ILLEGAL_MODIFIER_PERCENTAGE", "ILLEGAL_TYPE", "ILLEGAL_BILLING_GROUP_TYPE", + "ILLEGAL_BILLING_GROUP_PRICING_PLAN", "ILLEGAL_ENDED_BILLINGGROUP", "ILLEGAL_TIERING_INPUT", "ILLEGAL_OPERATION", diff --git a/awscli/botocore/data/cloudwatch/2010-08-01/service-2.json b/awscli/botocore/data/cloudwatch/2010-08-01/service-2.json index 3a97b9faef81..11399fe7d7a0 100644 --- a/awscli/botocore/data/cloudwatch/2010-08-01/service-2.json +++ b/awscli/botocore/data/cloudwatch/2010-08-01/service-2.json @@ -2,13 +2,20 @@ "version":"2.0", "metadata":{ "apiVersion":"2010-08-01", + "awsQueryCompatible":{}, "endpointPrefix":"monitoring", - "protocol":"query", - "protocols":["query"], + "jsonVersion":"1.0", + "protocol":"smithy-rpc-v2-cbor", + "protocols":[ + "smithy-rpc-v2-cbor", + "json", + "query" + ], "serviceAbbreviation":"CloudWatch", "serviceFullName":"Amazon CloudWatch", "serviceId":"CloudWatch", "signatureVersion":"v4", + "targetPrefix":"GraniteServiceVersion20100801", "uid":"monitoring-2010-08-01", "xmlNamespace":"http://monitoring.amazonaws.com/doc/2010-08-01/", "auth":["aws.auth#sigv4"] @@ -1069,6 +1076,7 @@ "Message":{"shape":"ErrorMessage"} }, "documentation":"

This operation attempted to create a resource that already exists.

", + "error":{"httpStatusCode":409}, "exception":true }, "ContributorAttributes":{ diff --git a/awscli/botocore/data/odb/2024-08-20/service-2.json b/awscli/botocore/data/odb/2024-08-20/service-2.json index 407cc70384c4..efa508421cc7 100644 --- a/awscli/botocore/data/odb/2024-08-20/service-2.json +++ b/awscli/botocore/data/odb/2024-08-20/service-2.json @@ -819,15 +819,15 @@ "members":{ "iamRoleArn":{ "shape":"RoleArn", - "documentation":"

The Amazon Resource Name (ARN) of the IAM service role to associate with the resource.

" + "documentation":"

The Amazon Resource Name (ARN) of the Amazon Web Services Identity and Access Management (IAM) service role to associate with the resource.

" }, "awsIntegration":{ "shape":"SupportedAwsIntegration", - "documentation":"

The Amazon Web Services integration configuration settings for the IAM service role association.

" + "documentation":"

The Amazon Web Services integration configuration settings for the Amazon Web Services Identity and Access Management (IAM) service role association.

" }, "resourceArn":{ "shape":"AssociateIamRoleToResourceInputResourceArnString", - "documentation":"

The Amazon Resource Name (ARN) of the target resource to associate with the IAM service role.

" + "documentation":"

The Amazon Resource Name (ARN) of the target resource to associate with the Amazon Web Services Identity and Access Management (IAM) service role.

" } } }, @@ -923,6 +923,10 @@ "shape":"ResourceIdOrArn", "documentation":"

The unique identifier of the ODB network associated with this Autonomous VM cluster.

" }, + "odbNetworkArn":{ + "shape":"ResourceArn", + "documentation":"

The Amazon Resource Name (ARN) of the ODB network associated with this Autonomous VM cluster.

" + }, "ociResourceAnchorName":{ "shape":"String", "documentation":"

The name of the OCI resource anchor associated with this Autonomous VM cluster.

" @@ -947,6 +951,10 @@ "shape":"ResourceIdOrArn", "documentation":"

The unique identifier of the Cloud Exadata Infrastructure containing this Autonomous VM cluster.

" }, + "cloudExadataInfrastructureArn":{ + "shape":"ResourceArn", + "documentation":"

The Amazon Resource Name (ARN) of the Cloud Exadata Infrastructure containing this Autonomous VM cluster.

" + }, "autonomousDataStoragePercentage":{ "shape":"Float", "documentation":"

The percentage of data storage currently in use for Autonomous Databases in the Autonomous VM cluster.

" @@ -1148,6 +1156,10 @@ "shape":"ResourceIdOrArn", "documentation":"

The unique identifier of the ODB network associated with this Autonomous VM cluster.

" }, + "odbNetworkArn":{ + "shape":"ResourceArn", + "documentation":"

The Amazon Resource Name (ARN) of the ODB network associated with this Autonomous VM cluster.

" + }, "ociResourceAnchorName":{ "shape":"String", "documentation":"

The name of the OCI resource anchor associated with this Autonomous VM cluster.

" @@ -1172,6 +1184,10 @@ "shape":"ResourceIdOrArn", "documentation":"

The unique identifier of the Exadata infrastructure containing this Autonomous VM cluster.

" }, + "cloudExadataInfrastructureArn":{ + "shape":"ResourceArn", + "documentation":"

The Amazon Resource Name (ARN) of the Exadata infrastructure containing this Autonomous VM cluster.

" + }, "autonomousDataStoragePercentage":{ "shape":"Float", "documentation":"

The percentage of data storage currently in use for Autonomous Databases in the Autonomous VM cluster.

" @@ -1719,6 +1735,10 @@ "shape":"String", "documentation":"

The unique identifier of the Exadata infrastructure that this VM cluster belongs to.

" }, + "cloudExadataInfrastructureArn":{ + "shape":"ResourceArn", + "documentation":"

The Amazon Resource Name (ARN) of the Exadata infrastructure that this VM cluster belongs to.

" + }, "clusterName":{ "shape":"String", "documentation":"

The name of the Grid Infrastructure (GI) cluster.

" @@ -1847,6 +1867,10 @@ "shape":"ResourceIdOrArn", "documentation":"

The unique identifier of the ODB network for the VM cluster.

" }, + "odbNetworkArn":{ + "shape":"ResourceArn", + "documentation":"

The Amazon Resource Name (ARN) of the ODB network associated with this VM cluster.

" + }, "percentProgress":{ "shape":"Float", "documentation":"

The amount of progress made on the current operation on the VM cluster, expressed as a percentage.

" @@ -1894,6 +1918,10 @@ "shape":"String", "documentation":"

The unique identifier of the Exadata infrastructure that this VM cluster belongs to.

" }, + "cloudExadataInfrastructureArn":{ + "shape":"ResourceArn", + "documentation":"

The Amazon Resource Name (ARN) of the Exadata infrastructure that this VM cluster belongs to.

" + }, "clusterName":{ "shape":"String", "documentation":"

The name of the Grid Infrastructure (GI) cluster.

" @@ -2016,6 +2044,10 @@ "shape":"ResourceIdOrArn", "documentation":"

The unique identifier of the ODB network for the VM cluster.

" }, + "odbNetworkArn":{ + "shape":"ResourceArn", + "documentation":"

The Amazon Resource Name (ARN) of the ODB network associated with this VM cluster.

" + }, "percentProgress":{ "shape":"Float", "documentation":"

The amount of progress made on the current operation on the VM cluster, expressed as a percentage.

" @@ -2556,11 +2588,11 @@ }, "stsPolicyDocument":{ "shape":"PolicyDocument", - "documentation":"

The STS policy document that defines permissions for token service usage within the ODB network.

" + "documentation":"

The Amazon Web Services Security Token Service (STS) policy document that defines permissions for token service usage within the ODB network.

" }, "kmsPolicyDocument":{ "shape":"PolicyDocument", - "documentation":"

The KMS policy document that defines permissions for key usage within the ODB network.

" + "documentation":"

The Amazon Web Services Key Management Service (KMS) policy document that defines permissions for key usage within the ODB network.

" }, "crossRegionS3RestoreSourcesToEnable":{ "shape":"StringList", @@ -2698,15 +2730,15 @@ "members":{ "region":{ "shape":"String", - "documentation":"

The Amazon Web Services Region for cross-Region S3 restore access.

" + "documentation":"

The Amazon Web Services Region for cross-Region Amazon S3 restore access.

" }, "ipv4Addresses":{ "shape":"StringList", - "documentation":"

The IPv4 addresses allowed for cross-Region S3 restore access.

" + "documentation":"

The IPv4 addresses allowed for cross-Region Amazon S3 restore access.

" }, "status":{ "shape":"ManagedResourceStatus", - "documentation":"

The current status of the cross-Region S3 restore access configuration.

" + "documentation":"

The current status of the cross-Region Amazon S3 restore access configuration.

" } }, "documentation":"

The configuration access for the cross-Region Amazon S3 database restore source for the ODB network.

" @@ -3448,15 +3480,15 @@ "members":{ "iamRoleArn":{ "shape":"RoleArn", - "documentation":"

The Amazon Resource Name (ARN) of the IAM service role to disassociate from the resource.

" + "documentation":"

The Amazon Resource Name (ARN) of the Amazon Web Services Identity and Access Management (IAM) service role to disassociate from the resource.

" }, "awsIntegration":{ "shape":"SupportedAwsIntegration", - "documentation":"

The Amazon Web Services integration configuration settings for the IAM service role disassociation.

" + "documentation":"

The Amazon Web Services integration configuration settings for the Amazon Web Services Identity and Access Management (IAM) service role disassociation.

" }, "resourceArn":{ "shape":"DisassociateIamRoleFromResourceInputResourceArnString", - "documentation":"

The Amazon Resource Name (ARN) of the target resource to disassociate from the IAM service role.

" + "documentation":"

The Amazon Resource Name (ARN) of the target resource to disassociate from the Amazon Web Services Identity and Access Management (IAM) service role.

" } } }, @@ -3716,19 +3748,19 @@ "members":{ "iamRoleArn":{ "shape":"RoleArn", - "documentation":"

The Amazon Resource Name (ARN) of the IAM service role.

" + "documentation":"

The Amazon Resource Name (ARN) of the Amazon Web Services Identity and Access Management (IAM) service role.

" }, "status":{ "shape":"IamRoleStatus", - "documentation":"

The current status of the IAM service role.

" + "documentation":"

The current status of the Amazon Web Services Identity and Access Management (IAM) service role.

" }, "statusReason":{ "shape":"String", - "documentation":"

Additional information about the current status of the IAM service role, if applicable.

" + "documentation":"

Additional information about the current status of the Amazon Web Services Identity and Access Management (IAM) service role, if applicable.

" }, "awsIntegration":{ "shape":"SupportedAwsIntegration", - "documentation":"

The Amazon Web Services integration configuration settings for the IAM service role.

" + "documentation":"

The Amazon Web Services integration configuration settings for the Amazon Web Services Identity and Access Management (IAM) service role.

" } }, "documentation":"

Information about an Amazon Web Services Identity and Access Management (IAM) service role associated with a resource.

" @@ -3796,19 +3828,19 @@ "members":{ "status":{ "shape":"ManagedResourceStatus", - "documentation":"

The current status of the KMS access configuration.

" + "documentation":"

The current status of the Amazon Web Services Key Management Service (KMS) access configuration.

" }, "ipv4Addresses":{ "shape":"StringList", - "documentation":"

The IPv4 addresses allowed for KMS access.

" + "documentation":"

The IPv4 addresses allowed for Amazon Web Services Key Management Service (KMS) access.

" }, "domainName":{ "shape":"String", - "documentation":"

The domain name for KMS access configuration.

" + "documentation":"

The domain name for Amazon Web Services Key Management Service (KMS) access configuration.

" }, "kmsPolicyDocument":{ "shape":"String", - "documentation":"

The KMS policy document that defines permissions for key usage.

" + "documentation":"

The Amazon Web Services Key Management Service (KMS) policy document that defines permissions for key usage.

" } }, "documentation":"

Configuration for Amazon Web Services Key Management Service (KMS) access from the ODB network.

" @@ -4447,11 +4479,11 @@ }, "stsAccess":{ "shape":"StsAccess", - "documentation":"

The Amazon Web Services Security Token Service (STS) access configuration for managed services.

" + "documentation":"

The Amazon Web Services Security Token Service (STS) access configuration.

" }, "kmsAccess":{ "shape":"KmsAccess", - "documentation":"

The Amazon Web Services Key Management Service (KMS) access configuration for managed services.

" + "documentation":"

The Amazon Web Services Key Management Service (KMS) access configuration.

" }, "crossRegionS3RestoreSourcesAccess":{ "shape":"CrossRegionS3RestoreSourcesAccessList", @@ -5246,19 +5278,19 @@ "members":{ "status":{ "shape":"ManagedResourceStatus", - "documentation":"

The current status of the STS access configuration.

" + "documentation":"

The current status of the Amazon Web Services Security Token Service (STS) access configuration.

" }, "ipv4Addresses":{ "shape":"StringList", - "documentation":"

The IPv4 addresses allowed for STS access.

" + "documentation":"

The IPv4 addresses allowed for Amazon Web Services Security Token Service (STS) access.

" }, "domainName":{ "shape":"String", - "documentation":"

The domain name for STS access configuration.

" + "documentation":"

The domain name for Amazon Web Services Security Token Service (STS) access configuration.

" }, "stsPolicyDocument":{ "shape":"String", - "documentation":"

The STS policy document that defines permissions for token service usage.

" + "documentation":"

The Amazon Web Services Security Token Service (STS) policy document that defines permissions for token service usage.

" } }, "documentation":"

Configuration for Amazon Web Services Security Token Service (STS) access from the ODB network.

" @@ -5439,11 +5471,11 @@ }, "stsPolicyDocument":{ "shape":"PolicyDocument", - "documentation":"

The STS policy document that defines permissions for token service usage within the ODB network.

" + "documentation":"

The Amazon Web Services Security Token Service (STS) policy document that defines permissions for token service usage within the ODB network.

" }, "kmsPolicyDocument":{ "shape":"PolicyDocument", - "documentation":"

The KMS policy document that defines permissions for key usage within the ODB network.

" + "documentation":"

The Amazon Web Services Key Management Service (KMS) policy document that defines permissions for key usage within the ODB network.

" }, "crossRegionS3RestoreSourcesToEnable":{ "shape":"StringList", diff --git a/awscli/botocore/data/opensearch/2021-01-01/service-2.json b/awscli/botocore/data/opensearch/2021-01-01/service-2.json index acc5127cd8bd..6a044fe69ca0 100644 --- a/awscli/botocore/data/opensearch/2021-01-01/service-2.json +++ b/awscli/botocore/data/opensearch/2021-01-01/service-2.json @@ -2673,7 +2673,11 @@ "shape":"AppConfigs", "documentation":"

Configuration settings for the OpenSearch application, including administrative options.

" }, - "tagList":{"shape":"TagList"} + "tagList":{"shape":"TagList"}, + "kmsKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

The Amazon Resource Name (ARN) of the KMS key used to encrypt the application's data at rest. If provided, the application uses your customer-managed key for encryption. If omitted, the application uses an AWS-managed key. The KMS key must be in the same region as the application.

" + } } }, "CreateApplicationResponse":{ @@ -2704,6 +2708,10 @@ "createdAt":{ "shape":"Timestamp", "documentation":"

The timestamp indicating when the OpenSearch application was created.

" + }, + "kmsKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

The Amazon Resource Name (ARN) of the KMS key used to encrypt the application's data at rest.

" } } }, @@ -4780,6 +4788,10 @@ "lastUpdatedAt":{ "shape":"Timestamp", "documentation":"

The timestamp of the last update to the OpenSearch application.

" + }, + "kmsKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

The Amazon Resource Name (ARN) of the KMS key used to encrypt the application's data at rest.

" } } }, @@ -5544,6 +5556,12 @@ }, "documentation":"

The configuration parameters to enable access to the key store required by the package.

" }, + "KmsKeyArn":{ + "type":"string", + "max":2048, + "min":20, + "pattern":"^arn:aws[a-zA-Z-]*:kms:[a-z0-9-]+:[0-9]{12}:key/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$" + }, "KmsKeyId":{ "type":"string", "max":500, diff --git a/awscli/botocore/data/partnercentral-selling/2022-07-26/service-2.json b/awscli/botocore/data/partnercentral-selling/2022-07-26/service-2.json index 81723ea9c8e5..b9179753bee6 100644 --- a/awscli/botocore/data/partnercentral-selling/2022-07-26/service-2.json +++ b/awscli/botocore/data/partnercentral-selling/2022-07-26/service-2.json @@ -1274,6 +1274,10 @@ "ExpectedCustomerSpend":{ "shape":"ExpectedCustomerSpendList", "documentation":"

Indicates the expected spending by the customer over the course of the project. This value helps partners and AWS estimate the financial impact of the opportunity. Use the AWS Pricing Calculator to create an estimate of the customer’s total spend. If only annual recurring revenue (ARR) is available, distribute it across 12 months to provide an average monthly value.

" + }, + "AwsPartition":{ + "shape":"AwsPartition", + "documentation":"

AWS partition where the opportunity will be deployed. Possible values: 'aws-eusc' for AWS European Sovereign Cloud, null for all other partitions

" } }, "documentation":"

Captures details about the project associated with the opportunity, including objectives, scope, and customer requirements.

" @@ -1325,6 +1329,10 @@ "type":"list", "member":{"shape":"AwsTeamMember"} }, + "AwsPartition":{ + "type":"string", + "enum":["aws-eusc"] + }, "AwsProductDetails":{ "type":"structure", "required":[ @@ -5554,6 +5562,10 @@ "AdditionalComments":{ "shape":"ProjectAdditionalCommentsString", "documentation":"

Captures additional comments or information for the Opportunity that weren't captured in other fields.

" + }, + "AwsPartition":{ + "shape":"AwsPartition", + "documentation":"

AWS partition where the opportunity will be deployed. Possible values: 'aws-eusc' for AWS European Sovereign Cloud, null for all other partitions

" } }, "documentation":"

An object that contains the Opportunity's project details.

" diff --git a/awscli/botocore/data/signer/2017-08-25/service-2.json b/awscli/botocore/data/signer/2017-08-25/service-2.json index aef9a7fc4f4e..acf96f9ce810 100644 --- a/awscli/botocore/data/signer/2017-08-25/service-2.json +++ b/awscli/botocore/data/signer/2017-08-25/service-2.json @@ -47,7 +47,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"InternalServiceErrorException"} ], - "documentation":"

Changes the state of an ACTIVE signing profile to CANCELED. A canceled profile is still viewable with the ListSigningProfiles operation, but it cannot perform new signing jobs, and is deleted two years after cancelation.

" + "documentation":"

Changes the state of an ACTIVE signing profile to CANCELED. A canceled profile is still viewable with the ListSigningProfiles operation, but it cannot perform new signing jobs. See Data Retention for more information on scheduled deletion of a canceled signing profile.

" }, "DescribeSigningJob":{ "name":"DescribeSigningJob", @@ -80,7 +80,7 @@ {"shape":"InternalServiceErrorException"} ], "documentation":"

Retrieves the revocation status of one or more of the signing profile, signing job, and signing certificate.

", - "endpoint":{"hostPrefix":"verification."} + "endpoint":{"hostPrefix":"data-"} }, "GetSigningPlatform":{ "name":"GetSigningPlatform", @@ -243,7 +243,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"InternalServiceErrorException"} ], - "documentation":"

Changes the state of a signing job to REVOKED. This indicates that the signature is no longer valid.

" + "documentation":"

Changes the state of a signing job to REVOKED. This indicates that the signature is no longer valid.

" }, "RevokeSigningProfile":{ "name":"RevokeSigningProfile", @@ -259,7 +259,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"InternalServiceErrorException"} ], - "documentation":"

Changes the state of a signing profile to REVOKED. This indicates that signatures generated using the signing profile after an effective start date are no longer valid.

" + "documentation":"

Changes the state of a signing profile to REVOKED. This indicates that signatures generated using the signing profile after an effective start date are no longer valid. A revoked profile is still viewable with the ListSigningProfiles operation, but it cannot perform new signing jobs. See Data Retention for more information on scheduled deletion of a revoked signing profile.

" }, "SignPayload":{ "name":"SignPayload", @@ -294,7 +294,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"InternalServiceErrorException"} ], - "documentation":"

Initiates a signing job to be performed on the code provided. Signing jobs are viewable by the ListSigningJobs operation for two years after they are performed. Note the following requirements:

  • You must create an Amazon S3 source bucket. For more information, see Creating a Bucket in the Amazon S3 Getting Started Guide.

  • Your S3 source bucket must be version enabled.

  • You must create an S3 destination bucket. AWS Signer uses your S3 destination bucket to write your signed code.

  • You specify the name of the source and destination buckets when calling the StartSigningJob operation.

  • You must ensure the S3 buckets are from the same Region as the signing profile. Cross-Region signing isn't supported.

  • You must also specify a request token that identifies your request to Signer.

You can call the DescribeSigningJob and the ListSigningJobs actions after you call StartSigningJob.

For a Java example that shows how to use this action, see StartSigningJob.

" + "documentation":"

Initiates a signing job to be performed on the code provided. Signing jobs are viewable by the ListSigningJobs operation. Note the following requirements:

  • You must create an Amazon S3 source bucket. For more information, see Creating a Bucket in the Amazon S3 Getting Started Guide.

  • Your S3 source bucket must be version enabled.

  • You must create an S3 destination bucket. AWS Signer uses your S3 destination bucket to write your signed code.

  • You specify the name of the source and destination buckets when calling the StartSigningJob operation.

  • You must ensure the S3 buckets are from the same Region as the signing profile. Cross-Region signing isn't supported.

  • You must also specify a request token that identifies your request to Signer.

You can call the DescribeSigningJob and the ListSigningJobs actions after you call StartSigningJob.

For a Java example that shows how to use this action, see StartSigningJob.

" }, "TagResource":{ "name":"TagResource", @@ -367,7 +367,7 @@ }, "action":{ "shape":"String", - "documentation":"

For cross-account signing. Grant a designated account permission to perform one or more of the following actions. Each action is associated with a specific API's operations. For more information about cross-account signing, see Using cross-account signing with signing profiles in the AWS Signer Developer Guide.

You can designate the following actions to an account.

  • signer:StartSigningJob. This action isn't supported for container image workflows. For details, see StartSigningJob.

  • signer:SignPayload. This action isn't supported for AWS Lambda workflows. For details, see SignPayload

  • signer:GetSigningProfile. For details, see GetSigningProfile.

  • signer:RevokeSignature. For details, see RevokeSignature.

" + "documentation":"

For cross-account signing. Grant a designated account permission to perform one or more of the following actions. Each action is associated with a specific API's operations. For more information about cross-account signing, see Using cross-account signing with signing profiles in the AWS Signer Developer Guide.

You can designate the following actions to an account.

  • signer:StartSigningJob. This action isn't supported for container image workflows. For details, see StartSigningJob.

  • signer:SignPayload. This action isn't supported for AWS Lambda workflows. For details, see SignPayload

  • signer:GetSigningProfile. For details, see GetSigningProfile.

  • signer:RevokeSignature. For details, see RevokeSignature.

" }, "principal":{ "shape":"String", @@ -1875,5 +1875,5 @@ "bool":{"type":"boolean"}, "string":{"type":"string"} }, - "documentation":"

AWS Signer is a fully managed code-signing service to help you ensure the trust and integrity of your code.

Signer supports the following applications:

With code signing for AWS Lambda, you can sign AWS Lambda deployment packages. Integrated support is provided for Amazon S3, Amazon CloudWatch, and AWS CloudTrail. In order to sign code, you create a signing profile and then use Signer to sign Lambda zip files in S3.

With code signing for IoT, you can sign code for any IoT device that is supported by AWS. IoT code signing is available for Amazon FreeRTOS and AWS IoT Device Management, and is integrated with AWS Certificate Manager (ACM). In order to sign code, you import a third-party code-signing certificate using ACM, and use that to sign updates in Amazon FreeRTOS and AWS IoT Device Management.

With Signer and the Notation CLI from the Notary
 Project, you can sign container images stored in a container registry such as Amazon Elastic Container Registry (ECR). The signatures are stored in the registry alongside the images, where they are available for verifying image authenticity and integrity.

For more information about Signer, see the AWS Signer Developer Guide.

" + "documentation":"

AWS Signer is a fully managed code-signing service to help you ensure the trust and integrity of your code.

Signer supports the following applications:

With code signing for AWS Lambda, you can sign AWS Lambda deployment packages. Integrated support is provided for Amazon S3, Amazon CloudWatch, and AWS CloudTrail. In order to sign code, you create a signing profile and then use Signer to sign Lambda zip files in S3.

With code signing for IoT, you can sign code for any IoT device that is supported by AWS. IoT code signing is available for Amazon FreeRTOS and AWS IoT Device Management, and is integrated with AWS Certificate Manager (ACM). In order to sign code, you import a third-party code-signing certificate using ACM, and use that to sign updates in Amazon FreeRTOS and AWS IoT Device Management.

With Signer and the Notation CLI from the Notary
 Project, you can sign container images stored in a container registry such as Amazon Elastic Container Registry (ECR). The signatures are stored in the registry alongside the images, where they are available for verifying image authenticity and integrity.

For more information about Signer, see the AWS Signer Developer Guide.

" } From f9c125647f9431f0ebe889f0cef3b0d17a270c3a Mon Sep 17 00:00:00 2001 From: aws-sdk-python-automation Date: Wed, 10 Dec 2025 19:12:30 +0000 Subject: [PATCH 05/37] Bump version to 2.32.14 --- .changes/2.32.14.json | 42 +++++++++++++++++++ .../api-change-bedrock-90236.json | 5 --- .../api-change-billingconductor-95611.json | 5 --- .../api-change-cloudwatch-73795.json | 5 --- .../next-release/api-change-odb-43630.json | 5 --- .../api-change-opensearch-78342.json | 5 --- ...pi-change-partnercentralselling-58382.json | 5 --- .../next-release/api-change-signer-46149.json | 5 --- .../bugfix-Serializers-42643.json | 5 --- CHANGELOG.rst | 13 ++++++ awscli/__init__.py | 2 +- configure | 14 +++---- configure.ac | 2 +- doc/source/conf.py | 2 +- 14 files changed, 65 insertions(+), 50 deletions(-) create mode 100644 .changes/2.32.14.json delete mode 100644 .changes/next-release/api-change-bedrock-90236.json delete mode 100644 .changes/next-release/api-change-billingconductor-95611.json delete mode 100644 .changes/next-release/api-change-cloudwatch-73795.json delete mode 100644 .changes/next-release/api-change-odb-43630.json delete mode 100644 .changes/next-release/api-change-opensearch-78342.json delete mode 100644 .changes/next-release/api-change-partnercentralselling-58382.json delete mode 100644 .changes/next-release/api-change-signer-46149.json delete mode 100644 .changes/next-release/bugfix-Serializers-42643.json diff --git a/.changes/2.32.14.json b/.changes/2.32.14.json new file mode 100644 index 000000000000..2c14eb2bbe42 --- /dev/null +++ b/.changes/2.32.14.json @@ -0,0 +1,42 @@ +[ + { + "category": "Serializers", + "description": "Adds support for host prefix to BaseRpcV2Serializer class", + "type": "bugfix" + }, + { + "category": "``billingconductor``", + "description": "Launch itemized custom line item and service line item filter", + "type": "api-change" + }, + { + "category": "``bedrock``", + "description": "Automated Reasoning checks in Amazon Bedrock Guardrails is capable of generating policy scenarios to validate policies. The GetAutomatedReasoningPolicyBuildWorkflowResultAssets API now adds POLICY SCENARIO asset type, allowing customers to retrieve scenarios generated by the build workflow.", + "type": "api-change" + }, + { + "category": "``signer``", + "description": "Adds support for Signer GetRevocationStatus with updated endpoints", + "type": "api-change" + }, + { + "category": "``cloudwatch``", + "description": "This release introduces two additional protocols AWS JSON 1.1 and Smithy RPC v2 CBOR, replacing the currently utilized one, AWSQuery. AWS SDKs will prioritize the protocol that is the most performant for each language.", + "type": "api-change" + }, + { + "category": "``partnercentral-selling``", + "description": "Adds support for the new Project.AwsPartition field on Opportunity and AWS Opportunity Summary. Use this field to specify the AWS partition where the opportunity will be deployed.", + "type": "api-change" + }, + { + "category": "``opensearch``", + "description": "The CreateApplication API now supports an optional kms key arn parameter to allow customers to specify a CMK for application encryption.", + "type": "api-change" + }, + { + "category": "``odb``", + "description": "The following APIs now return CloudExadataInfrastructureArn and OdbNetworkArn fields for improved resource identification and AWS service integration - GetCloudVmCluster, ListCloudVmClusters, GetCloudAutonomousVmCluster, and ListCloudAutonomousVmClusters.", + "type": "api-change" + } +] \ No newline at end of file diff --git a/.changes/next-release/api-change-bedrock-90236.json b/.changes/next-release/api-change-bedrock-90236.json deleted file mode 100644 index 17174e022322..000000000000 --- a/.changes/next-release/api-change-bedrock-90236.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``bedrock``", - "description": "Automated Reasoning checks in Amazon Bedrock Guardrails is capable of generating policy scenarios to validate policies. The GetAutomatedReasoningPolicyBuildWorkflowResultAssets API now adds POLICY SCENARIO asset type, allowing customers to retrieve scenarios generated by the build workflow." -} diff --git a/.changes/next-release/api-change-billingconductor-95611.json b/.changes/next-release/api-change-billingconductor-95611.json deleted file mode 100644 index 05c0cc005ecb..000000000000 --- a/.changes/next-release/api-change-billingconductor-95611.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``billingconductor``", - "description": "Launch itemized custom line item and service line item filter" -} diff --git a/.changes/next-release/api-change-cloudwatch-73795.json b/.changes/next-release/api-change-cloudwatch-73795.json deleted file mode 100644 index 25ec5f3d1742..000000000000 --- a/.changes/next-release/api-change-cloudwatch-73795.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``cloudwatch``", - "description": "This release introduces two additional protocols AWS JSON 1.1 and Smithy RPC v2 CBOR, replacing the currently utilized one, AWSQuery. AWS SDKs will prioritize the protocol that is the most performant for each language." -} diff --git a/.changes/next-release/api-change-odb-43630.json b/.changes/next-release/api-change-odb-43630.json deleted file mode 100644 index 4f78b3463bc8..000000000000 --- a/.changes/next-release/api-change-odb-43630.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``odb``", - "description": "The following APIs now return CloudExadataInfrastructureArn and OdbNetworkArn fields for improved resource identification and AWS service integration - GetCloudVmCluster, ListCloudVmClusters, GetCloudAutonomousVmCluster, and ListCloudAutonomousVmClusters." -} diff --git a/.changes/next-release/api-change-opensearch-78342.json b/.changes/next-release/api-change-opensearch-78342.json deleted file mode 100644 index 2fab1dc29d39..000000000000 --- a/.changes/next-release/api-change-opensearch-78342.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``opensearch``", - "description": "The CreateApplication API now supports an optional kms key arn parameter to allow customers to specify a CMK for application encryption." -} diff --git a/.changes/next-release/api-change-partnercentralselling-58382.json b/.changes/next-release/api-change-partnercentralselling-58382.json deleted file mode 100644 index c3ec7091a97a..000000000000 --- a/.changes/next-release/api-change-partnercentralselling-58382.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``partnercentral-selling``", - "description": "Adds support for the new Project.AwsPartition field on Opportunity and AWS Opportunity Summary. Use this field to specify the AWS partition where the opportunity will be deployed." -} diff --git a/.changes/next-release/api-change-signer-46149.json b/.changes/next-release/api-change-signer-46149.json deleted file mode 100644 index 246bf7dcc8b9..000000000000 --- a/.changes/next-release/api-change-signer-46149.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``signer``", - "description": "Adds support for Signer GetRevocationStatus with updated endpoints" -} diff --git a/.changes/next-release/bugfix-Serializers-42643.json b/.changes/next-release/bugfix-Serializers-42643.json deleted file mode 100644 index 58f08a046bd9..000000000000 --- a/.changes/next-release/bugfix-Serializers-42643.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "bugfix", - "category": "Serializers", - "description": "Adds support for host prefix to BaseRpcV2Serializer class" -} diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 125437b71ade..b9a4ed11deb9 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -2,6 +2,19 @@ CHANGELOG ========= +2.32.14 +======= + +* bugfix:Serializers: Adds support for host prefix to BaseRpcV2Serializer class +* api-change:``billingconductor``: Launch itemized custom line item and service line item filter +* api-change:``bedrock``: Automated Reasoning checks in Amazon Bedrock Guardrails is capable of generating policy scenarios to validate policies. The GetAutomatedReasoningPolicyBuildWorkflowResultAssets API now adds POLICY SCENARIO asset type, allowing customers to retrieve scenarios generated by the build workflow. +* api-change:``signer``: Adds support for Signer GetRevocationStatus with updated endpoints +* api-change:``cloudwatch``: This release introduces two additional protocols AWS JSON 1.1 and Smithy RPC v2 CBOR, replacing the currently utilized one, AWSQuery. AWS SDKs will prioritize the protocol that is the most performant for each language. +* api-change:``partnercentral-selling``: Adds support for the new Project.AwsPartition field on Opportunity and AWS Opportunity Summary. Use this field to specify the AWS partition where the opportunity will be deployed. +* api-change:``opensearch``: The CreateApplication API now supports an optional kms key arn parameter to allow customers to specify a CMK for application encryption. +* api-change:``odb``: The following APIs now return CloudExadataInfrastructureArn and OdbNetworkArn fields for improved resource identification and AWS service integration - GetCloudVmCluster, ListCloudVmClusters, GetCloudAutonomousVmCluster, and ListCloudAutonomousVmClusters. + + 2.32.13 ======= diff --git a/awscli/__init__.py b/awscli/__init__.py index 0f3f899a9b2c..a153aa21d3bb 100644 --- a/awscli/__init__.py +++ b/awscli/__init__.py @@ -20,7 +20,7 @@ import os import sys -__version__ = '2.32.13' +__version__ = '2.32.14' # # Get our data path to be added to botocore's search path diff --git a/configure b/configure index ceacd84d7a0b..3099c14c2b90 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for awscli 2.32.13. +# Generated by GNU Autoconf 2.71 for awscli 2.32.14. # # # Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation, @@ -607,8 +607,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='awscli' PACKAGE_TARNAME='awscli' -PACKAGE_VERSION='2.32.13' -PACKAGE_STRING='awscli 2.32.13' +PACKAGE_VERSION='2.32.14' +PACKAGE_STRING='awscli 2.32.14' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1255,7 +1255,7 @@ _ACEOF fi if $ac_init_version; then cat <<\_ACEOF -awscli configure 2.32.13 +awscli configure 2.32.14 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. @@ -1292,7 +1292,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by awscli $as_me 2.32.13, which was +It was created by awscli $as_me 2.32.14, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -2668,7 +2668,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by awscli $as_me 2.32.13, which was +This file was extended by awscli $as_me 2.32.14, which was generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -2723,7 +2723,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -awscli config.status 2.32.13 +awscli config.status 2.32.14 configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index a8133a72a1da..0834294f9e8a 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ AC_CONFIG_MACRO_DIRS([m4]) -AC_INIT([awscli], [2.32.13]) +AC_INIT([awscli], [2.32.14]) AC_CONFIG_SRCDIR([bin/aws]) AM_PATH_PYTHON([3.8]) diff --git a/doc/source/conf.py b/doc/source/conf.py index ef907d63cc8c..4020f7c2279b 100644 --- a/doc/source/conf.py +++ b/doc/source/conf.py @@ -66,7 +66,7 @@ # The short X.Y version. version = '2.0' # The full version, including alpha/beta/rc tags. -release = '2.32.13' +release = '2.32.14' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. From 4989c227e7092a8834c5290f09cfade9ed60c487 Mon Sep 17 00:00:00 2001 From: Ahmed Moustafa <35640105+aemous@users.noreply.github.com> Date: Wed, 10 Dec 2025 15:45:28 -0500 Subject: [PATCH 06/37] Upgrade bundled Python interpreter to 3.13.11. (#9902) --- .changes/next-release/enhancement-python-78620.json | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .changes/next-release/enhancement-python-78620.json diff --git a/.changes/next-release/enhancement-python-78620.json b/.changes/next-release/enhancement-python-78620.json new file mode 100644 index 000000000000..01a1b6fa2a19 --- /dev/null +++ b/.changes/next-release/enhancement-python-78620.json @@ -0,0 +1,5 @@ +{ + "type": "enhancement", + "category": "python", + "description": "Upgrade bundled Python interpreter to version 3.13.11." +} From b6dddb4356686d52f2ab22e96026d7424609113e Mon Sep 17 00:00:00 2001 From: aws-sdk-python-automation Date: Thu, 11 Dec 2025 19:10:16 +0000 Subject: [PATCH 07/37] Update to latest models --- .../next-release/api-change-lambda-39215.json | 5 + .../api-change-organizations-14166.json | 5 + .../api-change-quicksight-18551.json | 5 + .../api-change-secretsmanager-85505.json | 5 + .../next-release/api-change-sesv2-55002.json | 5 + .../data/lambda/2015-03-31/service-2.json | 3 +- .../organizations/2016-11-28/service-2.json | 28 +- .../data/quicksight/2018-04-01/service-2.json | 640 +++++++++++++++++- .../secretsmanager/2017-10-17/service-2.json | 13 + .../data/sesv2/2019-09-27/service-2.json | 9 + 10 files changed, 695 insertions(+), 23 deletions(-) create mode 100644 .changes/next-release/api-change-lambda-39215.json create mode 100644 .changes/next-release/api-change-organizations-14166.json create mode 100644 .changes/next-release/api-change-quicksight-18551.json create mode 100644 .changes/next-release/api-change-secretsmanager-85505.json create mode 100644 .changes/next-release/api-change-sesv2-55002.json diff --git a/.changes/next-release/api-change-lambda-39215.json b/.changes/next-release/api-change-lambda-39215.json new file mode 100644 index 000000000000..730396554e84 --- /dev/null +++ b/.changes/next-release/api-change-lambda-39215.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``lambda``", + "description": "Add Dotnet 10 (dotnet10) support to AWS Lambda." +} diff --git a/.changes/next-release/api-change-organizations-14166.json b/.changes/next-release/api-change-organizations-14166.json new file mode 100644 index 000000000000..432cd68347c2 --- /dev/null +++ b/.changes/next-release/api-change-organizations-14166.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``organizations``", + "description": "Add support for policy operations on the NETWORK SECURITY DIRECTOR POLICY policy type." +} diff --git a/.changes/next-release/api-change-quicksight-18551.json b/.changes/next-release/api-change-quicksight-18551.json new file mode 100644 index 000000000000..11b486e0efd9 --- /dev/null +++ b/.changes/next-release/api-change-quicksight-18551.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``quicksight``", + "description": "This release adds new GetIdentityContext API, Dashboard customization options for tables and pivot tables, Visual styling options- borders and decals, map GeocodingPreferences, KeyPairCredentials for DataSourceCredentials. Snapshot APIs now support registered users. Parameters limit increased to 400" +} diff --git a/.changes/next-release/api-change-secretsmanager-85505.json b/.changes/next-release/api-change-secretsmanager-85505.json new file mode 100644 index 000000000000..f37bfcdc9ecd --- /dev/null +++ b/.changes/next-release/api-change-secretsmanager-85505.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``secretsmanager``", + "description": "Add SortBy parameter to ListSecrets" +} diff --git a/.changes/next-release/api-change-sesv2-55002.json b/.changes/next-release/api-change-sesv2-55002.json new file mode 100644 index 000000000000..aa0da441cc62 --- /dev/null +++ b/.changes/next-release/api-change-sesv2-55002.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``sesv2``", + "description": "Update GetEmailIdentity and CreateEmailIdentity response to include SigningHostedZone in DkimAttributes. Updated PutEmailIdentityDkimSigningAttributes Response to include SigningHostedZone." +} diff --git a/awscli/botocore/data/lambda/2015-03-31/service-2.json b/awscli/botocore/data/lambda/2015-03-31/service-2.json index 420c6cc1671f..4b0dcb5e83f6 100644 --- a/awscli/botocore/data/lambda/2015-03-31/service-2.json +++ b/awscli/botocore/data/lambda/2015-03-31/service-2.json @@ -8008,7 +8008,8 @@ "nodejs22.x", "nodejs24.x", "python3.14", - "java25" + "java25", + "dotnet10" ] }, "RuntimeVersionArn":{ diff --git a/awscli/botocore/data/organizations/2016-11-28/service-2.json b/awscli/botocore/data/organizations/2016-11-28/service-2.json index 8f10478a5001..545c42be7345 100644 --- a/awscli/botocore/data/organizations/2016-11-28/service-2.json +++ b/awscli/botocore/data/organizations/2016-11-28/service-2.json @@ -62,7 +62,7 @@ {"shape":"UnsupportedAPIEndpointException"}, {"shape":"PolicyChangesInProgressException"} ], - "documentation":"

Attaches a policy to a root, an organizational unit (OU), or an individual account. How the policy affects accounts depends on the type of policy. Refer to the Organizations User Guide for information about each policy type:

You can only call this operation from the management account or a member account that is a delegated administrator.

" + "documentation":"

Attaches a policy to a root, an organizational unit (OU), or an individual account. How the policy affects accounts depends on the type of policy. Refer to the Organizations User Guide for information about each policy type:

You can only call this operation from the management account or a member account that is a delegated administrator.

" }, "CancelHandshake":{ "name":"CancelHandshake", @@ -1854,7 +1854,7 @@ }, "Type":{ "shape":"PolicyType", - "documentation":"

The type of policy to create. You can specify one of the following values:

" + "documentation":"

The type of policy to create. You can specify one of the following values:

" }, "Tags":{ "shape":"Tags", @@ -2035,7 +2035,7 @@ "members":{ "PolicyType":{ "shape":"EffectivePolicyType", - "documentation":"

The type of policy that you want information about. You can specify one of the following values:

" + "documentation":"

The type of policy that you want information about. You can specify one of the following values:

" }, "TargetId":{ "shape":"PolicyTargetId", @@ -2194,7 +2194,7 @@ }, "PolicyType":{ "shape":"PolicyType", - "documentation":"

The policy type that you want to disable in this root. You can specify one of the following values:

" + "documentation":"

The policy type that you want to disable in this root. You can specify one of the following values:

" } } }, @@ -2289,7 +2289,8 @@ "INSPECTOR_POLICY", "UPGRADE_ROLLOUT_POLICY", "BEDROCK_POLICY", - "S3_POLICY" + "S3_POLICY", + "NETWORK_SECURITY_DIRECTOR_POLICY" ] }, "EffectivePolicyValidationError":{ @@ -2361,7 +2362,7 @@ }, "PolicyType":{ "shape":"PolicyType", - "documentation":"

The policy type that you want to enable. You can specify one of the following values:

" + "documentation":"

The policy type that you want to enable. You can specify one of the following values:

" } } }, @@ -2850,7 +2851,7 @@ "members":{ "PolicyType":{ "shape":"EffectivePolicyType", - "documentation":"

The type of policy that you want information about. You can specify one of the following values:

" + "documentation":"

The type of policy that you want information about. You can specify one of the following values:

" }, "NextToken":{ "shape":"NextToken", @@ -2871,7 +2872,7 @@ }, "PolicyType":{ "shape":"EffectivePolicyType", - "documentation":"

The specified policy type. One of the following values:

" + "documentation":"

The specified policy type. One of the following values:

" }, "NextToken":{ "shape":"NextToken", @@ -3021,7 +3022,7 @@ }, "PolicyType":{ "shape":"EffectivePolicyType", - "documentation":"

The type of policy that you want information about. You can specify one of the following values:

" + "documentation":"

The type of policy that you want information about. You can specify one of the following values:

" }, "NextToken":{ "shape":"NextToken", @@ -3042,7 +3043,7 @@ }, "PolicyType":{ "shape":"EffectivePolicyType", - "documentation":"

The specified policy type. One of the following values:

" + "documentation":"

The specified policy type. One of the following values:

" }, "Path":{ "shape":"Path", @@ -3263,7 +3264,7 @@ }, "Filter":{ "shape":"PolicyType", - "documentation":"

The type of policy that you want to include in the returned list. You must specify one of the following values:

" + "documentation":"

The type of policy that you want to include in the returned list. You must specify one of the following values:

" }, "NextToken":{ "shape":"NextToken", @@ -3294,7 +3295,7 @@ "members":{ "Filter":{ "shape":"PolicyType", - "documentation":"

Specifies the type of policy that you want to include in the response. You must specify one of the following values:

" + "documentation":"

Specifies the type of policy that you want to include in the response. You must specify one of the following values:

" }, "NextToken":{ "shape":"NextToken", @@ -3759,7 +3760,8 @@ "INSPECTOR_POLICY", "UPGRADE_ROLLOUT_POLICY", "BEDROCK_POLICY", - "S3_POLICY" + "S3_POLICY", + "NETWORK_SECURITY_DIRECTOR_POLICY" ] }, "PolicyTypeAlreadyEnabledException":{ diff --git a/awscli/botocore/data/quicksight/2018-04-01/service-2.json b/awscli/botocore/data/quicksight/2018-04-01/service-2.json index 9a53f1526c62..a663f8479d75 100644 --- a/awscli/botocore/data/quicksight/2018-04-01/service-2.json +++ b/awscli/botocore/data/quicksight/2018-04-01/service-2.json @@ -1532,7 +1532,7 @@ {"shape":"UnsupportedUserEditionException"}, {"shape":"InternalFailureException"} ], - "documentation":"

Describes an existing snapshot job.

Poll job descriptions after a job starts to know the status of the job. For information on available status codes, see JobStatus.

" + "documentation":"

Describes an existing snapshot job.

Poll job descriptions after a job starts to know the status of the job. For information on available status codes, see JobStatus.

Registered user support

This API can be called as before to get status of a job started by the same Quick Sight user.

Possible error scenarios

Request will fail with an Access Denied error in the following scenarios:

  • The credentials have expired.

  • Job has been started by a different user.

  • Impersonated Quick Sight user doesn't have access to the specified dashboard in the job.

" }, "DescribeDashboardSnapshotJobResult":{ "name":"DescribeDashboardSnapshotJobResult", @@ -1551,7 +1551,7 @@ {"shape":"PreconditionNotMetException"}, {"shape":"InternalFailureException"} ], - "documentation":"

Describes the result of an existing snapshot job that has finished running.

A finished snapshot job will return a COMPLETED or FAILED status when you poll the job with a DescribeDashboardSnapshotJob API call.

If the job has not finished running, this operation returns a message that says Dashboard Snapshot Job with id <SnapshotjobId> has not reached a terminal state..

" + "documentation":"

Describes the result of an existing snapshot job that has finished running.

A finished snapshot job will return a COMPLETED or FAILED status when you poll the job with a DescribeDashboardSnapshotJob API call.

If the job has not finished running, this operation returns a message that says Dashboard Snapshot Job with id <SnapshotjobId> has not reached a terminal state..

Registered user support

This API can be called as before to get the result of a job started by the same Quick Sight user. The result for the user will be returned in RegisteredUsers response attribute. The attribute will contain a list with at most one object in it.

Possible error scenarios

The request fails with an Access Denied error in the following scenarios:

  • The credentials have expired.

  • The job was started by a different user.

  • The registered user doesn't have access to the specified dashboard.

The request succeeds but the job fails in the following scenarios:

  • DASHBOARD_ACCESS_DENIED - The registered user lost access to the dashboard.

  • CAPABILITY_RESTRICTED - The registered user is restricted from exporting data in all selected formats.

The request succeeds but the response contains an error code in the following scenarios:

  • CAPABILITY_RESTRICTED - The registered user is restricted from exporting data in some selected formats.

  • RLS_CHANGED - Row-level security settings have changed. Re-run the job with current settings.

  • CLS_CHANGED - Column-level security settings have changed. Re-run the job with current settings.

  • DATASET_DELETED - The dataset has been deleted. Verify the dataset exists before re-running the job.

" }, "DescribeDashboardsQAConfiguration":{ "name":"DescribeDashboardsQAConfiguration", @@ -2288,6 +2288,25 @@ "documentation":"

Get permissions for a flow.

", "readonly":true }, + "GetIdentityContext":{ + "name":"GetIdentityContext", + "http":{ + "method":"POST", + "requestUri":"/accounts/{AwsAccountId}/identity-context", + "responseCode":200 + }, + "input":{"shape":"GetIdentityContextRequest"}, + "output":{"shape":"GetIdentityContextResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"InternalFailureException"}, + {"shape":"PreconditionNotMetException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Retrieves the identity context for a Quick Sight user in a specified namespace, allowing you to obtain identity tokens that can be used with identity-enhanced IAM role sessions to call identity-aware APIs.

Currently, you can call the following APIs with identity-enhanced Credentials

Supported Authentication Methods

This API supports Quick Sight native users, IAM federated users, and Active Directory users. For Quick Sight users authenticated by Amazon Web Services Identity Center, see Identity Center documentation on identity-enhanced IAM role sessions.

Getting Identity-Enhanced Credentials

To obtain identity-enhanced credentials, follow these steps:

  • Call the GetIdentityContext API to retrieve an identity token for the specified user.

  • Use the identity token with the STS AssumeRole API to obtain identity-enhanced IAM role session credentials.

Usage with STS AssumeRole

The identity token returned by this API should be used with the STS AssumeRole API to obtain credentials for an identity-enhanced IAM role session. When calling AssumeRole, include the identity token in the ProvidedContexts parameter with ProviderArn set to arn:aws:iam::aws:contextProvider/QuickSight and ContextAssertion set to the identity token received from this API.

The assumed role must allow the sts:SetContext action in addition to sts:AssumeRole in its trust relationship policy. The trust policy should include both actions for the principal that will be assuming the role.

" + }, "GetSessionEmbedUrl":{ "name":"GetSessionEmbedUrl", "http":{ @@ -3268,7 +3287,7 @@ {"shape":"UnsupportedPricingPlanException"}, {"shape":"InternalFailureException"} ], - "documentation":"

Starts an asynchronous job that generates a snapshot of a dashboard's output. You can request one or several of the following format configurations in each API call.

  • 1 Paginated PDF

  • 1 Excel workbook that includes up to 5 table or pivot table visuals

  • 5 CSVs from table or pivot table visuals

The status of a submitted job can be polled with the DescribeDashboardSnapshotJob API. When you call the DescribeDashboardSnapshotJob API, check the JobStatus field in the response. Once the job reaches a COMPLETED or FAILED status, use the DescribeDashboardSnapshotJobResult API to obtain the URLs for the generated files. If the job fails, the DescribeDashboardSnapshotJobResult API returns detailed information about the error that occurred.

StartDashboardSnapshotJob API throttling

Quick Sight utilizes API throttling to create a more consistent user experience within a time span for customers when they call the StartDashboardSnapshotJob. By default, 12 jobs can run simlutaneously in one Amazon Web Services account and users can submit up 10 API requests per second before an account is throttled. If an overwhelming number of API requests are made by the same user in a short period of time, Quick Sight throttles the API calls to maintin an optimal experience and reliability for all Quick Sight users.

Common throttling scenarios

The following list provides information about the most commin throttling scenarios that can occur.

  • A large number of SnapshotExport API jobs are running simultaneously on an Amazon Web Services account. When a new StartDashboardSnapshotJob is created and there are already 12 jobs with the RUNNING status, the new job request fails and returns a LimitExceededException error. Wait for a current job to comlpete before you resubmit the new job.

  • A large number of API requests are submitted on an Amazon Web Services account. When a user makes more than 10 API calls to the Quick Sight API in one second, a ThrottlingException is returned.

If your use case requires a higher throttling limit, contact your account admin or Amazon Web ServicesSupport to explore options to tailor a more optimal expereince for your account.

Best practices to handle throttling

If your use case projects high levels of API traffic, try to reduce the degree of frequency and parallelism of API calls as much as you can to avoid throttling. You can also perform a timing test to calculate an estimate for the total processing time of your projected load that stays within the throttling limits of the Quick Sight APIs. For example, if your projected traffic is 100 snapshot jobs before 12:00 PM per day, start 12 jobs in parallel and measure the amount of time it takes to proccess all 12 jobs. Once you obtain the result, multiply the duration by 9, for example (12 minutes * 9 = 108 minutes). Use the new result to determine the latest time at which the jobs need to be started to meet your target deadline.

The time that it takes to process a job can be impacted by the following factors:

  • The dataset type (Direct Query or SPICE).

  • The size of the dataset.

  • The complexity of the calculated fields that are used in the dashboard.

  • The number of visuals that are on a sheet.

  • The types of visuals that are on the sheet.

  • The number of formats and snapshots that are requested in the job configuration.

  • The size of the generated snapshots.

" + "documentation":"

Starts an asynchronous job that generates a snapshot of a dashboard's output. You can request one or several of the following format configurations in each API call.

  • 1 Paginated PDF

  • 1 Excel workbook that includes up to 5 table or pivot table visuals

  • 5 CSVs from table or pivot table visuals

The status of a submitted job can be polled with the DescribeDashboardSnapshotJob API. When you call the DescribeDashboardSnapshotJob API, check the JobStatus field in the response. Once the job reaches a COMPLETED or FAILED status, use the DescribeDashboardSnapshotJobResult API to obtain the URLs for the generated files. If the job fails, the DescribeDashboardSnapshotJobResult API returns detailed information about the error that occurred.

StartDashboardSnapshotJob API throttling

Quick Sight utilizes API throttling to create a more consistent user experience within a time span for customers when they call the StartDashboardSnapshotJob. By default, 12 jobs can run simlutaneously in one Amazon Web Services account and users can submit up 10 API requests per second before an account is throttled. If an overwhelming number of API requests are made by the same user in a short period of time, Quick Sight throttles the API calls to maintin an optimal experience and reliability for all Quick Sight users.

Common throttling scenarios

The following list provides information about the most commin throttling scenarios that can occur.

  • A large number of SnapshotExport API jobs are running simultaneously on an Amazon Web Services account. When a new StartDashboardSnapshotJob is created and there are already 12 jobs with the RUNNING status, the new job request fails and returns a LimitExceededException error. Wait for a current job to comlpete before you resubmit the new job.

  • A large number of API requests are submitted on an Amazon Web Services account. When a user makes more than 10 API calls to the Quick Sight API in one second, a ThrottlingException is returned.

If your use case requires a higher throttling limit, contact your account admin or Amazon Web ServicesSupport to explore options to tailor a more optimal expereince for your account.

Best practices to handle throttling

If your use case projects high levels of API traffic, try to reduce the degree of frequency and parallelism of API calls as much as you can to avoid throttling. You can also perform a timing test to calculate an estimate for the total processing time of your projected load that stays within the throttling limits of the Quick Sight APIs. For example, if your projected traffic is 100 snapshot jobs before 12:00 PM per day, start 12 jobs in parallel and measure the amount of time it takes to proccess all 12 jobs. Once you obtain the result, multiply the duration by 9, for example (12 minutes * 9 = 108 minutes). Use the new result to determine the latest time at which the jobs need to be started to meet your target deadline.

The time that it takes to process a job can be impacted by the following factors:

  • The dataset type (Direct Query or SPICE).

  • The size of the dataset.

  • The complexity of the calculated fields that are used in the dashboard.

  • The number of visuals that are on a sheet.

  • The types of visuals that are on the sheet.

  • The number of formats and snapshots that are requested in the job configuration.

  • The size of the generated snapshots.

Registered user support

You can generate snapshots for registered Quick Sight users by using the Snapshot Job APIs with identity-enhanced IAM role session credentials. This approach allows you to create snapshots on behalf of specific Quick Sight users while respecting their row-level security (RLS), column-level security (CLS), dynamic default parameters and dashboard parameter/filter settings.

To generate snapshots for registered Quick Sight users, you need to:

  • Obtain identity-enhanced IAM role session credentials from AWS Security Token Service (STS).

  • Use these credentials to call the Snapshot Job APIs.

Identity-enhanced credentials are credentials that contain information about the end user (e.g., registered Quick Sight user).

If your Quick Sight users are backed by AWS Identity Center, then you need to set up a trusted token issuer. Then, getting identity-enhanced IAM credentials for a Quick Sight user will look like the following:

  • Authenticate user with your OIDC compliant Identity Provider. You should get auth tokens back.

  • Use the OIDC API, CreateTokenWithIAM, to exchange auth tokens to IAM tokens. One of the resulted tokens will be identity token.

  • Call STS AssumeRole API as you normally would, but provide an extra ProvidedContexts parameter in the API request. The list of contexts must have a single trusted context assertion. The ProviderArn should be arn:aws:iam::aws:contextProvider/IdentityCenter while ContextAssertion will be the identity token you received in response from CreateTokenWithIAM

For more details, see IdC documentation on Identity-enhanced IAM role sessions.

To obtain Identity-enhanced credentials for Quick Sight native users, IAM federated users, or Active Directory users, follow the steps below:

  • Call Quick Sight GetIdentityContext API to get identity token.

  • Call STS AssumeRole API as you normally would, but provide extra ProvidedContexts parameter in the API request. The list of contexts must have a single trusted context assertion. The ProviderArn should be arn:aws:iam::aws:contextProvider/QuickSight while ContextAssertion will be the identity token you received in response from GetIdentityContext

After obtaining the identity-enhanced IAM role session credentials, you can use them to start a job, describe the job and describe job result. You can use the same credentials as long as they haven't expired. All API requests made with these credentials are considered to be made by the impersonated Quick Sight user.

When using identity-enhanced session credentials, set the UserConfiguration request attribute to null. Otherwise, the request will be invalid.

Possible error scenarios

The request fails with an Access Denied error in the following scenarios:

  • The credentials have expired.

  • The impersonated Quick Sight user doesn't have access to the specified dashboard.

  • The impersonated Quick Sight user is restricted from exporting data in the selected formats. For more information about export restrictions, see Customizing access to Amazon Quick Sight capabilities.

" }, "StartDashboardSnapshotJobSchedule":{ "name":"StartDashboardSnapshotJobSchedule", @@ -7328,6 +7347,14 @@ "shape":"ChartAxisLabelOptions", "documentation":"

The label options (label text, label visibility and sort icon visibility) for a color that is used in a bar chart.

" }, + "DefaultSeriesSettings":{ + "shape":"BarChartDefaultSeriesSettings", + "documentation":"

The options that determine the default presentation of all bar series in BarChartVisual.

" + }, + "Series":{ + "shape":"BarSeriesItemList", + "documentation":"

The series item configuration of a BarChartVisual.

" + }, "Legend":{ "shape":"LegendOptions", "documentation":"

The legend display setup of the visual.

" @@ -7355,6 +7382,20 @@ }, "documentation":"

The configuration of a BarChartVisual.

" }, + "BarChartDefaultSeriesSettings":{ + "type":"structure", + "members":{ + "DecalSettings":{ + "shape":"DecalSettings", + "documentation":"

Decal settings for all bar series in the visual.

" + }, + "BorderSettings":{ + "shape":"BorderSettings", + "documentation":"

Border settings for all bar series in the visual.

" + } + }, + "documentation":"

The options that determine the default presentation of all bar series in BarChartVisual.

" + }, "BarChartFieldWells":{ "type":"structure", "members":{ @@ -7372,6 +7413,20 @@ "VERTICAL" ] }, + "BarChartSeriesSettings":{ + "type":"structure", + "members":{ + "DecalSettings":{ + "shape":"DecalSettings", + "documentation":"

Decal settings for the bar series.

" + }, + "BorderSettings":{ + "shape":"BorderSettings", + "documentation":"

Border settings for the bar series.

" + } + }, + "documentation":"

Options that determine the presentation of a bar series in the visual.

" + }, "BarChartSortConfiguration":{ "type":"structure", "members":{ @@ -7437,6 +7492,25 @@ }, "documentation":"

A bar chart.

The BarChartVisual structure describes a visual that is a member of the bar chart family. The following charts can be described using this structure:

  • Horizontal bar chart

  • Vertical bar chart

  • Horizontal stacked bar chart

  • Vertical stacked bar chart

  • Horizontal stacked 100% bar chart

  • Vertical stacked 100% bar chart

For more information, see Using bar charts in the Amazon Quick Suite User Guide.

" }, + "BarSeriesItem":{ + "type":"structure", + "members":{ + "FieldBarSeriesItem":{ + "shape":"FieldBarSeriesItem", + "documentation":"

The field series item configuration of a BarChartVisual.

" + }, + "DataFieldBarSeriesItem":{ + "shape":"DataFieldBarSeriesItem", + "documentation":"

The data field series item configuration of a BarChartVisual.

" + } + }, + "documentation":"

The series item configuration of a BarChartVisual.

This is a union type structure. For this structure to be valid, only one of the attributes can be defined.

" + }, + "BarSeriesItemList":{ + "type":"list", + "member":{"shape":"BarSeriesItem"}, + "max":2000 + }, "BarsArrangement":{ "type":"string", "enum":[ @@ -7790,6 +7864,24 @@ "type":"string", "max":50 }, + "BorderSettings":{ + "type":"structure", + "members":{ + "BorderVisibility":{ + "shape":"Visibility", + "documentation":"

Visibility setting for the border.

" + }, + "BorderWidth":{ + "shape":"PixelLength", + "documentation":"

Width of the border. Valid range is from 1px to 8px.

" + }, + "BorderColor":{ + "shape":"HexColorWithTransparency", + "documentation":"

Color of the border.

" + } + }, + "documentation":"

Border settings configuration for visual elements, including visibility, width, and color properties.

" + }, "BorderStyle":{ "type":"structure", "members":{ @@ -8948,6 +9040,10 @@ "ColorsConfiguration":{ "shape":"ColorsConfiguration", "documentation":"

The color configurations of the column.

" + }, + "DecalSettingsConfiguration":{ + "shape":"DecalSettingsConfiguration", + "documentation":"

Decal configuration of the column.

" } }, "documentation":"

The general configuration of a column.

" @@ -9333,6 +9429,14 @@ "shape":"ChartAxisLabelOptions", "documentation":"

The label options (label text, label visibility, and sort icon visibility) of a combo chart's color field well.

" }, + "DefaultSeriesSettings":{ + "shape":"ComboChartDefaultSeriesSettings", + "documentation":"

The options that determine the default presentation of all series in ComboChartVisual.

" + }, + "Series":{ + "shape":"ComboSeriesItemList", + "documentation":"

The series item configuration of a ComboChartVisual.

" + }, "Legend":{ "shape":"LegendOptions", "documentation":"

The legend display setup of the visual.

" @@ -9364,6 +9468,28 @@ }, "documentation":"

The configuration of a ComboChartVisual.

" }, + "ComboChartDefaultSeriesSettings":{ + "type":"structure", + "members":{ + "LineStyleSettings":{ + "shape":"LineChartLineStyleSettings", + "documentation":"

Line styles options for all line series in the visual.

" + }, + "MarkerStyleSettings":{ + "shape":"LineChartMarkerStyleSettings", + "documentation":"

Marker styles options for all line series in the visual.

" + }, + "DecalSettings":{ + "shape":"DecalSettings", + "documentation":"

Decal settings for all series in the visual.

" + }, + "BorderSettings":{ + "shape":"BorderSettings", + "documentation":"

Border settings for all bar series in the visual.

" + } + }, + "documentation":"

The options that determine the default presentation of all series in ComboChartVisual.

" + }, "ComboChartFieldWells":{ "type":"structure", "members":{ @@ -9374,6 +9500,28 @@ }, "documentation":"

The field wells of the visual.

This is a union type structure. For this structure to be valid, only one of the attributes can be defined.

" }, + "ComboChartSeriesSettings":{ + "type":"structure", + "members":{ + "LineStyleSettings":{ + "shape":"LineChartLineStyleSettings", + "documentation":"

Line styles options for the line series in the visual.

" + }, + "MarkerStyleSettings":{ + "shape":"LineChartMarkerStyleSettings", + "documentation":"

Marker styles options for the line series in the visual.

" + }, + "DecalSettings":{ + "shape":"DecalSettings", + "documentation":"

Decal settings for the series in the visual.

" + }, + "BorderSettings":{ + "shape":"BorderSettings", + "documentation":"

Border settings for the bar series in the visual.

" + } + }, + "documentation":"

Options that determine the presentation of a series in the visual.

" + }, "ComboChartSortConfiguration":{ "type":"structure", "members":{ @@ -9431,6 +9579,25 @@ }, "documentation":"

A combo chart.

The ComboChartVisual includes stacked bar combo charts and clustered bar combo charts

For more information, see Using combo charts in the Amazon Quick Suite User Guide.

" }, + "ComboSeriesItem":{ + "type":"structure", + "members":{ + "FieldComboSeriesItem":{ + "shape":"FieldComboSeriesItem", + "documentation":"

The field series item configuration of a ComboChartVisual.

" + }, + "DataFieldComboSeriesItem":{ + "shape":"DataFieldComboSeriesItem", + "documentation":"

The data field series item configuration of a ComboChartVisual.

" + } + }, + "documentation":"

The series item configuration of a ComboChartVisual.

This is a union type structure. For this structure to be valid, only one of the attributes can be defined.

" + }, + "ComboSeriesItemList":{ + "type":"list", + "member":{"shape":"ComboSeriesItem"}, + "max":2000 + }, "CommitMode":{ "type":"string", "enum":[ @@ -9857,6 +10024,36 @@ "max":4, "min":1 }, + "Coordinate":{ + "type":"structure", + "required":[ + "Latitude", + "Longitude" + ], + "members":{ + "Latitude":{ + "shape":"CoordinateLatitudeDouble", + "documentation":"

The latitude coordinate value for the geocode preference.

" + }, + "Longitude":{ + "shape":"CoordinateLongitudeDouble", + "documentation":"

The longitude coordinate value for the geocode preference.

" + } + }, + "documentation":"

The preference coordinate for the geocode preference.

" + }, + "CoordinateLatitudeDouble":{ + "type":"double", + "box":true, + "max":90.0, + "min":-90.0 + }, + "CoordinateLongitudeDouble":{ + "type":"double", + "box":true, + "max":180.0, + "min":-180.0 + }, "CopySourceArn":{ "type":"string", "pattern":"^arn:[-a-z0-9]*:quicksight:[-a-z0-9]*:[0-9]{12}:datasource/.+" @@ -12108,6 +12305,23 @@ "DISABLED" ] }, + "DashboardCustomizationStatus":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] + }, + "DashboardCustomizationVisualOptions":{ + "type":"structure", + "members":{ + "FieldsConfiguration":{ + "shape":"VisualCustomizationFieldsConfiguration", + "documentation":"

The configuration that controls field customization options available to dashboard readers for a visual.

" + } + }, + "documentation":"

The options that define customizations available to dashboard readers for a specific visual

" + }, "DashboardError":{ "type":"structure", "members":{ @@ -12595,6 +12809,44 @@ }, "documentation":"

The theme colors that are used for data colors in charts. The colors description is a hexadecimal color code that consists of six alphanumerical characters, prefixed with #, for example #37BFF5.

" }, + "DataFieldBarSeriesItem":{ + "type":"structure", + "required":["FieldId"], + "members":{ + "FieldId":{ + "shape":"FieldId", + "documentation":"

Field ID of the field that you are setting the series configuration for.

" + }, + "FieldValue":{ + "shape":"SensitiveString", + "documentation":"

Field value of the field that you are setting the series configuration for.

" + }, + "Settings":{ + "shape":"BarChartSeriesSettings", + "documentation":"

Options that determine the presentation of bar series associated to the field.

" + } + }, + "documentation":"

The data field series item configuration of a BarChartVisual.

" + }, + "DataFieldComboSeriesItem":{ + "type":"structure", + "required":["FieldId"], + "members":{ + "FieldId":{ + "shape":"FieldId", + "documentation":"

Field ID of the field that you are setting the series configuration for.

" + }, + "FieldValue":{ + "shape":"SensitiveString", + "documentation":"

Field value of the field that you are setting the series configuration for.

" + }, + "Settings":{ + "shape":"ComboChartSeriesSettings", + "documentation":"

Options that determine the presentation of series associated to the field.

" + } + }, + "documentation":"

The data field series item configuration of a ComboChartVisual.

" + }, "DataFieldSeriesItem":{ "type":"structure", "required":[ @@ -13639,6 +13891,10 @@ "shape":"SecretArn", "documentation":"

The Amazon Resource Name (ARN) of the secret associated with the data source in Amazon Secrets Manager.

" }, + "KeyPairCredentials":{ + "shape":"KeyPairCredentials", + "documentation":"

The credentials for connecting using key-pair.

" + }, "WebProxyCredentials":{ "shape":"WebProxyCredentials", "documentation":"

The credentials for connecting through a web proxy server.

" @@ -14401,6 +14657,81 @@ "max":64, "min":1 }, + "DecalPatternType":{ + "type":"string", + "enum":[ + "SOLID", + "DIAGONAL_MEDIUM", + "CIRCLE_MEDIUM", + "DIAMOND_GRID_MEDIUM", + "CHECKERBOARD_MEDIUM", + "TRIANGLE_MEDIUM", + "DIAGONAL_OPPOSITE_MEDIUM", + "DIAMOND_MEDIUM", + "DIAGONAL_LARGE", + "CIRCLE_LARGE", + "DIAMOND_GRID_LARGE", + "CHECKERBOARD_LARGE", + "TRIANGLE_LARGE", + "DIAGONAL_OPPOSITE_LARGE", + "DIAMOND_LARGE", + "DIAGONAL_SMALL", + "CIRCLE_SMALL", + "DIAMOND_GRID_SMALL", + "CHECKERBOARD_SMALL", + "TRIANGLE_SMALL", + "DIAGONAL_OPPOSITE_SMALL", + "DIAMOND_SMALL" + ] + }, + "DecalSettings":{ + "type":"structure", + "members":{ + "ElementValue":{ + "shape":"ElementValue", + "documentation":"

Field value of the field that you are setting the decal pattern to. Applicable only for field level settings.

" + }, + "DecalVisibility":{ + "shape":"Visibility", + "documentation":"

Visibility setting for the decal pattern.

" + }, + "DecalColor":{ + "shape":"HexColorWithTransparency", + "documentation":"

Color configuration for the decal pattern.

" + }, + "DecalPatternType":{ + "shape":"DecalPatternType", + "documentation":"

Type of pattern used for the decal, such as solid, diagonal, or circular patterns in various sizes.

  • SOLID: Solid fill pattern.

  • DIAGONAL_SMALL: Small diagonal stripes pattern.

  • DIAGONAL_MEDIUM: Medium diagonal stripes pattern.

  • DIAGONAL_LARGE: Large diagonal stripes pattern.

  • DIAGONAL_OPPOSITE_SMALL: Small cross-diagonal stripes pattern.

  • DIAGONAL_OPPOSITE_MEDIUM: Medium cross-diagonal stripes pattern.

  • DIAGONAL_OPPOSITE_LARGE: Large cross-diagonal stripes pattern.

  • CIRCLE_SMALL: Small circle pattern.

  • CIRCLE_MEDIUM: Medium circle pattern.

  • CIRCLE_LARGE: Large circle pattern.

  • DIAMOND_SMALL: Small diamonds pattern.

  • DIAMOND_MEDIUM: Medium diamonds pattern.

  • DIAMOND_LARGE: Large diamonds pattern.

  • DIAMOND_GRID_SMALL: Small diamond grid pattern.

  • DIAMOND_GRID_MEDIUM: Medium diamond grid pattern.

  • DIAMOND_GRID_LARGE: Large diamond grid pattern.

  • CHECKERBOARD_SMALL: Small checkerboard pattern.

  • CHECKERBOARD_MEDIUM: Medium checkerboard pattern.

  • CHECKERBOARD_LARGE: Large checkerboard pattern.

  • TRIANGLE_SMALL: Small triangles pattern.

  • TRIANGLE_MEDIUM: Medium triangles pattern.

  • TRIANGLE_LARGE: Large triangles pattern.

" + }, + "DecalStyleType":{ + "shape":"DecalStyleType", + "documentation":"

Style type for the decal, which can be either manual or automatic. This field is only applicable for line series.

  • Manual: Apply manual line and marker configuration for line series.

  • Auto: Apply automatic line and marker configuration for line series.

" + } + }, + "documentation":"

Decal settings for accessibility features that define visual patterns and styling for data elements.

" + }, + "DecalSettingsConfiguration":{ + "type":"structure", + "members":{ + "CustomDecalSettings":{ + "shape":"DecalSettingsList", + "documentation":"

A list of up to 50 decal settings.

" + } + }, + "documentation":"

Decal settings configuration for a column

" + }, + "DecalSettingsList":{ + "type":"list", + "member":{"shape":"DecalSettings"}, + "max":50 + }, + "DecalStyleType":{ + "type":"string", + "enum":[ + "Manual", + "Auto" + ] + }, "DecimalDatasetParameter":{ "type":"structure", "required":[ @@ -19118,6 +19449,10 @@ "ENTERPRISE_AND_Q" ] }, + "ElementValue":{ + "type":"string", + "max":1024 + }, "Email":{ "type":"string", "pattern":"[\\w.%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,}", @@ -19378,6 +19713,21 @@ }, "documentation":"

An entry that appears when a KeyRegistration update to Quick Sight fails.

" }, + "FieldBarSeriesItem":{ + "type":"structure", + "required":["FieldId"], + "members":{ + "FieldId":{ + "shape":"FieldId", + "documentation":"

Field ID of the field for which you are setting the series configuration.

" + }, + "Settings":{ + "shape":"BarChartSeriesSettings", + "documentation":"

Options that determine the presentation of bar series associated to the field.

" + } + }, + "documentation":"

The field series item configuration of a BarChartVisual.

" + }, "FieldBasedTooltip":{ "type":"structure", "members":{ @@ -19396,6 +19746,21 @@ }, "documentation":"

The setup for the detailed tooltip.

" }, + "FieldComboSeriesItem":{ + "type":"structure", + "required":["FieldId"], + "members":{ + "FieldId":{ + "shape":"FieldId", + "documentation":"

Field ID of the field for which you are setting the series configuration.

" + }, + "Settings":{ + "shape":"ComboChartSeriesSettings", + "documentation":"

Options that determine the presentation of series associated to the field.

" + } + }, + "documentation":"

The field series item configuration of a ComboChartVisual.

" + }, "FieldFolder":{ "type":"structure", "members":{ @@ -19711,6 +20076,10 @@ "VisualContentAltText":{ "shape":"LongPlainText", "documentation":"

The alt text for the visual.

" + }, + "GeocodingPreferences":{ + "shape":"GeocodePreferenceList", + "documentation":"

The geocoding prefences for filled map visual.

" } }, "documentation":"

A filled map.

For more information, see Creating filled maps in the Amazon Quick Suite User Guide.

" @@ -21511,6 +21880,96 @@ "LATITUDE" ] }, + "GeocodePreference":{ + "type":"structure", + "required":[ + "RequestKey", + "Preference" + ], + "members":{ + "RequestKey":{ + "shape":"GeocoderHierarchy", + "documentation":"

The unique request key for the geocode preference.

" + }, + "Preference":{ + "shape":"GeocodePreferenceValue", + "documentation":"

The preference definition for the geocode preference.

" + } + }, + "documentation":"

The geocode preference.

" + }, + "GeocodePreferenceList":{ + "type":"list", + "member":{"shape":"GeocodePreference"}, + "max":200, + "min":0 + }, + "GeocodePreferenceValue":{ + "type":"structure", + "members":{ + "GeocoderHierarchy":{ + "shape":"GeocoderHierarchy", + "documentation":"

The preference hierarchy for the geocode preference.

" + }, + "Coordinate":{ + "shape":"Coordinate", + "documentation":"

The preference coordinate for the geocode preference.

" + } + }, + "documentation":"

The preference value for the geocode preference.

", + "union":true + }, + "GeocoderHierarchy":{ + "type":"structure", + "members":{ + "Country":{ + "shape":"GeocoderHierarchyCountryString", + "documentation":"

The country value for the preference hierarchy.

" + }, + "State":{ + "shape":"GeocoderHierarchyStateString", + "documentation":"

The state/region value for the preference hierarchy.

" + }, + "County":{ + "shape":"GeocoderHierarchyCountyString", + "documentation":"

The county/district value for the preference hierarchy.

" + }, + "City":{ + "shape":"GeocoderHierarchyCityString", + "documentation":"

The city value for the preference hierarchy.

" + }, + "PostCode":{ + "shape":"GeocoderHierarchyPostCodeString", + "documentation":"

The postcode value for the preference hierarchy.

" + } + }, + "documentation":"

The preference hierarchy for the geocode preference.

" + }, + "GeocoderHierarchyCityString":{ + "type":"string", + "max":3000, + "min":0 + }, + "GeocoderHierarchyCountryString":{ + "type":"string", + "max":3000, + "min":0 + }, + "GeocoderHierarchyCountyString":{ + "type":"string", + "max":3000, + "min":0 + }, + "GeocoderHierarchyPostCodeString":{ + "type":"string", + "max":3000, + "min":0 + }, + "GeocoderHierarchyStateString":{ + "type":"string", + "max":3000, + "min":0 + }, "GeospatialCategoricalColor":{ "type":"structure", "required":["CategoryDataColors"], @@ -22049,6 +22508,10 @@ "VisualContentAltText":{ "shape":"LongPlainText", "documentation":"

The alt text for the visual.

" + }, + "GeocodingPreferences":{ + "shape":"GeocodePreferenceList", + "documentation":"

The geocoding prefences for geospatial map.

" } }, "documentation":"

A geospatial map or a points on map visual.

For more information, see Creating point maps in the Amazon Quick Suite User Guide.

" @@ -22434,6 +22897,56 @@ } } }, + "GetIdentityContextRequest":{ + "type":"structure", + "required":[ + "AwsAccountId", + "UserIdentifier" + ], + "members":{ + "AwsAccountId":{ + "shape":"AwsAccountId", + "documentation":"

The ID for the Amazon Web Services account that the user whose identity context you want to retrieve is in. Currently, you use the ID for the Amazon Web Services account that contains your Quick Sight account.

", + "location":"uri", + "locationName":"AwsAccountId" + }, + "UserIdentifier":{ + "shape":"UserIdentifier", + "documentation":"

The identifier for the user whose identity context you want to retrieve.

" + }, + "Namespace":{ + "shape":"Namespace", + "documentation":"

The namespace of the user that you want to get identity context for. This parameter is required when the UserIdentifier is specified using Email or UserName.

" + }, + "SessionExpiresAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp at which the session will expire.

" + } + }, + "documentation":"

///////////////////////// /////////////////////////

" + }, + "GetIdentityContextResponse":{ + "type":"structure", + "required":[ + "Status", + "RequestId" + ], + "members":{ + "Status":{ + "shape":"statusCode", + "documentation":"

The HTTP status of the request.

", + "location":"statusCode" + }, + "RequestId":{ + "shape":"String", + "documentation":"

The Amazon Web Services request ID for this operation.

" + }, + "Context":{ + "shape":"String", + "documentation":"

The identity context information for the user. This is an identity token that should be used as the ContextAssertion parameter in the STS AssumeRole API call to obtain identity enhanced AWS credentials.

" + } + } + }, "GetSessionEmbedUrlRequest":{ "type":"structure", "required":["AwsAccountId"], @@ -24519,6 +25032,28 @@ "VERTICAL" ] }, + "KeyPairCredentials":{ + "type":"structure", + "required":[ + "KeyPairUsername", + "PrivateKey" + ], + "members":{ + "KeyPairUsername":{ + "shape":"DbUsername", + "documentation":"

Username

" + }, + "PrivateKey":{ + "shape":"PrivateKey", + "documentation":"

PrivateKey

" + }, + "PrivateKeyPassphrase":{ + "shape":"PrivateKeyPassphrase", + "documentation":"

PrivateKeyPassphrase

" + } + }, + "documentation":"

The combination of username, private key and passphrase that are used as credentials.

" + }, "KeyRegistration":{ "type":"list", "member":{"shape":"RegisteredCustomerManagedKey"} @@ -24868,6 +25403,10 @@ "MarkerStyleSettings":{ "shape":"LineChartMarkerStyleSettings", "documentation":"

Marker styles options for all line series in the visual.

" + }, + "DecalSettings":{ + "shape":"DecalSettings", + "documentation":"

Decal settings options for all line series in the visual.

" } }, "documentation":"

The options that determine the default presentation of all line series in LineChartVisual.

" @@ -24954,6 +25493,10 @@ "MarkerStyleSettings":{ "shape":"LineChartMarkerStyleSettings", "documentation":"

Marker styles options for a line series in LineChartVisual.

" + }, + "DecalSettings":{ + "shape":"DecalSettings", + "documentation":"

Decal settings for a line series in LineChartVisual.

" } }, "documentation":"

The options that determine the presentation of a line series in the visual

" @@ -28514,7 +29057,7 @@ "ParameterDeclarationList":{ "type":"list", "member":{"shape":"ParameterDeclaration"}, - "max":200 + "max":400 }, "ParameterDropDownControl":{ "type":"structure", @@ -29322,6 +29865,10 @@ "shape":"PivotTablePaginatedReportOptions", "documentation":"

The paginated report options for a pivot table visual.

" }, + "DashboardCustomizationVisualOptions":{ + "shape":"DashboardCustomizationVisualOptions", + "documentation":"

The options that define customizations available to dashboard readers for a specific visual

" + }, "Interactions":{ "shape":"VisualInteractionOptions", "documentation":"

The general visual interactions setup for a visual.

" @@ -30069,6 +30616,18 @@ "max":100, "min":1 }, + "PrivateKey":{ + "type":"string", + "max":8000, + "min":1600, + "pattern":"^-{5}BEGIN (ENCRYPTED )?PRIVATE KEY-{5}\\u000D?\\u000A([A-Za-z0-9/+]{64}\\u000D?\\u000A)*[A-Za-z0-9/+]{1,64}={0,2}\\u000D?\\u000A-{5}END (ENCRYPTED )?PRIVATE KEY-{5}(\\u000D?\\u000A)?$", + "sensitive":true + }, + "PrivateKeyPassphrase":{ + "type":"string", + "max":256, + "sensitive":true + }, "ProgressBarOptions":{ "type":"structure", "members":{ @@ -31425,6 +31984,20 @@ }, "documentation":"

Information about the Amazon Quick Sight console that you want to embed.

" }, + "RegisteredUserSnapshotJobResult":{ + "type":"structure", + "members":{ + "FileGroups":{ + "shape":"SnapshotJobResultFileGroupList", + "documentation":"

A list of SnapshotJobResultFileGroup objects that contain information on the files that are requested for registered user during a StartDashboardSnapshotJob API call. If the job succeeds, these objects contain the location where the snapshot artifacts are stored. If the job fails, the objects contain information about the error that caused the job to fail.

" + } + }, + "documentation":"

A structure that contains information about files that are requested for registered user during a StartDashboardSnapshotJob API call.

" + }, + "RegisteredUserSnapshotJobResultList":{ + "type":"list", + "member":{"shape":"RegisteredUserSnapshotJobResult"} + }, "RelationalTable":{ "type":"structure", "required":[ @@ -34187,7 +34760,7 @@ "documentation":"

The error type.

" } }, - "documentation":"

An object that contains information on the error that caused the snapshot job to fail.

" + "documentation":"

An object that contains information on the error that caused the snapshot job to fail.

For more information, see DescribeDashboardSnapshotJobResult API.

" }, "SnapshotJobResult":{ "type":"structure", @@ -34195,6 +34768,10 @@ "AnonymousUsers":{ "shape":"AnonymousUserSnapshotJobResultList", "documentation":"

A list of AnonymousUserSnapshotJobResult objects that contain information on anonymous users and their user configurations. This data provided by you when you make a StartDashboardSnapshotJob API call.

" + }, + "RegisteredUsers":{ + "shape":"RegisteredUserSnapshotJobResultList", + "documentation":"

A list of RegisteredUserSnapshotJobResult objects that contain information about files that are requested for registered user during a StartDashboardSnapshotJob API call.

" } }, "documentation":"

An object that provides information on the result of a snapshot job. This object provides information about the job, the job status, and the location of the generated file.

" @@ -34291,7 +34868,7 @@ "documentation":"

An array of records that describe the anonymous users that the dashboard snapshot is generated for.

" } }, - "documentation":"

A structure that contains information about the users that the dashboard snapshot is generated for.

" + "documentation":"

A structure that contains information about the users that the dashboard snapshot is generated for.

When using identity-enhanced session credentials, set the UserConfiguration request attribute to null. Otherwise, the request will be invalid.

" }, "SnapshotUserConfigurationRedacted":{ "type":"structure", @@ -34670,7 +35247,6 @@ "AwsAccountId", "DashboardId", "SnapshotJobId", - "UserConfiguration", "SnapshotConfiguration" ], "members":{ @@ -34692,7 +35268,7 @@ }, "UserConfiguration":{ "shape":"SnapshotUserConfiguration", - "documentation":"

A structure that contains information about the anonymous users that the generated snapshot is for. This API will not return information about registered Amazon Quick Sight.

" + "documentation":"

A structure that contains information about the users that the dashboard snapshot is generated for. The users can be either anonymous users or registered users. Anonymous users cannot be used together with registered users.

When using identity-enhanced session credentials, set the UserConfiguration request attribute to null. Otherwise, the request will be invalid.

" }, "SnapshotConfiguration":{ "shape":"SnapshotConfiguration", @@ -35281,6 +35857,10 @@ "shape":"TableInlineVisualizationList", "documentation":"

A collection of inline visualizations to display within a chart.

" }, + "DashboardCustomizationVisualOptions":{ + "shape":"DashboardCustomizationVisualOptions", + "documentation":"

The options that define customizations available to dashboard readers for a specific visual

" + }, "Interactions":{ "shape":"VisualInteractionOptions", "documentation":"

The general visual interactions setup for a visual.

" @@ -41300,6 +41880,25 @@ }, "documentation":"

A registered user of Quick Sight.

" }, + "UserIdentifier":{ + "type":"structure", + "members":{ + "UserName":{ + "shape":"SensitiveString", + "documentation":"

The name of the user that you want to get identity context for.

" + }, + "Email":{ + "shape":"SensitiveString", + "documentation":"

The email address of the user that you want to get identity context for.

" + }, + "UserArn":{ + "shape":"Arn", + "documentation":"

The Amazon Resource Name (ARN) of the user that you want to get identity context for.

" + } + }, + "documentation":"

A structure that contains information to identify a user.

", + "union":true + }, "UserList":{ "type":"list", "member":{"shape":"User"} @@ -41750,6 +42349,25 @@ "DATA_POINT_MENU" ] }, + "VisualCustomizationAdditionalFieldsList":{ + "type":"list", + "member":{"shape":"ColumnIdentifier"}, + "max":2500 + }, + "VisualCustomizationFieldsConfiguration":{ + "type":"structure", + "members":{ + "Status":{ + "shape":"DashboardCustomizationStatus", + "documentation":"

Specifies whether dashboard readers can customize fields for this visual. This option is ENABLED by default.

" + }, + "AdditionalFields":{ + "shape":"VisualCustomizationAdditionalFieldsList", + "documentation":"

The additional dataset fields available for dashboard readers to customize the visual with, beyond the fields already configured on the visual.

" + } + }, + "documentation":"

The configuration that controls field customization options available to dashboard readers for a visual.

" + }, "VisualHighlightOperation":{ "type":"structure", "required":["Trigger"], @@ -42437,7 +43055,11 @@ }, "documentation":"

The options that are available for a single Y axis in a chart.

" }, - "boolean":{"type":"boolean"} + "boolean":{"type":"boolean"}, + "statusCode":{ + "type":"integer", + "box":true + } }, "documentation":"Amazon Quick Suite API Reference

Amazon Quick Sight is a fully managed, serverless business intelligence service for the Amazon Web Services Cloud that makes it easy to extend data and insights to every user in your organization. This API reference contains documentation for a programming interface that you can use to manage Amazon Quick Sight.

" } diff --git a/awscli/botocore/data/secretsmanager/2017-10-17/service-2.json b/awscli/botocore/data/secretsmanager/2017-10-17/service-2.json index c6f4428c2344..ed203621eff7 100644 --- a/awscli/botocore/data/secretsmanager/2017-10-17/service-2.json +++ b/awscli/botocore/data/secretsmanager/2017-10-17/service-2.json @@ -1107,6 +1107,10 @@ "SortOrder":{ "shape":"SortOrderType", "documentation":"

Secrets are listed by CreatedDate.

" + }, + "SortBy":{ + "shape":"SortByType", + "documentation":"

If not specified, secrets are listed by CreatedDate.

" } } }, @@ -1759,6 +1763,15 @@ "key":{"shape":"SecretVersionIdType"}, "value":{"shape":"SecretVersionStagesType"} }, + "SortByType":{ + "type":"string", + "enum":[ + "created-date", + "last-accessed-date", + "last-changed-date", + "name" + ] + }, "SortOrderType":{ "type":"string", "enum":[ diff --git a/awscli/botocore/data/sesv2/2019-09-27/service-2.json b/awscli/botocore/data/sesv2/2019-09-27/service-2.json index 3c697996ede8..90af9ebd1800 100644 --- a/awscli/botocore/data/sesv2/2019-09-27/service-2.json +++ b/awscli/botocore/data/sesv2/2019-09-27/service-2.json @@ -3334,6 +3334,10 @@ "shape":"DnsTokenList", "documentation":"

If you used Easy DKIM to configure DKIM authentication for the domain, then this object contains a set of unique strings that you use to create a set of CNAME records that you add to the DNS configuration for your domain. When Amazon SES detects these records in the DNS configuration for your domain, the DKIM authentication process is complete.

If you configured DKIM authentication for the domain by providing your own public-private key pair, then this object contains the selector for the public key.

Regardless of the DKIM authentication method you use, Amazon SES searches for the appropriate records in the DNS configuration of the domain for up to 72 hours.

" }, + "SigningHostedZone":{ + "shape":"HostedZone", + "documentation":"

The hosted zone where Amazon SES publishes the DKIM public key TXT records for this email identity. This value indicates the DNS zone that customers must reference when configuring their CNAME records for DKIM authentication.

When configuring DKIM for your domain, create CNAME records in your DNS that point to the selectors in this hosted zone. For example:

selector1._domainkey.yourdomain.com CNAME selector1.<SigningHostedZone>

selector2._domainkey.yourdomain.com CNAME selector2.<SigningHostedZone>

selector3._domainkey.yourdomain.com CNAME selector3.<SigningHostedZone>

" + }, "SigningAttributesOrigin":{ "shape":"DkimSigningAttributesOrigin", "documentation":"

A string that indicates how DKIM was configured for the identity. These are the possible values:

  • AWS_SES – Indicates that DKIM was configured for the identity by using Easy DKIM.

  • EXTERNAL – Indicates that DKIM was configured for the identity by using Bring Your Own DKIM (BYODKIM).

  • AWS_SES_AF_SOUTH_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Africa (Cape Town) region using Deterministic Easy-DKIM (DEED).

  • AWS_SES_EU_NORTH_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Stockholm) region using Deterministic Easy-DKIM (DEED).

  • AWS_SES_AP_SOUTH_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Mumbai) region using Deterministic Easy-DKIM (DEED).

  • AWS_SES_AP_SOUTH_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Hyderabad) region using Deterministic Easy-DKIM (DEED).

  • AWS_SES_EU_WEST_3 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Paris) region using Deterministic Easy-DKIM (DEED).

  • AWS_SES_EU_WEST_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (London) region using Deterministic Easy-DKIM (DEED).

  • AWS_SES_EU_SOUTH_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Milan) region using Deterministic Easy-DKIM (DEED).

  • AWS_SES_EU_WEST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Ireland) region using Deterministic Easy-DKIM (DEED).

  • AWS_SES_AP_NORTHEAST_3 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Osaka) region using Deterministic Easy-DKIM (DEED).

  • AWS_SES_AP_NORTHEAST_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Seoul) region using Deterministic Easy-DKIM (DEED).

  • AWS_SES_ME_CENTRAL_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Middle East (UAE) region using Deterministic Easy-DKIM (DEED).

  • AWS_SES_ME_SOUTH_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Middle East (Bahrain) region using Deterministic Easy-DKIM (DEED).

  • AWS_SES_AP_NORTHEAST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Tokyo) region using Deterministic Easy-DKIM (DEED).

  • AWS_SES_IL_CENTRAL_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Israel (Tel Aviv) region using Deterministic Easy-DKIM (DEED).

  • AWS_SES_SA_EAST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in South America (São Paulo) region using Deterministic Easy-DKIM (DEED).

  • AWS_SES_CA_CENTRAL_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Canada (Central) region using Deterministic Easy-DKIM (DEED).

  • AWS_SES_CA_WEST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Canada (Calgary) region using Deterministic Easy-DKIM (DEED).

  • AWS_SES_AP_SOUTHEAST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Singapore) region using Deterministic Easy-DKIM (DEED).

  • AWS_SES_AP_SOUTHEAST_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Sydney) region using Deterministic Easy-DKIM (DEED).

  • AWS_SES_AP_SOUTHEAST_3 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Jakarta) region using Deterministic Easy-DKIM (DEED).

  • AWS_SES_AP_SOUTHEAST_5 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Malaysia) region using Deterministic Easy-DKIM (DEED).

  • AWS_SES_EU_CENTRAL_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Frankfurt) region using Deterministic Easy-DKIM (DEED).

  • AWS_SES_EU_CENTRAL_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Zurich) region using Deterministic Easy-DKIM (DEED).

  • AWS_SES_US_EAST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in US East (N. Virginia) region using Deterministic Easy-DKIM (DEED).

  • AWS_SES_US_EAST_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in US East (Ohio) region using Deterministic Easy-DKIM (DEED).

  • AWS_SES_US_WEST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in US West (N. California) region using Deterministic Easy-DKIM (DEED).

  • AWS_SES_US_WEST_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in US West (Oregon) region using Deterministic Easy-DKIM (DEED).

" @@ -4882,6 +4886,7 @@ }, "documentation":"

An object containing additional settings for your VDM configuration as applicable to the Guardian.

" }, + "HostedZone":{"type":"string"}, "HttpsPolicy":{ "type":"string", "documentation":"

The https policy to use for tracking open and click events. If the value is OPTIONAL or HttpsPolicy is not specified, the open trackers use HTTP and click tracker use the original protocol of the link. If the value is REQUIRE, both open and click tracker uses HTTPS and if the value is REQUIRE_OPEN_ONLY open tracker uses HTTPS and link tracker is same as original protocol of the link.

", @@ -6812,6 +6817,10 @@ "DkimTokens":{ "shape":"DnsTokenList", "documentation":"

If you used Easy DKIM to configure DKIM authentication for the domain, then this object contains a set of unique strings that you use to create a set of CNAME records that you add to the DNS configuration for your domain. When Amazon SES detects these records in the DNS configuration for your domain, the DKIM authentication process is complete.

If you configured DKIM authentication for the domain by providing your own public-private key pair, then this object contains the selector that's associated with your public key.

Regardless of the DKIM authentication method you use, Amazon SES searches for the appropriate records in the DNS configuration of the domain for up to 72 hours.

" + }, + "SigningHostedZone":{ + "shape":"HostedZone", + "documentation":"

The hosted zone where Amazon SES publishes the DKIM public key TXT records for this email identity. This value indicates the DNS zone that customers must reference when configuring their CNAME records for DKIM authentication.

When configuring DKIM for your domain, create CNAME records in your DNS that point to the selectors in this hosted zone. For example:

selector1._domainkey.yourdomain.com CNAME selector1.<SigningHostedZone>

selector2._domainkey.yourdomain.com CNAME selector2.<SigningHostedZone>

selector3._domainkey.yourdomain.com CNAME selector3.<SigningHostedZone>

" } }, "documentation":"

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

" From 5e8313d32a2c2f0a9e691c20fbe2f41d53d1c4eb Mon Sep 17 00:00:00 2001 From: aws-sdk-python-automation Date: Thu, 11 Dec 2025 19:10:16 +0000 Subject: [PATCH 08/37] Update endpoints model --- awscli/botocore/data/endpoints.json | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/awscli/botocore/data/endpoints.json b/awscli/botocore/data/endpoints.json index 3248d66ad65a..9bd19854c97e 100644 --- a/awscli/botocore/data/endpoints.json +++ b/awscli/botocore/data/endpoints.json @@ -39959,6 +39959,12 @@ "us-isof-south-1" : { } } }, + "rolesanywhere" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, "route53" : { "endpoints" : { "aws-iso-f-global" : { @@ -40588,6 +40594,11 @@ "eusc-de-east-1" : { } } }, + "securityhub" : { + "endpoints" : { + "eusc-de-east-1" : { } + } + }, "servicediscovery" : { "endpoints" : { "eusc-de-east-1" : { } From 28ab15f7d8bdd6044055fdb90d9c665002bbb713 Mon Sep 17 00:00:00 2001 From: aws-sdk-python-automation Date: Thu, 11 Dec 2025 19:11:53 +0000 Subject: [PATCH 09/37] Bump version to 2.32.15 --- .changes/2.32.15.json | 32 +++++++++++++++++++ .../next-release/api-change-lambda-39215.json | 5 --- .../api-change-organizations-14166.json | 5 --- .../api-change-quicksight-18551.json | 5 --- .../api-change-secretsmanager-85505.json | 5 --- .../next-release/api-change-sesv2-55002.json | 5 --- .../enhancement-python-78620.json | 5 --- CHANGELOG.rst | 11 +++++++ awscli/__init__.py | 2 +- configure | 14 ++++---- configure.ac | 2 +- doc/source/conf.py | 2 +- 12 files changed, 53 insertions(+), 40 deletions(-) create mode 100644 .changes/2.32.15.json delete mode 100644 .changes/next-release/api-change-lambda-39215.json delete mode 100644 .changes/next-release/api-change-organizations-14166.json delete mode 100644 .changes/next-release/api-change-quicksight-18551.json delete mode 100644 .changes/next-release/api-change-secretsmanager-85505.json delete mode 100644 .changes/next-release/api-change-sesv2-55002.json delete mode 100644 .changes/next-release/enhancement-python-78620.json diff --git a/.changes/2.32.15.json b/.changes/2.32.15.json new file mode 100644 index 000000000000..fed061d09591 --- /dev/null +++ b/.changes/2.32.15.json @@ -0,0 +1,32 @@ +[ + { + "category": "``lambda``", + "description": "Add Dotnet 10 (dotnet10) support to AWS Lambda.", + "type": "api-change" + }, + { + "category": "``secretsmanager``", + "description": "Add SortBy parameter to ListSecrets", + "type": "api-change" + }, + { + "category": "``sesv2``", + "description": "Update GetEmailIdentity and CreateEmailIdentity response to include SigningHostedZone in DkimAttributes. Updated PutEmailIdentityDkimSigningAttributes Response to include SigningHostedZone.", + "type": "api-change" + }, + { + "category": "``quicksight``", + "description": "This release adds new GetIdentityContext API, Dashboard customization options for tables and pivot tables, Visual styling options- borders and decals, map GeocodingPreferences, KeyPairCredentials for DataSourceCredentials. Snapshot APIs now support registered users. Parameters limit increased to 400", + "type": "api-change" + }, + { + "category": "python", + "description": "Upgrade bundled Python interpreter to version 3.13.11.", + "type": "enhancement" + }, + { + "category": "``organizations``", + "description": "Add support for policy operations on the NETWORK SECURITY DIRECTOR POLICY policy type.", + "type": "api-change" + } +] \ No newline at end of file diff --git a/.changes/next-release/api-change-lambda-39215.json b/.changes/next-release/api-change-lambda-39215.json deleted file mode 100644 index 730396554e84..000000000000 --- a/.changes/next-release/api-change-lambda-39215.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``lambda``", - "description": "Add Dotnet 10 (dotnet10) support to AWS Lambda." -} diff --git a/.changes/next-release/api-change-organizations-14166.json b/.changes/next-release/api-change-organizations-14166.json deleted file mode 100644 index 432cd68347c2..000000000000 --- a/.changes/next-release/api-change-organizations-14166.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``organizations``", - "description": "Add support for policy operations on the NETWORK SECURITY DIRECTOR POLICY policy type." -} diff --git a/.changes/next-release/api-change-quicksight-18551.json b/.changes/next-release/api-change-quicksight-18551.json deleted file mode 100644 index 11b486e0efd9..000000000000 --- a/.changes/next-release/api-change-quicksight-18551.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``quicksight``", - "description": "This release adds new GetIdentityContext API, Dashboard customization options for tables and pivot tables, Visual styling options- borders and decals, map GeocodingPreferences, KeyPairCredentials for DataSourceCredentials. Snapshot APIs now support registered users. Parameters limit increased to 400" -} diff --git a/.changes/next-release/api-change-secretsmanager-85505.json b/.changes/next-release/api-change-secretsmanager-85505.json deleted file mode 100644 index f37bfcdc9ecd..000000000000 --- a/.changes/next-release/api-change-secretsmanager-85505.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``secretsmanager``", - "description": "Add SortBy parameter to ListSecrets" -} diff --git a/.changes/next-release/api-change-sesv2-55002.json b/.changes/next-release/api-change-sesv2-55002.json deleted file mode 100644 index aa0da441cc62..000000000000 --- a/.changes/next-release/api-change-sesv2-55002.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``sesv2``", - "description": "Update GetEmailIdentity and CreateEmailIdentity response to include SigningHostedZone in DkimAttributes. Updated PutEmailIdentityDkimSigningAttributes Response to include SigningHostedZone." -} diff --git a/.changes/next-release/enhancement-python-78620.json b/.changes/next-release/enhancement-python-78620.json deleted file mode 100644 index 01a1b6fa2a19..000000000000 --- a/.changes/next-release/enhancement-python-78620.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "enhancement", - "category": "python", - "description": "Upgrade bundled Python interpreter to version 3.13.11." -} diff --git a/CHANGELOG.rst b/CHANGELOG.rst index b9a4ed11deb9..17c743b090ca 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -2,6 +2,17 @@ CHANGELOG ========= +2.32.15 +======= + +* api-change:``lambda``: Add Dotnet 10 (dotnet10) support to AWS Lambda. +* api-change:``secretsmanager``: Add SortBy parameter to ListSecrets +* api-change:``sesv2``: Update GetEmailIdentity and CreateEmailIdentity response to include SigningHostedZone in DkimAttributes. Updated PutEmailIdentityDkimSigningAttributes Response to include SigningHostedZone. +* api-change:``quicksight``: This release adds new GetIdentityContext API, Dashboard customization options for tables and pivot tables, Visual styling options- borders and decals, map GeocodingPreferences, KeyPairCredentials for DataSourceCredentials. Snapshot APIs now support registered users. Parameters limit increased to 400 +* enhancement:python: Upgrade bundled Python interpreter to version 3.13.11. +* api-change:``organizations``: Add support for policy operations on the NETWORK SECURITY DIRECTOR POLICY policy type. + + 2.32.14 ======= diff --git a/awscli/__init__.py b/awscli/__init__.py index a153aa21d3bb..e5daf66c392c 100644 --- a/awscli/__init__.py +++ b/awscli/__init__.py @@ -20,7 +20,7 @@ import os import sys -__version__ = '2.32.14' +__version__ = '2.32.15' # # Get our data path to be added to botocore's search path diff --git a/configure b/configure index 3099c14c2b90..3696f3989a15 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for awscli 2.32.14. +# Generated by GNU Autoconf 2.71 for awscli 2.32.15. # # # Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation, @@ -607,8 +607,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='awscli' PACKAGE_TARNAME='awscli' -PACKAGE_VERSION='2.32.14' -PACKAGE_STRING='awscli 2.32.14' +PACKAGE_VERSION='2.32.15' +PACKAGE_STRING='awscli 2.32.15' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1255,7 +1255,7 @@ _ACEOF fi if $ac_init_version; then cat <<\_ACEOF -awscli configure 2.32.14 +awscli configure 2.32.15 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. @@ -1292,7 +1292,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by awscli $as_me 2.32.14, which was +It was created by awscli $as_me 2.32.15, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -2668,7 +2668,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by awscli $as_me 2.32.14, which was +This file was extended by awscli $as_me 2.32.15, which was generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -2723,7 +2723,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -awscli config.status 2.32.14 +awscli config.status 2.32.15 configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 0834294f9e8a..7b134cc7e2cf 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ AC_CONFIG_MACRO_DIRS([m4]) -AC_INIT([awscli], [2.32.14]) +AC_INIT([awscli], [2.32.15]) AC_CONFIG_SRCDIR([bin/aws]) AM_PATH_PYTHON([3.8]) diff --git a/doc/source/conf.py b/doc/source/conf.py index 4020f7c2279b..71aedf19643f 100644 --- a/doc/source/conf.py +++ b/doc/source/conf.py @@ -66,7 +66,7 @@ # The short X.Y version. version = '2.0' # The full version, including alpha/beta/rc tags. -release = '2.32.14' +release = '2.32.15' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. From 1f517fad7293903881ba203c534fe5be462985f9 Mon Sep 17 00:00:00 2001 From: "Adrian D." <101290859+adev-code@users.noreply.github.com> Date: Thu, 11 Dec 2025 19:18:55 -0800 Subject: [PATCH 10/37] [Documentation] Warning against the use of S3 Global Endpoint (s3.amazonaws.com) as endpoint-url (#9850) docs: add caution note for S3 endpoint-url parameter Add note to S3 configuration documentation warning users about potential unintended behavior when using --endpoint-url parameter, including S3 redirect issues. This was prompted by setting the global S3 endpoint (s3.amazonaws.com) as a custom endpoint URL caused PermanentRedirect errors, redirect loops, and configuration confusion. While the guidance is generalized to cover broader endpoint configuration concerns, it specifically advises against using the global S3 endpoint as an endpoint-url parameter value. Addresses #9479 --- awscli/topics/s3-config.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/awscli/topics/s3-config.rst b/awscli/topics/s3-config.rst index 2857691a514e..ad127f776ec9 100644 --- a/awscli/topics/s3-config.rst +++ b/awscli/topics/s3-config.rst @@ -15,6 +15,11 @@ are provided in the case where you need to modify one of these values, either for performance reasons or to account for the specific environment where these ``aws s3`` commands are being run. +.. note:: + S3 commands have an option to use a custom endpoint using ``--endpoint-url``. + This overrides the default endpoint the command will use. + Use caution when configuring this parameter as it can cause unintended behavior including S3 redirect issues. + See `Service-specific endpoints `_ page in the *AWS SDK reference guide* for more information. Configuration Values ==================== From e2598bf01f8719cde86f655974014736baa4bc9a Mon Sep 17 00:00:00 2001 From: aws-sdk-python-automation Date: Fri, 12 Dec 2025 19:12:09 +0000 Subject: [PATCH 11/37] Update to latest models --- ...pi-change-bcmrecommendedactions-34155.json | 5 + .../next-release/api-change-connect-813.json | 5 + .../api-change-datasync-80337.json | 5 + .../api-change-workspacesweb-84198.json | 5 + .../2024-11-14/service-2.json | 2 + .../data/connect/2017-08-08/service-2.json | 52 +- .../data/datasync/2018-11-09/service-2.json | 158 +++++- .../workspaces-web/2020-07-08/service-2.json | 462 +++++++++++++++--- 8 files changed, 580 insertions(+), 114 deletions(-) create mode 100644 .changes/next-release/api-change-bcmrecommendedactions-34155.json create mode 100644 .changes/next-release/api-change-connect-813.json create mode 100644 .changes/next-release/api-change-datasync-80337.json create mode 100644 .changes/next-release/api-change-workspacesweb-84198.json diff --git a/.changes/next-release/api-change-bcmrecommendedactions-34155.json b/.changes/next-release/api-change-bcmrecommendedactions-34155.json new file mode 100644 index 000000000000..34151f26decb --- /dev/null +++ b/.changes/next-release/api-change-bcmrecommendedactions-34155.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``bcm-recommended-actions``", + "description": "Added new freetier action types to RecommendedAction.type." +} diff --git a/.changes/next-release/api-change-connect-813.json b/.changes/next-release/api-change-connect-813.json new file mode 100644 index 000000000000..0a48368c90e9 --- /dev/null +++ b/.changes/next-release/api-change-connect-813.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``connect``", + "description": "Amazon Connect now offers automated post-chat surveys triggered when customers end conversations. This captures timely feedback while experience is fresh, using either a no-code form builder or Amazon Lex-powered interactive surveys." +} diff --git a/.changes/next-release/api-change-datasync-80337.json b/.changes/next-release/api-change-datasync-80337.json new file mode 100644 index 000000000000..0322dee951fb --- /dev/null +++ b/.changes/next-release/api-change-datasync-80337.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``datasync``", + "description": "Adds Enhanced mode support for NFS and SMB locations. SMB credentials are now managed via Secrets Manager, and may be encrypted with service or customer managed keys. Increases AgentArns maximum count to 8 (max 4 per TaskMode). Adds folder counters to DescribeTaskExecution for Enhanced mode tasks." +} diff --git a/.changes/next-release/api-change-workspacesweb-84198.json b/.changes/next-release/api-change-workspacesweb-84198.json new file mode 100644 index 000000000000..ac9b07e677c3 --- /dev/null +++ b/.changes/next-release/api-change-workspacesweb-84198.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``workspaces-web``", + "description": "Adds support for portal branding customization, enabling administrators to personalize end-user portals with custom assets." +} diff --git a/awscli/botocore/data/bcm-recommended-actions/2024-11-14/service-2.json b/awscli/botocore/data/bcm-recommended-actions/2024-11-14/service-2.json index 18310b7498f1..48636249423b 100644 --- a/awscli/botocore/data/bcm-recommended-actions/2024-11-14/service-2.json +++ b/awscli/botocore/data/bcm-recommended-actions/2024-11-14/service-2.json @@ -91,6 +91,8 @@ "REVIEW_EXPIRING_RI", "REVIEW_EXPIRING_SP", "REVIEW_FREETIER_USAGE_ALERTS", + "REVIEW_FREETIER_CREDITS_REMAINING", + "REVIEW_FREETIER_DAYS_REMAINING", "REVIEW_SAVINGS_OPPORTUNITY_RECOMMENDATIONS", "UPDATE_EXPIRED_PAYMENT_METHOD", "UPDATE_INVALID_PAYMENT_METHOD", diff --git a/awscli/botocore/data/connect/2017-08-08/service-2.json b/awscli/botocore/data/connect/2017-08-08/service-2.json index 2ba0933d65ce..bf85ad295b8c 100644 --- a/awscli/botocore/data/connect/2017-08-08/service-2.json +++ b/awscli/botocore/data/connect/2017-08-08/service-2.json @@ -9293,33 +9293,33 @@ "members":{ "TagConditions":{ "shape":"TagAndConditionList", - "documentation":"

Tag-based conditions for contact flow filtering.

" + "documentation":"

Tag-based conditions for contact flow filtering.

" }, "ContactFlowTypeCondition":{ "shape":"ContactFlowTypeCondition", - "documentation":"

Contact flow type condition.

" + "documentation":"

Contact flow type condition.

" } }, - "documentation":"

A list of conditions which would be applied together with an AND condition.

" + "documentation":"

A list of conditions which would be applied together with an AND condition.

" }, "ContactFlowAttributeFilter":{ "type":"structure", "members":{ "OrConditions":{ "shape":"ContactFlowAttributeOrConditionList", - "documentation":"

A list of conditions which would be applied together with an OR condition.

" + "documentation":"

A list of conditions which would be applied together with an OR condition.

" }, "AndCondition":{ "shape":"ContactFlowAttributeAndCondition", - "documentation":"

A list of conditions which would be applied together with a AND condition.

" + "documentation":"

A list of conditions which would be applied together with a AND condition.

" }, "TagCondition":{"shape":"TagCondition"}, "ContactFlowTypeCondition":{ "shape":"ContactFlowTypeCondition", - "documentation":"

Contact flow type condition within attribute filter.

" + "documentation":"

Contact flow type condition within attribute filter.

" } }, - "documentation":"

Filter for contact flow attributes with multiple condition types.

" + "documentation":"

Filter for contact flow attributes with multiple condition types.

" }, "ContactFlowAttributeOrConditionList":{ "type":"list", @@ -9716,10 +9716,10 @@ "members":{ "ContactFlowType":{ "shape":"ContactFlowType", - "documentation":"

Contact flow type of the contact flow type condition.

" + "documentation":"

Contact flow type of the contact flow type condition.

" } }, - "documentation":"

The contact flow type condition.

" + "documentation":"

The contact flow type condition.

" }, "ContactFlowTypes":{ "type":"list", @@ -10046,14 +10046,14 @@ }, "TagCondition":{"shape":"TagCondition"} }, - "documentation":"

An object that can be used to specify Tag conditions inside the SearchFilter. This accepts an OR or AND (List of List) input where:

  • The top level list specifies conditions that need to be applied with OR operator.

  • The inner list specifies conditions that need to be applied with AND operator.

" + "documentation":"

An object that can be used to specify Tag conditions inside the SearchFilter. This accepts an OR or AND (List of List) input where:

  • The top level list specifies conditions that need to be applied with OR operator.

  • The inner list specifies conditions that need to be applied with AND operator.

" }, "ControlPlaneTagFilter":{ "type":"structure", "members":{ "OrConditions":{ "shape":"TagOrConditionList", - "documentation":"

A list of conditions which would be applied together with an OR condition.

" + "documentation":"

A list of conditions which would be applied together with an OR condition.

" }, "AndConditions":{ "shape":"TagAndConditionList", @@ -10061,10 +10061,10 @@ }, "TagCondition":{ "shape":"TagCondition", - "documentation":"

A leaf node condition which can be used to specify a tag condition.

" + "documentation":"

A leaf node condition which can be used to specify a tag condition.

" } }, - "documentation":"

An object that can be used to specify Tag conditions inside the SearchFilter. This accepts an OR of AND (List of List) input where:

  • Top level list specifies conditions that need to be applied with OR operator

  • Inner list specifies conditions that need to be applied with AND operator.

" + "documentation":"

An object that can be used to specify Tag conditions inside the SearchFilter. This accepts an OR of AND (List of List) input where:

  • Top level list specifies conditions that need to be applied with OR operator

  • Inner list specifies conditions that need to be applied with AND operator.

" }, "ControlPlaneUserAttributeFilter":{ "type":"structure", @@ -10080,7 +10080,7 @@ "TagCondition":{"shape":"TagCondition"}, "HierarchyGroupCondition":{"shape":"HierarchyGroupCondition"} }, - "documentation":"

An object that can be used to specify Tag conditions or Hierarchy Group conditions inside the SearchFilter.

This accepts an OR of AND (List of List) input where:

  • The top level list specifies conditions that need to be applied with OR operator

  • The inner list specifies conditions that need to be applied with AND operator.

Only one field can be populated. Maximum number of allowed Tag conditions is 25. Maximum number of allowed Hierarchy Group conditions is 20.

" + "documentation":"

An object that can be used to specify Tag conditions or Hierarchy Group conditions inside the SearchFilter.

This accepts an OR of AND (List of List) input where:

  • The top level list specifies conditions that need to be applied with OR operator

  • The inner list specifies conditions that need to be applied with AND operator.

Only one field can be populated. Maximum number of allowed Tag conditions is 25. Maximum number of allowed Hierarchy Group conditions is 20.

" }, "Count":{"type":"integer"}, "CreateAgentStatusRequest":{ @@ -12699,15 +12699,15 @@ }, "MinValue":{ "shape":"DateTimeFormat", - "documentation":"

A minimum value of the property.

" + "documentation":"

A minimum value of the property.

" }, "MaxValue":{ "shape":"DateTimeFormat", - "documentation":"

A maximum value of the property.

" + "documentation":"

A maximum value of the property.

" }, "ComparisonType":{ "shape":"DateTimeComparisonType", - "documentation":"

Datetime property comparison type.

" + "documentation":"

Datetime property comparison type.

" } }, "documentation":"

A datetime search condition for Search APIs.

" @@ -12797,7 +12797,7 @@ }, "ComparisonType":{ "shape":"DecimalComparisonType", - "documentation":"

The type of comparison to be made when evaluating the decimal condition.

" + "documentation":"

The type of comparison to be made when evaluating the decimal condition.

" } }, "documentation":"

A decimal search condition for Search APIs.

" @@ -15294,6 +15294,16 @@ }, "documentation":"

Information about the call disconnect experience.

" }, + "DisconnectOnCustomerExit":{ + "type":"list", + "member":{"shape":"DisconnectOnCustomerExitParticipantType"}, + "max":1, + "min":1 + }, + "DisconnectOnCustomerExitParticipantType":{ + "type":"string", + "enum":["AGENT"] + }, "DisconnectReason":{ "type":"structure", "members":{ @@ -29185,6 +29195,10 @@ "CustomerId":{ "shape":"CustomerIdNonEmpty", "documentation":"

The customer's identification number. For example, the CustomerId may be a customer number from your CRM.

" + }, + "DisconnectOnCustomerExit":{ + "shape":"DisconnectOnCustomerExit", + "documentation":"

A list of participant types to automatically disconnect when the end customer ends the chat session, allowing them to continue through disconnect flows such as surveys or feedback forms.

Valid value: AGENT.

With the DisconnectOnCustomerExit parameter, you can configure automatic agent disconnection when end customers end the chat, ensuring that disconnect flows are triggered consistently regardless of which participant disconnects first.

" } } }, @@ -33595,7 +33609,7 @@ }, "AndConditions":{ "shape":"UserSearchConditionList", - "documentation":"

A list of conditions which would be applied together with an AND condition.

" + "documentation":"

A list of conditions which would be applied together with an AND condition.

" }, "StringCondition":{ "shape":"StringCondition", diff --git a/awscli/botocore/data/datasync/2018-11-09/service-2.json b/awscli/botocore/data/datasync/2018-11-09/service-2.json index 4aae9ae9ee63..e84fa182eda3 100644 --- a/awscli/botocore/data/datasync/2018-11-09/service-2.json +++ b/awscli/botocore/data/datasync/2018-11-09/service-2.json @@ -773,7 +773,7 @@ "AgentArnList":{ "type":"list", "member":{"shape":"AgentArn"}, - "max":4, + "max":8, "min":1 }, "AgentList":{ @@ -900,7 +900,7 @@ "documentation":"

Specifies the ARN for the customer-managed KMS key that DataSync uses to encrypt the DataSync-managed secret stored for SecretArn. DataSync provides this key to Secrets Manager.

" } }, - "documentation":"

Specifies configuration information for a DataSync-managed secret, such as an authentication token or secret key that DataSync uses to access a specific storage location, with a customer-managed KMS key.

You can use either CmkSecretConfig or CustomSecretConfig to provide credentials for a CreateLocation request. Do not provide both parameters for the same request.

" + "documentation":"

Specifies configuration information for a DataSync-managed secret, such as an authentication token, secret key, password, or Kerberos keytab that DataSync uses to access a specific storage location, with a customer-managed KMS key.

You can use either CmkSecretConfig or CustomSecretConfig to provide credentials for a CreateLocation request. Do not provide both parameters for the same request.

" }, "CreateAgentRequest":{ "type":"structure", @@ -984,11 +984,11 @@ }, "CmkSecretConfig":{ "shape":"CmkSecretConfig", - "documentation":"

Specifies configuration information for a DataSync-managed secret, which includes the authentication token that DataSync uses to access a specific AzureBlob storage location, with a customer-managed KMS key.

When you include this paramater as part of a CreateLocationAzureBlob request, you provide only the KMS key ARN. DataSync uses this KMS key together with the authentication token you specify for SasConfiguration to create a DataSync-managed secret to store the location access credentials.

Make sure the DataSync has permission to access the KMS key that you specify.

You can use either CmkSecretConfig (with SasConfiguration) or CustomSecretConfig (without SasConfiguration) to provide credentials for a CreateLocationAzureBlob request. Do not provide both parameters for the same request.

" + "documentation":"

Specifies configuration information for a DataSync-managed secret, which includes the authentication token that DataSync uses to access a specific AzureBlob storage location, with a customer-managed KMS key.

When you include this parameter as part of a CreateLocationAzureBlob request, you provide only the KMS key ARN. DataSync uses this KMS key together with the authentication token you specify for SasConfiguration to create a DataSync-managed secret to store the location access credentials.

Make sure that DataSync has permission to access the KMS key that you specify.

You can use either CmkSecretConfig (with SasConfiguration) or CustomSecretConfig (without SasConfiguration) to provide credentials for a CreateLocationAzureBlob request. Do not provide both parameters for the same request.

" }, "CustomSecretConfig":{ "shape":"CustomSecretConfig", - "documentation":"

Specifies configuration information for a customer-managed Secrets Manager secret where the authentication token for an AzureBlob storage location is stored in plain text. This configuration includes the secret ARN, and the ARN for an IAM role that provides access to the secret.

You can use either CmkSecretConfig (with SasConfiguration) or CustomSecretConfig (without SasConfiguration) to provide credentials for a CreateLocationAzureBlob request. Do not provide both parameters for the same request.

" + "documentation":"

Specifies configuration information for a customer-managed Secrets Manager secret where the authentication token for an AzureBlob storage location is stored in plain text, in Secrets Manager. This configuration includes the secret ARN, and the ARN for an IAM role that provides access to the secret.

You can use either CmkSecretConfig (with SasConfiguration) or CustomSecretConfig (without SasConfiguration) to provide credentials for a CreateLocationAzureBlob request. Do not provide both parameters for the same request.

" } } }, @@ -1367,11 +1367,11 @@ }, "CmkSecretConfig":{ "shape":"CmkSecretConfig", - "documentation":"

Specifies configuration information for a DataSync-managed secret, which includes the SecretKey that DataSync uses to access a specific object storage location, with a customer-managed KMS key.

When you include this paramater as part of a CreateLocationObjectStorage request, you provide only the KMS key ARN. DataSync uses this KMS key together with the value you specify for the SecretKey parameter to create a DataSync-managed secret to store the location access credentials.

Make sure the DataSync has permission to access the KMS key that you specify.

You can use either CmkSecretConfig (with SecretKey) or CustomSecretConfig (without SecretKey) to provide credentials for a CreateLocationObjectStorage request. Do not provide both parameters for the same request.

" + "documentation":"

Specifies configuration information for a DataSync-managed secret, which includes the SecretKey that DataSync uses to access a specific object storage location, with a customer-managed KMS key.

When you include this parameter as part of a CreateLocationObjectStorage request, you provide only the KMS key ARN. DataSync uses this KMS key together with the value you specify for the SecretKey parameter to create a DataSync-managed secret to store the location access credentials.

Make sure that DataSync has permission to access the KMS key that you specify.

You can use either CmkSecretConfig (with SecretKey) or CustomSecretConfig (without SecretKey) to provide credentials for a CreateLocationObjectStorage request. Do not provide both parameters for the same request.

" }, "CustomSecretConfig":{ "shape":"CustomSecretConfig", - "documentation":"

Specifies configuration information for a customer-managed Secrets Manager secret where the secret key for a specific object storage location is stored in plain text. This configuration includes the secret ARN, and the ARN for an IAM role that provides access to the secret.

You can use either CmkSecretConfig (with SecretKey) or CustomSecretConfig (without SecretKey) to provide credentials for a CreateLocationObjectStorage request. Do not provide both parameters for the same request.

" + "documentation":"

Specifies configuration information for a customer-managed Secrets Manager secret where the secret key for a specific object storage location is stored in plain text, in Secrets Manager. This configuration includes the secret ARN, and the ARN for an IAM role that provides access to the secret.

You can use either CmkSecretConfig (with SecretKey) or CustomSecretConfig (without SecretKey) to provide credentials for a CreateLocationObjectStorage request. Do not provide both parameters for the same request.

" } }, "documentation":"

CreateLocationObjectStorageRequest

" @@ -1455,6 +1455,14 @@ "shape":"SmbPassword", "documentation":"

Specifies the password of the user who can mount your SMB file server and has permission to access the files and folders involved in your transfer. This parameter applies only if AuthenticationType is set to NTLM.

" }, + "CmkSecretConfig":{ + "shape":"CmkSecretConfig", + "documentation":"

Specifies configuration information for a DataSync-managed secret, either a Password or KerberosKeytab (for NTLM (default) and KERBEROS authentication types, respectively) that DataSync uses to access a specific SMB storage location, with a customer-managed KMS key.

When you include this parameter as part of a CreateLocationSmbRequest request, you provide only the KMS key ARN. DataSync uses this KMS key together with either the Password or KerberosKeytab you specify to create a DataSync-managed secret to store the location access credentials.

Make sure that DataSync has permission to access the KMS key that you specify.

You can use either CmkSecretConfig (with either Password or KerberosKeytab) or CustomSecretConfig (without any Password and KerberosKeytab) to provide credentials for a CreateLocationSmbRequest request. Do not provide both CmkSecretConfig and CustomSecretConfig parameters for the same request.

" + }, + "CustomSecretConfig":{ + "shape":"CustomSecretConfig", + "documentation":"

Specifies configuration information for a customer-managed Secrets Manager secret where the SMB storage location credentials is stored in Secrets Manager as plain text (for Password) or binary (for KerberosKeytab). This configuration includes the secret ARN, and the ARN for an IAM role that provides access to the secret.

You can use either CmkSecretConfig (with SasConfiguration) or CustomSecretConfig (without SasConfiguration) to provide credentials for a CreateLocationSmbRequest request. Do not provide both parameters for the same request.

" + }, "AgentArns":{ "shape":"AgentArnList", "documentation":"

Specifies the DataSync agent (or agents) that can connect to your SMB file server. You specify an agent by using its Amazon Resource Name (ARN).

" @@ -1580,7 +1588,7 @@ "documentation":"

Specifies the ARN for the Identity and Access Management role that DataSync uses to access the secret specified for SecretArn.

" } }, - "documentation":"

Specifies configuration information for a customer-managed Secrets Manager secret where a storage location authentication token or secret key is stored in plain text. This configuration includes the secret ARN, and the ARN for an IAM role that provides access to the secret.

You can use either CmkSecretConfig or CustomSecretConfig to provide credentials for a CreateLocation request. Do not provide both parameters for the same request.

" + "documentation":"

Specifies configuration information for a customer-managed Secrets Manager secret where a storage location credentials is stored in Secrets Manager as plain text (for authentication token, secret key, or password) or as binary (for Kerberos keytab). This configuration includes the secret ARN, and the ARN for an IAM role that provides access to the secret.

You can use either CmkSecretConfig or CustomSecretConfig to provide credentials for a CreateLocation request. Do not provide both parameters for the same request.

" }, "DeleteAgentRequest":{ "type":"structure", @@ -2167,6 +2175,18 @@ "AuthenticationType":{ "shape":"SmbAuthenticationType", "documentation":"

The authentication protocol that DataSync uses to connect to your SMB file server.

" + }, + "ManagedSecretConfig":{ + "shape":"ManagedSecretConfig", + "documentation":"

Describes configuration information for a DataSync-managed secret, such as a Password or KerberosKeytab that DataSync uses to access a specific storage location. DataSync uses the default Amazon Web Services-managed KMS key to encrypt this secret in Secrets Manager.

" + }, + "CmkSecretConfig":{ + "shape":"CmkSecretConfig", + "documentation":"

Describes configuration information for a DataSync-managed secret, such as a Password or KerberosKeytab that DataSync uses to access a specific storage location, with a customer-managed KMS key.

" + }, + "CustomSecretConfig":{ + "shape":"CustomSecretConfig", + "documentation":"

Describes configuration information for a customer-managed secret, such as a Password or KerberosKeytab that DataSync uses to access a specific storage location, with a customer-managed KMS key.

" } }, "documentation":"

DescribeLocationSmbResponse

" @@ -2212,7 +2232,7 @@ }, "EstimatedFilesToTransfer":{ "shape":"long", - "documentation":"

The number of files, objects, and directories that DataSync expects to transfer over the network. This value is calculated while DataSync prepares the transfer.

How this gets calculated depends primarily on your task’s transfer mode configuration:

  • If TranserMode is set to CHANGED - The calculation is based on comparing the content of the source and destination locations and determining the difference that needs to be transferred. The difference can include:

    • Anything that's added or modified at the source location.

    • Anything that's in both locations and modified at the destination after an initial transfer (unless OverwriteMode is set to NEVER).

    • (Basic task mode only) The number of items that DataSync expects to delete (if PreserveDeletedFiles is set to REMOVE).

  • If TranserMode is set to ALL - The calculation is based only on the items that DataSync finds at the source location.

" + "documentation":"

The number of files, objects, and directories that DataSync expects to transfer over the network. This value is calculated while DataSync prepares the transfer.

How this gets calculated depends primarily on your task’s transfer mode configuration:

  • If TranserMode is set to CHANGED - The calculation is based on comparing the content of the source and destination locations and determining the difference that needs to be transferred. The difference can include:

    • Anything that's added or modified at the source location.

    • Anything that's in both locations and modified at the destination after an initial transfer (unless OverwriteMode is set to NEVER).

    • (Basic task mode only) The number of items that DataSync expects to delete (if PreserveDeletedFiles is set to REMOVE).

  • If TranserMode is set to ALL - The calculation is based only on the items that DataSync finds at the source location.

For Enhanced mode tasks, this counter only includes files or objects. Directories are counted in EstimatedFoldersToTransfer.

" }, "EstimatedBytesToTransfer":{ "shape":"long", @@ -2220,7 +2240,7 @@ }, "FilesTransferred":{ "shape":"long", - "documentation":"

The number of files, objects, and directories that DataSync actually transfers over the network. This value is updated periodically during your task execution when something is read from the source and sent over the network.

If DataSync fails to transfer something, this value can be less than EstimatedFilesToTransfer. In some cases, this value can also be greater than EstimatedFilesToTransfer. This element is implementation-specific for some location types, so don't use it as an exact indication of what's transferring or to monitor your task execution.

" + "documentation":"

The number of files, objects, and directories that DataSync actually transfers over the network. This value is updated periodically during your task execution when something is read from the source and sent over the network.

If DataSync fails to transfer something, this value can be less than EstimatedFilesToTransfer. In some cases, this value can also be greater than EstimatedFilesToTransfer. This element is implementation-specific for some location types, so don't use it as an exact indication of what's transferring or to monitor your task execution.

For Enhanced mode tasks, this counter only includes files or objects. Directories are counted in FoldersTransferred.

" }, "BytesWritten":{ "shape":"long", @@ -2244,15 +2264,15 @@ }, "FilesDeleted":{ "shape":"long", - "documentation":"

The number of files, objects, and directories that DataSync actually deletes in your destination location. If you don't configure your task to delete data in the destination that isn't in the source, the value is always 0.

" + "documentation":"

The number of files, objects, and directories that DataSync actually deletes in your destination location. If you don't configure your task to delete data in the destination that isn't in the source, the value is always 0.

For Enhanced mode tasks, this counter only includes files or objects. Directories are counted in FoldersDeleted.

" }, "FilesSkipped":{ "shape":"long", - "documentation":"

The number of files, objects, and directories that DataSync skips during your transfer.

" + "documentation":"

The number of files, objects, and directories that DataSync skips during your transfer.

For Enhanced mode tasks, this counter only includes files or objects. Directories are counted in FoldersSkipped.

" }, "FilesVerified":{ "shape":"long", - "documentation":"

The number of files, objects, and directories that DataSync verifies during your transfer.

When you configure your task to verify only the data that's transferred, DataSync doesn't verify directories in some situations or files that fail to transfer.

" + "documentation":"

The number of files, objects, and directories that DataSync verifies during your transfer.

When you configure your task to verify only the data that's transferred, DataSync doesn't verify directories in some situations or files that fail to transfer.

For Enhanced mode tasks, this counter only includes files or objects. Directories are counted in FoldersVerified.

" }, "ReportResult":{ "shape":"ReportResult", @@ -2260,7 +2280,7 @@ }, "EstimatedFilesToDelete":{ "shape":"long", - "documentation":"

The number of files, objects, and directories that DataSync expects to delete in your destination location. If you don't configure your task to delete data in the destination that isn't in the source, the value is always 0.

" + "documentation":"

The number of files, objects, and directories that DataSync expects to delete in your destination location. If you don't configure your task to delete data in the destination that isn't in the source, the value is always 0.

For Enhanced mode tasks, this counter only includes files or objects. Directories are counted in EstimatedFoldersToDelete.

" }, "TaskMode":{ "shape":"TaskMode", @@ -2268,15 +2288,51 @@ }, "FilesPrepared":{ "shape":"long", - "documentation":"

The number of objects that DataSync will attempt to transfer after comparing your source and destination locations.

Applies only to Enhanced mode tasks.

This counter isn't applicable if you configure your task to transfer all data. In that scenario, DataSync copies everything from the source to the destination without comparing differences between the locations.

" + "documentation":"

The number of files or objects that DataSync will attempt to transfer after comparing your source and destination locations.

Applies only to Enhanced mode tasks.

This counter isn't applicable if you configure your task to transfer all data. In that scenario, DataSync copies everything from the source to the destination without comparing differences between the locations.

" }, "FilesListed":{ "shape":"TaskExecutionFilesListedDetail", - "documentation":"

The number of objects that DataSync finds at your locations.

Applies only to Enhanced mode tasks.

" + "documentation":"

The number of files or objects that DataSync finds at your locations.

Applies only to Enhanced mode tasks.

" }, "FilesFailed":{ "shape":"TaskExecutionFilesFailedDetail", - "documentation":"

The number of objects that DataSync fails to prepare, transfer, verify, and delete during your task execution.

Applies only to Enhanced mode tasks.

" + "documentation":"

The number of files or objects that DataSync fails to prepare, transfer, verify, and delete during your task execution.

Applies only to Enhanced mode tasks.

" + }, + "EstimatedFoldersToDelete":{ + "shape":"ItemCount", + "documentation":"

The number of directories that DataSync expects to delete in your destination location. If you don't configure your task to delete data in the destination that isn't in the source, the value is always 0.

Applies only to Enhanced mode tasks.

" + }, + "EstimatedFoldersToTransfer":{ + "shape":"ItemCount", + "documentation":"

The number of directories that DataSync expects to transfer over the network. This value is calculated as DataSync prepares directories to transfer.

How this gets calculated depends primarily on your task’s transfer mode configuration:

  • If TranserMode is set to CHANGED - The calculation is based on comparing the content of the source and destination locations and determining the difference that needs to be transferred. The difference can include:

    • Anything that's added or modified at the source location.

    • Anything that's in both locations and modified at the destination after an initial transfer (unless OverwriteMode is set to NEVER).

  • If TranserMode is set to ALL - The calculation is based only on the items that DataSync finds at the source location.

Applies only to Enhanced mode tasks.

" + }, + "FoldersSkipped":{ + "shape":"ItemCount", + "documentation":"

The number of directories that DataSync skips during your transfer.

Applies only to Enhanced mode tasks.

" + }, + "FoldersPrepared":{ + "shape":"ItemCount", + "documentation":"

The number of directories that DataSync will attempt to transfer after comparing your source and destination locations.

Applies only to Enhanced mode tasks.

This counter isn't applicable if you configure your task to transfer all data. In that scenario, DataSync copies everything from the source to the destination without comparing differences between the locations.

" + }, + "FoldersTransferred":{ + "shape":"ItemCount", + "documentation":"

The number of directories that DataSync actually transfers over the network. This value is updated periodically during your task execution when something is read from the source and sent over the network.

If DataSync fails to transfer something, this value can be less than EstimatedFoldersToTransfer. In some cases, this value can also be greater than EstimatedFoldersToTransfer.

Applies only to Enhanced mode tasks.

" + }, + "FoldersVerified":{ + "shape":"ItemCount", + "documentation":"

The number of directories that DataSync verifies during your transfer.

Applies only to Enhanced mode tasks.

" + }, + "FoldersDeleted":{ + "shape":"ItemCount", + "documentation":"

The number of directories that DataSync actually deletes in your destination location. If you don't configure your task to delete data in the destination that isn't in the source, the value is always 0.

Applies only to Enhanced mode tasks.

" + }, + "FoldersListed":{ + "shape":"TaskExecutionFoldersListedDetail", + "documentation":"

The number of directories that DataSync finds at your locations.

Applies only to Enhanced mode tasks.

" + }, + "FoldersFailed":{ + "shape":"TaskExecutionFoldersFailedDetail", + "documentation":"

The number of directories that DataSync fails to list, prepare, transfer, verify, and delete during your task execution.

Applies only to Enhanced mode tasks.

" }, "LaunchTime":{ "shape":"Time", @@ -2738,6 +2794,10 @@ "documentation":"

This exception is thrown when the client submits a malformed request.

", "exception":true }, + "ItemCount":{ + "type":"long", + "box":true + }, "KerberosKeytabFile":{ "type":"blob", "max":65536 @@ -3195,7 +3255,7 @@ }, "BytesPerSecond":{ "shape":"BytesPerSecond", - "documentation":"

Limits the bandwidth used by a DataSync task. For example, if you want DataSync to use a maximum of 1 MB, set this value to 1048576 (=1024*1024).

Not applicable to Enhanced mode tasks.

" + "documentation":"

Limits the bandwidth used by a DataSync task. For example, if you want DataSync to use a maximum of 1 MB, set this value to 1048576 (=1024*1024).

" }, "TaskQueueing":{ "shape":"TaskQueueing", @@ -3716,36 +3776,76 @@ "members":{ "Prepare":{ "shape":"long", - "documentation":"

The number of objects that DataSync fails to prepare during your task execution.

" + "documentation":"

The number of files or objects that DataSync fails to prepare during your task execution.

" }, "Transfer":{ "shape":"long", - "documentation":"

The number of objects that DataSync fails to transfer during your task execution.

" + "documentation":"

The number of files or objects that DataSync fails to transfer during your task execution.

" }, "Verify":{ "shape":"long", - "documentation":"

The number of objects that DataSync fails to verify during your task execution.

" + "documentation":"

The number of files or objects that DataSync fails to verify during your task execution.

" }, "Delete":{ "shape":"long", - "documentation":"

The number of objects that DataSync fails to delete during your task execution.

" + "documentation":"

The number of files or objects that DataSync fails to delete during your task execution.

" } }, - "documentation":"

The number of objects that DataSync fails to prepare, transfer, verify, and delete during your task execution.

Applies only to Enhanced mode tasks.

" + "documentation":"

The number of files or objects that DataSync fails to prepare, transfer, verify, and delete during your task execution.

Applies only to Enhanced mode tasks.

" }, "TaskExecutionFilesListedDetail":{ "type":"structure", "members":{ "AtSource":{ "shape":"long", - "documentation":"

The number of objects that DataSync finds at your source location.

  • With a manifest, DataSync lists only what's in your manifest (and not everything at your source location).

  • With an include filter, DataSync lists only what matches the filter at your source location.

  • With an exclude filter, DataSync lists everything at your source location before applying the filter.

" + "documentation":"

The number of files or objects that DataSync finds at your source location.

  • With a manifest, DataSync lists only what's in your manifest (and not everything at your source location).

  • With an include filter, DataSync lists only what matches the filter at your source location.

  • With an exclude filter, DataSync lists everything at your source location before applying the filter.

" + }, + "AtDestinationForDelete":{ + "shape":"long", + "documentation":"

The number of files or objects that DataSync finds at your destination location. This counter is only applicable if you configure your task to delete data in the destination that isn't in the source.

" + } + }, + "documentation":"

The number of files or objects that DataSync finds at your locations.

Applies only to Enhanced mode tasks.

" + }, + "TaskExecutionFoldersFailedDetail":{ + "type":"structure", + "members":{ + "List":{ + "shape":"long", + "documentation":"

The number of directories that DataSync fails to list during your task execution.

" + }, + "Prepare":{ + "shape":"long", + "documentation":"

The number of directories that DataSync fails to prepare during your task execution.

" + }, + "Transfer":{ + "shape":"long", + "documentation":"

The number of directories that DataSync fails to transfer during your task execution.

" + }, + "Verify":{ + "shape":"long", + "documentation":"

The number of directories that DataSync fails to verify during your task execution.

" + }, + "Delete":{ + "shape":"long", + "documentation":"

The number of directories that DataSync fails to delete during your task execution.

" + } + }, + "documentation":"

The number of directories that DataSync fails to list, prepare, transfer, verify, and delete during your task execution.

Applies only to Enhanced mode tasks.

" + }, + "TaskExecutionFoldersListedDetail":{ + "type":"structure", + "members":{ + "AtSource":{ + "shape":"long", + "documentation":"

The number of directories that DataSync finds at your source location.

  • With a manifest, DataSync lists only what's in your manifest (and not everything at your source location).

  • With an include filter, DataSync lists only what matches the filter at your source location.

  • With an exclude filter, DataSync lists everything at your source location before applying the filter.

" }, "AtDestinationForDelete":{ "shape":"long", - "documentation":"

The number of objects that DataSync finds at your destination location. This counter is only applicable if you configure your task to delete data in the destination that isn't in the source.

" + "documentation":"

The number of directories that DataSync finds at your destination location. This counter is only applicable if you configure your task to delete data in the destination that isn't in the source.

" } }, - "documentation":"

The number of objects that DataSync finds at your locations.

Applies only to Enhanced mode tasks.

" + "documentation":"

The number of directories that DataSync finds at your locations.

Applies only to Enhanced mode tasks.

" }, "TaskExecutionList":{ "type":"list", @@ -4381,6 +4481,14 @@ "shape":"SmbPassword", "documentation":"

Specifies the password of the user who can mount your SMB file server and has permission to access the files and folders involved in your transfer. This parameter applies only if AuthenticationType is set to NTLM.

" }, + "CmkSecretConfig":{ + "shape":"CmkSecretConfig", + "documentation":"

Specifies configuration information for a DataSync-managed secret, such as a Password or KerberosKeytab or set of credentials that DataSync uses to access a specific transfer location, and a customer-managed KMS key.

" + }, + "CustomSecretConfig":{ + "shape":"CustomSecretConfig", + "documentation":"

Specifies configuration information for a customer-managed secret, such as a Password or KerberosKeytab or set of credentials that DataSync uses to access a specific transfer location, and a customer-managed KMS key.

" + }, "AgentArns":{ "shape":"AgentArnList", "documentation":"

Specifies the DataSync agent (or agents) that can connect to your SMB file server. You specify an agent by using its Amazon Resource Name (ARN).

" diff --git a/awscli/botocore/data/workspaces-web/2020-07-08/service-2.json b/awscli/botocore/data/workspaces-web/2020-07-08/service-2.json index e30864cab857..ba7d033d9a7f 100644 --- a/awscli/botocore/data/workspaces-web/2020-07-08/service-2.json +++ b/awscli/botocore/data/workspaces-web/2020-07-08/service-2.json @@ -359,6 +359,7 @@ "output":{"shape":"CreateUserSettingsResponse"}, "errors":[ {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"}, {"shape":"ServiceQuotaExceededException"}, @@ -751,7 +752,8 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

Gets browser settings.

" + "documentation":"

Gets browser settings.

", + "readonly":true }, "GetDataProtectionSettings":{ "name":"GetDataProtectionSettings", @@ -769,7 +771,8 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

Gets the data protection settings.

" + "documentation":"

Gets the data protection settings.

", + "readonly":true }, "GetIdentityProvider":{ "name":"GetIdentityProvider", @@ -787,7 +790,8 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

Gets the identity provider.

" + "documentation":"

Gets the identity provider.

", + "readonly":true }, "GetIpAccessSettings":{ "name":"GetIpAccessSettings", @@ -805,7 +809,8 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

Gets the IP access settings.

" + "documentation":"

Gets the IP access settings.

", + "readonly":true }, "GetNetworkSettings":{ "name":"GetNetworkSettings", @@ -823,7 +828,8 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

Gets the network settings.

" + "documentation":"

Gets the network settings.

", + "readonly":true }, "GetPortal":{ "name":"GetPortal", @@ -841,7 +847,8 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

Gets the web portal.

" + "documentation":"

Gets the web portal.

", + "readonly":true }, "GetPortalServiceProviderMetadata":{ "name":"GetPortalServiceProviderMetadata", @@ -859,7 +866,8 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

Gets the service provider metadata.

" + "documentation":"

Gets the service provider metadata.

", + "readonly":true }, "GetSession":{ "name":"GetSession", @@ -877,7 +885,8 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

Gets information for a secure browser session.

" + "documentation":"

Gets information for a secure browser session.

", + "readonly":true }, "GetSessionLogger":{ "name":"GetSessionLogger", @@ -895,7 +904,8 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

Gets details about a specific session logger resource.

" + "documentation":"

Gets details about a specific session logger resource.

", + "readonly":true }, "GetTrustStore":{ "name":"GetTrustStore", @@ -913,7 +923,8 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

Gets the trust store.

" + "documentation":"

Gets the trust store.

", + "readonly":true }, "GetTrustStoreCertificate":{ "name":"GetTrustStoreCertificate", @@ -931,7 +942,8 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

Gets the trust store certificate.

" + "documentation":"

Gets the trust store certificate.

", + "readonly":true }, "GetUserAccessLoggingSettings":{ "name":"GetUserAccessLoggingSettings", @@ -949,7 +961,8 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

Gets user access logging settings.

" + "documentation":"

Gets user access logging settings.

", + "readonly":true }, "GetUserSettings":{ "name":"GetUserSettings", @@ -967,7 +980,8 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

Gets user settings.

" + "documentation":"

Gets user settings.

", + "readonly":true }, "ListBrowserSettings":{ "name":"ListBrowserSettings", @@ -984,7 +998,8 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

Retrieves a list of browser settings.

" + "documentation":"

Retrieves a list of browser settings.

", + "readonly":true }, "ListDataProtectionSettings":{ "name":"ListDataProtectionSettings", @@ -1001,7 +1016,8 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

Retrieves a list of data protection settings.

" + "documentation":"

Retrieves a list of data protection settings.

", + "readonly":true }, "ListIdentityProviders":{ "name":"ListIdentityProviders", @@ -1018,7 +1034,8 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

Retrieves a list of identity providers for a specific web portal.

" + "documentation":"

Retrieves a list of identity providers for a specific web portal.

", + "readonly":true }, "ListIpAccessSettings":{ "name":"ListIpAccessSettings", @@ -1035,7 +1052,8 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

Retrieves a list of IP access settings.

" + "documentation":"

Retrieves a list of IP access settings.

", + "readonly":true }, "ListNetworkSettings":{ "name":"ListNetworkSettings", @@ -1052,7 +1070,8 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

Retrieves a list of network settings.

" + "documentation":"

Retrieves a list of network settings.

", + "readonly":true }, "ListPortals":{ "name":"ListPortals", @@ -1069,7 +1088,8 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

Retrieves a list or web portals.

" + "documentation":"

Retrieves a list or web portals.

", + "readonly":true }, "ListSessionLoggers":{ "name":"ListSessionLoggers", @@ -1086,7 +1106,8 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

Lists all available session logger resources.

" + "documentation":"

Lists all available session logger resources.

", + "readonly":true }, "ListSessions":{ "name":"ListSessions", @@ -1104,7 +1125,8 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

Lists information for multiple secure browser sessions from a specific portal.

" + "documentation":"

Lists information for multiple secure browser sessions from a specific portal.

", + "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -1122,7 +1144,8 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

Retrieves a list of tags for a resource.

" + "documentation":"

Retrieves a list of tags for a resource.

", + "readonly":true }, "ListTrustStoreCertificates":{ "name":"ListTrustStoreCertificates", @@ -1140,7 +1163,8 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

Retrieves a list of trust store certificates.

" + "documentation":"

Retrieves a list of trust store certificates.

", + "readonly":true }, "ListTrustStores":{ "name":"ListTrustStores", @@ -1157,7 +1181,8 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

Retrieves a list of trust stores.

" + "documentation":"

Retrieves a list of trust stores.

", + "readonly":true }, "ListUserAccessLoggingSettings":{ "name":"ListUserAccessLoggingSettings", @@ -1174,7 +1199,8 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

Retrieves a list of user access logging settings.

" + "documentation":"

Retrieves a list of user access logging settings.

", + "readonly":true }, "ListUserSettings":{ "name":"ListUserSettings", @@ -1191,7 +1217,8 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

Retrieves a list of user settings.

" + "documentation":"

Retrieves a list of user settings.

", + "readonly":true }, "TagResource":{ "name":"TagResource", @@ -1756,6 +1783,110 @@ "max":100, "min":1 }, + "BrandingConfiguration":{ + "type":"structure", + "required":[ + "logo", + "wallpaper", + "favicon", + "localizedStrings", + "colorTheme" + ], + "members":{ + "logo":{ + "shape":"ImageMetadata", + "documentation":"

Metadata for the logo image file, including the MIME type, file extension, and upload timestamp.

" + }, + "wallpaper":{ + "shape":"ImageMetadata", + "documentation":"

Metadata for the wallpaper image file, including the MIME type, file extension, and upload timestamp.

" + }, + "favicon":{ + "shape":"ImageMetadata", + "documentation":"

Metadata for the favicon image file, including the MIME type, file extension, and upload timestamp.

" + }, + "localizedStrings":{ + "shape":"LocalizedBrandingStringMap", + "documentation":"

A map of localized text strings for different languages, allowing the portal to display content in the user's preferred language.

" + }, + "colorTheme":{ + "shape":"ColorTheme", + "documentation":"

The color theme for components on the web portal.

" + }, + "termsOfService":{ + "shape":"Markdown", + "documentation":"

The terms of service text in Markdown format that users must accept before accessing the portal.

" + } + }, + "documentation":"

The branding configuration output including custom images metadata, localized strings, color theme, and terms of service.

" + }, + "BrandingConfigurationCreateInput":{ + "type":"structure", + "required":[ + "logo", + "wallpaper", + "favicon", + "localizedStrings", + "colorTheme" + ], + "members":{ + "logo":{ + "shape":"IconImageInput", + "documentation":"

The logo image for the portal. Provide either a binary image file or an S3 URI pointing to the image file. Maximum 100 KB in JPEG, PNG, or ICO format.

" + }, + "wallpaper":{ + "shape":"WallpaperImageInput", + "documentation":"

The wallpaper image for the portal. Provide either a binary image file or an S3 URI pointing to the image file. Maximum 5 MB in JPEG or PNG format.

" + }, + "favicon":{ + "shape":"IconImageInput", + "documentation":"

The favicon image for the portal. Provide either a binary image file or an S3 URI pointing to the image file. Maximum 100 KB in JPEG, PNG, or ICO format.

" + }, + "localizedStrings":{ + "shape":"LocalizedBrandingStringMap", + "documentation":"

A map of localized text strings for different supported languages. Each locale must provide the required fields browserTabTitle and welcomeText.

" + }, + "colorTheme":{ + "shape":"ColorTheme", + "documentation":"

The color theme for components on the web portal. Choose Light if you upload a dark wallpaper, or Dark for a light wallpaper.

" + }, + "termsOfService":{ + "shape":"Markdown", + "documentation":"

The terms of service text in Markdown format. Users will be presented with the terms of service after successfully signing in.

" + } + }, + "documentation":"

The input configuration for creating branding settings.

" + }, + "BrandingConfigurationUpdateInput":{ + "type":"structure", + "members":{ + "logo":{ + "shape":"IconImageInput", + "documentation":"

The logo image for the portal. Provide either a binary image file or an S3 URI pointing to the image file. Maximum 100 KB in JPEG, PNG, or ICO format.

" + }, + "wallpaper":{ + "shape":"WallpaperImageInput", + "documentation":"

The wallpaper image for the portal. Provide either a binary image file or an S3 URI pointing to the image file. Maximum 5 MB in JPEG or PNG format.

" + }, + "favicon":{ + "shape":"IconImageInput", + "documentation":"

The favicon image for the portal. Provide either a binary image file or an S3 URI pointing to the image file. Maximum 100 KB in JPEG, PNG, or ICO format.

" + }, + "localizedStrings":{ + "shape":"LocalizedBrandingStringMap", + "documentation":"

A map of localized text strings for different supported languages. Each locale must provide the required fields browserTabTitle and welcomeText.

" + }, + "colorTheme":{ + "shape":"ColorTheme", + "documentation":"

The color theme for components on the web portal. Choose Light if you upload a dark wallpaper, or Dark for a light wallpaper.

" + }, + "termsOfService":{ + "shape":"Markdown", + "documentation":"

The terms of service text in Markdown format. To remove existing terms of service, provide an empty string.

" + } + }, + "documentation":"

The input configuration for updating branding settings. All fields are optional when updating existing branding.

" + }, "BrowserPolicy":{ "type":"string", "max":131072, @@ -1942,6 +2073,13 @@ "max":512, "min":1 }, + "ColorTheme":{ + "type":"string", + "enum":[ + "Light", + "Dark" + ] + }, "ConfidenceLevel":{ "type":"integer", "box":true, @@ -1968,6 +2106,10 @@ }, "exception":true }, + "ContactLinkUrl":{ + "type":"string", + "pattern":"(https://|mailto:).*" + }, "CookieDomain":{ "type":"string", "max":253, @@ -2472,6 +2614,10 @@ "toolbarConfiguration":{ "shape":"ToolbarConfiguration", "documentation":"

The configuration of the toolbar. This allows administrators to select the toolbar type and visual mode, set maximum display resolution for sessions, and choose which items are visible to end users during their sessions. If administrators do not modify these settings, end users retain control over their toolbar preferences.

" + }, + "brandingConfigurationInput":{ + "shape":"BrandingConfigurationCreateInput", + "documentation":"

The branding configuration input that customizes the appearance of the web portal for end users. This includes a custom logo, favicon, wallpaper, localized strings, color theme, and an optional terms of service.

" } } }, @@ -2591,8 +2737,7 @@ }, "DeleteBrowserSettingsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteDataProtectionSettingsRequest":{ "type":"structure", @@ -2608,8 +2753,7 @@ }, "DeleteDataProtectionSettingsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteIdentityProviderRequest":{ "type":"structure", @@ -2625,8 +2769,7 @@ }, "DeleteIdentityProviderResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteIpAccessSettingsRequest":{ "type":"structure", @@ -2642,8 +2785,7 @@ }, "DeleteIpAccessSettingsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteNetworkSettingsRequest":{ "type":"structure", @@ -2659,8 +2801,7 @@ }, "DeleteNetworkSettingsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeletePortalRequest":{ "type":"structure", @@ -2676,8 +2817,7 @@ }, "DeletePortalResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteSessionLoggerRequest":{ "type":"structure", @@ -2693,8 +2833,7 @@ }, "DeleteSessionLoggerResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteTrustStoreRequest":{ "type":"structure", @@ -2710,8 +2849,7 @@ }, "DeleteTrustStoreResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteUserAccessLoggingSettingsRequest":{ "type":"structure", @@ -2727,8 +2865,7 @@ }, "DeleteUserAccessLoggingSettingsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteUserSettingsRequest":{ "type":"structure", @@ -2744,8 +2881,7 @@ }, "DeleteUserSettingsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "Description":{ "type":"string", @@ -2775,8 +2911,7 @@ }, "DisassociateBrowserSettingsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateDataProtectionSettingsRequest":{ "type":"structure", @@ -2792,8 +2927,7 @@ }, "DisassociateDataProtectionSettingsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateIpAccessSettingsRequest":{ "type":"structure", @@ -2809,8 +2943,7 @@ }, "DisassociateIpAccessSettingsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateNetworkSettingsRequest":{ "type":"structure", @@ -2826,8 +2959,7 @@ }, "DisassociateNetworkSettingsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateSessionLoggerRequest":{ "type":"structure", @@ -2843,8 +2975,7 @@ }, "DisassociateSessionLoggerResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateTrustStoreRequest":{ "type":"structure", @@ -2860,8 +2991,7 @@ }, "DisassociateTrustStoreResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateUserAccessLoggingSettingsRequest":{ "type":"structure", @@ -2877,8 +3007,7 @@ }, "DisassociateUserAccessLoggingSettingsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateUserSettingsRequest":{ "type":"structure", @@ -2894,8 +3023,7 @@ }, "DisassociateUserSettingsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisconnectTimeoutInMinutes":{ "type":"integer", @@ -2996,8 +3124,7 @@ }, "ExpireSessionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "FieldName":{"type":"string"}, "FolderStructure":{ @@ -3318,6 +3445,26 @@ "type":"list", "member":{"shape":"ToolbarItem"} }, + "IconImage":{ + "type":"blob", + "max":102400, + "min":0 + }, + "IconImageInput":{ + "type":"structure", + "members":{ + "blob":{ + "shape":"IconImage", + "documentation":"

The image provided as a binary image file.

" + }, + "s3Uri":{ + "shape":"S3Uri", + "documentation":"

The S3 URI pointing to the image file. The URI must use the format s3://bucket-name/key-name. You must have read access to the S3 object.

" + } + }, + "documentation":"

The input for an icon image (logo or favicon). Provide either a binary image file or an S3 URI pointing to the image file. Maximum 100 KB in JPEG, PNG, or ICO format.

", + "union":true + }, "IdentityProvider":{ "type":"structure", "required":["identityProviderArn"], @@ -3394,6 +3541,29 @@ "max":60, "min":0 }, + "ImageMetadata":{ + "type":"structure", + "required":[ + "mimeType", + "fileExtension", + "lastUploadTimestamp" + ], + "members":{ + "mimeType":{ + "shape":"MimeType", + "documentation":"

The MIME type of the image.

" + }, + "fileExtension":{ + "shape":"StringType", + "documentation":"

The file extension of the image.

" + }, + "lastUploadTimestamp":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the image was last uploaded.

" + } + }, + "documentation":"

Metadata information about an uploaded image file.

" + }, "InlineRedactionConfiguration":{ "type":"structure", "required":["inlineRedactionPatterns"], @@ -4035,6 +4205,111 @@ } } }, + "Locale":{ + "type":"string", + "enum":[ + "de-DE", + "en-US", + "es-ES", + "fr-FR", + "id-ID", + "it-IT", + "ja-JP", + "ko-KR", + "pt-BR", + "zh-CN", + "zh-TW" + ] + }, + "LocalizedBrandingStringMap":{ + "type":"map", + "key":{"shape":"Locale"}, + "value":{"shape":"LocalizedBrandingStrings"} + }, + "LocalizedBrandingStrings":{ + "type":"structure", + "required":[ + "browserTabTitle", + "welcomeText" + ], + "members":{ + "browserTabTitle":{ + "shape":"LocalizedBrandingStringsBrowserTabTitleString", + "documentation":"

The text displayed in the browser tab title.

" + }, + "welcomeText":{ + "shape":"LocalizedBrandingStringsWelcomeTextString", + "documentation":"

The welcome text displayed on the sign-in page.

" + }, + "loginTitle":{ + "shape":"LocalizedBrandingStringsLoginTitleString", + "documentation":"

The title text for the login section. This field is optional and defaults to \"Sign In\".

" + }, + "loginDescription":{ + "shape":"LocalizedBrandingStringsLoginDescriptionString", + "documentation":"

The description text for the login section. This field is optional and defaults to \"Sign in to your session\".

" + }, + "loginButtonText":{ + "shape":"LocalizedBrandingStringsLoginButtonTextString", + "documentation":"

The text displayed on the login button. This field is optional and defaults to \"Sign In\".

" + }, + "contactLink":{ + "shape":"ContactLinkUrl", + "documentation":"

A contact link URL. The URL must start with https:// or mailto:. If not provided, the contact button will be hidden from the web portal screen.

" + }, + "contactButtonText":{ + "shape":"LocalizedBrandingStringsContactButtonTextString", + "documentation":"

The text displayed on the contact button. This field is optional and defaults to \"Contact us\".

" + }, + "loadingText":{ + "shape":"LocalizedBrandingStringsLoadingTextString", + "documentation":"

The text displayed during session loading. This field is optional and defaults to \"Loading your session\".

" + } + }, + "documentation":"

Localized text strings for a specific language that customize the web portal.

" + }, + "LocalizedBrandingStringsBrowserTabTitleString":{ + "type":"string", + "max":25, + "min":0, + "pattern":"[^<>&'`~\\\\]*" + }, + "LocalizedBrandingStringsContactButtonTextString":{ + "type":"string", + "max":30, + "min":0, + "pattern":"[^<>&'`~\\\\]*" + }, + "LocalizedBrandingStringsLoadingTextString":{ + "type":"string", + "max":300, + "min":0, + "pattern":"[^<>&'`~\\\\]*" + }, + "LocalizedBrandingStringsLoginButtonTextString":{ + "type":"string", + "max":30, + "min":0, + "pattern":"[^<>&'`~\\\\]*" + }, + "LocalizedBrandingStringsLoginDescriptionString":{ + "type":"string", + "max":250, + "min":0, + "pattern":"[^<>&'`~\\\\]*" + }, + "LocalizedBrandingStringsLoginTitleString":{ + "type":"string", + "max":100, + "min":0, + "pattern":"[^<>&'`~\\\\]*" + }, + "LocalizedBrandingStringsWelcomeTextString":{ + "type":"string", + "max":150, + "min":0, + "pattern":"[^<>&'`~\\\\]*" + }, "LogConfiguration":{ "type":"structure", "members":{ @@ -4052,6 +4327,12 @@ "Json" ] }, + "Markdown":{ + "type":"string", + "max":153600, + "min":0, + "sensitive":true + }, "MaxConcurrentSessions":{ "type":"integer", "box":true, @@ -4076,6 +4357,14 @@ "box":true, "min":1 }, + "MimeType":{ + "type":"string", + "enum":[ + "image/png", + "image/jpeg", + "image/x-icon" + ] + }, "NetworkSettings":{ "type":"structure", "required":["networkSettingsArn"], @@ -4439,6 +4728,10 @@ }, "documentation":"

The S3 log configuration.

" }, + "S3Uri":{ + "type":"string", + "pattern":"s3://[a-z0-9][a-z0-9\\.\\-]{1,61}[a-z0-9]/.+" + }, "SamlMetadata":{ "type":"string", "max":204800, @@ -4735,8 +5028,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -4858,8 +5150,7 @@ }, "Unit":{ "type":"structure", - "members":{ - } + "members":{} }, "UntagResourceRequest":{ "type":"structure", @@ -4884,8 +5175,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateBrowserSettingsRequest":{ "type":"structure", @@ -5269,6 +5559,10 @@ "toolbarConfiguration":{ "shape":"ToolbarConfiguration", "documentation":"

The configuration of the toolbar. This allows administrators to select the toolbar type and visual mode, set maximum display resolution for sessions, and choose which items are visible to end users during their sessions. If administrators do not modify these settings, end users retain control over their toolbar preferences.

" + }, + "brandingConfigurationInput":{ + "shape":"BrandingConfigurationUpdateInput", + "documentation":"

The branding configuration that customizes the appearance of the web portal for end users. When updating user settings without an existing branding configuration, all fields (logo, favicon, wallpaper, localized strings, and color theme) are required except for terms of service. When updating user settings with an existing branding configuration, all fields are optional.

" } } }, @@ -5390,6 +5684,10 @@ "toolbarConfiguration":{ "shape":"ToolbarConfiguration", "documentation":"

The configuration of the toolbar. This allows administrators to select the toolbar type and visual mode, set maximum display resolution for sessions, and choose which items are visible to end users during their sessions. If administrators do not modify these settings, end users retain control over their toolbar preferences.

" + }, + "brandingConfiguration":{ + "shape":"BrandingConfiguration", + "documentation":"

The branding configuration output that customizes the appearance of the web portal for end users.

" } }, "documentation":"

A user settings resource that can be associated with a web portal. Once associated with a web portal, user settings control how users can transfer data between a streaming session and the their local devices.

" @@ -5445,6 +5743,10 @@ "toolbarConfiguration":{ "shape":"ToolbarConfiguration", "documentation":"

The configuration of the toolbar. This allows administrators to select the toolbar type and visual mode, set maximum display resolution for sessions, and choose which items are visible to end users during their sessions. If administrators do not modify these settings, end users retain control over their toolbar preferences.

" + }, + "brandingConfiguration":{ + "shape":"BrandingConfiguration", + "documentation":"

The branding configuration output that customizes the appearance of the web portal for end users.

" } }, "documentation":"

The summary of user settings.

" @@ -5520,6 +5822,26 @@ "min":1, "pattern":"vpc-[0-9a-z]*" }, + "WallpaperImage":{ + "type":"blob", + "max":5242880, + "min":0 + }, + "WallpaperImageInput":{ + "type":"structure", + "members":{ + "blob":{ + "shape":"WallpaperImage", + "documentation":"

The image provided as a binary image file.

" + }, + "s3Uri":{ + "shape":"S3Uri", + "documentation":"

The S3 URI pointing to the image file. The URI must use the format s3://bucket-name/key-name. You must have read access to the S3 object.

" + } + }, + "documentation":"

The input for a wallpaper image. Provide the image as either a binary image file or an S3 URI. Maximum 5 MB in JPEG or PNG format.

", + "union":true + }, "WebContentFilteringPolicy":{ "type":"structure", "members":{ From 6d9e7470dea66cfcd5576c5e5ecc660c65cd2433 Mon Sep 17 00:00:00 2001 From: aws-sdk-python-automation Date: Fri, 12 Dec 2025 19:12:09 +0000 Subject: [PATCH 12/37] Update endpoints model --- awscli/botocore/data/endpoints.json | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/awscli/botocore/data/endpoints.json b/awscli/botocore/data/endpoints.json index 9bd19854c97e..4c30796df60e 100644 --- a/awscli/botocore/data/endpoints.json +++ b/awscli/botocore/data/endpoints.json @@ -14324,6 +14324,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { "variants" : [ { @@ -40442,6 +40443,11 @@ "eusc-de-east-1" : { } } }, + "guardduty" : { + "endpoints" : { + "eusc-de-east-1" : { } + } + }, "health" : { "endpoints" : { "eusc-de-east-1" : { From 439b186408f7224ae159bee62c24c85d9f923d8b Mon Sep 17 00:00:00 2001 From: aws-sdk-python-automation Date: Fri, 12 Dec 2025 19:13:51 +0000 Subject: [PATCH 13/37] Bump version to 2.32.16 --- .changes/2.32.16.json | 22 +++++++++++++++++++ ...pi-change-bcmrecommendedactions-34155.json | 5 ----- .../next-release/api-change-connect-813.json | 5 ----- .../api-change-datasync-80337.json | 5 ----- .../api-change-workspacesweb-84198.json | 5 ----- CHANGELOG.rst | 9 ++++++++ awscli/__init__.py | 2 +- configure | 14 ++++++------ configure.ac | 2 +- doc/source/conf.py | 2 +- 10 files changed, 41 insertions(+), 30 deletions(-) create mode 100644 .changes/2.32.16.json delete mode 100644 .changes/next-release/api-change-bcmrecommendedactions-34155.json delete mode 100644 .changes/next-release/api-change-connect-813.json delete mode 100644 .changes/next-release/api-change-datasync-80337.json delete mode 100644 .changes/next-release/api-change-workspacesweb-84198.json diff --git a/.changes/2.32.16.json b/.changes/2.32.16.json new file mode 100644 index 000000000000..a9feed7554ae --- /dev/null +++ b/.changes/2.32.16.json @@ -0,0 +1,22 @@ +[ + { + "category": "``connect``", + "description": "Amazon Connect now offers automated post-chat surveys triggered when customers end conversations. This captures timely feedback while experience is fresh, using either a no-code form builder or Amazon Lex-powered interactive surveys.", + "type": "api-change" + }, + { + "category": "``bcm-recommended-actions``", + "description": "Added new freetier action types to RecommendedAction.type.", + "type": "api-change" + }, + { + "category": "``datasync``", + "description": "Adds Enhanced mode support for NFS and SMB locations. SMB credentials are now managed via Secrets Manager, and may be encrypted with service or customer managed keys. Increases AgentArns maximum count to 8 (max 4 per TaskMode). Adds folder counters to DescribeTaskExecution for Enhanced mode tasks.", + "type": "api-change" + }, + { + "category": "``workspaces-web``", + "description": "Adds support for portal branding customization, enabling administrators to personalize end-user portals with custom assets.", + "type": "api-change" + } +] \ No newline at end of file diff --git a/.changes/next-release/api-change-bcmrecommendedactions-34155.json b/.changes/next-release/api-change-bcmrecommendedactions-34155.json deleted file mode 100644 index 34151f26decb..000000000000 --- a/.changes/next-release/api-change-bcmrecommendedactions-34155.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``bcm-recommended-actions``", - "description": "Added new freetier action types to RecommendedAction.type." -} diff --git a/.changes/next-release/api-change-connect-813.json b/.changes/next-release/api-change-connect-813.json deleted file mode 100644 index 0a48368c90e9..000000000000 --- a/.changes/next-release/api-change-connect-813.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``connect``", - "description": "Amazon Connect now offers automated post-chat surveys triggered when customers end conversations. This captures timely feedback while experience is fresh, using either a no-code form builder or Amazon Lex-powered interactive surveys." -} diff --git a/.changes/next-release/api-change-datasync-80337.json b/.changes/next-release/api-change-datasync-80337.json deleted file mode 100644 index 0322dee951fb..000000000000 --- a/.changes/next-release/api-change-datasync-80337.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``datasync``", - "description": "Adds Enhanced mode support for NFS and SMB locations. SMB credentials are now managed via Secrets Manager, and may be encrypted with service or customer managed keys. Increases AgentArns maximum count to 8 (max 4 per TaskMode). Adds folder counters to DescribeTaskExecution for Enhanced mode tasks." -} diff --git a/.changes/next-release/api-change-workspacesweb-84198.json b/.changes/next-release/api-change-workspacesweb-84198.json deleted file mode 100644 index ac9b07e677c3..000000000000 --- a/.changes/next-release/api-change-workspacesweb-84198.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``workspaces-web``", - "description": "Adds support for portal branding customization, enabling administrators to personalize end-user portals with custom assets." -} diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 17c743b090ca..e5ba2a8f749d 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -2,6 +2,15 @@ CHANGELOG ========= +2.32.16 +======= + +* api-change:``connect``: Amazon Connect now offers automated post-chat surveys triggered when customers end conversations. This captures timely feedback while experience is fresh, using either a no-code form builder or Amazon Lex-powered interactive surveys. +* api-change:``bcm-recommended-actions``: Added new freetier action types to RecommendedAction.type. +* api-change:``datasync``: Adds Enhanced mode support for NFS and SMB locations. SMB credentials are now managed via Secrets Manager, and may be encrypted with service or customer managed keys. Increases AgentArns maximum count to 8 (max 4 per TaskMode). Adds folder counters to DescribeTaskExecution for Enhanced mode tasks. +* api-change:``workspaces-web``: Adds support for portal branding customization, enabling administrators to personalize end-user portals with custom assets. + + 2.32.15 ======= diff --git a/awscli/__init__.py b/awscli/__init__.py index e5daf66c392c..679b5a3c817a 100644 --- a/awscli/__init__.py +++ b/awscli/__init__.py @@ -20,7 +20,7 @@ import os import sys -__version__ = '2.32.15' +__version__ = '2.32.16' # # Get our data path to be added to botocore's search path diff --git a/configure b/configure index 3696f3989a15..7fdf291dc88d 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for awscli 2.32.15. +# Generated by GNU Autoconf 2.71 for awscli 2.32.16. # # # Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation, @@ -607,8 +607,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='awscli' PACKAGE_TARNAME='awscli' -PACKAGE_VERSION='2.32.15' -PACKAGE_STRING='awscli 2.32.15' +PACKAGE_VERSION='2.32.16' +PACKAGE_STRING='awscli 2.32.16' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1255,7 +1255,7 @@ _ACEOF fi if $ac_init_version; then cat <<\_ACEOF -awscli configure 2.32.15 +awscli configure 2.32.16 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. @@ -1292,7 +1292,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by awscli $as_me 2.32.15, which was +It was created by awscli $as_me 2.32.16, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -2668,7 +2668,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by awscli $as_me 2.32.15, which was +This file was extended by awscli $as_me 2.32.16, which was generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -2723,7 +2723,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -awscli config.status 2.32.15 +awscli config.status 2.32.16 configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 7b134cc7e2cf..53947e3f5319 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ AC_CONFIG_MACRO_DIRS([m4]) -AC_INIT([awscli], [2.32.15]) +AC_INIT([awscli], [2.32.16]) AC_CONFIG_SRCDIR([bin/aws]) AM_PATH_PYTHON([3.8]) diff --git a/doc/source/conf.py b/doc/source/conf.py index 71aedf19643f..c5b5094146c3 100644 --- a/doc/source/conf.py +++ b/doc/source/conf.py @@ -66,7 +66,7 @@ # The short X.Y version. version = '2.0' # The full version, including alpha/beta/rc tags. -release = '2.32.15' +release = '2.32.16' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. From ec56d0e07e619e4a00716954055e41b78c7433ed Mon Sep 17 00:00:00 2001 From: Ahmed Moustafa <35640105+aemous@users.noreply.github.com> Date: Mon, 15 Dec 2025 08:59:08 -0500 Subject: [PATCH 14/37] Fix validates models record_property serialization errors (#9912) --- tests/functional/test_no_event_streams.py | 2 +- tests/functional/test_shadowing.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/functional/test_no_event_streams.py b/tests/functional/test_no_event_streams.py index 72ae95ff8976..1672d017ddfc 100644 --- a/tests/functional/test_no_event_streams.py +++ b/tests/functional/test_no_event_streams.py @@ -41,7 +41,7 @@ def test_no_event_stream_unless_allowed(record_property): # Store the service and operation in # PyTest custom properties record_property( - 'aws_service', model.service_model.service_id + 'aws_service', model.service_model.service_name ) record_property('aws_operation', model.name) supported_commands = '\n'.join(_ALLOWED_COMMANDS) diff --git a/tests/functional/test_shadowing.py b/tests/functional/test_shadowing.py index 4ae8c89ba069..ffa3d8016053 100644 --- a/tests/functional/test_shadowing.py +++ b/tests/functional/test_shadowing.py @@ -69,7 +69,7 @@ def test_no_shadowed_builtins( # Store the service and operation in # PyTest custom properties record_property( - 'aws_service', model.service_model.service_id + 'aws_service', model.service_model.service_name ) record_property('aws_operation', model.name) # Then we are shadowing or prefixing a top level argument From 558c9f6ee0e305cddc8141ed938292e5cc911a28 Mon Sep 17 00:00:00 2001 From: aws-sdk-python-automation Date: Mon, 15 Dec 2025 19:05:08 +0000 Subject: [PATCH 15/37] Update to latest models --- ...-change-bedrockagentcorecontrol-32839.json | 5 + .../api-change-connect-98913.json | 5 + .../next-release/api-change-ec2-10233.json | 5 + .../api-change-entityresolution-96381.json | 5 + .../api-change-glacier-28883.json | 5 + .../next-release/api-change-health-97125.json | 5 + .../next-release/api-change-logs-7711.json | 5 + .../api-change-mediatailor-4145.json | 5 + .../api-change-route53resolver-82831.json | 5 + .../next-release/api-change-s3-36038.json | 5 + .../api-change-servicequotas-59393.json | 5 + .../2023-06-05/service-2.json | 18 +- .../data/connect/2017-08-08/service-2.json | 1 + .../data/ec2/2016-11-15/service-2.json | 8 +- .../2018-05-10/service-2.json | 108 +++- .../data/glacier/2012-06-01/service-2.json | 277 ++++++---- .../2016-08-04/endpoint-rule-set-1.json | 214 ++++++++ .../data/logs/2014-03-28/paginators-1.json | 6 + .../data/logs/2014-03-28/service-2.json | 359 +++++++++++- .../mediatailor/2018-04-23/service-2.json | 82 ++- .../route53resolver/2018-04-01/service-2.json | 42 +- .../data/s3/2006-03-01/service-2.json | 3 +- .../service-quotas/2019-06-24/service-2.json | 222 +++++++- .../health/endpoint-tests-1.json | 517 ++++++++++++++++++ 24 files changed, 1732 insertions(+), 180 deletions(-) create mode 100644 .changes/next-release/api-change-bedrockagentcorecontrol-32839.json create mode 100644 .changes/next-release/api-change-connect-98913.json create mode 100644 .changes/next-release/api-change-ec2-10233.json create mode 100644 .changes/next-release/api-change-entityresolution-96381.json create mode 100644 .changes/next-release/api-change-glacier-28883.json create mode 100644 .changes/next-release/api-change-health-97125.json create mode 100644 .changes/next-release/api-change-logs-7711.json create mode 100644 .changes/next-release/api-change-mediatailor-4145.json create mode 100644 .changes/next-release/api-change-route53resolver-82831.json create mode 100644 .changes/next-release/api-change-s3-36038.json create mode 100644 .changes/next-release/api-change-servicequotas-59393.json diff --git a/.changes/next-release/api-change-bedrockagentcorecontrol-32839.json b/.changes/next-release/api-change-bedrockagentcorecontrol-32839.json new file mode 100644 index 000000000000..1841507480ef --- /dev/null +++ b/.changes/next-release/api-change-bedrockagentcorecontrol-32839.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``bedrock-agentcore-control``", + "description": "This release updates broken links for AgentCore Policy APIs in the AWS CLI and SDK resources." +} diff --git a/.changes/next-release/api-change-connect-98913.json b/.changes/next-release/api-change-connect-98913.json new file mode 100644 index 000000000000..80155f22d64d --- /dev/null +++ b/.changes/next-release/api-change-connect-98913.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``connect``", + "description": "Amazon Connect now supports outbound WhatsApp contacts via the Send message block or StartOutboundChatContact API. Send proactive messages for surveys, reminders, and updates. Offer customers the option to switch to WhatsApp while in queue, eliminating hold time." +} diff --git a/.changes/next-release/api-change-ec2-10233.json b/.changes/next-release/api-change-ec2-10233.json new file mode 100644 index 000000000000..663692319dfb --- /dev/null +++ b/.changes/next-release/api-change-ec2-10233.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``ec2``", + "description": "EC2 Capacity Manager now supports SpotTotalCount, SpotTotalInterruptions and SpotInterruptionRate metrics for both vCPU and instance units." +} diff --git a/.changes/next-release/api-change-entityresolution-96381.json b/.changes/next-release/api-change-entityresolution-96381.json new file mode 100644 index 000000000000..2d8bc44fcc60 --- /dev/null +++ b/.changes/next-release/api-change-entityresolution-96381.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``entityresolution``", + "description": "Support Customer Profiles Integration for AWS Entity Resolution" +} diff --git a/.changes/next-release/api-change-glacier-28883.json b/.changes/next-release/api-change-glacier-28883.json new file mode 100644 index 000000000000..14e46cffb531 --- /dev/null +++ b/.changes/next-release/api-change-glacier-28883.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``glacier``", + "description": "Documentation updates for Amazon Glacier's maintenance mode" +} diff --git a/.changes/next-release/api-change-health-97125.json b/.changes/next-release/api-change-health-97125.json new file mode 100644 index 000000000000..76d5b1ed422b --- /dev/null +++ b/.changes/next-release/api-change-health-97125.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``health``", + "description": "Updating Health API endpoint generation for dualstack only regions" +} diff --git a/.changes/next-release/api-change-logs-7711.json b/.changes/next-release/api-change-logs-7711.json new file mode 100644 index 000000000000..44501b7e18b4 --- /dev/null +++ b/.changes/next-release/api-change-logs-7711.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``logs``", + "description": "This release allows you to import your historical CloudTrail Lake data into CloudWatch with a few steps, enabling you to easily consolidate operational, security, and compliance data in one place." +} diff --git a/.changes/next-release/api-change-mediatailor-4145.json b/.changes/next-release/api-change-mediatailor-4145.json new file mode 100644 index 000000000000..8c12f727fd36 --- /dev/null +++ b/.changes/next-release/api-change-mediatailor-4145.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``mediatailor``", + "description": "Added support for Ad Decision Server Configuration enabling HTTP POST requests with custom bodies, headers, GZIP compression, and dynamic variables. No changes required for existing GET request configurations." +} diff --git a/.changes/next-release/api-change-route53resolver-82831.json b/.changes/next-release/api-change-route53resolver-82831.json new file mode 100644 index 000000000000..228100c7029f --- /dev/null +++ b/.changes/next-release/api-change-route53resolver-82831.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``route53resolver``", + "description": "Adds support for enabling detailed metrics on Route 53 Resolver endpoints using RniEnhancedMetricsEnabled and TargetNameServerMetricsEnabled in the CreateResolverEndpoint and UpdateResolverEndpoint APIs, providing enhanced visibility into Resolver endpoint and target name server performance." +} diff --git a/.changes/next-release/api-change-s3-36038.json b/.changes/next-release/api-change-s3-36038.json new file mode 100644 index 000000000000..06ecaa4ab92c --- /dev/null +++ b/.changes/next-release/api-change-s3-36038.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``s3``", + "description": "This release adds support for the new optional field 'LifecycleExpirationDate' in S3 Inventory configurations." +} diff --git a/.changes/next-release/api-change-servicequotas-59393.json b/.changes/next-release/api-change-servicequotas-59393.json new file mode 100644 index 000000000000..5c0e7d1f7025 --- /dev/null +++ b/.changes/next-release/api-change-servicequotas-59393.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``service-quotas``", + "description": "Add support for SQ Dashboard Api" +} diff --git a/awscli/botocore/data/bedrock-agentcore-control/2023-06-05/service-2.json b/awscli/botocore/data/bedrock-agentcore-control/2023-06-05/service-2.json index 546074c7f9b9..b121951826ff 100644 --- a/awscli/botocore/data/bedrock-agentcore-control/2023-06-05/service-2.json +++ b/awscli/botocore/data/bedrock-agentcore-control/2023-06-05/service-2.json @@ -262,7 +262,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

Creates a policy within the AgentCore Policy system. Policies provide real-time, deterministic control over agentic interactions with AgentCore Gateway. Using the Cedar policy language, you can define fine-grained policies that specify which interactions with Gateway tools are permitted based on input parameters and OAuth claims, ensuring agents operate within defined boundaries and business rules. The policy is validated during creation against the Cedar schema generated from the Gateway's tools' input schemas, which defines the available tools, their parameters, and expected data types. This is an asynchronous operation. Use the GetPolicy operation to poll the status field to track completion.

" + "documentation":"

Creates a policy within the AgentCore Policy system. Policies provide real-time, deterministic control over agentic interactions with AgentCore Gateway. Using the Cedar policy language, you can define fine-grained policies that specify which interactions with Gateway tools are permitted based on input parameters and OAuth claims, ensuring agents operate within defined boundaries and business rules. The policy is validated during creation against the Cedar schema generated from the Gateway's tools' input schemas, which defines the available tools, their parameters, and expected data types. This is an asynchronous operation. Use the GetPolicy operation to poll the status field to track completion.

" }, "CreatePolicyEngine":{ "name":"CreatePolicyEngine", @@ -281,7 +281,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

Creates a new policy engine within the AgentCore Policy system. A policy engine is a collection of policies that evaluates and authorizes agent tool calls. When associated with Gateways (each Gateway can be associated with at most one policy engine, but multiple Gateways can be associated with the same engine), the policy engine intercepts all agent requests and determines whether to allow or deny each action based on the defined policies. This is an asynchronous operation. Use the GetPolicyEngine operation to poll the status field to track completion.

" + "documentation":"

Creates a new policy engine within the AgentCore Policy system. A policy engine is a collection of policies that evaluates and authorizes agent tool calls. When associated with Gateways (each Gateway can be associated with at most one policy engine, but multiple Gateways can be associated with the same engine), the policy engine intercepts all agent requests and determines whether to allow or deny each action based on the defined policies. This is an asynchronous operation. Use the GetPolicyEngine operation to poll the status field to track completion.

" }, "CreateWorkloadIdentity":{ "name":"CreateWorkloadIdentity", @@ -6115,7 +6115,7 @@ "members":{ "policyGenerationId":{ "shape":"ResourceId", - "documentation":"

The unique identifier of the policy generation request to be retrieved. This must be a valid generation ID from a previous StartPolicyGeneration call.

", + "documentation":"

The unique identifier of the policy generation request to be retrieved. This must be a valid generation ID from a previous StartPolicyGeneration call.

", "location":"uri", "locationName":"policyGenerationId" }, @@ -7130,7 +7130,7 @@ "members":{ "nextToken":{ "shape":"NextToken", - "documentation":"

A pagination token returned from a previous ListPolicies call. Use this token to retrieve the next page of results when the response is paginated.

", + "documentation":"

A pagination token returned from a previous ListPolicies call. Use this token to retrieve the next page of results when the response is paginated.

", "location":"querystring", "locationName":"nextToken" }, @@ -7173,7 +7173,7 @@ "members":{ "nextToken":{ "shape":"NextToken", - "documentation":"

A pagination token returned from a previous ListPolicyEngines call. Use this token to retrieve the next page of results when the response is paginated.

", + "documentation":"

A pagination token returned from a previous ListPolicyEngines call. Use this token to retrieve the next page of results when the response is paginated.

", "location":"querystring", "locationName":"nextToken" }, @@ -7195,7 +7195,7 @@ }, "nextToken":{ "shape":"NextToken", - "documentation":"

A pagination token that can be used in subsequent ListPolicyEngines calls to retrieve additional results. This token is only present when there are more results available.

" + "documentation":"

A pagination token that can be used in subsequent ListPolicyEngines calls to retrieve additional results. This token is only present when there are more results available.

" } } }, @@ -7208,7 +7208,7 @@ "members":{ "policyGenerationId":{ "shape":"ResourceId", - "documentation":"

The unique identifier of the policy generation request whose assets are to be retrieved. This must be a valid generation ID from a previous StartPolicyGeneration call that has completed processing.

", + "documentation":"

The unique identifier of the policy generation request whose assets are to be retrieved. This must be a valid generation ID from a previous StartPolicyGeneration call that has completed processing.

", "location":"uri", "locationName":"policyGenerationId" }, @@ -7220,7 +7220,7 @@ }, "nextToken":{ "shape":"NextToken", - "documentation":"

A pagination token returned from a previous ListPolicyGenerationAssets call. Use this token to retrieve the next page of assets when the response is paginated due to large numbers of generated policy options.

", + "documentation":"

A pagination token returned from a previous ListPolicyGenerationAssets call. Use this token to retrieve the next page of assets when the response is paginated due to large numbers of generated policy options.

", "location":"querystring", "locationName":"nextToken" }, @@ -7241,7 +7241,7 @@ }, "nextToken":{ "shape":"NextToken", - "documentation":"

A pagination token that can be used in subsequent ListPolicyGenerationAssets calls to retrieve additional assets. This token is only present when there are more generated policy assets available beyond the current response.

" + "documentation":"

A pagination token that can be used in subsequent ListPolicyGenerationAssets calls to retrieve additional assets. This token is only present when there are more generated policy assets available beyond the current response.

" } } }, diff --git a/awscli/botocore/data/connect/2017-08-08/service-2.json b/awscli/botocore/data/connect/2017-08-08/service-2.json index bf85ad295b8c..6493a09e23ba 100644 --- a/awscli/botocore/data/connect/2017-08-08/service-2.json +++ b/awscli/botocore/data/connect/2017-08-08/service-2.json @@ -29482,6 +29482,7 @@ }, "ParticipantDetails":{"shape":"ParticipantDetails"}, "InitialSystemMessage":{"shape":"ChatMessage"}, + "InitialTemplatedSystemMessage":{"shape":"TemplatedMessageConfig"}, "RelatedContactId":{ "shape":"ContactId", "documentation":"

The unique identifier for an Amazon Connect contact. This identifier is related to the contact starting.

" diff --git a/awscli/botocore/data/ec2/2016-11-15/service-2.json b/awscli/botocore/data/ec2/2016-11-15/service-2.json index 4fd37c521b88..0c06064518b9 100644 --- a/awscli/botocore/data/ec2/2016-11-15/service-2.json +++ b/awscli/botocore/data/ec2/2016-11-15/service-2.json @@ -51759,7 +51759,13 @@ "spot-total-estimated-cost", "spot-avg-run-time-before-interruption-inst", "spot-max-run-time-before-interruption-inst", - "spot-min-run-time-before-interruption-inst" + "spot-min-run-time-before-interruption-inst", + "spot-total-interruptions-inst", + "spot-total-interruptions-vcpu", + "spot-total-count-inst", + "spot-total-count-vcpu", + "spot-interruption-rate-inst", + "spot-interruption-rate-vcpu" ] }, "MetricDataResult":{ diff --git a/awscli/botocore/data/entityresolution/2018-05-10/service-2.json b/awscli/botocore/data/entityresolution/2018-05-10/service-2.json index 2f2e463e11cb..ff4a6bf89fd0 100644 --- a/awscli/botocore/data/entityresolution/2018-05-10/service-2.json +++ b/awscli/botocore/data/entityresolution/2018-05-10/service-2.json @@ -256,7 +256,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], - "documentation":"

Returns the status, metrics, and errors (if there are any) that are associated with a job.

" + "documentation":"

Returns the status, metrics, and errors (if there are any) that are associated with a job.

", + "readonly":true }, "GetIdMappingWorkflow":{ "name":"GetIdMappingWorkflow", @@ -274,7 +275,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], - "documentation":"

Returns the IdMappingWorkflow with a given name, if it exists.

" + "documentation":"

Returns the IdMappingWorkflow with a given name, if it exists.

", + "readonly":true }, "GetIdNamespace":{ "name":"GetIdNamespace", @@ -292,7 +294,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], - "documentation":"

Returns the IdNamespace with a given name, if it exists.

" + "documentation":"

Returns the IdNamespace with a given name, if it exists.

", + "readonly":true }, "GetMatchId":{ "name":"GetMatchId", @@ -310,7 +313,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], - "documentation":"

Returns the corresponding Match ID of a customer record if the record has been processed in a rule-based matching workflow.

You can call this API as a dry run of an incremental load on the rule-based matching workflow.

" + "documentation":"

Returns the corresponding Match ID of a customer record if the record has been processed in a rule-based matching workflow.

You can call this API as a dry run of an incremental load on the rule-based matching workflow.

", + "readonly":true }, "GetMatchingJob":{ "name":"GetMatchingJob", @@ -328,7 +332,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], - "documentation":"

Returns the status, metrics, and errors (if there are any) that are associated with a job.

" + "documentation":"

Returns the status, metrics, and errors (if there are any) that are associated with a job.

", + "readonly":true }, "GetMatchingWorkflow":{ "name":"GetMatchingWorkflow", @@ -346,7 +351,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], - "documentation":"

Returns the MatchingWorkflow with a given name, if it exists.

" + "documentation":"

Returns the MatchingWorkflow with a given name, if it exists.

", + "readonly":true }, "GetPolicy":{ "name":"GetPolicy", @@ -364,7 +370,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], - "documentation":"

Returns the resource-based policy.

" + "documentation":"

Returns the resource-based policy.

", + "readonly":true }, "GetProviderService":{ "name":"GetProviderService", @@ -382,7 +389,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], - "documentation":"

Returns the ProviderService of a given name.

" + "documentation":"

Returns the ProviderService of a given name.

", + "readonly":true }, "GetSchemaMapping":{ "name":"GetSchemaMapping", @@ -400,7 +408,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], - "documentation":"

Returns the SchemaMapping of a given name.

" + "documentation":"

Returns the SchemaMapping of a given name.

", + "readonly":true }, "ListIdMappingJobs":{ "name":"ListIdMappingJobs", @@ -418,7 +427,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], - "documentation":"

Lists all ID mapping jobs for a given workflow.

" + "documentation":"

Lists all ID mapping jobs for a given workflow.

", + "readonly":true }, "ListIdMappingWorkflows":{ "name":"ListIdMappingWorkflows", @@ -435,7 +445,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], - "documentation":"

Returns a list of all the IdMappingWorkflows that have been created for an Amazon Web Services account.

" + "documentation":"

Returns a list of all the IdMappingWorkflows that have been created for an Amazon Web Services account.

", + "readonly":true }, "ListIdNamespaces":{ "name":"ListIdNamespaces", @@ -452,7 +463,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], - "documentation":"

Returns a list of all ID namespaces.

" + "documentation":"

Returns a list of all ID namespaces.

", + "readonly":true }, "ListMatchingJobs":{ "name":"ListMatchingJobs", @@ -470,7 +482,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], - "documentation":"

Lists all jobs for a given workflow.

" + "documentation":"

Lists all jobs for a given workflow.

", + "readonly":true }, "ListMatchingWorkflows":{ "name":"ListMatchingWorkflows", @@ -487,7 +500,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], - "documentation":"

Returns a list of all the MatchingWorkflows that have been created for an Amazon Web Services account.

" + "documentation":"

Returns a list of all the MatchingWorkflows that have been created for an Amazon Web Services account.

", + "readonly":true }, "ListProviderServices":{ "name":"ListProviderServices", @@ -504,7 +518,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], - "documentation":"

Returns a list of all the ProviderServices that are available in this Amazon Web Services Region.

" + "documentation":"

Returns a list of all the ProviderServices that are available in this Amazon Web Services Region.

", + "readonly":true }, "ListSchemaMappings":{ "name":"ListSchemaMappings", @@ -521,7 +536,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], - "documentation":"

Returns a list of all the SchemaMappings that have been created for an Amazon Web Services account.

" + "documentation":"

Returns a list of all the SchemaMappings that have been created for an Amazon Web Services account.

", + "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -537,7 +553,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ValidationException"} ], - "documentation":"

Displays the tags associated with an Entity Resolution resource. In Entity Resolution, SchemaMapping, and MatchingWorkflow can be tagged.

" + "documentation":"

Displays the tags associated with an Entity Resolution resource. In Entity Resolution, SchemaMapping, and MatchingWorkflow can be tagged.

", + "readonly":true }, "PutPolicy":{ "name":"PutPolicy", @@ -1193,6 +1210,32 @@ } } }, + "CustomerProfilesDomainArn":{ + "type":"string", + "pattern":"arn:(aws|aws-us-gov|aws-cn):profile:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:(domains/[a-zA-Z_0-9-]{1,255})" + }, + "CustomerProfilesIntegrationConfig":{ + "type":"structure", + "required":[ + "domainArn", + "objectTypeArn" + ], + "members":{ + "domainArn":{ + "shape":"CustomerProfilesDomainArn", + "documentation":"

The Amazon Resource Name (ARN) of the Customer Profiles domain where the matched output will be sent.

" + }, + "objectTypeArn":{ + "shape":"CustomerProfilesObjectTypeArn", + "documentation":"

The Amazon Resource Name (ARN) of the Customer Profiles object type that defines the structure for the matched customer data.

" + } + }, + "documentation":"

Specifies the configuration for integrating with Customer Profiles. This configuration enables Entity Resolution to send matched output directly to Customer Profiles instead of Amazon S3, creating a unified customer view by automatically updating customer profiles based on match clusters.

" + }, + "CustomerProfilesObjectTypeArn":{ + "type":"string", + "pattern":"arn:(aws|aws-us-gov|aws-cn):profile:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:(domains/[a-zA-Z_0-9-]{1,255}/object-types/[a-zA-Z_0-9-]{1,255})" + }, "DeleteIdMappingWorkflowInput":{ "type":"structure", "required":["workflowName"], @@ -2263,13 +2306,13 @@ "type":"structure", "required":["outputS3Path"], "members":{ - "outputS3Path":{ - "shape":"S3Path", - "documentation":"

The S3 path to which Entity Resolution will write the output table.

" - }, "KMSArn":{ "shape":"KMSArn", "documentation":"

Customer KMS ARN for encryption at rest. If not provided, system will use an Entity Resolution managed KMS key.

" + }, + "outputS3Path":{ + "shape":"S3Path", + "documentation":"

The S3 path to which Entity Resolution will write the output table.

" } }, "documentation":"

The output source for the ID mapping workflow.

" @@ -3056,6 +3099,12 @@ "min":1, "pattern":"[a-zA-Z_0-9-=+/]*" }, + "OptionalS3Path":{ + "type":"string", + "max":1024, + "min":0, + "pattern":"$|^s3://[a-z0-9][\\.\\-a-z0-9]{1,61}[a-z0-9](/.*)?" + }, "OutputAttribute":{ "type":"structure", "required":["name"], @@ -3073,19 +3122,16 @@ }, "OutputSource":{ "type":"structure", - "required":[ - "outputS3Path", - "output" - ], + "required":["output"], "members":{ - "outputS3Path":{ - "shape":"S3Path", - "documentation":"

The S3 path to which Entity Resolution will write the output table.

" - }, "KMSArn":{ "shape":"KMSArn", "documentation":"

Customer KMS ARN for encryption at rest. If not provided, system will use an Entity Resolution managed KMS key.

" }, + "outputS3Path":{ + "shape":"OptionalS3Path", + "documentation":"

The S3 path to which Entity Resolution will write the output table.

" + }, "output":{ "shape":"OutputSourceOutputList", "documentation":"

A list of OutputAttribute objects, each of which have the fields Name and Hashed. Each of these objects selects a column to be included in the output table, and whether the values of the column should be hashed.

" @@ -3093,6 +3139,10 @@ "applyNormalization":{ "shape":"Boolean", "documentation":"

Normalizes the attributes defined in the schema in the input data. For example, if an attribute has an AttributeType of PHONE_NUMBER, and the data in the input table is in a format of 1234567890, Entity Resolution will normalize this field in the output to (123)-456-7890.

" + }, + "customerProfilesIntegrationConfig":{ + "shape":"CustomerProfilesIntegrationConfig", + "documentation":"

Specifies the Customer Profiles integration configuration for sending matched output directly to Customer Profiles. When configured, Entity Resolution automatically creates and updates customer profiles based on match clusters, eliminating the need for manual Amazon S3 integration setup.

" } }, "documentation":"

A list of OutputAttribute objects, each of which have the fields Name and Hashed. Each of these objects selects a column to be included in the output table, and whether the values of the column should be hashed.

" diff --git a/awscli/botocore/data/glacier/2012-06-01/service-2.json b/awscli/botocore/data/glacier/2012-06-01/service-2.json index f5c93276596b..de3b1690ca84 100644 --- a/awscli/botocore/data/glacier/2012-06-01/service-2.json +++ b/awscli/botocore/data/glacier/2012-06-01/service-2.json @@ -25,9 +25,10 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, {"shape":"MissingParameterValueException"}, - {"shape":"ServiceUnavailableException"} + {"shape":"ServiceUnavailableException"}, + {"shape":"NoLongerSupportedException"} ], - "documentation":"

This operation aborts a multipart upload identified by the upload ID.

After the Abort Multipart Upload request succeeds, you cannot upload any more parts to the multipart upload or complete the multipart upload. Aborting a completed upload fails. However, aborting an already-aborted upload will succeed, for a short time. For more information about uploading a part and completing a multipart upload, see UploadMultipartPart and CompleteMultipartUpload.

This operation is idempotent.

An AWS account has full permission to perform all operations (actions). However, AWS Identity and Access Management (IAM) users don't have any permissions by default. You must grant them explicit permission to perform specific actions. For more information, see Access Control Using AWS Identity and Access Management (IAM).

For conceptual information and underlying REST API, see Working with Archives in Amazon S3 Glacier and Abort Multipart Upload in the Amazon Glacier Developer Guide.

" + "documentation":"

This operation aborts a multipart upload identified by the upload ID.

After the Abort Multipart Upload request succeeds, you cannot upload any more parts to the multipart upload or complete the multipart upload. Aborting a completed upload fails. However, aborting an already-aborted upload will succeed, for a short time. For more information about uploading a part and completing a multipart upload, see UploadMultipartPart and CompleteMultipartUpload.

This operation is idempotent.

An AWS account has full permission to perform all operations (actions). However, AWS Identity and Access Management (IAM) users don't have any permissions by default. You must grant them explicit permission to perform specific actions. For more information, see Access Control Using AWS Identity and Access Management (IAM).

For conceptual information and underlying REST API, see Working with Archives in Amazon Glacier and Abort Multipart Upload in the Amazon Glacier Developer Guide.

" }, "AbortVaultLock":{ "name":"AbortVaultLock", @@ -41,7 +42,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, {"shape":"MissingParameterValueException"}, - {"shape":"ServiceUnavailableException"} + {"shape":"ServiceUnavailableException"}, + {"shape":"NoLongerSupportedException"} ], "documentation":"

This operation aborts the vault locking process if the vault lock is not in the Locked state. If the vault lock is in the Locked state when this operation is requested, the operation returns an AccessDeniedException error. Aborting the vault locking process removes the vault lock policy from the specified vault.

A vault lock is put into the InProgress state by calling InitiateVaultLock. A vault lock is put into the Locked state by calling CompleteVaultLock. You can get the state of a vault lock by calling GetVaultLock. For more information about the vault locking process, see Amazon Glacier Vault Lock. For more information about vault lock policies, see Amazon Glacier Access Control with Vault Lock Policies.

This operation is idempotent. You can successfully invoke this operation multiple times, if the vault lock is in the InProgress state or if there is no policy associated with the vault.

" }, @@ -58,9 +60,10 @@ {"shape":"MissingParameterValueException"}, {"shape":"ResourceNotFoundException"}, {"shape":"LimitExceededException"}, - {"shape":"ServiceUnavailableException"} + {"shape":"ServiceUnavailableException"}, + {"shape":"NoLongerSupportedException"} ], - "documentation":"

This operation adds the specified tags to a vault. Each tag is composed of a key and a value. Each vault can have up to 10 tags. If your request would cause the tag limit for the vault to be exceeded, the operation throws the LimitExceededException error. If a tag already exists on the vault under a specified key, the existing key value will be overwritten. For more information about tags, see Tagging Amazon S3 Glacier Resources.

" + "documentation":"

This operation adds the specified tags to a vault. Each tag is composed of a key and a value. Each vault can have up to 10 tags. If your request would cause the tag limit for the vault to be exceeded, the operation throws the LimitExceededException error. If a tag already exists on the vault under a specified key, the existing key value will be overwritten. For more information about tags, see Tagging Amazon Glacier Resources.

" }, "CompleteMultipartUpload":{ "name":"CompleteMultipartUpload", @@ -75,9 +78,10 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, {"shape":"MissingParameterValueException"}, - {"shape":"ServiceUnavailableException"} + {"shape":"ServiceUnavailableException"}, + {"shape":"NoLongerSupportedException"} ], - "documentation":"

You call this operation to inform Amazon S3 Glacier (Glacier) that all the archive parts have been uploaded and that Glacier can now assemble the archive from the uploaded parts. After assembling and saving the archive to the vault, Glacier returns the URI path of the newly created archive resource. Using the URI path, you can then access the archive. After you upload an archive, you should save the archive ID returned to retrieve the archive at a later point. You can also get the vault inventory to obtain a list of archive IDs in a vault. For more information, see InitiateJob.

In the request, you must include the computed SHA256 tree hash of the entire archive you have uploaded. For information about computing a SHA256 tree hash, see Computing Checksums. On the server side, Glacier also constructs the SHA256 tree hash of the assembled archive. If the values match, Glacier saves the archive to the vault; otherwise, it returns an error, and the operation fails. The ListParts operation returns a list of parts uploaded for a specific multipart upload. It includes checksum information for each uploaded part that can be used to debug a bad checksum issue.

Additionally, Glacier also checks for any missing content ranges when assembling the archive, if missing content ranges are found, Glacier returns an error and the operation fails.

Complete Multipart Upload is an idempotent operation. After your first successful complete multipart upload, if you call the operation again within a short period, the operation will succeed and return the same archive ID. This is useful in the event you experience a network issue that causes an aborted connection or receive a 500 server error, in which case you can repeat your Complete Multipart Upload request and get the same archive ID without creating duplicate archives. Note, however, that after the multipart upload completes, you cannot call the List Parts operation and the multipart upload will not appear in List Multipart Uploads response, even if idempotent complete is possible.

An AWS account has full permission to perform all operations (actions). However, AWS Identity and Access Management (IAM) users don't have any permissions by default. You must grant them explicit permission to perform specific actions. For more information, see Access Control Using AWS Identity and Access Management (IAM).

For conceptual information and underlying REST API, see Uploading Large Archives in Parts (Multipart Upload) and Complete Multipart Upload in the Amazon Glacier Developer Guide.

" + "documentation":"

You call this operation to inform Amazon Glacier (Glacier) that all the archive parts have been uploaded and that Glacier can now assemble the archive from the uploaded parts. After assembling and saving the archive to the vault, Glacier returns the URI path of the newly created archive resource. Using the URI path, you can then access the archive. After you upload an archive, you should save the archive ID returned to retrieve the archive at a later point. You can also get the vault inventory to obtain a list of archive IDs in a vault. For more information, see InitiateJob.

In the request, you must include the computed SHA256 tree hash of the entire archive you have uploaded. For information about computing a SHA256 tree hash, see Computing Checksums. On the server side, Glacier also constructs the SHA256 tree hash of the assembled archive. If the values match, Glacier saves the archive to the vault; otherwise, it returns an error, and the operation fails. The ListParts operation returns a list of parts uploaded for a specific multipart upload. It includes checksum information for each uploaded part that can be used to debug a bad checksum issue.

Additionally, Glacier also checks for any missing content ranges when assembling the archive, if missing content ranges are found, Glacier returns an error and the operation fails.

Complete Multipart Upload is an idempotent operation. After your first successful complete multipart upload, if you call the operation again within a short period, the operation will succeed and return the same archive ID. This is useful in the event you experience a network issue that causes an aborted connection or receive a 500 server error, in which case you can repeat your Complete Multipart Upload request and get the same archive ID without creating duplicate archives. Note, however, that after the multipart upload completes, you cannot call the List Parts operation and the multipart upload will not appear in List Multipart Uploads response, even if idempotent complete is possible.

An AWS account has full permission to perform all operations (actions). However, AWS Identity and Access Management (IAM) users don't have any permissions by default. You must grant them explicit permission to perform specific actions. For more information, see Access Control Using AWS Identity and Access Management (IAM).

For conceptual information and underlying REST API, see Uploading Large Archives in Parts (Multipart Upload) and Complete Multipart Upload in the Amazon Glacier Developer Guide.

" }, "CompleteVaultLock":{ "name":"CompleteVaultLock", @@ -91,7 +95,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, {"shape":"MissingParameterValueException"}, - {"shape":"ServiceUnavailableException"} + {"shape":"ServiceUnavailableException"}, + {"shape":"NoLongerSupportedException"} ], "documentation":"

This operation completes the vault locking process by transitioning the vault lock from the InProgress state to the Locked state, which causes the vault lock policy to become unchangeable. A vault lock is put into the InProgress state by calling InitiateVaultLock. You can obtain the state of the vault lock by calling GetVaultLock. For more information about the vault locking process, Amazon Glacier Vault Lock.

This operation is idempotent. This request is always successful if the vault lock is in the Locked state and the provided lock ID matches the lock ID originally used to lock the vault.

If an invalid lock ID is passed in the request when the vault lock is in the Locked state, the operation returns an AccessDeniedException error. If an invalid lock ID is passed in the request when the vault lock is in the InProgress state, the operation throws an InvalidParameter error.

" }, @@ -108,9 +113,10 @@ {"shape":"InvalidParameterValueException"}, {"shape":"MissingParameterValueException"}, {"shape":"ServiceUnavailableException"}, + {"shape":"NoLongerSupportedException"}, {"shape":"LimitExceededException"} ], - "documentation":"

This operation creates a new vault with the specified name. The name of the vault must be unique within a region for an AWS account. You can create up to 1,000 vaults per account. If you need to create more vaults, contact Amazon S3 Glacier.

You must use the following guidelines when naming a vault.

  • Names can be between 1 and 255 characters long.

  • Allowed characters are a-z, A-Z, 0-9, '_' (underscore), '-' (hyphen), and '.' (period).

This operation is idempotent.

An AWS account has full permission to perform all operations (actions). However, AWS Identity and Access Management (IAM) users don't have any permissions by default. You must grant them explicit permission to perform specific actions. For more information, see Access Control Using AWS Identity and Access Management (IAM).

For conceptual information and underlying REST API, see Creating a Vault in Amazon Glacier and Create Vault in the Amazon Glacier Developer Guide.

" + "documentation":"

This operation creates a new vault with the specified name. The name of the vault must be unique within a region for an AWS account. You can create up to 1,000 vaults per account. If you need to create more vaults, contact Amazon Glacier.

You must use the following guidelines when naming a vault.

  • Names can be between 1 and 255 characters long.

  • Allowed characters are a-z, A-Z, 0-9, '_' (underscore), '-' (hyphen), and '.' (period).

This operation is idempotent.

An AWS account has full permission to perform all operations (actions). However, AWS Identity and Access Management (IAM) users don't have any permissions by default. You must grant them explicit permission to perform specific actions. For more information, see Access Control Using AWS Identity and Access Management (IAM).

For conceptual information and underlying REST API, see Creating a Vault in Amazon Glacier and Create Vault in the Amazon Glacier Developer Guide.

" }, "DeleteArchive":{ "name":"DeleteArchive", @@ -124,9 +130,10 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, {"shape":"MissingParameterValueException"}, - {"shape":"ServiceUnavailableException"} + {"shape":"ServiceUnavailableException"}, + {"shape":"NoLongerSupportedException"} ], - "documentation":"

This operation deletes an archive from a vault. Subsequent requests to initiate a retrieval of this archive will fail. Archive retrievals that are in progress for this archive ID may or may not succeed according to the following scenarios:

  • If the archive retrieval job is actively preparing the data for download when Amazon S3 Glacier receives the delete archive request, the archival retrieval operation might fail.

  • If the archive retrieval job has successfully prepared the archive for download when Amazon S3 Glacier receives the delete archive request, you will be able to download the output.

This operation is idempotent. Attempting to delete an already-deleted archive does not result in an error.

An AWS account has full permission to perform all operations (actions). However, AWS Identity and Access Management (IAM) users don't have any permissions by default. You must grant them explicit permission to perform specific actions. For more information, see Access Control Using AWS Identity and Access Management (IAM).

For conceptual information and underlying REST API, see Deleting an Archive in Amazon Glacier and Delete Archive in the Amazon Glacier Developer Guide.

" + "documentation":"

This operation deletes an archive from a vault. Subsequent requests to initiate a retrieval of this archive will fail. Archive retrievals that are in progress for this archive ID may or may not succeed according to the following scenarios:

  • If the archive retrieval job is actively preparing the data for download when Amazon Glacier receives the delete archive request, the archival retrieval operation might fail.

  • If the archive retrieval job has successfully prepared the archive for download when Amazon Glacier receives the delete archive request, you will be able to download the output.

This operation is idempotent. Attempting to delete an already-deleted archive does not result in an error.

An AWS account has full permission to perform all operations (actions). However, AWS Identity and Access Management (IAM) users don't have any permissions by default. You must grant them explicit permission to perform specific actions. For more information, see Access Control Using AWS Identity and Access Management (IAM).

For conceptual information and underlying REST API, see Deleting an Archive in Amazon Glacier and Delete Archive in the Amazon Glacier Developer Guide.

" }, "DeleteVault":{ "name":"DeleteVault", @@ -140,9 +147,10 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, {"shape":"MissingParameterValueException"}, - {"shape":"ServiceUnavailableException"} + {"shape":"ServiceUnavailableException"}, + {"shape":"NoLongerSupportedException"} ], - "documentation":"

This operation deletes a vault. Amazon S3 Glacier will delete a vault only if there are no archives in the vault as of the last inventory and there have been no writes to the vault since the last inventory. If either of these conditions is not satisfied, the vault deletion fails (that is, the vault is not removed) and Amazon S3 Glacier returns an error. You can use DescribeVault to return the number of archives in a vault, and you can use Initiate a Job (POST jobs) to initiate a new inventory retrieval for a vault. The inventory contains the archive IDs you use to delete archives using Delete Archive (DELETE archive).

This operation is idempotent.

An AWS account has full permission to perform all operations (actions). However, AWS Identity and Access Management (IAM) users don't have any permissions by default. You must grant them explicit permission to perform specific actions. For more information, see Access Control Using AWS Identity and Access Management (IAM).

For conceptual information and underlying REST API, see Deleting a Vault in Amazon Glacier and Delete Vault in the Amazon S3 Glacier Developer Guide.

" + "documentation":"

This operation deletes a vault. Amazon Glacier will delete a vault only if there are no archives in the vault as of the last inventory and there have been no writes to the vault since the last inventory. If either of these conditions is not satisfied, the vault deletion fails (that is, the vault is not removed) and Amazon Glacier returns an error. You can use DescribeVault to return the number of archives in a vault, and you can use Initiate a Job (POST jobs) to initiate a new inventory retrieval for a vault. The inventory contains the archive IDs you use to delete archives using Delete Archive (DELETE archive).

This operation is idempotent.

An AWS account has full permission to perform all operations (actions). However, AWS Identity and Access Management (IAM) users don't have any permissions by default. You must grant them explicit permission to perform specific actions. For more information, see Access Control Using AWS Identity and Access Management (IAM).

For conceptual information and underlying REST API, see Deleting a Vault in Amazon Glacier and Delete Vault in the Amazon Glacier Developer Guide.

" }, "DeleteVaultAccessPolicy":{ "name":"DeleteVaultAccessPolicy", @@ -156,9 +164,10 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, {"shape":"MissingParameterValueException"}, - {"shape":"ServiceUnavailableException"} + {"shape":"ServiceUnavailableException"}, + {"shape":"NoLongerSupportedException"} ], - "documentation":"

This operation deletes the access policy associated with the specified vault. The operation is eventually consistent; that is, it might take some time for Amazon S3 Glacier to completely remove the access policy, and you might still see the effect of the policy for a short time after you send the delete request.

This operation is idempotent. You can invoke delete multiple times, even if there is no policy associated with the vault. For more information about vault access policies, see Amazon Glacier Access Control with Vault Access Policies.

" + "documentation":"

This operation deletes the access policy associated with the specified vault. The operation is eventually consistent; that is, it might take some time for Amazon Glacier to completely remove the access policy, and you might still see the effect of the policy for a short time after you send the delete request.

This operation is idempotent. You can invoke delete multiple times, even if there is no policy associated with the vault. For more information about vault access policies, see Amazon Glacier Access Control with Vault Access Policies.

" }, "DeleteVaultNotifications":{ "name":"DeleteVaultNotifications", @@ -172,9 +181,10 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, {"shape":"MissingParameterValueException"}, - {"shape":"ServiceUnavailableException"} + {"shape":"ServiceUnavailableException"}, + {"shape":"NoLongerSupportedException"} ], - "documentation":"

This operation deletes the notification configuration set for a vault. The operation is eventually consistent; that is, it might take some time for Amazon S3 Glacier to completely disable the notifications and you might still receive some notifications for a short time after you send the delete request.

An AWS account has full permission to perform all operations (actions). However, AWS Identity and Access Management (IAM) users don't have any permissions by default. You must grant them explicit permission to perform specific actions. For more information, see Access Control Using AWS Identity and Access Management (IAM).

For conceptual information and underlying REST API, see Configuring Vault Notifications in Amazon S3 Glacier and Delete Vault Notification Configuration in the Amazon S3 Glacier Developer Guide.

" + "documentation":"

This operation deletes the notification configuration set for a vault. The operation is eventually consistent; that is, it might take some time for Amazon Glacier to completely disable the notifications and you might still receive some notifications for a short time after you send the delete request.

An AWS account has full permission to perform all operations (actions). However, AWS Identity and Access Management (IAM) users don't have any permissions by default. You must grant them explicit permission to perform specific actions. For more information, see Access Control Using AWS Identity and Access Management (IAM).

For conceptual information and underlying REST API, see Configuring Vault Notifications in Amazon Glacier and Delete Vault Notification Configuration in the Amazon Glacier Developer Guide.

" }, "DescribeJob":{ "name":"DescribeJob", @@ -188,9 +198,10 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, {"shape":"MissingParameterValueException"}, - {"shape":"ServiceUnavailableException"} + {"shape":"ServiceUnavailableException"}, + {"shape":"NoLongerSupportedException"} ], - "documentation":"

This operation returns information about a job you previously initiated, including the job initiation date, the user who initiated the job, the job status code/message and the Amazon SNS topic to notify after Amazon S3 Glacier (Glacier) completes the job. For more information about initiating a job, see InitiateJob.

This operation enables you to check the status of your job. However, it is strongly recommended that you set up an Amazon SNS topic and specify it in your initiate job request so that Glacier can notify the topic after it completes the job.

A job ID will not expire for at least 24 hours after Glacier completes the job.

An AWS account has full permission to perform all operations (actions). However, AWS Identity and Access Management (IAM) users don't have any permissions by default. You must grant them explicit permission to perform specific actions. For more information, see Access Control Using AWS Identity and Access Management (IAM).

For more information about using this operation, see the documentation for the underlying REST API Describe Job in the Amazon Glacier Developer Guide.

" + "documentation":"

This operation returns information about a job you previously initiated, including the job initiation date, the user who initiated the job, the job status code/message and the Amazon SNS topic to notify after Amazon Glacier (Glacier) completes the job. For more information about initiating a job, see InitiateJob.

This operation enables you to check the status of your job. However, it is strongly recommended that you set up an Amazon SNS topic and specify it in your initiate job request so that Glacier can notify the topic after it completes the job.

A job ID will not expire for at least 24 hours after Glacier completes the job.

An AWS account has full permission to perform all operations (actions). However, AWS Identity and Access Management (IAM) users don't have any permissions by default. You must grant them explicit permission to perform specific actions. For more information, see Access Control Using AWS Identity and Access Management (IAM).

For more information about using this operation, see the documentation for the underlying REST API Describe Job in the Amazon Glacier Developer Guide.

" }, "DescribeVault":{ "name":"DescribeVault", @@ -204,9 +215,10 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, {"shape":"MissingParameterValueException"}, - {"shape":"ServiceUnavailableException"} + {"shape":"ServiceUnavailableException"}, + {"shape":"NoLongerSupportedException"} ], - "documentation":"

This operation returns information about a vault, including the vault's Amazon Resource Name (ARN), the date the vault was created, the number of archives it contains, and the total size of all the archives in the vault. The number of archives and their total size are as of the last inventory generation. This means that if you add or remove an archive from a vault, and then immediately use Describe Vault, the change in contents will not be immediately reflected. If you want to retrieve the latest inventory of the vault, use InitiateJob. Amazon S3 Glacier generates vault inventories approximately daily. For more information, see Downloading a Vault Inventory in Amazon S3 Glacier.

An AWS account has full permission to perform all operations (actions). However, AWS Identity and Access Management (IAM) users don't have any permissions by default. You must grant them explicit permission to perform specific actions. For more information, see Access Control Using AWS Identity and Access Management (IAM).

For conceptual information and underlying REST API, see Retrieving Vault Metadata in Amazon S3 Glacier and Describe Vault in the Amazon Glacier Developer Guide.

" + "documentation":"

This operation returns information about a vault, including the vault's Amazon Resource Name (ARN), the date the vault was created, the number of archives it contains, and the total size of all the archives in the vault. The number of archives and their total size are as of the last inventory generation. This means that if you add or remove an archive from a vault, and then immediately use Describe Vault, the change in contents will not be immediately reflected. If you want to retrieve the latest inventory of the vault, use InitiateJob. Amazon Glacier generates vault inventories approximately daily. For more information, see Downloading a Vault Inventory in Amazon Glacier.

An AWS account has full permission to perform all operations (actions). However, AWS Identity and Access Management (IAM) users don't have any permissions by default. You must grant them explicit permission to perform specific actions. For more information, see Access Control Using AWS Identity and Access Management (IAM).

For conceptual information and underlying REST API, see Retrieving Vault Metadata in Amazon Glacier and Describe Vault in the Amazon Glacier Developer Guide.

" }, "GetDataRetrievalPolicy":{ "name":"GetDataRetrievalPolicy", @@ -219,7 +231,8 @@ "errors":[ {"shape":"InvalidParameterValueException"}, {"shape":"MissingParameterValueException"}, - {"shape":"ServiceUnavailableException"} + {"shape":"ServiceUnavailableException"}, + {"shape":"NoLongerSupportedException"} ], "documentation":"

This operation returns the current data retrieval policy for the account and region specified in the GET request. For more information about data retrieval policies, see Amazon Glacier Data Retrieval Policies.

" }, @@ -235,9 +248,10 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, {"shape":"MissingParameterValueException"}, - {"shape":"ServiceUnavailableException"} + {"shape":"ServiceUnavailableException"}, + {"shape":"NoLongerSupportedException"} ], - "documentation":"

This operation downloads the output of the job you initiated using InitiateJob. Depending on the job type you specified when you initiated the job, the output will be either the content of an archive or a vault inventory.

You can download all the job output or download a portion of the output by specifying a byte range. In the case of an archive retrieval job, depending on the byte range you specify, Amazon S3 Glacier (Glacier) returns the checksum for the portion of the data. You can compute the checksum on the client and verify that the values match to ensure the portion you downloaded is the correct data.

A job ID will not expire for at least 24 hours after Glacier completes the job. That a byte range. For both archive and inventory retrieval jobs, you should verify the downloaded size against the size returned in the headers from the Get Job Output response.

For archive retrieval jobs, you should also verify that the size is what you expected. If you download a portion of the output, the expected size is based on the range of bytes you specified. For example, if you specify a range of bytes=0-1048575, you should verify your download size is 1,048,576 bytes. If you download an entire archive, the expected size is the size of the archive when you uploaded it to Amazon S3 Glacier The expected size is also returned in the headers from the Get Job Output response.

In the case of an archive retrieval job, depending on the byte range you specify, Glacier returns the checksum for the portion of the data. To ensure the portion you downloaded is the correct data, compute the checksum on the client, verify that the values match, and verify that the size is what you expected.

A job ID does not expire for at least 24 hours after Glacier completes the job. That is, you can download the job output within the 24 hours period after Amazon Glacier completes the job.

An AWS account has full permission to perform all operations (actions). However, AWS Identity and Access Management (IAM) users don't have any permissions by default. You must grant them explicit permission to perform specific actions. For more information, see Access Control Using AWS Identity and Access Management (IAM).

For conceptual information and the underlying REST API, see Downloading a Vault Inventory, Downloading an Archive, and Get Job Output

" + "documentation":"

This operation downloads the output of the job you initiated using InitiateJob. Depending on the job type you specified when you initiated the job, the output will be either the content of an archive or a vault inventory.

You can download all the job output or download a portion of the output by specifying a byte range. In the case of an archive retrieval job, depending on the byte range you specify, Amazon Glacier (Glacier) returns the checksum for the portion of the data. You can compute the checksum on the client and verify that the values match to ensure the portion you downloaded is the correct data.

A job ID will not expire for at least 24 hours after Glacier completes the job. That a byte range. For both archive and inventory retrieval jobs, you should verify the downloaded size against the size returned in the headers from the Get Job Output response.

For archive retrieval jobs, you should also verify that the size is what you expected. If you download a portion of the output, the expected size is based on the range of bytes you specified. For example, if you specify a range of bytes=0-1048575, you should verify your download size is 1,048,576 bytes. If you download an entire archive, the expected size is the size of the archive when you uploaded it to Amazon Glacier The expected size is also returned in the headers from the Get Job Output response.

In the case of an archive retrieval job, depending on the byte range you specify, Glacier returns the checksum for the portion of the data. To ensure the portion you downloaded is the correct data, compute the checksum on the client, verify that the values match, and verify that the size is what you expected.

A job ID does not expire for at least 24 hours after Glacier completes the job. That is, you can download the job output within the 24 hours period after Amazon Glacier completes the job.

An AWS account has full permission to perform all operations (actions). However, AWS Identity and Access Management (IAM) users don't have any permissions by default. You must grant them explicit permission to perform specific actions. For more information, see Access Control Using AWS Identity and Access Management (IAM).

For conceptual information and the underlying REST API, see Downloading a Vault Inventory, Downloading an Archive, and Get Job Output

" }, "GetVaultAccessPolicy":{ "name":"GetVaultAccessPolicy", @@ -251,7 +265,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, {"shape":"MissingParameterValueException"}, - {"shape":"ServiceUnavailableException"} + {"shape":"ServiceUnavailableException"}, + {"shape":"NoLongerSupportedException"} ], "documentation":"

This operation retrieves the access-policy subresource set on the vault; for more information on setting this subresource, see Set Vault Access Policy (PUT access-policy). If there is no access policy set on the vault, the operation returns a 404 Not found error. For more information about vault access policies, see Amazon Glacier Access Control with Vault Access Policies.

" }, @@ -267,7 +282,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, {"shape":"MissingParameterValueException"}, - {"shape":"ServiceUnavailableException"} + {"shape":"ServiceUnavailableException"}, + {"shape":"NoLongerSupportedException"} ], "documentation":"

This operation retrieves the following attributes from the lock-policy subresource set on the specified vault:

  • The vault lock policy set on the vault.

  • The state of the vault lock, which is either InProgess or Locked.

  • When the lock ID expires. The lock ID is used to complete the vault locking process.

  • When the vault lock was initiated and put into the InProgress state.

A vault lock is put into the InProgress state by calling InitiateVaultLock. A vault lock is put into the Locked state by calling CompleteVaultLock. You can abort the vault locking process by calling AbortVaultLock. For more information about the vault locking process, Amazon Glacier Vault Lock.

If there is no vault lock policy set on the vault, the operation returns a 404 Not found error. For more information about vault lock policies, Amazon Glacier Access Control with Vault Lock Policies.

" }, @@ -283,9 +299,10 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, {"shape":"MissingParameterValueException"}, - {"shape":"ServiceUnavailableException"} + {"shape":"ServiceUnavailableException"}, + {"shape":"NoLongerSupportedException"} ], - "documentation":"

This operation retrieves the notification-configuration subresource of the specified vault.

For information about setting a notification configuration on a vault, see SetVaultNotifications. If a notification configuration for a vault is not set, the operation returns a 404 Not Found error. For more information about vault notifications, see Configuring Vault Notifications in Amazon S3 Glacier.

An AWS account has full permission to perform all operations (actions). However, AWS Identity and Access Management (IAM) users don't have any permissions by default. You must grant them explicit permission to perform specific actions. For more information, see Access Control Using AWS Identity and Access Management (IAM).

For conceptual information and underlying REST API, see Configuring Vault Notifications in Amazon S3 Glacier and Get Vault Notification Configuration in the Amazon Glacier Developer Guide.

" + "documentation":"

This operation retrieves the notification-configuration subresource of the specified vault.

For information about setting a notification configuration on a vault, see SetVaultNotifications. If a notification configuration for a vault is not set, the operation returns a 404 Not Found error. For more information about vault notifications, see Configuring Vault Notifications in Amazon Glacier.

An AWS account has full permission to perform all operations (actions). However, AWS Identity and Access Management (IAM) users don't have any permissions by default. You must grant them explicit permission to perform specific actions. For more information, see Access Control Using AWS Identity and Access Management (IAM).

For conceptual information and underlying REST API, see Configuring Vault Notifications in Amazon Glacier and Get Vault Notification Configuration in the Amazon Glacier Developer Guide.

" }, "InitiateJob":{ "name":"InitiateJob", @@ -302,7 +319,8 @@ {"shape":"InvalidParameterValueException"}, {"shape":"MissingParameterValueException"}, {"shape":"InsufficientCapacityException"}, - {"shape":"ServiceUnavailableException"} + {"shape":"ServiceUnavailableException"}, + {"shape":"NoLongerSupportedException"} ], "documentation":"

This operation initiates a job of the specified type, which can be a select, an archival retrieval, or a vault retrieval. For more information about using this operation, see the documentation for the underlying REST API Initiate a Job.

" }, @@ -319,9 +337,10 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, {"shape":"MissingParameterValueException"}, - {"shape":"ServiceUnavailableException"} + {"shape":"ServiceUnavailableException"}, + {"shape":"NoLongerSupportedException"} ], - "documentation":"

This operation initiates a multipart upload. Amazon S3 Glacier creates a multipart upload resource and returns its ID in the response. The multipart upload ID is used in subsequent requests to upload parts of an archive (see UploadMultipartPart).

When you initiate a multipart upload, you specify the part size in number of bytes. The part size must be a megabyte (1024 KB) multiplied by a power of 2-for example, 1048576 (1 MB), 2097152 (2 MB), 4194304 (4 MB), 8388608 (8 MB), and so on. The minimum allowable part size is 1 MB, and the maximum is 4 GB.

Every part you upload to this resource (see UploadMultipartPart), except the last one, must have the same size. The last one can be the same size or smaller. For example, suppose you want to upload a 16.2 MB file. If you initiate the multipart upload with a part size of 4 MB, you will upload four parts of 4 MB each and one part of 0.2 MB.

You don't need to know the size of the archive when you start a multipart upload because Amazon S3 Glacier does not require you to specify the overall archive size.

After you complete the multipart upload, Amazon S3 Glacier (Glacier) removes the multipart upload resource referenced by the ID. Glacier also removes the multipart upload resource if you cancel the multipart upload or it may be removed if there is no activity for a period of 24 hours.

An AWS account has full permission to perform all operations (actions). However, AWS Identity and Access Management (IAM) users don't have any permissions by default. You must grant them explicit permission to perform specific actions. For more information, see Access Control Using AWS Identity and Access Management (IAM).

For conceptual information and underlying REST API, see Uploading Large Archives in Parts (Multipart Upload) and Initiate Multipart Upload in the Amazon Glacier Developer Guide.

" + "documentation":"

This operation initiates a multipart upload. Amazon Glacier creates a multipart upload resource and returns its ID in the response. The multipart upload ID is used in subsequent requests to upload parts of an archive (see UploadMultipartPart).

When you initiate a multipart upload, you specify the part size in number of bytes. The part size must be a megabyte (1024 KB) multiplied by a power of 2-for example, 1048576 (1 MB), 2097152 (2 MB), 4194304 (4 MB), 8388608 (8 MB), and so on. The minimum allowable part size is 1 MB, and the maximum is 4 GB.

Every part you upload to this resource (see UploadMultipartPart), except the last one, must have the same size. The last one can be the same size or smaller. For example, suppose you want to upload a 16.2 MB file. If you initiate the multipart upload with a part size of 4 MB, you will upload four parts of 4 MB each and one part of 0.2 MB.

You don't need to know the size of the archive when you start a multipart upload because Amazon Glacier does not require you to specify the overall archive size.

After you complete the multipart upload, Amazon Glacier (Glacier) removes the multipart upload resource referenced by the ID. Glacier also removes the multipart upload resource if you cancel the multipart upload or it may be removed if there is no activity for a period of 24 hours.

An AWS account has full permission to perform all operations (actions). However, AWS Identity and Access Management (IAM) users don't have any permissions by default. You must grant them explicit permission to perform specific actions. For more information, see Access Control Using AWS Identity and Access Management (IAM).

For conceptual information and underlying REST API, see Uploading Large Archives in Parts (Multipart Upload) and Initiate Multipart Upload in the Amazon Glacier Developer Guide.

" }, "InitiateVaultLock":{ "name":"InitiateVaultLock", @@ -336,7 +355,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, {"shape":"MissingParameterValueException"}, - {"shape":"ServiceUnavailableException"} + {"shape":"ServiceUnavailableException"}, + {"shape":"NoLongerSupportedException"} ], "documentation":"

This operation initiates the vault locking process by doing the following:

  • Installing a vault lock policy on the specified vault.

  • Setting the lock state of vault lock to InProgress.

  • Returning a lock ID, which is used to complete the vault locking process.

You can set one vault lock policy for each vault and this policy can be up to 20 KB in size. For more information about vault lock policies, see Amazon Glacier Access Control with Vault Lock Policies.

You must complete the vault locking process within 24 hours after the vault lock enters the InProgress state. After the 24 hour window ends, the lock ID expires, the vault automatically exits the InProgress state, and the vault lock policy is removed from the vault. You call CompleteVaultLock to complete the vault locking process by setting the state of the vault lock to Locked.

After a vault lock is in the Locked state, you cannot initiate a new vault lock for the vault.

You can abort the vault locking process by calling AbortVaultLock. You can get the state of the vault lock by calling GetVaultLock. For more information about the vault locking process, Amazon Glacier Vault Lock.

If this operation is called when the vault lock is in the InProgress state, the operation returns an AccessDeniedException error. When the vault lock is in the InProgress state you must call AbortVaultLock before you can initiate a new vault lock policy.

" }, @@ -352,7 +372,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, {"shape":"MissingParameterValueException"}, - {"shape":"ServiceUnavailableException"} + {"shape":"ServiceUnavailableException"}, + {"shape":"NoLongerSupportedException"} ], "documentation":"

This operation lists jobs for a vault, including jobs that are in-progress and jobs that have recently finished. The List Job operation returns a list of these jobs sorted by job initiation time.

Amazon Glacier retains recently completed jobs for a period before deleting them; however, it eventually removes completed jobs. The output of completed jobs can be retrieved. Retaining completed jobs for a period of time after they have completed enables you to get a job output in the event you miss the job completion notification or your first attempt to download it fails. For example, suppose you start an archive retrieval job to download an archive. After the job completes, you start to download the archive but encounter a network error. In this scenario, you can retry and download the archive while the job exists.

The List Jobs operation supports pagination. You should always check the response Marker field. If there are no more jobs to list, the Marker field is set to null. If there are more jobs to list, the Marker field is set to a non-null value, which you can use to continue the pagination of the list. To return a list of jobs that begins at a specific job, set the marker request parameter to the Marker value for that job that you obtained from a previous List Jobs request.

You can set a maximum limit for the number of jobs returned in the response by specifying the limit parameter in the request. The default limit is 50. The number of jobs returned might be fewer than the limit, but the number of returned jobs never exceeds the limit.

Additionally, you can filter the jobs list returned by specifying the optional statuscode parameter or completed parameter, or both. Using the statuscode parameter, you can specify to return only jobs that match either the InProgress, Succeeded, or Failed status. Using the completed parameter, you can specify to return only jobs that were completed (true) or jobs that were not completed (false).

For more information about using this operation, see the documentation for the underlying REST API List Jobs.

" }, @@ -368,9 +389,10 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, {"shape":"MissingParameterValueException"}, - {"shape":"ServiceUnavailableException"} + {"shape":"ServiceUnavailableException"}, + {"shape":"NoLongerSupportedException"} ], - "documentation":"

This operation lists in-progress multipart uploads for the specified vault. An in-progress multipart upload is a multipart upload that has been initiated by an InitiateMultipartUpload request, but has not yet been completed or aborted. The list returned in the List Multipart Upload response has no guaranteed order.

The List Multipart Uploads operation supports pagination. By default, this operation returns up to 50 multipart uploads in the response. You should always check the response for a marker at which to continue the list; if there are no more items the marker is null. To return a list of multipart uploads that begins at a specific upload, set the marker request parameter to the value you obtained from a previous List Multipart Upload request. You can also limit the number of uploads returned in the response by specifying the limit parameter in the request.

Note the difference between this operation and listing parts (ListParts). The List Multipart Uploads operation lists all multipart uploads for a vault and does not require a multipart upload ID. The List Parts operation requires a multipart upload ID since parts are associated with a single upload.

An AWS account has full permission to perform all operations (actions). However, AWS Identity and Access Management (IAM) users don't have any permissions by default. You must grant them explicit permission to perform specific actions. For more information, see Access Control Using AWS Identity and Access Management (IAM).

For conceptual information and the underlying REST API, see Working with Archives in Amazon S3 Glacier and List Multipart Uploads in the Amazon Glacier Developer Guide.

" + "documentation":"

This operation lists in-progress multipart uploads for the specified vault. An in-progress multipart upload is a multipart upload that has been initiated by an InitiateMultipartUpload request, but has not yet been completed or aborted. The list returned in the List Multipart Upload response has no guaranteed order.

The List Multipart Uploads operation supports pagination. By default, this operation returns up to 50 multipart uploads in the response. You should always check the response for a marker at which to continue the list; if there are no more items the marker is null. To return a list of multipart uploads that begins at a specific upload, set the marker request parameter to the value you obtained from a previous List Multipart Upload request. You can also limit the number of uploads returned in the response by specifying the limit parameter in the request.

Note the difference between this operation and listing parts (ListParts). The List Multipart Uploads operation lists all multipart uploads for a vault and does not require a multipart upload ID. The List Parts operation requires a multipart upload ID since parts are associated with a single upload.

An AWS account has full permission to perform all operations (actions). However, AWS Identity and Access Management (IAM) users don't have any permissions by default. You must grant them explicit permission to perform specific actions. For more information, see Access Control Using AWS Identity and Access Management (IAM).

For conceptual information and the underlying REST API, see Working with Archives in Amazon Glacier and List Multipart Uploads in the Amazon Glacier Developer Guide.

" }, "ListParts":{ "name":"ListParts", @@ -384,9 +406,10 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, {"shape":"MissingParameterValueException"}, - {"shape":"ServiceUnavailableException"} + {"shape":"ServiceUnavailableException"}, + {"shape":"NoLongerSupportedException"} ], - "documentation":"

This operation lists the parts of an archive that have been uploaded in a specific multipart upload. You can make this request at any time during an in-progress multipart upload before you complete the upload (see CompleteMultipartUpload. List Parts returns an error for completed uploads. The list returned in the List Parts response is sorted by part range.

The List Parts operation supports pagination. By default, this operation returns up to 50 uploaded parts in the response. You should always check the response for a marker at which to continue the list; if there are no more items the marker is null. To return a list of parts that begins at a specific part, set the marker request parameter to the value you obtained from a previous List Parts request. You can also limit the number of parts returned in the response by specifying the limit parameter in the request.

An AWS account has full permission to perform all operations (actions). However, AWS Identity and Access Management (IAM) users don't have any permissions by default. You must grant them explicit permission to perform specific actions. For more information, see Access Control Using AWS Identity and Access Management (IAM).

For conceptual information and the underlying REST API, see Working with Archives in Amazon S3 Glacier and List Parts in the Amazon Glacier Developer Guide.

" + "documentation":"

This operation lists the parts of an archive that have been uploaded in a specific multipart upload. You can make this request at any time during an in-progress multipart upload before you complete the upload (see CompleteMultipartUpload. List Parts returns an error for completed uploads. The list returned in the List Parts response is sorted by part range.

The List Parts operation supports pagination. By default, this operation returns up to 50 uploaded parts in the response. You should always check the response for a marker at which to continue the list; if there are no more items the marker is null. To return a list of parts that begins at a specific part, set the marker request parameter to the value you obtained from a previous List Parts request. You can also limit the number of parts returned in the response by specifying the limit parameter in the request.

An AWS account has full permission to perform all operations (actions). However, AWS Identity and Access Management (IAM) users don't have any permissions by default. You must grant them explicit permission to perform specific actions. For more information, see Access Control Using AWS Identity and Access Management (IAM).

For conceptual information and the underlying REST API, see Working with Archives in Amazon Glacier and List Parts in the Amazon Glacier Developer Guide.

" }, "ListProvisionedCapacity":{ "name":"ListProvisionedCapacity", @@ -399,7 +422,8 @@ "errors":[ {"shape":"InvalidParameterValueException"}, {"shape":"MissingParameterValueException"}, - {"shape":"ServiceUnavailableException"} + {"shape":"ServiceUnavailableException"}, + {"shape":"NoLongerSupportedException"} ], "documentation":"

This operation lists the provisioned capacity units for the specified AWS account.

" }, @@ -415,9 +439,10 @@ {"shape":"InvalidParameterValueException"}, {"shape":"MissingParameterValueException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ServiceUnavailableException"} + {"shape":"ServiceUnavailableException"}, + {"shape":"NoLongerSupportedException"} ], - "documentation":"

This operation lists all the tags attached to a vault. The operation returns an empty map if there are no tags. For more information about tags, see Tagging Amazon S3 Glacier Resources.

" + "documentation":"

This operation lists all the tags attached to a vault. The operation returns an empty map if there are no tags. For more information about tags, see Tagging Amazon Glacier Resources.

" }, "ListVaults":{ "name":"ListVaults", @@ -431,9 +456,10 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, {"shape":"MissingParameterValueException"}, - {"shape":"ServiceUnavailableException"} + {"shape":"ServiceUnavailableException"}, + {"shape":"NoLongerSupportedException"} ], - "documentation":"

This operation lists all vaults owned by the calling user's account. The list returned in the response is ASCII-sorted by vault name.

By default, this operation returns up to 10 items. If there are more vaults to list, the response marker field contains the vault Amazon Resource Name (ARN) at which to continue the list with a new List Vaults request; otherwise, the marker field is null. To return a list of vaults that begins at a specific vault, set the marker request parameter to the vault ARN you obtained from a previous List Vaults request. You can also limit the number of vaults returned in the response by specifying the limit parameter in the request.

An AWS account has full permission to perform all operations (actions). However, AWS Identity and Access Management (IAM) users don't have any permissions by default. You must grant them explicit permission to perform specific actions. For more information, see Access Control Using AWS Identity and Access Management (IAM).

For conceptual information and underlying REST API, see Retrieving Vault Metadata in Amazon S3 Glacier and List Vaults in the Amazon Glacier Developer Guide.

" + "documentation":"

This operation lists all vaults owned by the calling user's account. The list returned in the response is ASCII-sorted by vault name.

By default, this operation returns up to 10 items. If there are more vaults to list, the response marker field contains the vault Amazon Resource Name (ARN) at which to continue the list with a new List Vaults request; otherwise, the marker field is null. To return a list of vaults that begins at a specific vault, set the marker request parameter to the vault ARN you obtained from a previous List Vaults request. You can also limit the number of vaults returned in the response by specifying the limit parameter in the request.

An AWS account has full permission to perform all operations (actions). However, AWS Identity and Access Management (IAM) users don't have any permissions by default. You must grant them explicit permission to perform specific actions. For more information, see Access Control Using AWS Identity and Access Management (IAM).

For conceptual information and underlying REST API, see Retrieving Vault Metadata in Amazon Glacier and List Vaults in the Amazon Glacier Developer Guide.

" }, "PurchaseProvisionedCapacity":{ "name":"PurchaseProvisionedCapacity", @@ -448,7 +474,8 @@ {"shape":"InvalidParameterValueException"}, {"shape":"MissingParameterValueException"}, {"shape":"LimitExceededException"}, - {"shape":"ServiceUnavailableException"} + {"shape":"ServiceUnavailableException"}, + {"shape":"NoLongerSupportedException"} ], "documentation":"

This operation purchases a provisioned capacity unit for an AWS account.

" }, @@ -464,9 +491,10 @@ {"shape":"InvalidParameterValueException"}, {"shape":"MissingParameterValueException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ServiceUnavailableException"} + {"shape":"ServiceUnavailableException"}, + {"shape":"NoLongerSupportedException"} ], - "documentation":"

This operation removes one or more tags from the set of tags attached to a vault. For more information about tags, see Tagging Amazon S3 Glacier Resources. This operation is idempotent. The operation will be successful, even if there are no tags attached to the vault.

" + "documentation":"

This operation removes one or more tags from the set of tags attached to a vault. For more information about tags, see Tagging Amazon Glacier Resources. This operation is idempotent. The operation will be successful, even if there are no tags attached to the vault.

" }, "SetDataRetrievalPolicy":{ "name":"SetDataRetrievalPolicy", @@ -479,7 +507,8 @@ "errors":[ {"shape":"InvalidParameterValueException"}, {"shape":"MissingParameterValueException"}, - {"shape":"ServiceUnavailableException"} + {"shape":"ServiceUnavailableException"}, + {"shape":"NoLongerSupportedException"} ], "documentation":"

This operation sets and then enacts a data retrieval policy in the region specified in the PUT request. You can set one policy per region for an AWS account. The policy is enacted within a few minutes of a successful PUT operation.

The set policy operation does not affect retrieval jobs that were in progress before the policy was enacted. For more information about data retrieval policies, see Amazon Glacier Data Retrieval Policies.

" }, @@ -495,7 +524,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, {"shape":"MissingParameterValueException"}, - {"shape":"ServiceUnavailableException"} + {"shape":"ServiceUnavailableException"}, + {"shape":"NoLongerSupportedException"} ], "documentation":"

This operation configures an access policy for a vault and will overwrite an existing policy. To configure a vault access policy, send a PUT request to the access-policy subresource of the vault. An access policy is specific to a vault and is also called a vault subresource. You can set one access policy per vault and the policy can be up to 20 KB in size. For more information about vault access policies, see Amazon Glacier Access Control with Vault Access Policies.

" }, @@ -511,9 +541,10 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, {"shape":"MissingParameterValueException"}, - {"shape":"ServiceUnavailableException"} + {"shape":"ServiceUnavailableException"}, + {"shape":"NoLongerSupportedException"} ], - "documentation":"

This operation configures notifications that will be sent when specific events happen to a vault. By default, you don't get any notifications.

To configure vault notifications, send a PUT request to the notification-configuration subresource of the vault. The request should include a JSON document that provides an Amazon SNS topic and specific events for which you want Amazon S3 Glacier to send notifications to the topic.

Amazon SNS topics must grant permission to the vault to be allowed to publish notifications to the topic. You can configure a vault to publish a notification for the following vault events:

  • ArchiveRetrievalCompleted This event occurs when a job that was initiated for an archive retrieval is completed (InitiateJob). The status of the completed job can be \"Succeeded\" or \"Failed\". The notification sent to the SNS topic is the same output as returned from DescribeJob.

  • InventoryRetrievalCompleted This event occurs when a job that was initiated for an inventory retrieval is completed (InitiateJob). The status of the completed job can be \"Succeeded\" or \"Failed\". The notification sent to the SNS topic is the same output as returned from DescribeJob.

An AWS account has full permission to perform all operations (actions). However, AWS Identity and Access Management (IAM) users don't have any permissions by default. You must grant them explicit permission to perform specific actions. For more information, see Access Control Using AWS Identity and Access Management (IAM).

For conceptual information and underlying REST API, see Configuring Vault Notifications in Amazon S3 Glacier and Set Vault Notification Configuration in the Amazon Glacier Developer Guide.

" + "documentation":"

This operation configures notifications that will be sent when specific events happen to a vault. By default, you don't get any notifications.

To configure vault notifications, send a PUT request to the notification-configuration subresource of the vault. The request should include a JSON document that provides an Amazon SNS topic and specific events for which you want Amazon Glacier to send notifications to the topic.

Amazon SNS topics must grant permission to the vault to be allowed to publish notifications to the topic. You can configure a vault to publish a notification for the following vault events:

  • ArchiveRetrievalCompleted This event occurs when a job that was initiated for an archive retrieval is completed (InitiateJob). The status of the completed job can be \"Succeeded\" or \"Failed\". The notification sent to the SNS topic is the same output as returned from DescribeJob.

  • InventoryRetrievalCompleted This event occurs when a job that was initiated for an inventory retrieval is completed (InitiateJob). The status of the completed job can be \"Succeeded\" or \"Failed\". The notification sent to the SNS topic is the same output as returned from DescribeJob.

An AWS account has full permission to perform all operations (actions). However, AWS Identity and Access Management (IAM) users don't have any permissions by default. You must grant them explicit permission to perform specific actions. For more information, see Access Control Using AWS Identity and Access Management (IAM).

For conceptual information and underlying REST API, see Configuring Vault Notifications in Amazon Glacier and Set Vault Notification Configuration in the Amazon Glacier Developer Guide.

" }, "UploadArchive":{ "name":"UploadArchive", @@ -529,9 +560,10 @@ {"shape":"InvalidParameterValueException"}, {"shape":"MissingParameterValueException"}, {"shape":"RequestTimeoutException"}, - {"shape":"ServiceUnavailableException"} + {"shape":"ServiceUnavailableException"}, + {"shape":"NoLongerSupportedException"} ], - "documentation":"

This operation adds an archive to a vault. This is a synchronous operation, and for a successful upload, your data is durably persisted. Amazon S3 Glacier returns the archive ID in the x-amz-archive-id header of the response.

You must use the archive ID to access your data in Amazon S3 Glacier. After you upload an archive, you should save the archive ID returned so that you can retrieve or delete the archive later. Besides saving the archive ID, you can also index it and give it a friendly name to allow for better searching. You can also use the optional archive description field to specify how the archive is referred to in an external index of archives, such as you might create in Amazon DynamoDB. You can also get the vault inventory to obtain a list of archive IDs in a vault. For more information, see InitiateJob.

You must provide a SHA256 tree hash of the data you are uploading. For information about computing a SHA256 tree hash, see Computing Checksums.

You can optionally specify an archive description of up to 1,024 printable ASCII characters. You can get the archive description when you either retrieve the archive or get the vault inventory. For more information, see InitiateJob. Amazon Glacier does not interpret the description in any way. An archive description does not need to be unique. You cannot use the description to retrieve or sort the archive list.

Archives are immutable. After you upload an archive, you cannot edit the archive or its description.

An AWS account has full permission to perform all operations (actions). However, AWS Identity and Access Management (IAM) users don't have any permissions by default. You must grant them explicit permission to perform specific actions. For more information, see Access Control Using AWS Identity and Access Management (IAM).

For conceptual information and underlying REST API, see Uploading an Archive in Amazon Glacier and Upload Archive in the Amazon Glacier Developer Guide.

" + "documentation":"

This operation adds an archive to a vault. This is a synchronous operation, and for a successful upload, your data is durably persisted. Amazon Glacier returns the archive ID in the x-amz-archive-id header of the response.

You must use the archive ID to access your data in Amazon Glacier. After you upload an archive, you should save the archive ID returned so that you can retrieve or delete the archive later. Besides saving the archive ID, you can also index it and give it a friendly name to allow for better searching. You can also use the optional archive description field to specify how the archive is referred to in an external index of archives, such as you might create in Amazon DynamoDB. You can also get the vault inventory to obtain a list of archive IDs in a vault. For more information, see InitiateJob.

You must provide a SHA256 tree hash of the data you are uploading. For information about computing a SHA256 tree hash, see Computing Checksums.

You can optionally specify an archive description of up to 1,024 printable ASCII characters. You can get the archive description when you either retrieve the archive or get the vault inventory. For more information, see InitiateJob. Amazon Glacier does not interpret the description in any way. An archive description does not need to be unique. You cannot use the description to retrieve or sort the archive list.

Archives are immutable. After you upload an archive, you cannot edit the archive or its description.

An AWS account has full permission to perform all operations (actions). However, AWS Identity and Access Management (IAM) users don't have any permissions by default. You must grant them explicit permission to perform specific actions. For more information, see Access Control Using AWS Identity and Access Management (IAM).

For conceptual information and underlying REST API, see Uploading an Archive in Amazon Glacier and Upload Archive in the Amazon Glacier Developer Guide.

" }, "UploadMultipartPart":{ "name":"UploadMultipartPart", @@ -547,9 +579,10 @@ {"shape":"InvalidParameterValueException"}, {"shape":"MissingParameterValueException"}, {"shape":"RequestTimeoutException"}, - {"shape":"ServiceUnavailableException"} + {"shape":"ServiceUnavailableException"}, + {"shape":"NoLongerSupportedException"} ], - "documentation":"

This operation uploads a part of an archive. You can upload archive parts in any order. You can also upload them in parallel. You can upload up to 10,000 parts for a multipart upload.

Amazon Glacier rejects your upload part request if any of the following conditions is true:

  • SHA256 tree hash does not matchTo ensure that part data is not corrupted in transmission, you compute a SHA256 tree hash of the part and include it in your request. Upon receiving the part data, Amazon S3 Glacier also computes a SHA256 tree hash. If these hash values don't match, the operation fails. For information about computing a SHA256 tree hash, see Computing Checksums.

  • Part size does not matchThe size of each part except the last must match the size specified in the corresponding InitiateMultipartUpload request. The size of the last part must be the same size as, or smaller than, the specified size.

    If you upload a part whose size is smaller than the part size you specified in your initiate multipart upload request and that part is not the last part, then the upload part request will succeed. However, the subsequent Complete Multipart Upload request will fail.

  • Range does not alignThe byte range value in the request does not align with the part size specified in the corresponding initiate request. For example, if you specify a part size of 4194304 bytes (4 MB), then 0 to 4194303 bytes (4 MB - 1) and 4194304 (4 MB) to 8388607 (8 MB - 1) are valid part ranges. However, if you set a range value of 2 MB to 6 MB, the range does not align with the part size and the upload will fail.

This operation is idempotent. If you upload the same part multiple times, the data included in the most recent request overwrites the previously uploaded data.

An AWS account has full permission to perform all operations (actions). However, AWS Identity and Access Management (IAM) users don't have any permissions by default. You must grant them explicit permission to perform specific actions. For more information, see Access Control Using AWS Identity and Access Management (IAM).

For conceptual information and underlying REST API, see Uploading Large Archives in Parts (Multipart Upload) and Upload Part in the Amazon Glacier Developer Guide.

" + "documentation":"

This operation uploads a part of an archive. You can upload archive parts in any order. You can also upload them in parallel. You can upload up to 10,000 parts for a multipart upload.

Amazon Glacier rejects your upload part request if any of the following conditions is true:

  • SHA256 tree hash does not matchTo ensure that part data is not corrupted in transmission, you compute a SHA256 tree hash of the part and include it in your request. Upon receiving the part data, Amazon Glacier also computes a SHA256 tree hash. If these hash values don't match, the operation fails. For information about computing a SHA256 tree hash, see Computing Checksums.

  • Part size does not matchThe size of each part except the last must match the size specified in the corresponding InitiateMultipartUpload request. The size of the last part must be the same size as, or smaller than, the specified size.

    If you upload a part whose size is smaller than the part size you specified in your initiate multipart upload request and that part is not the last part, then the upload part request will succeed. However, the subsequent Complete Multipart Upload request will fail.

  • Range does not alignThe byte range value in the request does not align with the part size specified in the corresponding initiate request. For example, if you specify a part size of 4194304 bytes (4 MB), then 0 to 4194303 bytes (4 MB - 1) and 4194304 (4 MB) to 8388607 (8 MB - 1) are valid part ranges. However, if you set a range value of 2 MB to 6 MB, the range does not align with the part size and the upload will fail.

This operation is idempotent. If you upload the same part multiple times, the data included in the most recent request overwrites the previously uploaded data.

An AWS account has full permission to perform all operations (actions). However, AWS Identity and Access Management (IAM) users don't have any permissions by default. You must grant them explicit permission to perform specific actions. For more information, see Access Control Using AWS Identity and Access Management (IAM).

For conceptual information and underlying REST API, see Uploading Large Archives in Parts (Multipart Upload) and Upload Part in the Amazon Glacier Developer Guide.

" } }, "shapes":{ @@ -563,7 +596,7 @@ "members":{ "accountId":{ "shape":"string", - "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon S3 Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", + "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", "location":"uri", "locationName":"accountId" }, @@ -580,7 +613,7 @@ "locationName":"uploadId" } }, - "documentation":"

Provides options to abort a multipart upload identified by the upload ID.

For information about the underlying REST API, see Abort Multipart Upload. For conceptual information, see Working with Archives in Amazon S3 Glacier.

" + "documentation":"

Provides options to abort a multipart upload identified by the upload ID.

For information about the underlying REST API, see Abort Multipart Upload. For conceptual information, see Working with Archives in Amazon Glacier.

" }, "AbortVaultLockInput":{ "type":"structure", @@ -625,7 +658,7 @@ "members":{ "accountId":{ "shape":"string", - "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon S3 Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", + "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", "location":"uri", "locationName":"accountId" }, @@ -653,7 +686,7 @@ }, "checksum":{ "shape":"string", - "documentation":"

The checksum of the archive computed by Amazon S3 Glacier.

", + "documentation":"

The checksum of the archive computed by Amazon Glacier.

", "location":"header", "locationName":"x-amz-sha256-tree-hash" }, @@ -664,7 +697,7 @@ "locationName":"x-amz-archive-id" } }, - "documentation":"

Contains the Amazon S3 Glacier response to your request.

For information about the underlying REST API, see Upload Archive. For conceptual information, see Working with Archives in Amazon S3 Glacier.

" + "documentation":"

Contains the Amazon Glacier response to your request.

For information about the underlying REST API, see Upload Archive. For conceptual information, see Working with Archives in Amazon Glacier.

" }, "CSVInput":{ "type":"structure", @@ -744,7 +777,7 @@ "members":{ "accountId":{ "shape":"string", - "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon S3 Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", + "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", "location":"uri", "locationName":"accountId" }, @@ -768,12 +801,12 @@ }, "checksum":{ "shape":"string", - "documentation":"

The SHA256 tree hash of the entire archive. It is the tree hash of SHA256 tree hash of the individual parts. If the value you specify in the request does not match the SHA256 tree hash of the final assembled archive as computed by Amazon S3 Glacier (Glacier), Glacier returns an error and the request fails.

", + "documentation":"

The SHA256 tree hash of the entire archive. It is the tree hash of SHA256 tree hash of the individual parts. If the value you specify in the request does not match the SHA256 tree hash of the final assembled archive as computed by Amazon Glacier (Glacier), Glacier returns an error and the request fails.

", "location":"header", "locationName":"x-amz-sha256-tree-hash" } }, - "documentation":"

Provides options to complete a multipart upload operation. This informs Amazon Glacier that all the archive parts have been uploaded and Amazon S3 Glacier (Glacier) can now assemble the archive from the uploaded parts. After assembling and saving the archive to the vault, Glacier returns the URI path of the newly created archive resource.

" + "documentation":"

Provides options to complete a multipart upload operation. This informs Amazon Glacier that all the archive parts have been uploaded and Amazon Glacier (Glacier) can now assemble the archive from the uploaded parts. After assembling and saving the archive to the vault, Glacier returns the URI path of the newly created archive resource.

" }, "CompleteVaultLockInput":{ "type":"structure", @@ -836,7 +869,7 @@ "locationName":"Location" } }, - "documentation":"

Contains the Amazon S3 Glacier response to your request.

" + "documentation":"

Contains the Amazon Glacier response to your request.

" }, "DataRetrievalPolicy":{ "type":"structure", @@ -877,7 +910,7 @@ "members":{ "accountId":{ "shape":"string", - "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon S3 Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", + "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", "location":"uri", "locationName":"accountId" }, @@ -894,7 +927,7 @@ "locationName":"archiveId" } }, - "documentation":"

Provides options for deleting an archive from an Amazon S3 Glacier vault.

" + "documentation":"

Provides options for deleting an archive from an Amazon Glacier vault.

" }, "DeleteVaultAccessPolicyInput":{ "type":"structure", @@ -905,7 +938,7 @@ "members":{ "accountId":{ "shape":"string", - "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon S3 Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", + "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", "location":"uri", "locationName":"accountId" }, @@ -927,7 +960,7 @@ "members":{ "accountId":{ "shape":"string", - "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon S3 Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", + "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", "location":"uri", "locationName":"accountId" }, @@ -938,7 +971,7 @@ "locationName":"vaultName" } }, - "documentation":"

Provides options for deleting a vault from Amazon S3 Glacier.

" + "documentation":"

Provides options for deleting a vault from Amazon Glacier.

" }, "DeleteVaultNotificationsInput":{ "type":"structure", @@ -949,7 +982,7 @@ "members":{ "accountId":{ "shape":"string", - "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon S3 Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", + "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", "location":"uri", "locationName":"accountId" }, @@ -972,7 +1005,7 @@ "members":{ "accountId":{ "shape":"string", - "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon S3 Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", + "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", "location":"uri", "locationName":"accountId" }, @@ -1000,7 +1033,7 @@ "members":{ "accountId":{ "shape":"string", - "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon S3 Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", + "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", "location":"uri", "locationName":"accountId" }, @@ -1030,7 +1063,7 @@ }, "LastInventoryDate":{ "shape":"string", - "documentation":"

The Universal Coordinated Time (UTC) date when Amazon S3 Glacier completed the last vault inventory. This value should be a string in the ISO 8601 date format, for example 2012-03-20T17:03:43.221Z.

" + "documentation":"

The Universal Coordinated Time (UTC) date when Amazon Glacier completed the last vault inventory. This value should be a string in the ISO 8601 date format, for example 2012-03-20T17:03:43.221Z.

" }, "NumberOfArchives":{ "shape":"long", @@ -1041,7 +1074,7 @@ "documentation":"

Total size, in bytes, of the archives in the vault as of the last inventory date. This field will return null if an inventory has not yet run on the vault, for example if you just created the vault.

" } }, - "documentation":"

Contains the Amazon S3 Glacier response to your request.

" + "documentation":"

Contains the Amazon Glacier response to your request.

" }, "Encryption":{ "type":"structure", @@ -1101,7 +1134,7 @@ "documentation":"

Contains the returned data retrieval policy in JSON format.

" } }, - "documentation":"

Contains the Amazon S3 Glacier response to the GetDataRetrievalPolicy request.

" + "documentation":"

Contains the Amazon Glacier response to the GetDataRetrievalPolicy request.

" }, "GetJobOutputInput":{ "type":"structure", @@ -1113,7 +1146,7 @@ "members":{ "accountId":{ "shape":"string", - "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon S3 Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", + "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", "location":"uri", "locationName":"accountId" }, @@ -1131,12 +1164,12 @@ }, "range":{ "shape":"string", - "documentation":"

The range of bytes to retrieve from the output. For example, if you want to download the first 1,048,576 bytes, specify the range as bytes=0-1048575. By default, this operation downloads the entire output.

If the job output is large, then you can use a range to retrieve a portion of the output. This allows you to download the entire output in smaller chunks of bytes. For example, suppose you have 1 GB of job output you want to download and you decide to download 128 MB chunks of data at a time, which is a total of eight Get Job Output requests. You use the following process to download the job output:

  1. Download a 128 MB chunk of output by specifying the appropriate byte range. Verify that all 128 MB of data was received.

  2. Along with the data, the response includes a SHA256 tree hash of the payload. You compute the checksum of the payload on the client and compare it with the checksum you received in the response to ensure you received all the expected data.

  3. Repeat steps 1 and 2 for all the eight 128 MB chunks of output data, each time specifying the appropriate byte range.

  4. After downloading all the parts of the job output, you have a list of eight checksum values. Compute the tree hash of these values to find the checksum of the entire output. Using the DescribeJob API, obtain job information of the job that provided you the output. The response includes the checksum of the entire archive stored in Amazon S3 Glacier. You compare this value with the checksum you computed to ensure you have downloaded the entire archive content with no errors.

", + "documentation":"

The range of bytes to retrieve from the output. For example, if you want to download the first 1,048,576 bytes, specify the range as bytes=0-1048575. By default, this operation downloads the entire output.

If the job output is large, then you can use a range to retrieve a portion of the output. This allows you to download the entire output in smaller chunks of bytes. For example, suppose you have 1 GB of job output you want to download and you decide to download 128 MB chunks of data at a time, which is a total of eight Get Job Output requests. You use the following process to download the job output:

  1. Download a 128 MB chunk of output by specifying the appropriate byte range. Verify that all 128 MB of data was received.

  2. Along with the data, the response includes a SHA256 tree hash of the payload. You compute the checksum of the payload on the client and compare it with the checksum you received in the response to ensure you received all the expected data.

  3. Repeat steps 1 and 2 for all the eight 128 MB chunks of output data, each time specifying the appropriate byte range.

  4. After downloading all the parts of the job output, you have a list of eight checksum values. Compute the tree hash of these values to find the checksum of the entire output. Using the DescribeJob API, obtain job information of the job that provided you the output. The response includes the checksum of the entire archive stored in Amazon Glacier. You compare this value with the checksum you computed to ensure you have downloaded the entire archive content with no errors.

", "location":"header", "locationName":"Range" } }, - "documentation":"

Provides options for downloading output of an Amazon S3 Glacier job.

" + "documentation":"

Provides options for downloading output of an Amazon Glacier job.

" }, "GetJobOutputOutput":{ "type":"structure", @@ -1158,7 +1191,7 @@ }, "contentRange":{ "shape":"string", - "documentation":"

The range of bytes returned by Amazon S3 Glacier. If only partial output is downloaded, the response provides the range of bytes Amazon S3 Glacier returned. For example, bytes 0-1048575/8388608 returns the first 1 MB from 8 MB.

", + "documentation":"

The range of bytes returned by Amazon Glacier. If only partial output is downloaded, the response provides the range of bytes Amazon Glacier returned. For example, bytes 0-1048575/8388608 returns the first 1 MB from 8 MB.

", "location":"header", "locationName":"Content-Range" }, @@ -1181,7 +1214,7 @@ "locationName":"x-amz-archive-description" } }, - "documentation":"

Contains the Amazon S3 Glacier response to your request.

", + "documentation":"

Contains the Amazon Glacier response to your request.

", "payload":"body" }, "GetVaultAccessPolicyInput":{ @@ -1193,7 +1226,7 @@ "members":{ "accountId":{ "shape":"string", - "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon S3 Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", + "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", "location":"uri", "locationName":"accountId" }, @@ -1226,7 +1259,7 @@ "members":{ "accountId":{ "shape":"string", - "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon S3 Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", + "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", "location":"uri", "locationName":"accountId" }, @@ -1259,7 +1292,7 @@ "documentation":"

The UTC date and time at which the vault lock was put into the InProgress state.

" } }, - "documentation":"

Contains the Amazon S3 Glacier response to your request.

" + "documentation":"

Contains the Amazon Glacier response to your request.

" }, "GetVaultNotificationsInput":{ "type":"structure", @@ -1270,7 +1303,7 @@ "members":{ "accountId":{ "shape":"string", - "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon S3 Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", + "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", "location":"uri", "locationName":"accountId" }, @@ -1291,7 +1324,7 @@ "documentation":"

Returns the notification configuration set on the vault.

" } }, - "documentation":"

Contains the Amazon S3 Glacier response to your request.

", + "documentation":"

Contains the Amazon Glacier response to your request.

", "payload":"vaultNotificationConfig" }, "GlacierJobDescription":{ @@ -1434,7 +1467,7 @@ "members":{ "accountId":{ "shape":"string", - "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon S3 Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", + "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", "location":"uri", "locationName":"accountId" }, @@ -1449,7 +1482,7 @@ "documentation":"

Provides options for specifying job information.

" } }, - "documentation":"

Provides options for initiating an Amazon S3 Glacier job.

", + "documentation":"

Provides options for initiating an Amazon Glacier job.

", "payload":"jobParameters" }, "InitiateJobOutput":{ @@ -1474,7 +1507,7 @@ "locationName":"x-amz-job-output-path" } }, - "documentation":"

Contains the Amazon S3 Glacier response to your request.

" + "documentation":"

Contains the Amazon Glacier response to your request.

" }, "InitiateMultipartUploadInput":{ "type":"structure", @@ -1485,7 +1518,7 @@ "members":{ "accountId":{ "shape":"string", - "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon S3 Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", + "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", "location":"uri", "locationName":"accountId" }, @@ -1508,14 +1541,14 @@ "locationName":"x-amz-part-size" } }, - "documentation":"

Provides options for initiating a multipart upload to an Amazon S3 Glacier vault.

" + "documentation":"

Provides options for initiating a multipart upload to an Amazon Glacier vault.

" }, "InitiateMultipartUploadOutput":{ "type":"structure", "members":{ "location":{ "shape":"string", - "documentation":"

The relative URI path of the multipart upload ID Amazon S3 Glacier created.

", + "documentation":"

The relative URI path of the multipart upload ID Amazon Glacier created.

", "location":"header", "locationName":"Location" }, @@ -1526,7 +1559,7 @@ "locationName":"x-amz-multipart-upload-id" } }, - "documentation":"

The Amazon S3 Glacier response to your request.

" + "documentation":"

The Amazon Glacier response to your request.

" }, "InitiateVaultLockInput":{ "type":"structure", @@ -1565,7 +1598,7 @@ "locationName":"x-amz-lock-id" } }, - "documentation":"

Contains the Amazon S3 Glacier response to your request.

" + "documentation":"

Contains the Amazon Glacier response to your request.

" }, "InputSerialization":{ "type":"structure", @@ -1681,7 +1714,7 @@ }, "SNSTopic":{ "shape":"string", - "documentation":"

The Amazon SNS topic ARN to which Amazon S3 Glacier sends a notification when the job is completed and the output is ready for you to download. The specified topic publishes the notification to its subscribers. The SNS topic must exist.

" + "documentation":"

The Amazon SNS topic ARN to which Amazon Glacier sends a notification when the job is completed and the output is ready for you to download. The specified topic publishes the notification to its subscribers. The SNS topic must exist.

" }, "RetrievalByteRange":{ "shape":"string", @@ -1735,7 +1768,7 @@ "members":{ "accountId":{ "shape":"string", - "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon S3 Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", + "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", "location":"uri", "locationName":"accountId" }, @@ -1770,7 +1803,7 @@ "locationName":"completed" } }, - "documentation":"

Provides options for retrieving a job list for an Amazon S3 Glacier vault.

" + "documentation":"

Provides options for retrieving a job list for an Amazon Glacier vault.

" }, "ListJobsOutput":{ "type":"structure", @@ -1784,7 +1817,7 @@ "documentation":"

An opaque string used for pagination that specifies the job at which the listing of jobs should begin. You get the marker value from a previous List Jobs response. You only need to include the marker if you are continuing the pagination of the results started in a previous List Jobs request.

" } }, - "documentation":"

Contains the Amazon S3 Glacier response to your request.

" + "documentation":"

Contains the Amazon Glacier response to your request.

" }, "ListMultipartUploadsInput":{ "type":"structure", @@ -1795,7 +1828,7 @@ "members":{ "accountId":{ "shape":"string", - "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon S3 Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", + "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", "location":"uri", "locationName":"accountId" }, @@ -1832,7 +1865,7 @@ "documentation":"

An opaque string that represents where to continue pagination of the results. You use the marker in a new List Multipart Uploads request to obtain more uploads in the list. If there are no more uploads, this value is null.

" } }, - "documentation":"

Contains the Amazon S3 Glacier response to your request.

" + "documentation":"

Contains the Amazon Glacier response to your request.

" }, "ListPartsInput":{ "type":"structure", @@ -1844,7 +1877,7 @@ "members":{ "accountId":{ "shape":"string", - "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon S3 Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", + "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", "location":"uri", "locationName":"accountId" }, @@ -1907,7 +1940,7 @@ "documentation":"

An opaque string that represents where to continue pagination of the results. You use the marker in a new List Parts request to obtain more jobs in the list. If there are no more parts, this value is null.

" } }, - "documentation":"

Contains the Amazon S3 Glacier response to your request.

" + "documentation":"

Contains the Amazon Glacier response to your request.

" }, "ListProvisionedCapacityInput":{ "type":"structure", @@ -1915,7 +1948,7 @@ "members":{ "accountId":{ "shape":"string", - "documentation":"

The AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon S3 Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, don't include any hyphens ('-') in the ID.

", + "documentation":"

The AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, don't include any hyphens ('-') in the ID.

", "location":"uri", "locationName":"accountId" } @@ -1939,7 +1972,7 @@ "members":{ "accountId":{ "shape":"string", - "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon S3 Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", + "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", "location":"uri", "locationName":"accountId" }, @@ -1960,7 +1993,7 @@ "documentation":"

The tags attached to the vault. Each tag is composed of a key and a value.

" } }, - "documentation":"

Contains the Amazon S3 Glacier response to your request.

" + "documentation":"

Contains the Amazon Glacier response to your request.

" }, "ListVaultsInput":{ "type":"structure", @@ -1999,7 +2032,7 @@ "documentation":"

The vault ARN at which to continue pagination of the results. You use the marker in another List Vaults request to obtain more vaults in the list.

" } }, - "documentation":"

Contains the Amazon S3 Glacier response to your request.

" + "documentation":"

Contains the Amazon Glacier response to your request.

" }, "MissingParameterValueException":{ "type":"structure", @@ -2021,6 +2054,16 @@ "error":{"httpStatusCode":400}, "exception":true }, + "NoLongerSupportedException":{ + "type":"structure", + "members":{ + "type":{"shape":"string"}, + "code":{"shape":"string"}, + "message":{"shape":"string"} + }, + "error":{"httpStatusCode":400}, + "exception":true + }, "NotificationEventList":{ "type":"list", "member":{"shape":"string"} @@ -2059,7 +2102,7 @@ }, "SHA256TreeHash":{ "shape":"string", - "documentation":"

The SHA256 tree hash value that Amazon S3 Glacier calculated for the part. This field is never null.

" + "documentation":"

The SHA256 tree hash value that Amazon Glacier calculated for the part. This field is never null.

" } }, "documentation":"

A list of the part sizes of the multipart upload.

" @@ -2122,7 +2165,7 @@ "members":{ "accountId":{ "shape":"string", - "documentation":"

The AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon S3 Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, don't include any hyphens ('-') in the ID.

", + "documentation":"

The AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, don't include any hyphens ('-') in the ID.

", "location":"uri", "locationName":"accountId" } @@ -2155,7 +2198,7 @@ "members":{ "accountId":{ "shape":"string", - "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon S3 Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", + "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", "location":"uri", "locationName":"accountId" }, @@ -2185,10 +2228,10 @@ }, "message":{ "shape":"string", - "documentation":"

Returned if, when uploading an archive, Amazon S3 Glacier times out while receiving the upload.

" + "documentation":"

Returned if, when uploading an archive, Amazon Glacier times out while receiving the upload.

" } }, - "documentation":"

Returned if, when uploading an archive, Amazon S3 Glacier times out while receiving the upload.

", + "documentation":"

Returned if, when uploading an archive, Amazon Glacier times out while receiving the upload.

", "error":{"httpStatusCode":408}, "exception":true }, @@ -2318,7 +2361,7 @@ "members":{ "accountId":{ "shape":"string", - "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon S3 Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", + "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", "location":"uri", "locationName":"accountId" }, @@ -2345,7 +2388,7 @@ "members":{ "accountId":{ "shape":"string", - "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon S3 Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", + "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", "location":"uri", "locationName":"accountId" }, @@ -2418,7 +2461,7 @@ }, "accountId":{ "shape":"string", - "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon S3 Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", + "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", "location":"uri", "locationName":"accountId" }, @@ -2478,7 +2521,7 @@ "members":{ "accountId":{ "shape":"string", - "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon S3 Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", + "documentation":"

The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single '-' (hyphen), in which case Amazon Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

", "location":"uri", "locationName":"accountId" }, @@ -2502,7 +2545,7 @@ }, "range":{ "shape":"string", - "documentation":"

Identifies the range of bytes in the assembled archive that will be uploaded in this part. Amazon S3 Glacier uses this information to assemble the archive in the proper sequence. The format of this header follows RFC 2616. An example header is Content-Range:bytes 0-4194303/*.

", + "documentation":"

Identifies the range of bytes in the assembled archive that will be uploaded in this part. Amazon Glacier uses this information to assemble the archive in the proper sequence. The format of this header follows RFC 2616. An example header is Content-Range:bytes 0-4194303/*.

", "location":"header", "locationName":"Content-Range" }, @@ -2519,12 +2562,12 @@ "members":{ "checksum":{ "shape":"string", - "documentation":"

The SHA256 tree hash that Amazon S3 Glacier computed for the uploaded part.

", + "documentation":"

The SHA256 tree hash that Amazon Glacier computed for the uploaded part.

", "location":"header", "locationName":"x-amz-sha256-tree-hash" } }, - "documentation":"

Contains the Amazon S3 Glacier response to your request.

" + "documentation":"

Contains the Amazon Glacier response to your request.

" }, "UploadsList":{ "type":"list", @@ -2563,7 +2606,7 @@ }, "Events":{ "shape":"NotificationEventList", - "documentation":"

A list of one or more events for which Amazon S3 Glacier will send a notification to the specified Amazon SNS topic.

" + "documentation":"

A list of one or more events for which Amazon Glacier will send a notification to the specified Amazon SNS topic.

" } }, "documentation":"

Represents a vault's notification configuration.

" @@ -2578,5 +2621,5 @@ "long":{"type":"long"}, "string":{"type":"string"} }, - "documentation":"

Amazon S3 Glacier (Glacier) is a storage solution for \"cold data.\"

Glacier is an extremely low-cost storage service that provides secure, durable, and easy-to-use storage for data backup and archival. With Glacier, customers can store their data cost effectively for months, years, or decades. Glacier also enables customers to offload the administrative burdens of operating and scaling storage to AWS, so they don't have to worry about capacity planning, hardware provisioning, data replication, hardware failure and recovery, or time-consuming hardware migrations.

Glacier is a great storage choice when low storage cost is paramount and your data is rarely retrieved. If your application requires fast or frequent access to your data, consider using Amazon S3. For more information, see Amazon Simple Storage Service (Amazon S3).

You can store any kind of data in any format. There is no maximum limit on the total amount of data you can store in Glacier.

If you are a first-time user of Glacier, we recommend that you begin by reading the following sections in the Amazon S3 Glacier Developer Guide:

  • What is Amazon S3 Glacier - This section of the Developer Guide describes the underlying data model, the operations it supports, and the AWS SDKs that you can use to interact with the service.

  • Getting Started with Amazon S3 Glacier - The Getting Started section walks you through the process of creating a vault, uploading archives, creating jobs to download archives, retrieving the job output, and deleting archives.

" + "documentation":"

Amazon Glacier (Glacier) is a storage solution for \"cold data.\"

Glacier is an extremely low-cost storage service that provides secure, durable, and easy-to-use storage for data backup and archival. With Glacier, customers can store their data cost effectively for months, years, or decades. Glacier also enables customers to offload the administrative burdens of operating and scaling storage to AWS, so they don't have to worry about capacity planning, hardware provisioning, data replication, hardware failure and recovery, or time-consuming hardware migrations.

Glacier is a great storage choice when low storage cost is paramount and your data is rarely retrieved. If your application requires fast or frequent access to your data, consider using Amazon S3. For more information, see Amazon Simple Storage Service (Amazon S3).

You can store any kind of data in any format. There is no maximum limit on the total amount of data you can store in Glacier.

If you are a first-time user of Glacier, we recommend that you begin by reading the following sections in the Amazon Glacier Developer Guide:

  • What is Amazon Glacier - This section of the Developer Guide describes the underlying data model, the operations it supports, and the AWS SDKs that you can use to interact with the service.

  • Getting Started with Amazon Glacier - The Getting Started section walks you through the process of creating a vault, uploading archives, creating jobs to download archives, retrieving the job output, and deleting archives.

" } diff --git a/awscli/botocore/data/health/2016-08-04/endpoint-rule-set-1.json b/awscli/botocore/data/health/2016-08-04/endpoint-rule-set-1.json index d818b36f2521..0dc9da01e68d 100644 --- a/awscli/botocore/data/health/2016-08-04/endpoint-rule-set-1.json +++ b/awscli/botocore/data/health/2016-08-04/endpoint-rule-set-1.json @@ -29,6 +29,220 @@ } }, "rules": [ + { + "conditions": [ + { + "fn": "not", + "argv": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + }, + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + }, + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + }, + { + "fn": "not", + "argv": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws" + ] + } + ] + }, + { + "fn": "not", + "argv": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-cn" + ] + } + ] + }, + { + "fn": "not", + "argv": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-us-gov" + ] + } + ] + }, + { + "fn": "not", + "argv": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-iso" + ] + } + ] + }, + { + "fn": "not", + "argv": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-iso-b" + ] + } + ] + }, + { + "fn": "not", + "argv": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-iso-e" + ] + } + ] + }, + { + "fn": "not", + "argv": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-iso-f" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "endpoint": { + "url": "https://health-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [], + "endpoint": { + "url": "https://health.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, { "conditions": [ { diff --git a/awscli/botocore/data/logs/2014-03-28/paginators-1.json b/awscli/botocore/data/logs/2014-03-28/paginators-1.json index 4df16d61b70a..ac2062d9f3bc 100644 --- a/awscli/botocore/data/logs/2014-03-28/paginators-1.json +++ b/awscli/botocore/data/logs/2014-03-28/paginators-1.json @@ -116,6 +116,12 @@ "limit_key": "maxResults", "output_token": "nextToken", "result_key": "sources" + }, + "ListAggregateLogGroupSummaries": { + "input_token": "nextToken", + "limit_key": "limit", + "output_token": "nextToken", + "result_key": "aggregateLogGroupSummaries" } } } diff --git a/awscli/botocore/data/logs/2014-03-28/service-2.json b/awscli/botocore/data/logs/2014-03-28/service-2.json index abf133c801df..7359ad7e2578 100644 --- a/awscli/botocore/data/logs/2014-03-28/service-2.json +++ b/awscli/botocore/data/logs/2014-03-28/service-2.json @@ -61,6 +61,23 @@ ], "documentation":"

Cancels the specified export task.

The task must be in the PENDING or RUNNING state.

" }, + "CancelImportTask":{ + "name":"CancelImportTask", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CancelImportTaskRequest"}, + "output":{"shape":"CancelImportTaskResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InvalidParameterException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InvalidOperationException"} + ], + "documentation":"

Cancels an active import task and stops importing data from the CloudTrail Lake Event Data Store.

" + }, "CreateDelivery":{ "name":"CreateDelivery", "http":{ @@ -98,6 +115,25 @@ ], "documentation":"

Creates an export task so that you can efficiently export data from a log group to an Amazon S3 bucket. When you perform a CreateExportTask operation, you must use credentials that have permission to write to the S3 bucket that you specify as the destination.

Exporting log data to S3 buckets that are encrypted by KMS is supported. Exporting log data to Amazon S3 buckets that have S3 Object Lock enabled with a retention period is also supported.

Exporting to S3 buckets that are encrypted with AES-256 is supported.

This is an asynchronous call. If all the required information is provided, this operation initiates an export task and responds with the ID of the task. After the task has started, you can use DescribeExportTasks to get the status of the export task. Each account can only have one active (RUNNING or PENDING) export task at a time. To cancel an export task, use CancelExportTask.

You can export logs from multiple log groups or multiple time ranges to the same S3 bucket. To separate log data for each export task, specify a prefix to be used as the Amazon S3 key prefix for all exported objects.

We recommend that you don't regularly export to Amazon S3 as a way to continuously archive your logs. For that use case, we instead recommend that you use subscriptions. For more information about subscriptions, see Real-time processing of log data with subscriptions.

Time-based sorting on chunks of log data inside an exported file is not guaranteed. You can sort the exported log field data by using Linux utilities.

" }, + "CreateImportTask":{ + "name":"CreateImportTask", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateImportTaskRequest"}, + "output":{"shape":"CreateImportTaskResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"InvalidParameterException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"InvalidOperationException"} + ], + "documentation":"

Starts an import from a data source to CloudWatch Log and creates a managed log group as the destination for the imported data. Currently, CloudTrail Event Data Store is the only supported data source.

The import task must satisfy the following constraints:

  • The specified source must be in an ACTIVE state.

  • The API caller must have permissions to access the data in the provided source and to perform iam:PassRole on the provided import role which has the same permissions, as described below.

  • The provided IAM role must trust the \"cloudtrail.amazonaws.com\" principal and have the following permissions:

    • cloudtrail:GetEventDataStoreData

    • logs:CreateLogGroup

    • logs:CreateLogStream

    • logs:PutResourcePolicy

    • (If source has an associated AWS KMS Key) kms:Decrypt

    • (If source has an associated AWS KMS Key) kms:GenerateDataKey

    Example IAM policy for provided import role:

    [ { \"Effect\": \"Allow\", \"Action\": \"iam:PassRole\", \"Resource\": \"arn:aws:iam::123456789012:role/apiCallerCredentials\", \"Condition\": { \"StringLike\": { \"iam:AssociatedResourceARN\": \"arn:aws:logs:us-east-1:123456789012:log-group:aws/cloudtrail/f1d45bff-d0e3-4868-b5d9-2eb678aa32fb:*\" } } }, { \"Effect\": \"Allow\", \"Action\": [ \"cloudtrail:GetEventDataStoreData\" ], \"Resource\": [ \"arn:aws:cloudtrail:us-east-1:123456789012:eventdatastore/f1d45bff-d0e3-4868-b5d9-2eb678aa32fb\" ] }, { \"Effect\": \"Allow\", \"Action\": [ \"logs:CreateImportTask\", \"logs:CreateLogGroup\", \"logs:CreateLogStream\", \"logs:PutResourcePolicy\" ], \"Resource\": [ \"arn:aws:logs:us-east-1:123456789012:log-group:/aws/cloudtrail/*\" ] }, { \"Effect\": \"Allow\", \"Action\": [ \"kms:Decrypt\", \"kms:GenerateDataKey\" ], \"Resource\": [ \"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\" ] } ]

  • If the import source has a customer managed key, the \"cloudtrail.amazonaws.com\" principal needs permissions to perform kms:Decrypt and kms:GenerateDataKey.

  • There can be no more than 3 active imports per account at a given time.

  • The startEventTime must be less than or equal to endEventTime.

  • The data being imported must be within the specified source's retention period.

" + }, "CreateLogAnomalyDetector":{ "name":"CreateLogAnomalyDetector", "http":{ @@ -291,7 +327,7 @@ {"shape":"OperationAbortedException"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"

Deletes a log-group level field index policy that was applied to a single log group. The indexing of the log events that happened before you delete the policy will still be used for as many as 30 days to improve CloudWatch Logs Insights queries.

If the deleted policy included facet configurations, those facets will no longer be available for interactive exploration in the CloudWatch Logs Insights console for this log group. However, facet data is retained for up to 30 days.

You can't use this operation to delete an account-level index policy. Instead, use DeletAccountPolicy.

If you delete a log-group level field index policy and there is an account-level field index policy, in a few minutes the log group begins using that account-wide policy to index new incoming log events. This operation only affects log group-level policies, including any facet configurations, and preserves any data source-based account policies that may apply to the log group.

" + "documentation":"

Deletes a log-group level field index policy that was applied to a single log group. The indexing of the log events that happened before you delete the policy will still be used for as many as 30 days to improve CloudWatch Logs Insights queries.

If the deleted policy included facet configurations, those facets will no longer be available for interactive exploration in the CloudWatch Logs Insights console for this log group. However, facet data is retained for up to 30 days.

You can't use this operation to delete an account-level index policy. Instead, use DeleteAccountPolicy.

If you delete a log-group level field index policy and there is an account-level field index policy, in a few minutes the log group begins using that account-wide policy to index new incoming log events. This operation only affects log group-level policies, including any facet configurations, and preserves any data source-based account policies that may apply to the log group.

" }, "DeleteIntegration":{ "name":"DeleteIntegration", @@ -589,6 +625,40 @@ ], "documentation":"

Returns a list of custom and default field indexes which are discovered in log data. For more information about field index policies, see PutIndexPolicy.

" }, + "DescribeImportTaskBatches":{ + "name":"DescribeImportTaskBatches", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeImportTaskBatchesRequest"}, + "output":{"shape":"DescribeImportTaskBatchesResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InvalidParameterException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InvalidOperationException"} + ], + "documentation":"

Gets detailed information about the individual batches within an import task, including their status and any error messages. For CloudTrail Event Data Store sources, a batch refers to a subset of stored events grouped by their eventTime.

" + }, + "DescribeImportTasks":{ + "name":"DescribeImportTasks", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeImportTasksRequest"}, + "output":{"shape":"DescribeImportTasksResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InvalidParameterException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InvalidOperationException"} + ], + "documentation":"

Lists and describes import tasks, with optional filtering by import status and source ARN.

" + }, "DescribeIndexPolicies":{ "name":"DescribeIndexPolicies", "http":{ @@ -1183,7 +1253,7 @@ {"shape":"ServiceUnavailableException"}, {"shape":"LimitExceededException"} ], - "documentation":"

Creates an account-level data protection policy, subscription filter policy, field index policy, transformer policy, or metric extraction policy that applies to all log groups or a subset of log groups in the account.

For field index policies, you can configure indexed fields as facets to enable interactive exploration of your logs. Facets provide value distributions and counts for indexed fields in the CloudWatch Logs Insights console without requiring query execution. For more information, see Use facets to group and explore logs.

To use this operation, you must be signed on with the correct permissions depending on the type of policy that you are creating.

  • To create a data protection policy, you must have the logs:PutDataProtectionPolicy and logs:PutAccountPolicy permissions.

  • To create a subscription filter policy, you must have the logs:PutSubscriptionFilter and logs:PutAccountPolicy permissions.

  • To create a transformer policy, you must have the logs:PutTransformer and logs:PutAccountPolicy permissions.

  • To create a field index policy, you must have the logs:PutIndexPolicy and logs:PutAccountPolicy permissions.

  • To configure facets for field index policies, you must have the logs:PutIndexPolicy and logs:PutAccountPolicy permissions.

  • To create a metric extraction policy, you must have the logs:PutMetricExtractionPolicy and logs:PutAccountPolicy permissions.

Data protection policy

A data protection policy can help safeguard sensitive data that's ingested by your log groups by auditing and masking the sensitive log data. Each account can have only one account-level data protection policy.

Sensitive data is detected and masked when it is ingested into a log group. When you set a data protection policy, log events ingested into the log groups before that time are not masked.

If you use PutAccountPolicy to create a data protection policy for your whole account, it applies to both existing log groups and all log groups that are created later in this account. The account-level policy is applied to existing log groups with eventual consistency. It might take up to 5 minutes before sensitive data in existing log groups begins to be masked.

By default, when a user views a log event that includes masked data, the sensitive data is replaced by asterisks. A user who has the logs:Unmask permission can use a GetLogEvents or FilterLogEvents operation with the unmask parameter set to true to view the unmasked log events. Users with the logs:Unmask can also view unmasked data in the CloudWatch Logs console by running a CloudWatch Logs Insights query with the unmask query command.

For more information, including a list of types of data that can be audited and masked, see Protect sensitive log data with masking.

To use the PutAccountPolicy operation for a data protection policy, you must be signed on with the logs:PutDataProtectionPolicy and logs:PutAccountPolicy permissions.

The PutAccountPolicy operation applies to all log groups in the account. You can use PutDataProtectionPolicy to create a data protection policy that applies to just one log group. If a log group has its own data protection policy and the account also has an account-level data protection policy, then the two policies are cumulative. Any sensitive term specified in either policy is masked.

Subscription filter policy

A subscription filter policy sets up a real-time feed of log events from CloudWatch Logs to other Amazon Web Services services. Account-level subscription filter policies apply to both existing log groups and log groups that are created later in this account. Supported destinations are Kinesis Data Streams, Firehose, and Lambda. When log events are sent to the receiving service, they are Base64 encoded and compressed with the GZIP format.

The following destinations are supported for subscription filters:

  • An Kinesis Data Streams data stream in the same account as the subscription policy, for same-account delivery.

  • An Firehose data stream in the same account as the subscription policy, for same-account delivery.

  • A Lambda function in the same account as the subscription policy, for same-account delivery.

  • A logical destination in a different account created with PutDestination, for cross-account delivery. Kinesis Data Streams and Firehose are supported as logical destinations.

Each account can have one account-level subscription filter policy per Region. If you are updating an existing filter, you must specify the correct name in PolicyName. To perform a PutAccountPolicy subscription filter operation for any destination except a Lambda function, you must also have the iam:PassRole permission.

Transformer policy

Creates or updates a log transformer policy for your account. You use log transformers to transform log events into a different format, making them easier for you to process and analyze. You can also transform logs from different sources into standardized formats that contain relevant, source-specific information. After you have created a transformer, CloudWatch Logs performs this transformation at the time of log ingestion. You can then refer to the transformed versions of the logs during operations such as querying with CloudWatch Logs Insights or creating metric filters or subscription filters.

You can also use a transformer to copy metadata from metadata keys into the log events themselves. This metadata can include log group name, log stream name, account ID and Region.

A transformer for a log group is a series of processors, where each processor applies one type of transformation to the log events ingested into this log group. For more information about the available processors to use in a transformer, see Processors that you can use.

Having log events in standardized format enables visibility across your applications for your log analysis, reporting, and alarming needs. CloudWatch Logs provides transformation for common log types with out-of-the-box transformation templates for major Amazon Web Services log sources such as VPC flow logs, Lambda, and Amazon RDS. You can use pre-built transformation templates or create custom transformation policies.

You can create transformers only for the log groups in the Standard log class.

You can have one account-level transformer policy that applies to all log groups in the account. Or you can create as many as 20 account-level transformer policies that are each scoped to a subset of log groups with the selectionCriteria parameter. If you have multiple account-level transformer policies with selection criteria, no two of them can use the same or overlapping log group name prefixes. For example, if you have one policy filtered to log groups that start with my-log, you can't have another field index policy filtered to my-logpprod or my-logging.

CloudWatch Logs provides default field indexes for all log groups in the Standard log class. Default field indexes are automatically available for the following fields:

  • @logStream

  • @aws.region

  • @aws.account

  • @source.log

  • traceId

Default field indexes are in addition to any custom field indexes you define within your policy. Default field indexes are not counted towards your field index quota.

You can also set up a transformer at the log-group level. For more information, see PutTransformer. If there is both a log-group level transformer created with PutTransformer and an account-level transformer that could apply to the same log group, the log group uses only the log-group level transformer. It ignores the account-level transformer.

Field index policy

You can use field index policies to create indexes on fields found in log events in the log group. Creating field indexes can help lower the scan volume for CloudWatch Logs Insights queries that reference those fields, because these queries attempt to skip the processing of log events that are known to not match the indexed field. Good fields to index are fields that you often need to query for and fields or values that match only a small fraction of the total log events. Common examples of indexes include request ID, session ID, user IDs, or instance IDs. For more information, see Create field indexes to improve query performance and reduce costs

To find the fields that are in your log group events, use the GetLogGroupFields operation.

For example, suppose you have created a field index for requestId. Then, any CloudWatch Logs Insights query on that log group that includes requestId = value or requestId in [value, value, ...] will attempt to process only the log events where the indexed field matches the specified value.

Matches of log events to the names of indexed fields are case-sensitive. For example, an indexed field of RequestId won't match a log event containing requestId.

You can have one account-level field index policy that applies to all log groups in the account. Or you can create as many as 40 account-level field index policies (20 for log group prefix selection, 20 for data source selection) that are each scoped to a subset of log groups or data sources with the selectionCriteria parameter. Field index policies can now be created for specific data source name and type combinations using DataSourceName and DataSourceType selection criteria. If you have multiple account-level index policies with selection criteria, no two of them can use the same or overlapping log group name prefixes. For example, if you have one policy filtered to log groups that start with my-log, you can't have another field index policy filtered to my-logpprod or my-logging.

If you create an account-level field index policy in a monitoring account in cross-account observability, the policy is applied only to the monitoring account and not to any source accounts.

If you want to create a field index policy for a single log group, you can use PutIndexPolicy instead of PutAccountPolicy. If you do so, that log group will use only that log-group level policy, and will ignore the account-level policy that you create with PutAccountPolicy.

Metric extraction policy

A metric extraction policy controls whether CloudWatch Metrics can be created through the Embedded Metrics Format (EMF) for log groups in your account. By default, EMF metric creation is enabled for all log groups. You can use metric extraction policies to disable EMF metric creation for your entire account or specific log groups.

When a policy disables EMF metric creation for a log group, log events in the EMF format are still ingested, but no CloudWatch Metrics are created from them.

Creating a policy disables metrics for AWS features that use EMF to create metrics, such as CloudWatch Container Insights and CloudWatch Application Signals. To prevent turning off those features by accident, we recommend that you exclude the underlying log-groups through a selection-criteria such as LogGroupNamePrefix NOT IN [\"/aws/containerinsights\", \"/aws/ecs/containerinsights\", \"/aws/application-signals/data\"].

Each account can have either one account-level metric extraction policy that applies to all log groups, or up to 5 policies that are each scoped to a subset of log groups with the selectionCriteria parameter. The selection criteria supports filtering by LogGroupName and LogGroupNamePrefix using the operators IN and NOT IN. You can specify up to 50 values in each IN or NOT IN list.

The selection criteria can be specified in these formats:

LogGroupName IN [\"log-group-1\", \"log-group-2\"]

LogGroupNamePrefix NOT IN [\"/aws/prefix1\", \"/aws/prefix2\"]

If you have multiple account-level metric extraction policies with selection criteria, no two of them can have overlapping criteria. For example, if you have one policy with selection criteria LogGroupNamePrefix IN [\"my-log\"], you can't have another metric extraction policy with selection criteria LogGroupNamePrefix IN [\"/my-log-prod\"] or LogGroupNamePrefix IN [\"/my-logging\"], as the set of log groups matching these prefixes would be a subset of the log groups matching the first policy's prefix, creating an overlap.

When using NOT IN, only one policy with this operator is allowed per account.

When combining policies with IN and NOT IN operators, the overlap check ensures that policies don't have conflicting effects. Two policies with IN and NOT IN operators do not overlap if and only if every value in the IN policy is completely contained within some value in the NOT IN policy. For example:

  • If you have a NOT IN policy for prefix \"/aws/lambda\", you can create an IN policy for the exact log group name \"/aws/lambda/function1\" because the set of log groups matching \"/aws/lambda/function1\" is a subset of the log groups matching \"/aws/lambda\".

  • If you have a NOT IN policy for prefix \"/aws/lambda\", you cannot create an IN policy for prefix \"/aws\" because the set of log groups matching \"/aws\" is not a subset of the log groups matching \"/aws/lambda\".

" + "documentation":"

Creates an account-level data protection policy, subscription filter policy, field index policy, transformer policy, or metric extraction policy that applies to all log groups, a subset of log groups, or a data source name and type combination in the account.

For field index policies, you can configure indexed fields as facets to enable interactive exploration of your logs. Facets provide value distributions and counts for indexed fields in the CloudWatch Logs Insights console without requiring query execution. For more information, see Use facets to group and explore logs.

To use this operation, you must be signed on with the correct permissions depending on the type of policy that you are creating.

  • To create a data protection policy, you must have the logs:PutDataProtectionPolicy and logs:PutAccountPolicy permissions.

  • To create a subscription filter policy, you must have the logs:PutSubscriptionFilter and logs:PutAccountPolicy permissions.

  • To create a transformer policy, you must have the logs:PutTransformer and logs:PutAccountPolicy permissions.

  • To create a field index policy, you must have the logs:PutIndexPolicy and logs:PutAccountPolicy permissions.

  • To configure facets for field index policies, you must have the logs:PutIndexPolicy and logs:PutAccountPolicy permissions.

  • To create a metric extraction policy, you must have the logs:PutMetricExtractionPolicy and logs:PutAccountPolicy permissions.

Data protection policy

A data protection policy can help safeguard sensitive data that's ingested by your log groups by auditing and masking the sensitive log data. Each account can have only one account-level data protection policy.

Sensitive data is detected and masked when it is ingested into a log group. When you set a data protection policy, log events ingested into the log groups before that time are not masked.

If you use PutAccountPolicy to create a data protection policy for your whole account, it applies to both existing log groups and all log groups that are created later in this account. The account-level policy is applied to existing log groups with eventual consistency. It might take up to 5 minutes before sensitive data in existing log groups begins to be masked.

By default, when a user views a log event that includes masked data, the sensitive data is replaced by asterisks. A user who has the logs:Unmask permission can use a GetLogEvents or FilterLogEvents operation with the unmask parameter set to true to view the unmasked log events. Users with the logs:Unmask can also view unmasked data in the CloudWatch Logs console by running a CloudWatch Logs Insights query with the unmask query command.

For more information, including a list of types of data that can be audited and masked, see Protect sensitive log data with masking.

To use the PutAccountPolicy operation for a data protection policy, you must be signed on with the logs:PutDataProtectionPolicy and logs:PutAccountPolicy permissions.

The PutAccountPolicy operation applies to all log groups in the account. You can use PutDataProtectionPolicy to create a data protection policy that applies to just one log group. If a log group has its own data protection policy and the account also has an account-level data protection policy, then the two policies are cumulative. Any sensitive term specified in either policy is masked.

Subscription filter policy

A subscription filter policy sets up a real-time feed of log events from CloudWatch Logs to other Amazon Web Services services. Account-level subscription filter policies apply to both existing log groups and log groups that are created later in this account. Supported destinations are Kinesis Data Streams, Firehose, and Lambda. When log events are sent to the receiving service, they are Base64 encoded and compressed with the GZIP format.

The following destinations are supported for subscription filters:

  • An Kinesis Data Streams data stream in the same account as the subscription policy, for same-account delivery.

  • An Firehose data stream in the same account as the subscription policy, for same-account delivery.

  • A Lambda function in the same account as the subscription policy, for same-account delivery.

  • A logical destination in a different account created with PutDestination, for cross-account delivery. Kinesis Data Streams and Firehose are supported as logical destinations.

Each account can have one account-level subscription filter policy per Region. If you are updating an existing filter, you must specify the correct name in PolicyName. To perform a PutAccountPolicy subscription filter operation for any destination except a Lambda function, you must also have the iam:PassRole permission.

Transformer policy

Creates or updates a log transformer policy for your account. You use log transformers to transform log events into a different format, making them easier for you to process and analyze. You can also transform logs from different sources into standardized formats that contain relevant, source-specific information. After you have created a transformer, CloudWatch Logs performs this transformation at the time of log ingestion. You can then refer to the transformed versions of the logs during operations such as querying with CloudWatch Logs Insights or creating metric filters or subscription filters.

You can also use a transformer to copy metadata from metadata keys into the log events themselves. This metadata can include log group name, log stream name, account ID and Region.

A transformer for a log group is a series of processors, where each processor applies one type of transformation to the log events ingested into this log group. For more information about the available processors to use in a transformer, see Processors that you can use.

Having log events in standardized format enables visibility across your applications for your log analysis, reporting, and alarming needs. CloudWatch Logs provides transformation for common log types with out-of-the-box transformation templates for major Amazon Web Services log sources such as VPC flow logs, Lambda, and Amazon RDS. You can use pre-built transformation templates or create custom transformation policies.

You can create transformers only for the log groups in the Standard log class.

You can have one account-level transformer policy that applies to all log groups in the account. Or you can create as many as 20 account-level transformer policies that are each scoped to a subset of log groups with the selectionCriteria parameter. If you have multiple account-level transformer policies with selection criteria, no two of them can use the same or overlapping log group name prefixes. For example, if you have one policy filtered to log groups that start with my-log, you can't have another transformer policy filtered to my-logpprod or my-logging.

You can also set up a transformer at the log-group level. For more information, see PutTransformer. If there is both a log-group level transformer created with PutTransformer and an account-level transformer that could apply to the same log group, the log group uses only the log-group level transformer. It ignores the account-level transformer.

Field index policy

You can use field index policies to create indexes on fields found in log events for a log group or data source name and type combination. Creating field indexes can help lower the scan volume for CloudWatch Logs Insights queries that reference those fields, because these queries attempt to skip the processing of log events that are known to not match the indexed field. Good fields to index are fields that you often need to query for and fields or values that match only a small fraction of the total log events. Common examples of indexes include request ID, session ID, user IDs, or instance IDs. For more information, see Create field indexes to improve query performance and reduce costs

To find the fields that are in your log group events, use the GetLogGroupFields operation. To find the fields for a data source use the GetLogFields operation.

For example, suppose you have created a field index for requestId. Then, any CloudWatch Logs Insights query on that log group that includes requestId = value or requestId in [value, value, ...] will attempt to process only the log events where the indexed field matches the specified value.

Matches of log events to the names of indexed fields are case-sensitive. For example, an indexed field of RequestId won't match a log event containing requestId.

You can have one account-level field index policy that applies to all log groups in the account. Or you can create as many as 20 account-level field index policies that are each scoped to a subset of log groups using LogGroupNamePrefix with the selectionCriteria parameter. You can have another 20 account-level field index policies using DataSourceName and DataSourceType for the selectionCriteria parameter. If you have multiple account-level index policies with LogGroupNamePrefix selection criteria, no two of them can use the same or overlapping log group name prefixes. For example, if you have one policy filtered to log groups that start with my-log, you can't have another field index policy filtered to my-logpprod or my-logging. Similarly, if you have multiple account-level index policies with DataSourceName and DataSourceType selection criteria, no two of them can use the same data source name and type combination. For example, if you have one policy filtered to the data source name amazon_vpc and data source type flow you cannot create another policy with this combination.

If you create an account-level field index policy in a monitoring account in cross-account observability, the policy is applied only to the monitoring account and not to any source accounts.

CloudWatch Logs provides default field indexes for all log groups in the Standard log class. Default field indexes are automatically available for the following fields:

  • @logStream

  • @aws.region

  • @aws.account

  • @source.log

  • @data_source_name

  • @data_source_type

  • @data_format

  • traceId

  • severityText

  • attributes.session.id

CloudWatch Logs provides default field indexes for certain data source name and type combinations as well. Default field indexes are automatically available for the following data source name and type combinations as identified in the following list:

amazon_vpc.flow

  • action

  • logStatus

  • region

  • flowDirection

  • type

amazon_route53.resolver_query

  • transport

  • rcode

aws_waf.access

  • action

  • httpRequest.country

aws_cloudtrail.data, aws_cloudtrail.management

  • eventSource

  • eventName

  • awsRegion

  • userAgent

  • errorCode

  • eventType

  • managementEvent

  • readOnly

  • eventCategory

  • requestId

Default field indexes are in addition to any custom field indexes you define within your policy. Default field indexes are not counted towards your field index quota.

If you want to create a field index policy for a single log group, you can use PutIndexPolicy instead of PutAccountPolicy. If you do so, that log group will use that log-group level policy and any account-level policies that match at the data source level; any account-level policy that matches at the log group level (for example, no selection criteria or log group name prefix selection criteria) will be ignored.

Metric extraction policy

A metric extraction policy controls whether CloudWatch Metrics can be created through the Embedded Metrics Format (EMF) for log groups in your account. By default, EMF metric creation is enabled for all log groups. You can use metric extraction policies to disable EMF metric creation for your entire account or specific log groups.

When a policy disables EMF metric creation for a log group, log events in the EMF format are still ingested, but no CloudWatch Metrics are created from them.

Creating a policy disables metrics for AWS features that use EMF to create metrics, such as CloudWatch Container Insights and CloudWatch Application Signals. To prevent turning off those features by accident, we recommend that you exclude the underlying log-groups through a selection-criteria such as LogGroupNamePrefix NOT IN [\"/aws/containerinsights\", \"/aws/ecs/containerinsights\", \"/aws/application-signals/data\"].

Each account can have either one account-level metric extraction policy that applies to all log groups, or up to 5 policies that are each scoped to a subset of log groups with the selectionCriteria parameter. The selection criteria supports filtering by LogGroupName and LogGroupNamePrefix using the operators IN and NOT IN. You can specify up to 50 values in each IN or NOT IN list.

The selection criteria can be specified in these formats:

LogGroupName IN [\"log-group-1\", \"log-group-2\"]

LogGroupNamePrefix NOT IN [\"/aws/prefix1\", \"/aws/prefix2\"]

If you have multiple account-level metric extraction policies with selection criteria, no two of them can have overlapping criteria. For example, if you have one policy with selection criteria LogGroupNamePrefix IN [\"my-log\"], you can't have another metric extraction policy with selection criteria LogGroupNamePrefix IN [\"/my-log-prod\"] or LogGroupNamePrefix IN [\"/my-logging\"], as the set of log groups matching these prefixes would be a subset of the log groups matching the first policy's prefix, creating an overlap.

When using NOT IN, only one policy with this operator is allowed per account.

When combining policies with IN and NOT IN operators, the overlap check ensures that policies don't have conflicting effects. Two policies with IN and NOT IN operators do not overlap if and only if every value in the IN policy is completely contained within some value in the NOT IN policy. For example:

  • If you have a NOT IN policy for prefix \"/aws/lambda\", you can create an IN policy for the exact log group name \"/aws/lambda/function1\" because the set of log groups matching \"/aws/lambda/function1\" is a subset of the log groups matching \"/aws/lambda\".

  • If you have a NOT IN policy for prefix \"/aws/lambda\", you cannot create an IN policy for prefix \"/aws\" because the set of log groups matching \"/aws\" is not a subset of the log groups matching \"/aws/lambda\".

" }, "PutDataProtectionPolicy":{ "name":"PutDataProtectionPolicy", @@ -2022,6 +2092,11 @@ } }, "Baseline":{"type":"boolean"}, + "BatchId":{ + "type":"string", + "max":256, + "min":1 + }, "Boolean":{"type":"boolean"}, "CSV":{ "type":"structure", @@ -2055,6 +2130,41 @@ } } }, + "CancelImportTaskRequest":{ + "type":"structure", + "required":["importId"], + "members":{ + "importId":{ + "shape":"ImportId", + "documentation":"

The ID of the import task to cancel.

" + } + } + }, + "CancelImportTaskResponse":{ + "type":"structure", + "members":{ + "importId":{ + "shape":"ImportId", + "documentation":"

The ID of the cancelled import task.

" + }, + "importStatistics":{ + "shape":"ImportStatistics", + "documentation":"

Statistics about the import progress at the time of cancellation.

" + }, + "importStatus":{ + "shape":"ImportStatus", + "documentation":"

The final status of the import task. This will be set to CANCELLED.

" + }, + "creationTime":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the import task was created, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.

" + }, + "lastUpdatedTime":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the import task was cancelled, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.

" + } + } + }, "ClientToken":{ "type":"string", "max":128, @@ -2280,6 +2390,44 @@ } } }, + "CreateImportTaskRequest":{ + "type":"structure", + "required":[ + "importSourceArn", + "importRoleArn" + ], + "members":{ + "importSourceArn":{ + "shape":"Arn", + "documentation":"

The ARN of the source to import from.

" + }, + "importRoleArn":{ + "shape":"RoleArn", + "documentation":"

The ARN of the IAM role that grants CloudWatch Logs permission to import from the CloudTrail Lake Event Data Store.

" + }, + "importFilter":{ + "shape":"ImportFilter", + "documentation":"

Optional filters to constrain the import by CloudTrail event time. Times are specified in Unix timestamp milliseconds. The range of data being imported must be within the specified source's retention period.

" + } + } + }, + "CreateImportTaskResponse":{ + "type":"structure", + "members":{ + "importId":{ + "shape":"ImportId", + "documentation":"

A unique identifier for the import task.

" + }, + "importDestinationArn":{ + "shape":"Arn", + "documentation":"

The ARN of the CloudWatch Logs log group created as the destination for the imported events.

" + }, + "creationTime":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the import task was created, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.

" + } + } + }, "CreateLogAnomalyDetectorRequest":{ "type":"structure", "required":["logGroupArnList"], @@ -3211,6 +3359,87 @@ "nextToken":{"shape":"NextToken"} } }, + "DescribeImportTaskBatchesRequest":{ + "type":"structure", + "required":["importId"], + "members":{ + "importId":{ + "shape":"ImportId", + "documentation":"

The ID of the import task to get batch information for.

" + }, + "batchImportStatus":{ + "shape":"ImportStatusList", + "documentation":"

Optional filter to list import batches by their status. Accepts multiple status values: IN_PROGRESS, CANCELLED, COMPLETED and FAILED.

" + }, + "limit":{ + "shape":"DescribeLimit", + "documentation":"

The maximum number of import batches to return in the response. Default: 10

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

The pagination token for the next set of results.

" + } + } + }, + "DescribeImportTaskBatchesResponse":{ + "type":"structure", + "members":{ + "importSourceArn":{ + "shape":"Arn", + "documentation":"

The ARN of the source being imported from.

" + }, + "importId":{ + "shape":"ImportId", + "documentation":"

The ID of the import task.

" + }, + "importBatches":{ + "shape":"ImportBatchList", + "documentation":"

The list of import batches that match the request filters.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

The token to use when requesting the next set of results. Not present if there are no additional results to retrieve.

" + } + } + }, + "DescribeImportTasksRequest":{ + "type":"structure", + "members":{ + "importId":{ + "shape":"ImportId", + "documentation":"

Optional filter to describe a specific import task by its ID.

" + }, + "importStatus":{ + "shape":"ImportStatus", + "documentation":"

Optional filter to list imports by their status. Valid values are IN_PROGRESS, CANCELLED, COMPLETED and FAILED.

" + }, + "importSourceArn":{ + "shape":"Arn", + "documentation":"

Optional filter to list imports from a specific source

" + }, + "limit":{ + "shape":"DescribeLimit", + "documentation":"

The maximum number of import tasks to return in the response. Default: 50

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

The pagination token for the next set of results.

" + } + } + }, + "DescribeImportTasksResponse":{ + "type":"structure", + "members":{ + "imports":{ + "shape":"ImportList", + "documentation":"

The list of import tasks that match the request filters.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

The token to use when requesting the next set of results. Not present if there are no additional results to retrieve.

" + } + } + }, "DescribeIndexPoliciesLogGroupIdentifiers":{ "type":"list", "member":{"shape":"LogGroupIdentifier"}, @@ -3707,6 +3936,7 @@ "type":"long", "min":0 }, + "ErrorMessage":{"type":"string"}, "EvaluationFrequency":{ "type":"string", "enum":[ @@ -4668,6 +4898,121 @@ "key":{"shape":"Time"}, "value":{"shape":"Count"} }, + "Import":{ + "type":"structure", + "members":{ + "importId":{ + "shape":"ImportId", + "documentation":"

The unique identifier of the import task.

" + }, + "importSourceArn":{ + "shape":"Arn", + "documentation":"

The ARN of the CloudTrail Lake Event Data Store being imported from.

" + }, + "importStatus":{ + "shape":"ImportStatus", + "documentation":"

The current status of the import task. Valid values are IN_PROGRESS, CANCELLED, COMPLETED and FAILED.

" + }, + "importDestinationArn":{ + "shape":"Arn", + "documentation":"

The ARN of the managed CloudWatch Logs log group where the events are being imported to.

" + }, + "importStatistics":{ + "shape":"ImportStatistics", + "documentation":"

Statistics about the import progress

" + }, + "importFilter":{ + "shape":"ImportFilter", + "documentation":"

The filter criteria used for this import task.

" + }, + "creationTime":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the import task was created, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.

" + }, + "lastUpdatedTime":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the import task was last updated, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.

" + }, + "errorMessage":{ + "shape":"ErrorMessage", + "documentation":"

Error message related to any failed imports

" + } + }, + "documentation":"

An import job to move data from CloudTrail Event Data Store to CloudWatch.

" + }, + "ImportBatch":{ + "type":"structure", + "required":[ + "batchId", + "status" + ], + "members":{ + "batchId":{ + "shape":"BatchId", + "documentation":"

The unique identifier of the import batch.

" + }, + "status":{ + "shape":"ImportStatus", + "documentation":"

The current status of the import batch. Valid values are IN_PROGRESS, CANCELLED, COMPLETED and FAILED.

" + }, + "errorMessage":{ + "shape":"ErrorMessage", + "documentation":"

The error message if the batch failed to import. Only present when status is FAILED.

" + } + }, + "documentation":"

A collection of events being imported to CloudWatch

" + }, + "ImportBatchList":{ + "type":"list", + "member":{"shape":"ImportBatch"} + }, + "ImportFilter":{ + "type":"structure", + "members":{ + "startEventTime":{ + "shape":"Timestamp", + "documentation":"

The start of the time range for events to import, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.

" + }, + "endEventTime":{ + "shape":"Timestamp", + "documentation":"

The end of the time range for events to import, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.

" + } + }, + "documentation":"

The filter criteria used for import tasks

" + }, + "ImportId":{ + "type":"string", + "max":256, + "min":1, + "pattern":"[\\-a-zA-Z0-9]+" + }, + "ImportList":{ + "type":"list", + "member":{"shape":"Import"} + }, + "ImportStatistics":{ + "type":"structure", + "members":{ + "bytesImported":{ + "shape":"StoredBytes", + "documentation":"

The total number of bytes that have been imported to the managed log group.

" + } + }, + "documentation":"

Statistics about the import progress

" + }, + "ImportStatus":{ + "type":"string", + "enum":[ + "IN_PROGRESS", + "CANCELLED", + "COMPLETED", + "FAILED" + ] + }, + "ImportStatusList":{ + "type":"list", + "member":{"shape":"ImportStatus"} + }, "IncludeLinkedAccounts":{"type":"boolean"}, "IndexPolicies":{ "type":"list", @@ -6453,11 +6798,11 @@ "members":{ "policyName":{ "shape":"PolicyName", - "documentation":"

A name for the policy. This must be unique within the account.

" + "documentation":"

A name for the policy. This must be unique within the account and cannot start with aws/.

" }, "policyDocument":{ "shape":"AccountPolicyDocument", - "documentation":"

Specify the policy, in JSON.

Data protection policy

A data protection policy must include two JSON blocks:

  • The first block must include both a DataIdentifer array and an Operation property with an Audit action. The DataIdentifer array lists the types of sensitive data that you want to mask. For more information about the available options, see Types of data that you can mask.

    The Operation property with an Audit action is required to find the sensitive data terms. This Audit action must contain a FindingsDestination object. You can optionally use that FindingsDestination object to list one or more destinations to send audit findings to. If you specify destinations such as log groups, Firehose streams, and S3 buckets, they must already exist.

  • The second block must include both a DataIdentifer array and an Operation property with an Deidentify action. The DataIdentifer array must exactly match the DataIdentifer array in the first block of the policy.

    The Operation property with the Deidentify action is what actually masks the data, and it must contain the \"MaskConfig\": {} object. The \"MaskConfig\": {} object must be empty.

For an example data protection policy, see the Examples section on this page.

The contents of the two DataIdentifer arrays must match exactly.

In addition to the two JSON blocks, the policyDocument can also include Name, Description, and Version fields. The Name is different than the operation's policyName parameter, and is used as a dimension when CloudWatch Logs reports audit findings metrics to CloudWatch.

The JSON specified in policyDocument can be up to 30,720 characters long.

Subscription filter policy

A subscription filter policy can include the following attributes in a JSON block:

  • DestinationArn The ARN of the destination to deliver log events to. Supported destinations are:

    • An Kinesis Data Streams data stream in the same account as the subscription policy, for same-account delivery.

    • An Firehose data stream in the same account as the subscription policy, for same-account delivery.

    • A Lambda function in the same account as the subscription policy, for same-account delivery.

    • A logical destination in a different account created with PutDestination, for cross-account delivery. Kinesis Data Streams and Firehose are supported as logical destinations.

  • RoleArn The ARN of an IAM role that grants CloudWatch Logs permissions to deliver ingested log events to the destination stream. You don't need to provide the ARN when you are working with a logical destination for cross-account delivery.

  • FilterPattern A filter pattern for subscribing to a filtered stream of log events.

  • Distribution The method used to distribute log data to the destination. By default, log data is grouped by log stream, but the grouping can be set to Random for a more even distribution. This property is only applicable when the destination is an Kinesis Data Streams data stream.

Transformer policy

A transformer policy must include one JSON block with the array of processors and their configurations. For more information about available processors, see Processors that you can use.

Field index policy

A field index filter policy can include the following attribute in a JSON block:

  • Fields The array of field indexes to create.

It must contain at least one field index.

The following is an example of an index policy document that creates two indexes, RequestId and TransactionId.

\"policyDocument\": \"{ \\\"Fields\\\": [ \\\"RequestId\\\", \\\"TransactionId\\\" ] }\"

" + "documentation":"

Specify the policy, in JSON.

Data protection policy

A data protection policy must include two JSON blocks:

  • The first block must include both a DataIdentifer array and an Operation property with an Audit action. The DataIdentifer array lists the types of sensitive data that you want to mask. For more information about the available options, see Types of data that you can mask.

    The Operation property with an Audit action is required to find the sensitive data terms. This Audit action must contain a FindingsDestination object. You can optionally use that FindingsDestination object to list one or more destinations to send audit findings to. If you specify destinations such as log groups, Firehose streams, and S3 buckets, they must already exist.

  • The second block must include both a DataIdentifer array and an Operation property with an Deidentify action. The DataIdentifer array must exactly match the DataIdentifer array in the first block of the policy.

    The Operation property with the Deidentify action is what actually masks the data, and it must contain the \"MaskConfig\": {} object. The \"MaskConfig\": {} object must be empty.

For an example data protection policy, see the Examples section on this page.

The contents of the two DataIdentifer arrays must match exactly.

In addition to the two JSON blocks, the policyDocument can also include Name, Description, and Version fields. The Name is different than the operation's policyName parameter, and is used as a dimension when CloudWatch Logs reports audit findings metrics to CloudWatch.

The JSON specified in policyDocument can be up to 30,720 characters long.

Subscription filter policy

A subscription filter policy can include the following attributes in a JSON block:

  • DestinationArn The ARN of the destination to deliver log events to. Supported destinations are:

    • An Kinesis Data Streams data stream in the same account as the subscription policy, for same-account delivery.

    • An Firehose data stream in the same account as the subscription policy, for same-account delivery.

    • A Lambda function in the same account as the subscription policy, for same-account delivery.

    • A logical destination in a different account created with PutDestination, for cross-account delivery. Kinesis Data Streams and Firehose are supported as logical destinations.

  • RoleArn The ARN of an IAM role that grants CloudWatch Logs permissions to deliver ingested log events to the destination stream. You don't need to provide the ARN when you are working with a logical destination for cross-account delivery.

  • FilterPattern A filter pattern for subscribing to a filtered stream of log events.

  • Distribution The method used to distribute log data to the destination. By default, log data is grouped by log stream, but the grouping can be set to Random for a more even distribution. This property is only applicable when the destination is an Kinesis Data Streams data stream.

Transformer policy

A transformer policy must include one JSON block with the array of processors and their configurations. For more information about available processors, see Processors that you can use.

Field index policy

A field index filter policy can include the following attribute in a JSON block:

  • Fields The array of field indexes to create.

  • FieldsV2 The object of field indexes to create along with it's type.

It must contain at least one field index.

The following is an example of an index policy document that creates indexes with different types.

\"policyDocument\": \"{ \\\"Fields\\\": [ \\\"TransactionId\\\" ], \\\"FieldsV2\\\": {\\\"RequestId\\\": {\\\"type\\\": \\\"FIELD_INDEX\\\"}, \\\"APIName\\\": {\\\"type\\\": \\\"FACET\\\"}, \\\"StatusCode\\\": {\\\"type\\\": \\\"FACET\\\"}}}\"

You can use FieldsV2 to specify the type for each field. Supported types are FIELD_INDEX and FACET. Field names within Fields and FieldsV2 must be mutually exclusive.

" }, "policyType":{ "shape":"PolicyType", @@ -6469,7 +6814,7 @@ }, "selectionCriteria":{ "shape":"SelectionCriteria", - "documentation":"

Use this parameter to apply the new policy to a subset of log groups in the account.

Specifying selectionCriteria is valid only when you specify SUBSCRIPTION_FILTER_POLICY, FIELD_INDEX_POLICY or TRANSFORMER_POLICYfor policyType.

If policyType is SUBSCRIPTION_FILTER_POLICY, the only supported selectionCriteria filter is LogGroupName NOT IN []

If policyType is FIELD_INDEX_POLICY or TRANSFORMER_POLICY, the only supported selectionCriteria filter is LogGroupNamePrefix

The selectionCriteria string can be up to 25KB in length. The length is determined by using its UTF-8 bytes.

Using the selectionCriteria parameter with SUBSCRIPTION_FILTER_POLICY is useful to help prevent infinite loops. For more information, see Log recursion prevention.

" + "documentation":"

Use this parameter to apply the new policy to a subset of log groups in the account or a data source name and type combination.

Specifying selectionCriteria is valid only when you specify SUBSCRIPTION_FILTER_POLICY, FIELD_INDEX_POLICY or TRANSFORMER_POLICYfor policyType.

  • If policyType is SUBSCRIPTION_FILTER_POLICY, the only supported selectionCriteria filter is LogGroupName NOT IN []

  • If policyType is TRANSFORMER_POLICY, the only supported selectionCriteria filter is LogGroupNamePrefix

  • If policyType is FIELD_INDEX_POLICY, the supported selectionCriteria filters are:

    • LogGroupNamePrefix

    • DataSourceName AND DataSourceType

    When you specify selectionCriteria for a field index policy you can use either LogGroupNamePrefix by itself or DataSourceName and DataSourceType together.

The selectionCriteria string can be up to 25KB in length. The length is determined by using its UTF-8 bytes.

Using the selectionCriteria parameter with SUBSCRIPTION_FILTER_POLICY is useful to help prevent infinite loops. For more information, see Log recursion prevention.

" } } }, @@ -6595,7 +6940,7 @@ }, "logType":{ "shape":"LogType", - "documentation":"

Defines the type of log that the source is sending.

  • For Amazon Bedrock Agents, the valid values are APPLICATION_LOGS and EVENT_LOGS.

  • For Amazon Bedrock Knowledge Bases, the valid value is APPLICATION_LOGS.

  • For Amazon Bedrock AgentCore Runtime, the valid values are APPLICATION_LOGS, USAGE_LOGS and TRACES.

  • For Amazon Bedrock AgentCore Tools, the valid values are APPLICATION_LOGS, USAGE_LOGS and TRACES.

  • For Amazon Bedrock AgentCore Identity, the valid values are APPLICATION_LOGS and TRACES.

  • For Amazon Bedrock AgentCore Gateway, the valid values are APPLICATION_LOGS and TRACES.

  • For CloudFront, the valid value is ACCESS_LOGS.

  • For Amazon CodeWhisperer, the valid value is EVENT_LOGS.

  • For Elemental MediaPackage, the valid values are EGRESS_ACCESS_LOGS and INGRESS_ACCESS_LOGS.

  • For Elemental MediaTailor, the valid values are AD_DECISION_SERVER_LOGS, MANIFEST_SERVICE_LOGS, and TRANSCODE_LOGS.

  • For Entity Resolution, the valid value is WORKFLOW_LOGS.

  • For IAM Identity Center, the valid value is ERROR_LOGS.

  • For Network Load Balancer, the valid value is NLB_ACCESS_LOGS.

  • For PCS, the valid values are PCS_SCHEDULER_LOGS and PCS_JOBCOMP_LOGS.

  • For Amazon Web Services RTB Fabric, the valid values is APPLICATION_LOGS.

  • For Amazon Q, the valid values are EVENT_LOGS and SYNC_JOB_LOGS.

  • For Amazon SES mail manager, the valid values are APPLICATION_LOGS and TRAFFIC_POLICY_DEBUG_LOGS.

  • For Amazon WorkMail, the valid values are ACCESS_CONTROL_LOGS, AUTHENTICATION_LOGS, WORKMAIL_AVAILABILITY_PROVIDER_LOGS, WORKMAIL_MAILBOX_ACCESS_LOGS, and WORKMAIL_PERSONAL_ACCESS_TOKEN_LOGS.

  • For Amazon VPC Route Server, the valid value is EVENT_LOGS.

" + "documentation":"

Defines the type of log that the source is sending.

  • For Amazon Bedrock Agents, the valid values are APPLICATION_LOGS and EVENT_LOGS.

  • For Amazon Bedrock Knowledge Bases, the valid value is APPLICATION_LOGS.

  • For Amazon Bedrock AgentCore Runtime, the valid values are APPLICATION_LOGS, USAGE_LOGS and TRACES.

  • For Amazon Bedrock AgentCore Tools, the valid values are APPLICATION_LOGS, USAGE_LOGS and TRACES.

  • For Amazon Bedrock AgentCore Identity, the valid values are APPLICATION_LOGS and TRACES.

  • For Amazon Bedrock AgentCore Gateway, the valid values are APPLICATION_LOGS and TRACES.

  • For CloudFront, the valid value is ACCESS_LOGS.

  • For Amazon CodeWhisperer, the valid value is EVENT_LOGS.

  • For Elemental MediaPackage, the valid values are EGRESS_ACCESS_LOGS and INGRESS_ACCESS_LOGS.

  • For Elemental MediaTailor, the valid values are AD_DECISION_SERVER_LOGS, MANIFEST_SERVICE_LOGS, and TRANSCODE_LOGS.

  • For Entity Resolution, the valid value is WORKFLOW_LOGS.

  • For IAM Identity Center, the valid value is ERROR_LOGS.

  • For Network Firewall Proxy, the valid values are ALERT_LOGS, ALLOW_LOGS, and DENY_LOGS.

  • For Network Load Balancer, the valid value is NLB_ACCESS_LOGS.

  • For PCS, the valid values are PCS_SCHEDULER_LOGS and PCS_JOBCOMP_LOGS.

  • For Quick Suite, the valid values are CHAT_LOGS and FEEDBACK_LOGS.

  • For Amazon Web Services RTB Fabric, the valid values is APPLICATION_LOGS.

  • For Amazon Q, the valid values are EVENT_LOGS and SYNC_JOB_LOGS.

  • For Amazon SES mail manager, the valid values are APPLICATION_LOGS and TRAFFIC_POLICY_DEBUG_LOGS.

  • For Amazon WorkMail, the valid values are ACCESS_CONTROL_LOGS, AUTHENTICATION_LOGS, WORKMAIL_AVAILABILITY_PROVIDER_LOGS, WORKMAIL_MAILBOX_ACCESS_LOGS, and WORKMAIL_PERSONAL_ACCESS_TOKEN_LOGS.

  • For Amazon VPC Route Server, the valid value is EVENT_LOGS.

" }, "tags":{ "shape":"Tags", @@ -6681,7 +7026,7 @@ }, "policyDocument":{ "shape":"PolicyDocument", - "documentation":"

The index policy document, in JSON format. The following is an example of an index policy document that creates two indexes, RequestId and TransactionId.

\"policyDocument\": \"{ \"Fields\": [ \"RequestId\", \"TransactionId\" ] }\"

The policy document must include at least one field index. For more information about the fields that can be included and other restrictions, see Field index syntax and quotas.

" + "documentation":"

The index policy document, in JSON format. The following is an example of an index policy document that creates indexes with different types.

\"policyDocument\": \"{\"Fields\": [ \"TransactionId\" ], \"FieldsV2\": {\"RequestId\": {\"type\": \"FIELD_INDEX\"}, \"APIName\": {\"type\": \"FACET\"}, \"StatusCode\": {\"type\": \"FACET\"}}}\"

You can use FieldsV2 to specify the type for each field. Supported types are FIELD_INDEX and FACET. Field names within Fields and FieldsV2 must be mutually exclusive.

The policy document must include at least one field index. For more information about the fields that can be included and other restrictions, see Field index syntax and quotas.

" } } }, diff --git a/awscli/botocore/data/mediatailor/2018-04-23/service-2.json b/awscli/botocore/data/mediatailor/2018-04-23/service-2.json index 0f6013c09783..79a310621c86 100644 --- a/awscli/botocore/data/mediatailor/2018-04-23/service-2.json +++ b/awscli/botocore/data/mediatailor/2018-04-23/service-2.json @@ -633,6 +633,16 @@ }, "documentation":"

The setting that indicates what conditioning MediaTailor will perform on ads that the ad decision server (ADS) returns.

" }, + "AdDecisionServerConfiguration":{ + "type":"structure", + "members":{ + "HttpRequest":{ + "shape":"HttpRequest", + "documentation":"

The HTTP request configuration parameters for the ad decision server.

" + } + }, + "documentation":"

Configuration parameters for customizing HTTP requests sent to the ad decision server (ADS). This allows you to specify the HTTP method, headers, request body, and compression settings for ADS requests.

" + }, "AdMarkerPassthrough":{ "type":"structure", "members":{ @@ -970,6 +980,13 @@ }, "documentation":"

Clip range configuration for the VOD source associated with the program.

" }, + "CompressionMethod":{ + "type":"string", + "enum":[ + "NONE", + "GZIP" + ] + }, "ConfigurationAliasesRequest":{ "type":"map", "key":{ @@ -2282,6 +2299,10 @@ "AdConditioningConfiguration":{ "shape":"AdConditioningConfiguration", "documentation":"

The setting that indicates what conditioning MediaTailor will perform on ads that the ad decision server (ADS) returns, and what priority MediaTailor uses when inserting ads.

" + }, + "AdDecisionServerConfiguration":{ + "shape":"AdDecisionServerConfiguration", + "documentation":"

The configuration for customizing HTTP requests to the ad decision server (ADS). This includes settings for request method, headers, body content, and compression options.

" } } }, @@ -2406,6 +2427,28 @@ "member":{"shape":"HttpPackageConfiguration"}, "documentation":"

The VOD source's HTTP package configuration settings.

" }, + "HttpRequest":{ + "type":"structure", + "members":{ + "Method":{ + "shape":"Method", + "documentation":"

The HTTP method to use when making requests to the ad decision server. Supported values are GET and POST.

" + }, + "Body":{ + "shape":"__string", + "documentation":"

The request body content to send with HTTP requests to the ad decision server. This value is only eligible for POST requests.

" + }, + "Headers":{ + "shape":"StringMap", + "documentation":"

Custom HTTP headers to include in requests to the ad decision server. Specify headers as key-value pairs. This value is only eligible for POST requests.

" + }, + "CompressRequest":{ + "shape":"CompressionMethod", + "documentation":"

The compression method to apply to requests sent to the ad decision server. Supported values are NONE and GZIP. This value is only eligible for POST requests.

" + } + }, + "documentation":"

HTTP request configuration parameters that define how MediaTailor communicates with the ad decision server.

" + }, "InsertionMode":{ "type":"string", "documentation":"

Insertion Mode controls whether players can use stitched or guided ad insertion.

", @@ -2888,6 +2931,13 @@ "TIME_SIGNAL" ] }, + "Method":{ + "type":"string", + "enum":[ + "GET", + "POST" + ] + }, "Mode":{ "type":"string", "enum":[ @@ -2994,7 +3044,8 @@ "AdConditioningConfiguration":{ "shape":"AdConditioningConfiguration", "documentation":"

The setting that indicates what conditioning MediaTailor will perform on ads that the ad decision server (ADS) returns, and what priority MediaTailor uses when inserting ads.

" - } + }, + "AdDecisionServerConfiguration":{"shape":"AdDecisionServerConfiguration"} }, "documentation":"

A playback configuration. For information about MediaTailor configurations, see Working with configurations in AWS Elemental MediaTailor.

" }, @@ -3042,15 +3093,15 @@ }, "TrafficShapingType":{ "shape":"TrafficShapingType", - "documentation":"

Indicates the type of traffic shaping used for prefetch traffic shaping and limiting the number of requests to the ADS at one time.

" + "documentation":"

Indicates the type of traffic shaping used to limit the number of requests to the ADS at one time.

" }, "TrafficShapingRetrievalWindow":{ "shape":"TrafficShapingRetrievalWindow", - "documentation":"

Configuration for spreading ADS traffic across a set window instead of sending ADS requests for all sessions at the same time.

" + "documentation":"

The configuration that tells Elemental MediaTailor how many seconds to spread out requests to the ad decision server (ADS). Instead of sending ADS requests for all sessions at the same time, MediaTailor spreads the requests across the amount of time specified in the retrieval window.

" }, "TrafficShapingTpsConfiguration":{ "shape":"TrafficShapingTpsConfiguration", - "documentation":"

The configuration for TPS-based traffic shaping that limits the number of requests to the ad decision server (ADS) based on transactions per second instead of time windows.

" + "documentation":"

The configuration for TPS-based traffic shaping. This approach limits requests to the ad decision server (ADS) based on transactions per second and concurrent users.

" } }, "documentation":"

A complex type that contains settings governing when MediaTailor prefetches ads, and which dynamic variables that MediaTailor includes in the request to the ad decision server.

" @@ -3196,6 +3247,10 @@ "AdConditioningConfiguration":{ "shape":"AdConditioningConfiguration", "documentation":"

The setting that indicates what conditioning MediaTailor will perform on ads that the ad decision server (ADS) returns, and what priority MediaTailor uses when inserting ads.

" + }, + "AdDecisionServerConfiguration":{ + "shape":"AdDecisionServerConfiguration", + "documentation":"

The configuration for customizing HTTP requests to the ad decision server (ADS). This includes settings for request method, headers, body content, and compression options.

" } } }, @@ -3286,6 +3341,10 @@ "AdConditioningConfiguration":{ "shape":"AdConditioningConfiguration", "documentation":"

The setting that indicates what conditioning MediaTailor will perform on ads that the ad decision server (ADS) returns, and what priority MediaTailor uses when inserting ads.

" + }, + "AdDecisionServerConfiguration":{ + "shape":"AdDecisionServerConfiguration", + "documentation":"

The configuration for customizing HTTP requests to the ad decision server (ADS). This includes settings for request method, headers, body content, and compression options.

" } } }, @@ -3343,15 +3402,15 @@ }, "TrafficShapingType":{ "shape":"TrafficShapingType", - "documentation":"

Indicates the type of traffic shaping used for traffic shaping and limiting the number of requests to the ADS at one time.

" + "documentation":"

Indicates the type of traffic shaping used to limit the number of requests to the ADS at one time.

" }, "TrafficShapingRetrievalWindow":{ "shape":"TrafficShapingRetrievalWindow", - "documentation":"

Configuration for spreading ADS traffic across a set window instead of sending ADS requests for all sessions at the same time.

" + "documentation":"

The configuration that tells Elemental MediaTailor how many seconds to spread out requests to the ad decision server (ADS). Instead of sending ADS requests for all sessions at the same time, MediaTailor spreads the requests across the amount of time specified in the retrieval window.

" }, "TrafficShapingTpsConfiguration":{ "shape":"TrafficShapingTpsConfiguration", - "documentation":"

The configuration for TPS-based traffic shaping that limits the number of requests to the ad decision server (ADS) based on transactions per second instead of time windows.

" + "documentation":"

The configuration for TPS-based traffic shaping. This approach limits requests to the ad decision server (ADS) based on transactions per second and concurrent users.

" } }, "documentation":"

With recurring prefetch, MediaTailor automatically prefetches ads for every avail that occurs during the retrieval window. The following configurations describe the MediaTailor behavior when prefetching ads for a live event.

" @@ -3728,6 +3787,11 @@ ] }, "String":{"type":"string"}, + "StringMap":{ + "type":"map", + "key":{"shape":"__string"}, + "value":{"shape":"__string"} + }, "TagResourceRequest":{ "type":"structure", "required":[ @@ -3784,7 +3848,7 @@ "documentation":"

The amount of time, in seconds, that MediaTailor spreads prefetch requests to the ADS.

" } }, - "documentation":"

The configuration that tells Elemental MediaTailor how to spread out requests to the ad decision server (ADS). Instead of sending ADS requests for all sessions at the same time, MediaTailor spreads the requests across the amount of time specified in the retrieval window.

" + "documentation":"

The configuration that tells Elemental MediaTailor how many seconds to spread out requests to the ad decision server (ADS). Instead of sending ADS requests for all sessions at the same time, MediaTailor spreads the requests across the amount of time specified in the retrieval window.

" }, "TrafficShapingTpsConfiguration":{ "type":"structure", @@ -3798,7 +3862,7 @@ "documentation":"

The expected peak number of concurrent viewers for your content. MediaTailor uses this value along with peak TPS to determine how to distribute prefetch requests across the available capacity without exceeding your ADS limits.

" } }, - "documentation":"

The configuration for TPS-based traffic shaping. This approach limits requests to the ad decision server (ADS) based on transactions per second and concurrent users, providing more intuitive capacity management compared to time-window based traffic shaping.

" + "documentation":"

The configuration for TPS-based traffic shaping. This approach limits requests to the ad decision server (ADS) based on transactions per second and concurrent users.

" }, "TrafficShapingType":{ "type":"string", diff --git a/awscli/botocore/data/route53resolver/2018-04-01/service-2.json b/awscli/botocore/data/route53resolver/2018-04-01/service-2.json index 45c04cf68f0f..9ceabbc52603 100644 --- a/awscli/botocore/data/route53resolver/2018-04-01/service-2.json +++ b/awscli/botocore/data/route53resolver/2018-04-01/service-2.json @@ -1362,7 +1362,7 @@ }, "Name":{ "shape":"Name", - "documentation":"

A name for the association that you're creating between a Resolver rule and a VPC.

" + "documentation":"

A name for the association that you're creating between a Resolver rule and a VPC.

The name can be up to 64 characters long and can contain letters (a-z, A-Z), numbers (0-9), hyphens (-), underscores (_), and spaces. The name cannot consist of only numbers.

" }, "VPCId":{ "shape":"ResourceId", @@ -1678,6 +1678,16 @@ "shape":"ProtocolList", "documentation":"

The protocols you want to use for the endpoint. DoH-FIPS is applicable for default inbound endpoints only.

For a default inbound endpoint you can apply the protocols as follows:

  • Do53 and DoH in combination.

  • Do53 and DoH-FIPS in combination.

  • Do53 alone.

  • DoH alone.

  • DoH-FIPS alone.

  • None, which is treated as Do53.

For a delegation inbound endpoint you can use Do53 only.

For an outbound endpoint you can apply the protocols as follows:

  • Do53 and DoH in combination.

  • Do53 alone.

  • DoH alone.

  • None, which is treated as Do53.

", "box":true + }, + "RniEnhancedMetricsEnabled":{ + "shape":"RniEnhancedMetricsEnabled", + "documentation":"

Specifies whether RNI enhanced metrics are enabled for the Resolver endpoints. When set to true, one-minute granular metrics are published in CloudWatch for each RNI associated with this endpoint. When set to false, metrics are not published. Default is false.

Standard CloudWatch pricing and charges are applied for using the Route 53 Resolver endpoint RNI enhanced metrics. For more information, see Detailed metrics.

", + "box":true + }, + "TargetNameServerMetricsEnabled":{ + "shape":"TargetNameServerMetricsEnabled", + "documentation":"

Specifies whether target name server metrics are enabled for the outbound Resolver endpoints. When set to true, one-minute granular metrics are published in CloudWatch for each target name server associated with this endpoint. When set to false, metrics are not published. Default is false. This is not supported for inbound Resolver endpoints.

Standard CloudWatch pricing and charges are applied for using the Route 53 Resolver endpoint target name server metrics. For more information, see Detailed metrics.

", + "box":true } } }, @@ -1740,7 +1750,7 @@ }, "Name":{ "shape":"Name", - "documentation":"

A friendly name that lets you easily find a rule in the Resolver dashboard in the Route 53 console.

" + "documentation":"

A friendly name that lets you easily find a rule in the Resolver dashboard in the Route 53 console.

The name can be up to 64 characters long and can contain letters (a-z, A-Z), numbers (0-9), hyphens (-), underscores (_), and spaces. The name cannot consist of only numbers.

" }, "RuleType":{ "shape":"RuleTypeOption", @@ -1753,7 +1763,7 @@ }, "TargetIps":{ "shape":"TargetList", - "documentation":"

The IPs that you want Resolver to forward DNS queries to. You can specify either Ipv4 or Ipv6 addresses but not both in the same rule. Separate IP addresses with a space.

TargetIps is available only when the value of Rule type is FORWARD.

", + "documentation":"

The IPs that you want Resolver to forward DNS queries to. You can specify either Ipv4 or Ipv6 addresses but not both in the same rule. Separate IP addresses with a space.

TargetIps is available only when the value of Rule type is FORWARD. You should not provide TargetIps when the Rule type is DELEGATE.

when creating a DELEGATE rule, you must not provide the TargetIps parameter. If you provide the TargetIps, you may receive an ERROR message similar to \"Delegate resolver rules need to specify a nameserver name\". This error means you should not provide TargetIps.

", "box":true }, "ResolverEndpointId":{ @@ -3944,6 +3954,14 @@ "Protocols":{ "shape":"ProtocolList", "documentation":"

Protocols used for the endpoint. DoH-FIPS is applicable for a default inbound endpoints only.

For an inbound endpoint you can apply the protocols as follows:

  • Do53 and DoH in combination.

  • Do53 and DoH-FIPS in combination.

  • Do53 alone.

  • DoH alone.

  • DoH-FIPS alone.

  • None, which is treated as Do53.

For a delegation inbound endpoint you can use Do53 only.

For an outbound endpoint you can apply the protocols as follows:

  • Do53 and DoH in combination.

  • Do53 alone.

  • DoH alone.

  • None, which is treated as Do53.

" + }, + "RniEnhancedMetricsEnabled":{ + "shape":"RniEnhancedMetricsEnabled", + "documentation":"

Indicates whether RNI enhanced metrics are enabled for the Resolver endpoint. When enabled, one-minute granular metrics are published in CloudWatch for each RNI associated with this endpoint. When disabled, these metrics are not published.

" + }, + "TargetNameServerMetricsEnabled":{ + "shape":"TargetNameServerMetricsEnabled", + "documentation":"

Indicates whether target name server metrics are enabled for the outbound Resolver endpoint. When enabled, one-minute granular metrics are published in CloudWatch for each target name server associated with this endpoint. When disabled, these metrics are not published. This feature is not supported for inbound Resolver endpoint.

" } }, "documentation":"

In the response to a CreateResolverEndpoint, DeleteResolverEndpoint, GetResolverEndpoint, Updates the name, or ResolverEndpointType for an endpoint, or UpdateResolverEndpoint request, a complex type that contains settings for an existing inbound or outbound Resolver endpoint.

" @@ -4139,7 +4157,7 @@ }, "Name":{ "shape":"Name", - "documentation":"

The name for the Resolver rule, which you specified when you created the Resolver rule.

" + "documentation":"

The name for the Resolver rule, which you specified when you created the Resolver rule.

The name can be up to 64 characters long and can contain letters (a-z, A-Z), numbers (0-9), hyphens (-), underscores (_), and spaces. The name cannot consist of only numbers.

" }, "TargetIps":{ "shape":"TargetList", @@ -4185,7 +4203,7 @@ }, "Name":{ "shape":"Name", - "documentation":"

The name of an association between a Resolver rule and a VPC.

" + "documentation":"

The name of an association between a Resolver rule and a VPC.

The name can be up to 64 characters long and can contain letters (a-z, A-Z), numbers (0-9), hyphens (-), underscores (_), and spaces. The name cannot consist of only numbers.

" }, "VPCId":{ "shape":"ResourceId", @@ -4221,7 +4239,7 @@ "members":{ "Name":{ "shape":"Name", - "documentation":"

The new name for the Resolver rule. The name that you specify appears in the Resolver dashboard in the Route 53 console.

" + "documentation":"

The new name for the Resolver rule. The name that you specify appears in the Resolver dashboard in the Route 53 console.

The name can be up to 64 characters long and can contain letters (a-z, A-Z), numbers (0-9), hyphens (-), underscores (_), and spaces. The name cannot consist of only numbers.

" }, "TargetIps":{ "shape":"TargetList", @@ -4309,6 +4327,7 @@ "max":40, "min":20 }, + "RniEnhancedMetricsEnabled":{"type":"boolean"}, "RuleTypeOption":{ "type":"string", "enum":[ @@ -4465,6 +4484,7 @@ "member":{"shape":"TargetAddress"}, "min":1 }, + "TargetNameServerMetricsEnabled":{"type":"boolean"}, "ThrottlingException":{ "type":"structure", "members":{ @@ -4826,6 +4846,16 @@ "shape":"ProtocolList", "documentation":"

The protocols you want to use for the endpoint. DoH-FIPS is applicable for default inbound endpoints only.

For a default inbound endpoint you can apply the protocols as follows:

  • Do53 and DoH in combination.

  • Do53 and DoH-FIPS in combination.

  • Do53 alone.

  • DoH alone.

  • DoH-FIPS alone.

  • None, which is treated as Do53.

For a delegation inbound endpoint you can use Do53 only.

For an outbound endpoint you can apply the protocols as follows:

  • Do53 and DoH in combination.

  • Do53 alone.

  • DoH alone.

  • None, which is treated as Do53.

You can't change the protocol of an inbound endpoint directly from only Do53 to only DoH, or DoH-FIPS. This is to prevent a sudden disruption to incoming traffic that relies on Do53. To change the protocol from Do53 to DoH, or DoH-FIPS, you must first enable both Do53 and DoH, or Do53 and DoH-FIPS, to make sure that all incoming traffic has transferred to using the DoH protocol, or DoH-FIPS, and then remove the Do53.

", "box":true + }, + "RniEnhancedMetricsEnabled":{ + "shape":"RniEnhancedMetricsEnabled", + "documentation":"

Updates whether RNI enhanced metrics are enabled for the Resolver endpoints. When set to true, one-minute granular metrics are published in CloudWatch for each RNI associated with this endpoint. When set to false, metrics are not published.

Standard CloudWatch pricing and charges are applied for using the Route 53 Resolver endpoint RNI enhanced metrics. For more information, see Detailed metrics.

", + "box":true + }, + "TargetNameServerMetricsEnabled":{ + "shape":"TargetNameServerMetricsEnabled", + "documentation":"

Updates whether target name server metrics are enabled for the outbound Resolver endpoints. When set to true, one-minute granular metrics are published in CloudWatch for each target name server associated with this endpoint. When set to false, metrics are not published. This setting is not supported for inbound Resolver endpoints.

Standard CloudWatch pricing and charges are applied for using the Route 53 Resolver endpoint target name server metrics. For more information, see Detailed metrics.

", + "box":true } } }, diff --git a/awscli/botocore/data/s3/2006-03-01/service-2.json b/awscli/botocore/data/s3/2006-03-01/service-2.json index 02829ec08af7..48b3438ee0e6 100644 --- a/awscli/botocore/data/s3/2006-03-01/service-2.json +++ b/awscli/botocore/data/s3/2006-03-01/service-2.json @@ -6870,7 +6870,8 @@ "BucketKeyStatus", "ChecksumAlgorithm", "ObjectAccessControlList", - "ObjectOwner" + "ObjectOwner", + "LifecycleExpirationDate" ] }, "InventoryOptionalFields":{ diff --git a/awscli/botocore/data/service-quotas/2019-06-24/service-2.json b/awscli/botocore/data/service-quotas/2019-06-24/service-2.json index 8b60b8588769..83e2365aeaaf 100644 --- a/awscli/botocore/data/service-quotas/2019-06-24/service-2.json +++ b/awscli/botocore/data/service-quotas/2019-06-24/service-2.json @@ -149,6 +149,23 @@ ], "documentation":"

Retrieves information about your Service Quotas Automatic Management configuration. Automatic Management monitors your Service Quotas utilization and notifies you before you run out of your allocated quotas.

" }, + "GetQuotaUtilizationReport":{ + "name":"GetQuotaUtilizationReport", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetQuotaUtilizationReportRequest"}, + "output":{"shape":"GetQuotaUtilizationReportResponse"}, + "errors":[ + {"shape":"TooManyRequestsException"}, + {"shape":"NoSuchResourceException"}, + {"shape":"IllegalArgumentException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ServiceException"} + ], + "documentation":"

Retrieves the quota utilization report for your Amazon Web Services account. This operation returns paginated results showing your quota usage across all Amazon Web Services services, sorted by utilization percentage in descending order (highest utilization first).

You must first initiate a report using the StartQuotaUtilizationReport operation. The report generation process is asynchronous and may take several seconds to complete. Poll this operation periodically to check the status and retrieve results when the report is ready.

Each report contains up to 1,000 quota records per page. Use the NextToken parameter to retrieve additional pages of results. Reports are automatically deleted after 15 minutes.

" + }, "GetRequestedServiceQuotaChange":{ "name":"GetRequestedServiceQuotaChange", "http":{ @@ -390,6 +407,24 @@ ], "documentation":"

Starts Service Quotas Automatic Management for an Amazon Web Services account, including notification preferences and excluded quotas configurations. Automatic Management monitors your Service Quotas utilization and notifies you before you run out of your allocated quotas.

" }, + "StartQuotaUtilizationReport":{ + "name":"StartQuotaUtilizationReport", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"StartQuotaUtilizationReportRequest"}, + "output":{"shape":"StartQuotaUtilizationReportResponse"}, + "errors":[ + {"shape":"TooManyRequestsException"}, + {"shape":"NoSuchResourceException"}, + {"shape":"IllegalArgumentException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ServiceException"}, + {"shape":"InvalidPaginationTokenException"} + ], + "documentation":"

Initiates the generation of a quota utilization report for your Amazon Web Services account. This asynchronous operation analyzes your quota usage across all Amazon Web Services services and returns a unique report identifier that you can use to retrieve the results.

The report generation process may take several seconds to complete, depending on the number of quotas in your account. Use the GetQuotaUtilizationReport operation to check the status and retrieve the results when the report is ready.

" + }, "StopAutoManagement":{ "name":"StopAutoManagement", "http":{ @@ -492,6 +527,11 @@ "ALL" ] }, + "AppliedValue":{ + "type":"double", + "max":10000000000, + "min":0 + }, "AssociateServiceQuotaTemplateRequest":{ "type":"structure", "members":{} @@ -522,6 +562,11 @@ }, "CustomerServiceEngagementId":{"type":"string"}, "DateTime":{"type":"timestamp"}, + "DefaultValue":{ + "type":"double", + "max":10000000000, + "min":0 + }, "DeleteServiceQuotaIncreaseRequestFromTemplateRequest":{ "type":"structure", "required":[ @@ -683,6 +728,61 @@ } } }, + "GetQuotaUtilizationReportRequest":{ + "type":"structure", + "required":["ReportId"], + "members":{ + "ReportId":{ + "shape":"ReportId", + "documentation":"

The unique identifier for the quota utilization report. This identifier is returned by the StartQuotaUtilizationReport operation.

" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

A token that indicates the next page of results to retrieve. This token is returned in the response when there are more results available. Omit this parameter for the first request.

" + }, + "MaxResults":{ + "shape":"MaxResultsUtilization", + "documentation":"

The maximum number of results to return per page. The default value is 1,000 and the maximum allowed value is 1,000.

" + } + } + }, + "GetQuotaUtilizationReportResponse":{ + "type":"structure", + "members":{ + "ReportId":{ + "shape":"ReportId", + "documentation":"

The unique identifier for the quota utilization report.

" + }, + "Status":{ + "shape":"ReportStatus", + "documentation":"

The current status of the report generation. Possible values are:

  • PENDING - The report generation is in progress. Retry this operation after a few seconds.

  • IN_PROGRESS - The report is being processed. Continue polling until the status changes to COMPLETED.

  • COMPLETED - The report is ready and quota utilization data is available in the response.

  • FAILED - The report generation failed. Check the ErrorCode and ErrorMessage fields for details.

" + }, + "GeneratedAt":{ + "shape":"DateTime", + "documentation":"

The timestamp when the report was generated, in ISO 8601 format.

" + }, + "TotalCount":{ + "shape":"TotalCount", + "documentation":"

The total number of quotas included in the report across all pages.

" + }, + "Quotas":{ + "shape":"QuotaUtilizationInfoList", + "documentation":"

A list of quota utilization records, sorted by utilization percentage in descending order. Each record includes the quota code, service code, service name, quota name, namespace, utilization percentage, default value, applied value, and whether the quota is adjustable. Up to 1,000 records are returned per page.

" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

A token that indicates more results are available. Include this token in the next request to retrieve the next page of results. If this field is not present, you have retrieved all available results.

" + }, + "ErrorCode":{ + "shape":"ReportErrorCode", + "documentation":"

An error code indicating the reason for failure when the report status is FAILED. This field is only present when the status is FAILED.

" + }, + "ErrorMessage":{ + "shape":"ReportErrorMessage", + "documentation":"

A detailed error message describing the failure when the report status is FAILED. This field is only present when the status is FAILED.

" + } + } + }, "GetRequestedServiceQuotaChangeRequest":{ "type":"structure", "required":["RequestId"], @@ -1035,6 +1135,11 @@ "max":100, "min":1 }, + "MaxResultsUtilization":{ + "type":"integer", + "max":1000, + "min":1 + }, "MetricDimensionName":{"type":"string"}, "MetricDimensionValue":{"type":"string"}, "MetricDimensionsMapDefinition":{ @@ -1251,11 +1356,91 @@ "documentation":"

Information about the quota period.

" }, "QuotaUnit":{"type":"string"}, + "QuotaUtilizationInfo":{ + "type":"structure", + "members":{ + "QuotaCode":{ + "shape":"QuotaCode", + "documentation":"

The quota identifier.

" + }, + "ServiceCode":{ + "shape":"ServiceCode", + "documentation":"

The service identifier.

" + }, + "QuotaName":{ + "shape":"QuotaName", + "documentation":"

The quota name.

" + }, + "Namespace":{ + "shape":"QuotaMetricNamespace", + "documentation":"

The namespace of the metric used to track quota usage.

" + }, + "Utilization":{ + "shape":"UtilizationPct", + "documentation":"

The utilization percentage of the quota, calculated as (current usage / applied value) × 100. Values range from 0.0 to 100.0 or higher if usage exceeds the quota limit.

" + }, + "DefaultValue":{ + "shape":"DefaultValue", + "documentation":"

The default value of the quota.

" + }, + "AppliedValue":{ + "shape":"AppliedValue", + "documentation":"

The applied value of the quota, which may be higher than the default value if a quota increase has been requested and approved.

" + }, + "ServiceName":{ + "shape":"ServiceName", + "documentation":"

The service name.

" + }, + "Adjustable":{ + "shape":"QuotaAdjustable", + "documentation":"

Indicates whether the quota value can be increased.

" + } + }, + "documentation":"

Information about a quota's utilization, including the quota code, service information, current usage, and applied limits.

" + }, + "QuotaUtilizationInfoList":{ + "type":"list", + "member":{"shape":"QuotaUtilizationInfo"}, + "max":1000 + }, "QuotaValue":{ "type":"double", "max":10000000000, "min":0 }, + "ReportErrorCode":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[a-zA-Z][a-zA-Z0-9]*" + }, + "ReportErrorMessage":{ + "type":"string", + "max":1024, + "min":0, + "pattern":"^.*$" + }, + "ReportId":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[0-9a-zA-Z][a-zA-Z0-9-]{1,128}" + }, + "ReportMessage":{ + "type":"string", + "max":350, + "min":0, + "pattern":"^.{0,350}$" + }, + "ReportStatus":{ + "type":"string", + "enum":[ + "PENDING", + "IN_PROGRESS", + "COMPLETED", + "FAILED" + ] + }, "RequestId":{ "type":"string", "max":128, @@ -1313,6 +1498,10 @@ "INVALID_REQUEST" ] }, + "RequestType":{ + "type":"string", + "enum":["AutomaticManagement"] + }, "RequestedServiceQuotaChange":{ "type":"structure", "members":{ @@ -1320,6 +1509,10 @@ "shape":"RequestId", "documentation":"

The unique identifier.

" }, + "RequestType":{ + "shape":"RequestType", + "documentation":"

The type of quota increase request. Possible values include:

  • AutomaticManagement - The request was automatically created by Service Quotas Automatic Management when quota utilization approached the limit.

If this field is not present, the request was manually created by a user.

" + }, "CaseId":{ "shape":"CustomerServiceEngagementId", "documentation":"

The case ID.

" @@ -1586,6 +1779,27 @@ "type":"structure", "members":{} }, + "StartQuotaUtilizationReportRequest":{ + "type":"structure", + "members":{} + }, + "StartQuotaUtilizationReportResponse":{ + "type":"structure", + "members":{ + "ReportId":{ + "shape":"ReportId", + "documentation":"

A unique identifier for the quota utilization report. Use this identifier with the GetQuotaUtilizationReport operation to retrieve the report results.

" + }, + "Status":{ + "shape":"ReportStatus", + "documentation":"

The current status of the report generation. The status will be PENDING when the report is first initiated.

" + }, + "Message":{ + "shape":"ReportMessage", + "documentation":"

An optional message providing additional information about the report generation status. This field may contain details about the report initiation or indicate if an existing recent report is being reused.

" + } + } + }, "Statistic":{ "type":"string", "max":256, @@ -1684,6 +1898,11 @@ "documentation":"

You've exceeded the number of tags allowed for a resource. For more information, see Tag restrictions in the Service Quotas User Guide.

", "exception":true }, + "TotalCount":{ + "type":"integer", + "max":2147483647, + "min":0 + }, "UntagResourceRequest":{ "type":"structure", "required":[ @@ -1725,7 +1944,8 @@ "UpdateAutoManagementResponse":{ "type":"structure", "members":{} - } + }, + "UtilizationPct":{"type":"double"} }, "documentation":"

With Service Quotas, you can view and manage your quotas easily as your Amazon Web Services workloads grow. Quotas, also referred to as limits, are the maximum number of resources that you can create in your Amazon Web Services account. For more information, see the Service Quotas User Guide.

You need Amazon Web Services CLI version 2.13.20 or higher to view and manage resource-level quotas such as Instances per domain for Amazon OpenSearch Service.

" } diff --git a/tests/functional/botocore/endpoint-rules/health/endpoint-tests-1.json b/tests/functional/botocore/endpoint-rules/health/endpoint-tests-1.json index 5d268ee9aac6..ea40a667ac79 100644 --- a/tests/functional/botocore/endpoint-rules/health/endpoint-tests-1.json +++ b/tests/functional/botocore/endpoint-rules/health/endpoint-tests-1.json @@ -308,6 +308,523 @@ "expect": { "error": "Invalid Configuration: Missing Region" } + }, + { + "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://health.us-east-1.amazonaws.com" + } + }, + "params": { + "Region": "us-east-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://health.us-east-1.api.aws" + } + }, + "params": { + "Region": "us-east-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://health-fips.us-east-1.amazonaws.com" + } + }, + "params": { + "Region": "us-east-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://health-fips.us-east-1.api.aws" + } + }, + "params": { + "Region": "us-east-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region aws-global with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingName": "health", + "signingRegion": "us-east-1" + } + ] + }, + "url": "https://global.health.amazonaws.com" + } + }, + "params": { + "Region": "aws-global", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://health.cn-north-1.amazonaws.com.cn" + } + }, + "params": { + "Region": "cn-north-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://health.cn-north-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "Region": "cn-north-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://health-fips.cn-north-1.amazonaws.com.cn" + } + }, + "params": { + "Region": "cn-north-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://health-fips.cn-north-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "Region": "cn-north-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region aws-cn-global with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingName": "health", + "signingRegion": "cn-northwest-1" + } + ] + }, + "url": "https://global.health.amazonaws.com.cn" + } + }, + "params": { + "Region": "aws-cn-global", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://health.us-gov-east-1.amazonaws.com" + } + }, + "params": { + "Region": "us-gov-east-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://health.us-gov-east-1.api.aws" + } + }, + "params": { + "Region": "us-gov-east-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://health-fips.us-gov-east-1.amazonaws.com" + } + }, + "params": { + "Region": "us-gov-east-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://health-fips.us-gov-east-1.api.aws" + } + }, + "params": { + "Region": "us-gov-east-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://health.us-iso-east-1.c2s.ic.gov" + } + }, + "params": { + "Region": "us-iso-east-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://health-fips.us-iso-east-1.c2s.ic.gov" + } + }, + "params": { + "Region": "us-iso-east-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://health.us-isob-east-1.sc2s.sgov.gov" + } + }, + "params": { + "Region": "us-isob-east-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://health.us-iso-east-1.api.aws.ic.gov" + } + }, + "params": { + "Region": "us-iso-east-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://health-fips.us-iso-east-1.api.aws.ic.gov" + } + }, + "params": { + "Region": "us-iso-east-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://health-fips.us-isob-east-1.sc2s.sgov.gov" + } + }, + "params": { + "Region": "us-isob-east-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://health.us-isob-east-1.api.aws.scloud" + } + }, + "params": { + "Region": "us-isob-east-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://health-fips.us-isob-east-1.api.aws.scloud" + } + }, + "params": { + "Region": "us-isob-east-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region us-isof-south-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://health.us-isof-south-1.csp.hci.ic.gov" + } + }, + "params": { + "Region": "us-isof-south-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region us-isof-south-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://health.us-isof-south-1.api.aws.hci.ic.gov" + } + }, + "params": { + "Region": "us-isof-south-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region us-isof-south-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://health-fips.us-isof-south-1.csp.hci.ic.gov" + } + }, + "params": { + "Region": "us-isof-south-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region us-isof-south-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://health-fips.us-isof-south-1.api.aws.hci.ic.gov" + } + }, + "params": { + "Region": "us-isof-south-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region eu-isoe-west-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://health.eu-isoe-west-1.cloud.adc-e.uk" + } + }, + "params": { + "Region": "eu-isoe-west-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region eu-isoe-west-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://health.eu-isoe-west-1.api.cloud-aws.adc-e.uk" + } + }, + "params": { + "Region": "eu-isoe-west-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region eu-isoe-west-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://health-fips.eu-isoe-west-1.cloud.adc-e.uk" + } + }, + "params": { + "Region": "eu-isoe-west-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region eu-isoe-west-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://health-fips.eu-isoe-west-1.api.cloud-aws.adc-e.uk" + } + }, + "params": { + "Region": "eu-isoe-west-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region eusc-de-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://health.eusc-de-east-1.api.amazonwebservices.eu" + } + }, + "params": { + "Region": "eusc-de-east-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region eusc-de-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://health.eusc-de-east-1.api.amazonwebservices.eu" + } + }, + "params": { + "Region": "eusc-de-east-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region eusc-de-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://health-fips.eusc-de-east-1.api.amazonwebservices.eu" + } + }, + "params": { + "Region": "eusc-de-east-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region eusc-de-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://health-fips.eusc-de-east-1.api.amazonwebservices.eu" + } + }, + "params": { + "Region": "eusc-de-east-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For custom endpoint with region set and fips disabled and dualstack disabled", + "expect": { + "endpoint": { + "url": "https://example.com" + } + }, + "params": { + "Region": "us-east-1", + "UseFIPS": false, + "UseDualStack": false, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "For custom endpoint with region not set and fips disabled and dualstack disabled", + "expect": { + "endpoint": { + "url": "https://example.com" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": false, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "Missing region", + "expect": { + "error": "Invalid Configuration: Missing Region" + } + }, + { + "documentation": "For custom endpoint with fips enabled and dualstack disabled", + "expect": { + "error": "Invalid Configuration: FIPS and custom endpoint are not supported" + }, + "params": { + "Region": "us-east-1", + "UseFIPS": true, + "UseDualStack": false, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "For custom endpoint with fips disabled and dualstack enabled", + "expect": { + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported" + }, + "params": { + "Region": "us-east-1", + "UseFIPS": false, + "UseDualStack": true, + "Endpoint": "https://example.com" + } } ], "version": "1.0" From 41c4e270ff075c7490740f15f72a9a0668446f23 Mon Sep 17 00:00:00 2001 From: aws-sdk-python-automation Date: Mon, 15 Dec 2025 19:06:54 +0000 Subject: [PATCH 16/37] Bump version to 2.32.17 --- .changes/2.32.17.json | 57 +++++++++++++++++++ ...-change-bedrockagentcorecontrol-32839.json | 5 -- .../api-change-connect-98913.json | 5 -- .../next-release/api-change-ec2-10233.json | 5 -- .../api-change-entityresolution-96381.json | 5 -- .../api-change-glacier-28883.json | 5 -- .../next-release/api-change-health-97125.json | 5 -- .../next-release/api-change-logs-7711.json | 5 -- .../api-change-mediatailor-4145.json | 5 -- .../api-change-route53resolver-82831.json | 5 -- .../next-release/api-change-s3-36038.json | 5 -- .../api-change-servicequotas-59393.json | 5 -- CHANGELOG.rst | 16 ++++++ awscli/__init__.py | 2 +- configure | 14 ++--- configure.ac | 2 +- doc/source/conf.py | 2 +- 17 files changed, 83 insertions(+), 65 deletions(-) create mode 100644 .changes/2.32.17.json delete mode 100644 .changes/next-release/api-change-bedrockagentcorecontrol-32839.json delete mode 100644 .changes/next-release/api-change-connect-98913.json delete mode 100644 .changes/next-release/api-change-ec2-10233.json delete mode 100644 .changes/next-release/api-change-entityresolution-96381.json delete mode 100644 .changes/next-release/api-change-glacier-28883.json delete mode 100644 .changes/next-release/api-change-health-97125.json delete mode 100644 .changes/next-release/api-change-logs-7711.json delete mode 100644 .changes/next-release/api-change-mediatailor-4145.json delete mode 100644 .changes/next-release/api-change-route53resolver-82831.json delete mode 100644 .changes/next-release/api-change-s3-36038.json delete mode 100644 .changes/next-release/api-change-servicequotas-59393.json diff --git a/.changes/2.32.17.json b/.changes/2.32.17.json new file mode 100644 index 000000000000..ec1be538a243 --- /dev/null +++ b/.changes/2.32.17.json @@ -0,0 +1,57 @@ +[ + { + "category": "``bedrock-agentcore-control``", + "description": "This release updates broken links for AgentCore Policy APIs in the AWS CLI and SDK resources.", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "EC2 Capacity Manager now supports SpotTotalCount, SpotTotalInterruptions and SpotInterruptionRate metrics for both vCPU and instance units.", + "type": "api-change" + }, + { + "category": "``logs``", + "description": "This release allows you to import your historical CloudTrail Lake data into CloudWatch with a few steps, enabling you to easily consolidate operational, security, and compliance data in one place.", + "type": "api-change" + }, + { + "category": "``health``", + "description": "Updating Health API endpoint generation for dualstack only regions", + "type": "api-change" + }, + { + "category": "``route53resolver``", + "description": "Adds support for enabling detailed metrics on Route 53 Resolver endpoints using RniEnhancedMetricsEnabled and TargetNameServerMetricsEnabled in the CreateResolverEndpoint and UpdateResolverEndpoint APIs, providing enhanced visibility into Resolver endpoint and target name server performance.", + "type": "api-change" + }, + { + "category": "``connect``", + "description": "Amazon Connect now supports outbound WhatsApp contacts via the Send message block or StartOutboundChatContact API. Send proactive messages for surveys, reminders, and updates. Offer customers the option to switch to WhatsApp while in queue, eliminating hold time.", + "type": "api-change" + }, + { + "category": "``service-quotas``", + "description": "Add support for SQ Dashboard Api", + "type": "api-change" + }, + { + "category": "``mediatailor``", + "description": "Added support for Ad Decision Server Configuration enabling HTTP POST requests with custom bodies, headers, GZIP compression, and dynamic variables. No changes required for existing GET request configurations.", + "type": "api-change" + }, + { + "category": "``glacier``", + "description": "Documentation updates for Amazon Glacier's maintenance mode", + "type": "api-change" + }, + { + "category": "``entityresolution``", + "description": "Support Customer Profiles Integration for AWS Entity Resolution", + "type": "api-change" + }, + { + "category": "``s3``", + "description": "This release adds support for the new optional field 'LifecycleExpirationDate' in S3 Inventory configurations.", + "type": "api-change" + } +] \ No newline at end of file diff --git a/.changes/next-release/api-change-bedrockagentcorecontrol-32839.json b/.changes/next-release/api-change-bedrockagentcorecontrol-32839.json deleted file mode 100644 index 1841507480ef..000000000000 --- a/.changes/next-release/api-change-bedrockagentcorecontrol-32839.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``bedrock-agentcore-control``", - "description": "This release updates broken links for AgentCore Policy APIs in the AWS CLI and SDK resources." -} diff --git a/.changes/next-release/api-change-connect-98913.json b/.changes/next-release/api-change-connect-98913.json deleted file mode 100644 index 80155f22d64d..000000000000 --- a/.changes/next-release/api-change-connect-98913.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``connect``", - "description": "Amazon Connect now supports outbound WhatsApp contacts via the Send message block or StartOutboundChatContact API. Send proactive messages for surveys, reminders, and updates. Offer customers the option to switch to WhatsApp while in queue, eliminating hold time." -} diff --git a/.changes/next-release/api-change-ec2-10233.json b/.changes/next-release/api-change-ec2-10233.json deleted file mode 100644 index 663692319dfb..000000000000 --- a/.changes/next-release/api-change-ec2-10233.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``ec2``", - "description": "EC2 Capacity Manager now supports SpotTotalCount, SpotTotalInterruptions and SpotInterruptionRate metrics for both vCPU and instance units." -} diff --git a/.changes/next-release/api-change-entityresolution-96381.json b/.changes/next-release/api-change-entityresolution-96381.json deleted file mode 100644 index 2d8bc44fcc60..000000000000 --- a/.changes/next-release/api-change-entityresolution-96381.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``entityresolution``", - "description": "Support Customer Profiles Integration for AWS Entity Resolution" -} diff --git a/.changes/next-release/api-change-glacier-28883.json b/.changes/next-release/api-change-glacier-28883.json deleted file mode 100644 index 14e46cffb531..000000000000 --- a/.changes/next-release/api-change-glacier-28883.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``glacier``", - "description": "Documentation updates for Amazon Glacier's maintenance mode" -} diff --git a/.changes/next-release/api-change-health-97125.json b/.changes/next-release/api-change-health-97125.json deleted file mode 100644 index 76d5b1ed422b..000000000000 --- a/.changes/next-release/api-change-health-97125.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``health``", - "description": "Updating Health API endpoint generation for dualstack only regions" -} diff --git a/.changes/next-release/api-change-logs-7711.json b/.changes/next-release/api-change-logs-7711.json deleted file mode 100644 index 44501b7e18b4..000000000000 --- a/.changes/next-release/api-change-logs-7711.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``logs``", - "description": "This release allows you to import your historical CloudTrail Lake data into CloudWatch with a few steps, enabling you to easily consolidate operational, security, and compliance data in one place." -} diff --git a/.changes/next-release/api-change-mediatailor-4145.json b/.changes/next-release/api-change-mediatailor-4145.json deleted file mode 100644 index 8c12f727fd36..000000000000 --- a/.changes/next-release/api-change-mediatailor-4145.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``mediatailor``", - "description": "Added support for Ad Decision Server Configuration enabling HTTP POST requests with custom bodies, headers, GZIP compression, and dynamic variables. No changes required for existing GET request configurations." -} diff --git a/.changes/next-release/api-change-route53resolver-82831.json b/.changes/next-release/api-change-route53resolver-82831.json deleted file mode 100644 index 228100c7029f..000000000000 --- a/.changes/next-release/api-change-route53resolver-82831.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``route53resolver``", - "description": "Adds support for enabling detailed metrics on Route 53 Resolver endpoints using RniEnhancedMetricsEnabled and TargetNameServerMetricsEnabled in the CreateResolverEndpoint and UpdateResolverEndpoint APIs, providing enhanced visibility into Resolver endpoint and target name server performance." -} diff --git a/.changes/next-release/api-change-s3-36038.json b/.changes/next-release/api-change-s3-36038.json deleted file mode 100644 index 06ecaa4ab92c..000000000000 --- a/.changes/next-release/api-change-s3-36038.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``s3``", - "description": "This release adds support for the new optional field 'LifecycleExpirationDate' in S3 Inventory configurations." -} diff --git a/.changes/next-release/api-change-servicequotas-59393.json b/.changes/next-release/api-change-servicequotas-59393.json deleted file mode 100644 index 5c0e7d1f7025..000000000000 --- a/.changes/next-release/api-change-servicequotas-59393.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``service-quotas``", - "description": "Add support for SQ Dashboard Api" -} diff --git a/CHANGELOG.rst b/CHANGELOG.rst index e5ba2a8f749d..bc64d0772dc5 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -2,6 +2,22 @@ CHANGELOG ========= +2.32.17 +======= + +* api-change:``bedrock-agentcore-control``: This release updates broken links for AgentCore Policy APIs in the AWS CLI and SDK resources. +* api-change:``ec2``: EC2 Capacity Manager now supports SpotTotalCount, SpotTotalInterruptions and SpotInterruptionRate metrics for both vCPU and instance units. +* api-change:``logs``: This release allows you to import your historical CloudTrail Lake data into CloudWatch with a few steps, enabling you to easily consolidate operational, security, and compliance data in one place. +* api-change:``health``: Updating Health API endpoint generation for dualstack only regions +* api-change:``route53resolver``: Adds support for enabling detailed metrics on Route 53 Resolver endpoints using RniEnhancedMetricsEnabled and TargetNameServerMetricsEnabled in the CreateResolverEndpoint and UpdateResolverEndpoint APIs, providing enhanced visibility into Resolver endpoint and target name server performance. +* api-change:``connect``: Amazon Connect now supports outbound WhatsApp contacts via the Send message block or StartOutboundChatContact API. Send proactive messages for surveys, reminders, and updates. Offer customers the option to switch to WhatsApp while in queue, eliminating hold time. +* api-change:``service-quotas``: Add support for SQ Dashboard Api +* api-change:``mediatailor``: Added support for Ad Decision Server Configuration enabling HTTP POST requests with custom bodies, headers, GZIP compression, and dynamic variables. No changes required for existing GET request configurations. +* api-change:``glacier``: Documentation updates for Amazon Glacier's maintenance mode +* api-change:``entityresolution``: Support Customer Profiles Integration for AWS Entity Resolution +* api-change:``s3``: This release adds support for the new optional field 'LifecycleExpirationDate' in S3 Inventory configurations. + + 2.32.16 ======= diff --git a/awscli/__init__.py b/awscli/__init__.py index 679b5a3c817a..486a251aa0a0 100644 --- a/awscli/__init__.py +++ b/awscli/__init__.py @@ -20,7 +20,7 @@ import os import sys -__version__ = '2.32.16' +__version__ = '2.32.17' # # Get our data path to be added to botocore's search path diff --git a/configure b/configure index 7fdf291dc88d..d768d914b9ee 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for awscli 2.32.16. +# Generated by GNU Autoconf 2.71 for awscli 2.32.17. # # # Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation, @@ -607,8 +607,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='awscli' PACKAGE_TARNAME='awscli' -PACKAGE_VERSION='2.32.16' -PACKAGE_STRING='awscli 2.32.16' +PACKAGE_VERSION='2.32.17' +PACKAGE_STRING='awscli 2.32.17' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1255,7 +1255,7 @@ _ACEOF fi if $ac_init_version; then cat <<\_ACEOF -awscli configure 2.32.16 +awscli configure 2.32.17 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. @@ -1292,7 +1292,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by awscli $as_me 2.32.16, which was +It was created by awscli $as_me 2.32.17, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -2668,7 +2668,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by awscli $as_me 2.32.16, which was +This file was extended by awscli $as_me 2.32.17, which was generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -2723,7 +2723,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -awscli config.status 2.32.16 +awscli config.status 2.32.17 configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 53947e3f5319..ca45f2803c0c 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ AC_CONFIG_MACRO_DIRS([m4]) -AC_INIT([awscli], [2.32.16]) +AC_INIT([awscli], [2.32.17]) AC_CONFIG_SRCDIR([bin/aws]) AM_PATH_PYTHON([3.8]) diff --git a/doc/source/conf.py b/doc/source/conf.py index c5b5094146c3..db1e0fca21b5 100644 --- a/doc/source/conf.py +++ b/doc/source/conf.py @@ -66,7 +66,7 @@ # The short X.Y version. version = '2.0' # The full version, including alpha/beta/rc tags. -release = '2.32.16' +release = '2.32.17' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. From 6e36a98f2b0bfee985a461d3d3d0bd85ac0b05db Mon Sep 17 00:00:00 2001 From: Steve Yoo <106777148+hssyoo@users.noreply.github.com> Date: Mon, 15 Dec 2025 16:04:51 -0500 Subject: [PATCH 17/37] [v2] Add GitHub Actions build workflow (#9918) --- .github/workflows/pull-request-build.yaml | 54 +++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 .github/workflows/pull-request-build.yaml diff --git a/.github/workflows/pull-request-build.yaml b/.github/workflows/pull-request-build.yaml new file mode 100644 index 000000000000..cab556280d5c --- /dev/null +++ b/.github/workflows/pull-request-build.yaml @@ -0,0 +1,54 @@ +name: Build SDK +on: + pull_request_review: + types: [ opened, synchronize, ready_for_review ] + +concurrency: + group: start-pull-request-build-${{ github.ref }} + cancel-in-progress: true + +env: + # constants + DOWNLOAD_FOLDER: '.build-scripts/' + SCRIPT_LOCATION: 'workflows/start-pull-request-build/pull-request-build-v1.sh' + + # custom variables + IAM_ROLE_ARN: 'arn:aws:iam::807479859547:role/AwsCliGitHubRole' + ROLE_SESSION_DURATION_SECONDS: 7200 + +jobs: + aws-sdk-pr-build: + if: github.event.pull_request.draft == false + runs-on: ubuntu-latest + permissions: + id-token: write + issues: write + pull-requests: write + contents: read + steps: + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@main + with: + role-to-assume: '$IAM_ROLE_ARN' + role-session-name: PullRequestBuildGitHubAction + role-duration-seconds: '$ROLE_SESSION_DURATION_SECONDS' + aws-region: us-west-2 + - name: Download Build Script + run: | + aws s3 cp s3://aws-sdk-builds-github-assets-prod-us-west-2/$SCRIPT_LOCATION ./$DOWNLOAD_FOLDER/$SCRIPT_LOCATION --no-progress + chmod +x ./$DOWNLOAD_FOLDER/$SCRIPT_LOCATION + - name: Build + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + REPO: ${{ github.repository }} + HEAD_REF: ${{ github.event.pull_request.head.ref }} + PR_NUMBER: ${{ github.event.pull_request.number }} + RUN_ID: ${{ github.run_id }} + run: | + ./$DOWNLOAD_FOLDER/$SCRIPT_LOCATION \ + --repo "$REPO" \ + --branch "$HEAD_REF" \ + --pr-number "$PR_NUMBER" \ + --run-id "$RUN_ID" + timeout-minutes: 120 + From 926c63aa0a9f833dace86829028415a543fdc017 Mon Sep 17 00:00:00 2001 From: aws-sdk-python-automation Date: Tue, 16 Dec 2025 19:58:06 +0000 Subject: [PATCH 18/37] Update to latest models --- .../next-release/api-change-iot-84843.json | 5 + .../api-change-timestreaminfluxdb-73970.json | 5 + .../data/iot/2015-05-28/service-2.json | 188 ++++++++++++++++-- .../2023-01-27/service-2.json | 188 +++++++++++++++++- 4 files changed, 367 insertions(+), 19 deletions(-) create mode 100644 .changes/next-release/api-change-iot-84843.json create mode 100644 .changes/next-release/api-change-timestreaminfluxdb-73970.json diff --git a/.changes/next-release/api-change-iot-84843.json b/.changes/next-release/api-change-iot-84843.json new file mode 100644 index 000000000000..35d39b71eeeb --- /dev/null +++ b/.changes/next-release/api-change-iot-84843.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``iot``", + "description": "Add support for dynamic payloads in IoT Device Management Commands" +} diff --git a/.changes/next-release/api-change-timestreaminfluxdb-73970.json b/.changes/next-release/api-change-timestreaminfluxdb-73970.json new file mode 100644 index 000000000000..eb56fa5636a0 --- /dev/null +++ b/.changes/next-release/api-change-timestreaminfluxdb-73970.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``timestream-influxdb``", + "description": "This release adds support for rebooting InfluxDB DbInstances and DbClusters" +} diff --git a/awscli/botocore/data/iot/2015-05-28/service-2.json b/awscli/botocore/data/iot/2015-05-28/service-2.json index ffee5f7d79ed..b50ef8443bd4 100644 --- a/awscli/botocore/data/iot/2015-05-28/service-2.json +++ b/awscli/botocore/data/iot/2015-05-28/service-2.json @@ -1788,7 +1788,7 @@ {"shape":"ServiceUnavailableException"}, {"shape":"InternalFailureException"} ], - "documentation":"

Retrieves the encryption configuration for resources and data of your Amazon Web Services account in Amazon Web Services IoT Core. For more information, see Key management in IoT from the Amazon Web Services IoT Core Developer Guide.

" + "documentation":"

Retrieves the encryption configuration for resources and data of your Amazon Web Services account in Amazon Web Services IoT Core. For more information, see Data encryption at rest in the Amazon Web Services IoT Core Developer Guide.

" }, "DescribeEndpoint":{ "name":"DescribeEndpoint", @@ -4097,7 +4097,7 @@ {"shape":"ServiceUnavailableException"}, {"shape":"InternalFailureException"} ], - "documentation":"

Transfers the specified certificate to the specified Amazon Web Services account.

Requires permission to access the TransferCertificate action.

You can cancel the transfer until it is acknowledged by the recipient.

No notification is sent to the transfer destination's account. It's up to the caller to notify the transfer target.

The certificate being transferred must not be in the ACTIVE state. You can use the UpdateCertificate action to deactivate it.

The certificate must not have any policies attached to it. You can use the DetachPolicy action to detach them.

Customer managed key behavior: When you use a customer managed key to secure your data and then transfer the key to a customer in a different account using the TransferCertificate operation, the certificates will no longer be protected by their customer managed key configuration. During the transfer process, certificates are encrypted using IoT owned keys.

While a certificate is in the PENDING_TRANSFER state, it's always protected by IoT owned keys, regardless of the customer managed key configuration of either the source or destination account.

Once the transfer is completed through AcceptCertificateTransfer, RejectCertificateTransfer, or CancelCertificateTransfer, the certificate will be protected by the customer managed key configuration of the account that owns the certificate after the transfer operation:

  • If the transfer is accepted: The certificate is protected by the destination account's customer managed key configuration.

  • If the transfer is rejected or cancelled: The certificate is protected by the source account's customer managed key configuration.

" + "documentation":"

Transfers the specified certificate to the specified Amazon Web Services account.

Requires permission to access the TransferCertificate action.

You can cancel the transfer until it is accepted by the recipient.

No notification is sent to the transfer destination's account. The caller is responsible for notifying the transfer target.

The certificate being transferred must not be in the ACTIVE state. You can use the UpdateCertificate action to deactivate it.

The certificate must not have any policies attached to it. You can use the DetachPolicy action to detach them.

Customer managed key behavior: When you use a customer managed key to encrypt your data and then transfer the certificate to a customer in a different account using the TransferCertificate operation, the certificates will no longer be encrypted by their customer managed key configuration. During the transfer process, certificates are encrypted using Amazon Web Services IoT Core owned keys.

While a certificate is in the PENDING_TRANSFER state, it's always protected by Amazon Web Services IoT Core owned keys, regardless of the customer managed key configuration of either the source or destination account.

Once the transfer is completed through AcceptCertificateTransfer, RejectCertificateTransfer, or CancelCertificateTransfer, the certificate will be protected by the customer managed key configuration of the account that owns the certificate after the transfer operation:

  • If the transfer is accepted: The certificate is encrypted by the target account's customer managed key configuration.

  • If the transfer is rejected or cancelled: The certificate is protected by the source account's customer managed key configuration.

" }, "UntagResource":{ "name":"UntagResource", @@ -4336,7 +4336,7 @@ {"shape":"ServiceUnavailableException"}, {"shape":"InternalFailureException"} ], - "documentation":"

Updates the encryption configuration. By default, all Amazon Web Services IoT Core data at rest is encrypted using Amazon Web Services owned keys. Amazon Web Services IoT Core also supports symmetric customer managed keys from Amazon Web Services Key Management Service (KMS). With customer managed keys, you create, own, and manage the KMS keys in your Amazon Web Services account. For more information, see Data encryption in the Amazon Web Services IoT Core Developer Guide.

" + "documentation":"

Updates the encryption configuration. By default, Amazon Web Services IoT Core encrypts your data at rest using Amazon Web Services owned keys. Amazon Web Services IoT Core also supports symmetric customer managed keys from Key Management Service (KMS). With customer managed keys, you create, own, and manage the KMS keys in your Amazon Web Services account.

Before using this API, you must set up permissions for Amazon Web Services IoT Core to access KMS. For more information, see Data encryption at rest in the Amazon Web Services IoT Core Developer Guide.

" }, "UpdateEventConfigurations":{ "name":"UpdateEventConfigurations", @@ -6096,6 +6096,17 @@ "documentation":"

Specifies the amount of time each device has to finish its execution of the job. A timer is started when the job execution status is set to IN_PROGRESS. If the job execution status is not set to another terminal state before the timer expires, it will be automatically set to TIMED_OUT.

" }, "AwsJobTimeoutInProgressTimeoutInMinutes":{"type":"long"}, + "AwsJsonSubstitutionCommandPreprocessorConfig":{ + "type":"structure", + "required":["outputFormat"], + "members":{ + "outputFormat":{ + "shape":"OutputFormat", + "documentation":"

Converts the command preprocessor result to the format defined by this parameter, before sending it to the device.

" + } + }, + "documentation":"

Configures the command to treat the payloadTemplate as a JSON document for preprocessing. This preprocessor substitutes placeholders with parameter values to generate the command execution request payload.

" + }, "BatchMode":{"type":"boolean"}, "BeforeSubstitutionFlag":{"type":"boolean"}, "Behavior":{ @@ -7089,14 +7100,22 @@ "shape":"CommandParameterName", "documentation":"

The name of a specific parameter used in a command and command execution.

" }, + "type":{ + "shape":"CommandParameterType", + "documentation":"

The type of the command parameter.

" + }, "value":{ "shape":"CommandParameterValue", - "documentation":"

The value used to describe the command. When you assign a value to a parameter, it will override any default value that you had already specified.

" + "documentation":"

Parameter value that overrides the default value, if set.

" }, "defaultValue":{ "shape":"CommandParameterValue", "documentation":"

The default value used to describe the command. This is the value assumed by the parameter if no other value is assigned to it.

" }, + "valueConditions":{ + "shape":"CommandParameterValueConditionList", + "documentation":"

The list of conditions that a command parameter value must satisfy to create a command execution.

" + }, "description":{ "shape":"CommandParameterDescription", "documentation":"

The description of the command parameter.

" @@ -7120,6 +7139,18 @@ "min":1, "pattern":"^[.$a-zA-Z0-9_-]+$" }, + "CommandParameterType":{ + "type":"string", + "enum":[ + "STRING", + "INTEGER", + "DOUBLE", + "LONG", + "UNSIGNEDLONG", + "BOOLEAN", + "BINARY" + ] + }, "CommandParameterValue":{ "type":"structure", "members":{ @@ -7152,7 +7183,95 @@ "documentation":"

An attribute of type unsigned long.

" } }, - "documentation":"

The range of possible values that's used to describe a specific command parameter.

The commandParameterValue can only have one of the below fields listed.

" + "documentation":"

The value of a command parameter used to create a command execution.

The commandParameterValue can only have one of the below fields listed.

" + }, + "CommandParameterValueComparisonOperand":{ + "type":"structure", + "members":{ + "number":{ + "shape":"StringParameterValue", + "documentation":"

An operand of number value type, defined as a string.

" + }, + "numbers":{ + "shape":"CommandParameterValueStringList", + "documentation":"

A List of operands of numerical value type, defined as strings.

" + }, + "string":{ + "shape":"StringParameterValue", + "documentation":"

An operand of string value type.

" + }, + "strings":{ + "shape":"CommandParameterValueStringList", + "documentation":"

A List of operands of string value type.

" + }, + "numberRange":{ + "shape":"CommandParameterValueNumberRange", + "documentation":"

An operand of numerical range value type.

" + } + }, + "documentation":"

The comparison operand used to compare the defined value against the value supplied in request.

" + }, + "CommandParameterValueComparisonOperator":{ + "type":"string", + "enum":[ + "EQUALS", + "NOT_EQUALS", + "LESS_THAN", + "LESS_THAN_EQUALS", + "GREATER_THAN", + "GREATER_THAN_EQUALS", + "IN_SET", + "NOT_IN_SET", + "IN_RANGE", + "NOT_IN_RANGE" + ] + }, + "CommandParameterValueCondition":{ + "type":"structure", + "required":[ + "comparisonOperator", + "operand" + ], + "members":{ + "comparisonOperator":{ + "shape":"CommandParameterValueComparisonOperator", + "documentation":"

The comparison operator for the command parameter.

IN_RANGE, and NOT_IN_RANGE operators include boundary values.

" + }, + "operand":{ + "shape":"CommandParameterValueComparisonOperand", + "documentation":"

The comparison operand for the command parameter.

" + } + }, + "documentation":"

A condition for the command parameter that must be evaluated to true for successful creation of a command execution.

" + }, + "CommandParameterValueConditionList":{ + "type":"list", + "member":{"shape":"CommandParameterValueCondition"}, + "min":1 + }, + "CommandParameterValueNumberRange":{ + "type":"structure", + "required":[ + "min", + "max" + ], + "members":{ + "min":{ + "shape":"StringParameterValue", + "documentation":"

The minimum value of a numerical range of a command parameter value.

" + }, + "max":{ + "shape":"StringParameterValue", + "documentation":"

The maximum value of a numerical range of a command parameter value.

" + } + }, + "documentation":"

The numerical range value type to compare a command parameter value against.

" + }, + "CommandParameterValueStringList":{ + "type":"list", + "member":{"shape":"StringParameterValue"}, + "max":10, + "min":1 }, "CommandPayload":{ "type":"structure", @@ -7169,6 +7288,20 @@ "documentation":"

The command payload object that contains the instructions for the device to process.

" }, "CommandPayloadBlob":{"type":"blob"}, + "CommandPayloadTemplateString":{ + "type":"string", + "max":32768 + }, + "CommandPreprocessor":{ + "type":"structure", + "members":{ + "awsJsonSubstitution":{ + "shape":"AwsJsonSubstitutionCommandPreprocessorConfig", + "documentation":"

Configuration for the JSON substitution preprocessor.

" + } + }, + "documentation":"

Configuration that determines how the payloadTemplate is processed by the service to generate the final payload sent to devices at StartCommandExecution API invocation.

" + }, "CommandSummary":{ "type":"structure", "members":{ @@ -7263,7 +7396,7 @@ "members":{ "configurationStatus":{ "shape":"ConfigurationStatus", - "documentation":"

The health status of KMS key and KMS access role. If either KMS key or KMS access role is UNHEALTHY, the return value will be UNHEALTHY. To use a customer-managed KMS key, the value of configurationStatus must be HEALTHY.

" + "documentation":"

The health status of KMS key and KMS access role. If either KMS key or KMS access role is UNHEALTHY, the return value will be UNHEALTHY. To use a customer managed KMS key, the value of configurationStatus must be HEALTHY.

" }, "errorCode":{ "shape":"ErrorCode", @@ -7274,7 +7407,7 @@ "documentation":"

The detailed error message that corresponds to the errorCode.

" } }, - "documentation":"

The encryption configuration details that include the status information of the Amazon Web Services Key Management Service (KMS) key and the KMS access role.

" + "documentation":"

The encryption configuration details that include the status information of the Key Management Service (KMS) key and the KMS access role.

" }, "ConfigurationStatus":{ "type":"string", @@ -7594,15 +7727,23 @@ }, "payload":{ "shape":"CommandPayload", - "documentation":"

The payload object for the command. You must specify this information when using the AWS-IoT namespace.

You can upload a static payload file from your local storage that contains the instructions for the device to process. The payload file can use any format. To make sure that the device correctly interprets the payload, we recommend you to specify the payload content type.

" + "documentation":"

The payload object for the static command.

You can upload a static payload file from your local storage that contains the instructions for the device to process. The payload file can use any format. To make sure that the device correctly interprets the payload, we recommend you to specify the payload content type.

" + }, + "payloadTemplate":{ + "shape":"CommandPayloadTemplateString", + "documentation":"

The payload template for the dynamic command.

This parameter is required for dynamic commands where the command execution placeholders are supplied either from mandatoryParameters or when StartCommandExecution is invoked.

" + }, + "preprocessor":{ + "shape":"CommandPreprocessor", + "documentation":"

Configuration that determines how payloadTemplate is processed to generate command execution payload.

This parameter is required for dynamic commands, along with payloadTemplate, and mandatoryParameters.

" }, "mandatoryParameters":{ "shape":"CommandParameterList", - "documentation":"

A list of parameters that are required by the StartCommandExecution API. These parameters need to be specified only when using the AWS-IoT-FleetWise namespace. You can either specify them here or when running the command using the StartCommandExecution API.

" + "documentation":"

A list of parameters that are used by StartCommandExecution API for execution payload generation.

" }, "roleArn":{ "shape":"RoleArn", - "documentation":"

The IAM role that you must provide when using the AWS-IoT-FleetWise namespace. The role grants IoT Device Management the permission to access IoT FleetWise resources for generating the payload for the command. This field is not required when you use the AWS-IoT namespace.

" + "documentation":"

The IAM role that you must provide when using the AWS-IoT-FleetWise namespace. The role grants IoT Device Management the permission to access IoT FleetWise resources for generating the payload for the command. This field is not supported when you use the AWS-IoT namespace.

" }, "tags":{ "shape":"TagList", @@ -10299,15 +10440,15 @@ "members":{ "encryptionType":{ "shape":"EncryptionType", - "documentation":"

The type of the Amazon Web Services Key Management Service (KMS) key.

" + "documentation":"

The type of the KMS key.

" }, "kmsKeyArn":{ "shape":"KmsKeyArn", - "documentation":"

The Amazon Resource Name (ARN) of the IAM role assumed by Amazon Web Services IoT Core to call KMS on behalf of the customer.

" + "documentation":"

The ARN of the customer managed KMS key.

" }, "kmsAccessRoleArn":{ "shape":"KmsAccessRoleArn", - "documentation":"

The ARN of the customer-managed KMS key.

" + "documentation":"

The Amazon Resource Name (ARN) of the IAM role assumed by Amazon Web Services IoT Core to call KMS on behalf of the customer.

" }, "configurationDetails":{ "shape":"ConfigurationDetails", @@ -12358,6 +12499,14 @@ "shape":"CommandPayload", "documentation":"

The payload object that you provided for the command.

" }, + "payloadTemplate":{ + "shape":"CommandPayloadTemplateString", + "documentation":"

The payload template for the dynamic command.

" + }, + "preprocessor":{ + "shape":"CommandPreprocessor", + "documentation":"

Configuration that determines how payloadTemplate is processed to generate command execution payload.

" + }, "roleArn":{ "shape":"RoleArn", "documentation":"

The IAM role that you provided when creating the command with AWS-IoT-FleetWise as the namespace.

" @@ -17531,6 +17680,13 @@ "type":"list", "member":{"shape":"OutgoingCertificate"} }, + "OutputFormat":{ + "type":"string", + "enum":[ + "JSON", + "CBOR" + ] + }, "OverrideDynamicGroups":{"type":"boolean"}, "PackageArn":{"type":"string"}, "PackageCatalogMaxResults":{ @@ -20069,7 +20225,7 @@ "members":{ "principal":{ "shape":"Principal", - "documentation":"

The principal. Valid principals are CertificateArn (arn:aws:iot:region:accountId:cert/certificateId), thingGroupArn (arn:aws:iot:region:accountId:thinggroup/groupName) and CognitoId (region:id).

" + "documentation":"

The principal. Valid principals are CertificateArn (arn:aws:iot:region:accountId:cert/certificateId) and CognitoId (region:id).

" }, "cognitoIdentityPoolId":{ "shape":"CognitoIdentityPoolId", @@ -21533,11 +21689,11 @@ "members":{ "encryptionType":{ "shape":"EncryptionType", - "documentation":"

The type of the Amazon Web Services Key Management Service (KMS) key.

" + "documentation":"

The type of the KMS key.

" }, "kmsKeyArn":{ "shape":"KmsKeyArn", - "documentation":"

The ARN of the customer-managed KMS key.

" + "documentation":"

The ARN of the customer managedKMS key.

" }, "kmsAccessRoleArn":{ "shape":"KmsAccessRoleArn", diff --git a/awscli/botocore/data/timestream-influxdb/2023-01-27/service-2.json b/awscli/botocore/data/timestream-influxdb/2023-01-27/service-2.json index e9acf9b9886c..a36377d040ea 100644 --- a/awscli/botocore/data/timestream-influxdb/2023-01-27/service-2.json +++ b/awscli/botocore/data/timestream-influxdb/2023-01-27/service-2.json @@ -245,6 +245,44 @@ ], "documentation":"

A list of tags applied to the resource.

" }, + "RebootDbCluster":{ + "name":"RebootDbCluster", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"RebootDbClusterInput"}, + "output":{"shape":"RebootDbClusterOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Reboots a Timestream for InfluxDB cluster.

", + "idempotent":true + }, + "RebootDbInstance":{ + "name":"RebootDbInstance", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"RebootDbInstanceInput"}, + "output":{"shape":"RebootDbInstanceOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Reboots a Timestream for InfluxDB instance.

", + "idempotent":true + }, "TagResource":{ "name":"TagResource", "http":{ @@ -356,7 +394,11 @@ "AVAILABLE", "FAILED", "DELETED", - "MAINTENANCE" + "MAINTENANCE", + "UPDATING_INSTANCE_TYPE", + "REBOOTING", + "REBOOT_FAILED", + "PARTIALLY_AVAILABLE" ] }, "ConflictException":{ @@ -2590,6 +2632,144 @@ "max":65535, "min":1024 }, + "RebootDbClusterInput":{ + "type":"structure", + "required":["dbClusterId"], + "members":{ + "dbClusterId":{ + "shape":"DbClusterId", + "documentation":"

Service-generated unique identifier of the DB cluster to reboot.

" + }, + "instanceIds":{ + "shape":"RebootDbClusterInputInstanceIdsList", + "documentation":"

A list of service-generated unique DB Instance Ids belonging to the DB Cluster to reboot.

" + } + } + }, + "RebootDbClusterInputInstanceIdsList":{ + "type":"list", + "member":{"shape":"DbInstanceId"}, + "max":3, + "min":0 + }, + "RebootDbClusterOutput":{ + "type":"structure", + "members":{ + "dbClusterStatus":{ + "shape":"ClusterStatus", + "documentation":"

The status of the DB Cluster.

" + } + } + }, + "RebootDbInstanceInput":{ + "type":"structure", + "required":["identifier"], + "members":{ + "identifier":{ + "shape":"DbInstanceIdentifier", + "documentation":"

The id of the DB instance to reboot.

" + } + } + }, + "RebootDbInstanceOutput":{ + "type":"structure", + "required":[ + "id", + "name", + "arn", + "vpcSubnetIds" + ], + "members":{ + "id":{ + "shape":"DbInstanceId", + "documentation":"

A service-generated unique identifier.

" + }, + "name":{ + "shape":"DbInstanceName", + "documentation":"

The customer-supplied name that uniquely identifies the DB instance when interacting with the Amazon Timestream for InfluxDB API and CLI commands.

" + }, + "arn":{ + "shape":"Arn", + "documentation":"

The Amazon Resource Name (ARN) of the DB instance.

" + }, + "status":{ + "shape":"Status", + "documentation":"

The status of the DB instance.

" + }, + "endpoint":{ + "shape":"String", + "documentation":"

The endpoint used to connect to InfluxDB. The default InfluxDB port is 8086.

" + }, + "port":{ + "shape":"Port", + "documentation":"

The port number on which InfluxDB accepts connections.

" + }, + "networkType":{ + "shape":"NetworkType", + "documentation":"

Specifies whether the networkType of the Timestream for InfluxDB instance is IPV4, which can communicate over IPv4 protocol only, or DUAL, which can communicate over both IPv4 and IPv6 protocols.

" + }, + "dbInstanceType":{ + "shape":"DbInstanceType", + "documentation":"

The Timestream for InfluxDB instance type that InfluxDB runs on.

" + }, + "dbStorageType":{ + "shape":"DbStorageType", + "documentation":"

The Timestream for InfluxDB DB storage type that InfluxDB stores data on.

" + }, + "allocatedStorage":{ + "shape":"AllocatedStorage", + "documentation":"

The amount of storage allocated for your DB storage type (in gibibytes).

" + }, + "deploymentType":{ + "shape":"DeploymentType", + "documentation":"

Specifies whether the Timestream for InfluxDB is deployed as Single-AZ or with a MultiAZ Standby for High availability.

" + }, + "vpcSubnetIds":{ + "shape":"VpcSubnetIdList", + "documentation":"

A list of VPC subnet IDs associated with the DB instance.

" + }, + "publiclyAccessible":{ + "shape":"Boolean", + "documentation":"

Indicates if the DB instance has a public IP to facilitate access.

" + }, + "vpcSecurityGroupIds":{ + "shape":"VpcSecurityGroupIdList", + "documentation":"

A list of VPC security group IDs associated with the DB instance.

" + }, + "dbParameterGroupIdentifier":{ + "shape":"DbParameterGroupIdentifier", + "documentation":"

The id of the DB parameter group assigned to your DB instance.

" + }, + "availabilityZone":{ + "shape":"String", + "documentation":"

The Availability Zone in which the DB instance resides.

" + }, + "secondaryAvailabilityZone":{ + "shape":"String", + "documentation":"

The Availability Zone in which the standby instance is located when deploying with a MultiAZ standby instance.

" + }, + "logDeliveryConfiguration":{ + "shape":"LogDeliveryConfiguration", + "documentation":"

Configuration for sending InfluxDB engine logs to send to specified S3 bucket.

" + }, + "influxAuthParametersSecretArn":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) of the Secrets Manager secret containing the initial InfluxDB authorization parameters. The secret value is a JSON formatted key-value pair holding InfluxDB authorization values: organization, bucket, username, and password.

" + }, + "dbClusterId":{ + "shape":"DbClusterId", + "documentation":"

Specifies the DbCluster to which this DbInstance belongs to.

" + }, + "instanceMode":{ + "shape":"InstanceMode", + "documentation":"

Specifies the DbInstance's role in the cluster.

" + }, + "instanceModes":{ + "shape":"InstanceModeList", + "documentation":"

Specifies the DbInstance's roles in the cluster.

" + } + } + }, "RequestTagMap":{ "type":"map", "key":{"shape":"TagKey"}, @@ -2670,7 +2850,9 @@ "FAILED", "UPDATING_DEPLOYMENT_TYPE", "UPDATING_INSTANCE_TYPE", - "MAINTENANCE" + "MAINTENANCE", + "REBOOTING", + "REBOOT_FAILED" ] }, "String":{"type":"string"}, @@ -2972,7 +3154,7 @@ "VpcSubnetIdList":{ "type":"list", "member":{"shape":"VpcSubnetId"}, - "max":3, + "max":6, "min":1 } }, From af6a93c50066d6220f10d60cf785ff1e81966259 Mon Sep 17 00:00:00 2001 From: aws-sdk-python-automation Date: Tue, 16 Dec 2025 19:58:06 +0000 Subject: [PATCH 19/37] Update endpoints model --- awscli/botocore/data/endpoints.json | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/awscli/botocore/data/endpoints.json b/awscli/botocore/data/endpoints.json index 4c30796df60e..517b1d53c53b 100644 --- a/awscli/botocore/data/endpoints.json +++ b/awscli/botocore/data/endpoints.json @@ -18851,6 +18851,7 @@ }, "hostname" : "portal.sso.ap-east-1.amazonaws.com" }, + "ap-east-2" : { }, "ap-northeast-1" : { "credentialScope" : { "region" : "ap-northeast-1" @@ -40685,6 +40686,11 @@ "eusc-de-east-1" : { } } }, + "wafv2" : { + "endpoints" : { + "eusc-de-east-1" : { } + } + }, "xray" : { "endpoints" : { "eusc-de-east-1" : { } From 0d754e9e3e09e0915db6f27c9156f3ec7c430f0b Mon Sep 17 00:00:00 2001 From: aws-sdk-python-automation Date: Tue, 16 Dec 2025 19:59:53 +0000 Subject: [PATCH 20/37] Bump version to 2.32.18 --- .changes/2.32.18.json | 12 ++++++++++++ .changes/next-release/api-change-iot-84843.json | 5 ----- .../api-change-timestreaminfluxdb-73970.json | 5 ----- CHANGELOG.rst | 7 +++++++ awscli/__init__.py | 2 +- configure | 14 +++++++------- configure.ac | 2 +- doc/source/conf.py | 2 +- 8 files changed, 29 insertions(+), 20 deletions(-) create mode 100644 .changes/2.32.18.json delete mode 100644 .changes/next-release/api-change-iot-84843.json delete mode 100644 .changes/next-release/api-change-timestreaminfluxdb-73970.json diff --git a/.changes/2.32.18.json b/.changes/2.32.18.json new file mode 100644 index 000000000000..07089a522af1 --- /dev/null +++ b/.changes/2.32.18.json @@ -0,0 +1,12 @@ +[ + { + "category": "``iot``", + "description": "Add support for dynamic payloads in IoT Device Management Commands", + "type": "api-change" + }, + { + "category": "``timestream-influxdb``", + "description": "This release adds support for rebooting InfluxDB DbInstances and DbClusters", + "type": "api-change" + } +] \ No newline at end of file diff --git a/.changes/next-release/api-change-iot-84843.json b/.changes/next-release/api-change-iot-84843.json deleted file mode 100644 index 35d39b71eeeb..000000000000 --- a/.changes/next-release/api-change-iot-84843.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``iot``", - "description": "Add support for dynamic payloads in IoT Device Management Commands" -} diff --git a/.changes/next-release/api-change-timestreaminfluxdb-73970.json b/.changes/next-release/api-change-timestreaminfluxdb-73970.json deleted file mode 100644 index eb56fa5636a0..000000000000 --- a/.changes/next-release/api-change-timestreaminfluxdb-73970.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``timestream-influxdb``", - "description": "This release adds support for rebooting InfluxDB DbInstances and DbClusters" -} diff --git a/CHANGELOG.rst b/CHANGELOG.rst index bc64d0772dc5..a0de3c3ae5be 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -2,6 +2,13 @@ CHANGELOG ========= +2.32.18 +======= + +* api-change:``iot``: Add support for dynamic payloads in IoT Device Management Commands +* api-change:``timestream-influxdb``: This release adds support for rebooting InfluxDB DbInstances and DbClusters + + 2.32.17 ======= diff --git a/awscli/__init__.py b/awscli/__init__.py index 486a251aa0a0..0ebf59a05ab5 100644 --- a/awscli/__init__.py +++ b/awscli/__init__.py @@ -20,7 +20,7 @@ import os import sys -__version__ = '2.32.17' +__version__ = '2.32.18' # # Get our data path to be added to botocore's search path diff --git a/configure b/configure index d768d914b9ee..b2b883c75a8a 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for awscli 2.32.17. +# Generated by GNU Autoconf 2.71 for awscli 2.32.18. # # # Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation, @@ -607,8 +607,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='awscli' PACKAGE_TARNAME='awscli' -PACKAGE_VERSION='2.32.17' -PACKAGE_STRING='awscli 2.32.17' +PACKAGE_VERSION='2.32.18' +PACKAGE_STRING='awscli 2.32.18' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1255,7 +1255,7 @@ _ACEOF fi if $ac_init_version; then cat <<\_ACEOF -awscli configure 2.32.17 +awscli configure 2.32.18 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. @@ -1292,7 +1292,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by awscli $as_me 2.32.17, which was +It was created by awscli $as_me 2.32.18, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -2668,7 +2668,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by awscli $as_me 2.32.17, which was +This file was extended by awscli $as_me 2.32.18, which was generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -2723,7 +2723,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -awscli config.status 2.32.17 +awscli config.status 2.32.18 configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index ca45f2803c0c..ca06b77caf94 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ AC_CONFIG_MACRO_DIRS([m4]) -AC_INIT([awscli], [2.32.17]) +AC_INIT([awscli], [2.32.18]) AC_CONFIG_SRCDIR([bin/aws]) AM_PATH_PYTHON([3.8]) diff --git a/doc/source/conf.py b/doc/source/conf.py index db1e0fca21b5..a996211121f5 100644 --- a/doc/source/conf.py +++ b/doc/source/conf.py @@ -66,7 +66,7 @@ # The short X.Y version. version = '2.0' # The full version, including alpha/beta/rc tags. -release = '2.32.17' +release = '2.32.18' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. From 20923d125f61940ec6bf57c5136c8b3c2683af8f Mon Sep 17 00:00:00 2001 From: Steve Yoo <106777148+hssyoo@users.noreply.github.com> Date: Wed, 17 Dec 2025 13:09:44 -0500 Subject: [PATCH 21/37] [v2] Fix pr action (#9922) --- ...{pull-request-build.yaml => pull-request-build.yml} | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) rename .github/workflows/{pull-request-build.yaml => pull-request-build.yml} (88%) diff --git a/.github/workflows/pull-request-build.yaml b/.github/workflows/pull-request-build.yml similarity index 88% rename from .github/workflows/pull-request-build.yaml rename to .github/workflows/pull-request-build.yml index cab556280d5c..f2e056085a0b 100644 --- a/.github/workflows/pull-request-build.yaml +++ b/.github/workflows/pull-request-build.yml @@ -1,6 +1,6 @@ -name: Build SDK +name: Build internal AWS CLI v2 on: - pull_request_review: + pull_request: types: [ opened, synchronize, ready_for_review ] concurrency: @@ -17,7 +17,7 @@ env: ROLE_SESSION_DURATION_SECONDS: 7200 jobs: - aws-sdk-pr-build: + aws-cli-v2-pr-build: if: github.event.pull_request.draft == false runs-on: ubuntu-latest permissions: @@ -29,9 +29,9 @@ jobs: - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@main with: - role-to-assume: '$IAM_ROLE_ARN' + role-to-assume: ${{ env.IAM_ROLE_ARN }} role-session-name: PullRequestBuildGitHubAction - role-duration-seconds: '$ROLE_SESSION_DURATION_SECONDS' + role-duration-seconds: ${{ env.ROLE_SESSION_DURATION_SECONDS }} aws-region: us-west-2 - name: Download Build Script run: | From b6a806ac39b2edaf3951e315bab1117ee52f0ab0 Mon Sep 17 00:00:00 2001 From: aws-sdk-python-automation Date: Wed, 17 Dec 2025 19:05:42 +0000 Subject: [PATCH 22/37] Update to latest models --- .../api-change-gameliftstreams-68916.json | 5 + .../api-change-guardduty-31590.json | 5 + .../api-change-inspectorscan-1908.json | 5 + .../api-change-kafkaconnect-5064.json | 5 + .../api-change-mediaconvert-48267.json | 5 + .../api-change-mediapackagev2-89826.json | 5 + .../api-change-paymentcryptography-42168.json | 5 + ...-change-paymentcryptographydata-36648.json | 5 + .../api-change-sagemaker-5585.json | 5 + .../gameliftstreams/2018-05-10/service-2.json | 96 +++++++-- .../data/guardduty/2017-11-28/service-2.json | 5 + .../inspector-scan/2023-08-08/service-2.json | 13 +- .../kafkaconnect/2021-09-14/service-2.json | 65 ++++-- .../mediaconvert/2017-08-29/service-2.json | 89 +++++++- .../mediapackagev2/2022-12-25/service-2.json | 21 +- .../2022-02-03/service-2.json | 192 ++++++++++++++++-- .../2021-09-14/service-2.json | 67 +++++- .../data/sagemaker/2017-07-24/service-2.json | 12 +- 18 files changed, 543 insertions(+), 62 deletions(-) create mode 100644 .changes/next-release/api-change-gameliftstreams-68916.json create mode 100644 .changes/next-release/api-change-guardduty-31590.json create mode 100644 .changes/next-release/api-change-inspectorscan-1908.json create mode 100644 .changes/next-release/api-change-kafkaconnect-5064.json create mode 100644 .changes/next-release/api-change-mediaconvert-48267.json create mode 100644 .changes/next-release/api-change-mediapackagev2-89826.json create mode 100644 .changes/next-release/api-change-paymentcryptography-42168.json create mode 100644 .changes/next-release/api-change-paymentcryptographydata-36648.json create mode 100644 .changes/next-release/api-change-sagemaker-5585.json diff --git a/.changes/next-release/api-change-gameliftstreams-68916.json b/.changes/next-release/api-change-gameliftstreams-68916.json new file mode 100644 index 000000000000..01e425e1bfa6 --- /dev/null +++ b/.changes/next-release/api-change-gameliftstreams-68916.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``gameliftstreams``", + "description": "Added new stream group operation parameters for scale-on-demand capacity with automatic prewarming. Added new Gen6 stream classes based on the EC2 G6 instance family. Added new StartStreamSession parameter for exposure of real-time performance stats to clients." +} diff --git a/.changes/next-release/api-change-guardduty-31590.json b/.changes/next-release/api-change-guardduty-31590.json new file mode 100644 index 000000000000..c535e606b347 --- /dev/null +++ b/.changes/next-release/api-change-guardduty-31590.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``guardduty``", + "description": "Add support for dbiResourceId in finding." +} diff --git a/.changes/next-release/api-change-inspectorscan-1908.json b/.changes/next-release/api-change-inspectorscan-1908.json new file mode 100644 index 000000000000..5eb532ef1fc9 --- /dev/null +++ b/.changes/next-release/api-change-inspectorscan-1908.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``inspector-scan``", + "description": "Adds an additional OutputFormat" +} diff --git a/.changes/next-release/api-change-kafkaconnect-5064.json b/.changes/next-release/api-change-kafkaconnect-5064.json new file mode 100644 index 000000000000..cc231298d93d --- /dev/null +++ b/.changes/next-release/api-change-kafkaconnect-5064.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``kafkaconnect``", + "description": "Support dual-stack network connectivity for connectors via NetworkType field." +} diff --git a/.changes/next-release/api-change-mediaconvert-48267.json b/.changes/next-release/api-change-mediaconvert-48267.json new file mode 100644 index 000000000000..59548c028d18 --- /dev/null +++ b/.changes/next-release/api-change-mediaconvert-48267.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``mediaconvert``", + "description": "Adds support for tile encoding in HEVC and audio for video overlays." +} diff --git a/.changes/next-release/api-change-mediapackagev2-89826.json b/.changes/next-release/api-change-mediapackagev2-89826.json new file mode 100644 index 000000000000..b9b30f721dc1 --- /dev/null +++ b/.changes/next-release/api-change-mediapackagev2-89826.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``mediapackagev2``", + "description": "This release adds support for SPEKE V2 content key encryption in MediaPackage v2 Origin Endpoints." +} diff --git a/.changes/next-release/api-change-paymentcryptography-42168.json b/.changes/next-release/api-change-paymentcryptography-42168.json new file mode 100644 index 000000000000..308abe46fbfb --- /dev/null +++ b/.changes/next-release/api-change-paymentcryptography-42168.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``payment-cryptography``", + "description": "Support for AS2805 standard. Modifications to import-key and export-key to support AS2805 variants." +} diff --git a/.changes/next-release/api-change-paymentcryptographydata-36648.json b/.changes/next-release/api-change-paymentcryptographydata-36648.json new file mode 100644 index 000000000000..c75583f6015b --- /dev/null +++ b/.changes/next-release/api-change-paymentcryptographydata-36648.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``payment-cryptography-data``", + "description": "Support for AS2805 standard. New API GenerateAs2805KekValidation and changes to translate pin, GenerateMac and VerifyMac to support AS2805 key variants." +} diff --git a/.changes/next-release/api-change-sagemaker-5585.json b/.changes/next-release/api-change-sagemaker-5585.json new file mode 100644 index 000000000000..f64abe85a784 --- /dev/null +++ b/.changes/next-release/api-change-sagemaker-5585.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``sagemaker``", + "description": "Adding the newly launched p6-b300.48xlarge ec2 instance support in Sagemaker(Hyperpod,Training and Sceptor)" +} diff --git a/awscli/botocore/data/gameliftstreams/2018-05-10/service-2.json b/awscli/botocore/data/gameliftstreams/2018-05-10/service-2.json index ed2d51310258..9ffc00fdd92d 100644 --- a/awscli/botocore/data/gameliftstreams/2018-05-10/service-2.json +++ b/awscli/botocore/data/gameliftstreams/2018-05-10/service-2.json @@ -89,7 +89,7 @@ {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

Stream groups manage how Amazon GameLift Streams allocates resources and handles concurrent streams, allowing you to effectively manage capacity and costs. Within a stream group, you specify an application to stream, streaming locations and their capacity, and the stream class you want to use when streaming applications to your end-users. A stream class defines the hardware configuration of the compute resources that Amazon GameLift Streams will use when streaming, such as the CPU, GPU, and memory.

Stream capacity represents the number of concurrent streams that can be active at a time. You set stream capacity per location, per stream group. There are two types of capacity, always-on and on-demand:

  • Always-on: The streaming capacity that is allocated and ready to handle stream requests without delay. You pay for this capacity whether it's in use or not. Best for quickest time from streaming request to streaming session. Default is 1 (2 for high stream classes) when creating a stream group or adding a location.

  • On-demand: The streaming capacity that Amazon GameLift Streams can allocate in response to stream requests, and then de-allocate when the session has terminated. This offers a cost control measure at the expense of a greater startup time (typically under 5 minutes). Default is 0 when creating a stream group or adding a location.

Values for capacity must be whole number multiples of the tenancy value of the stream group's stream class.

To adjust the capacity of any ACTIVE stream group, call UpdateStreamGroup.

If the CreateStreamGroup request is successful, Amazon GameLift Streams assigns a unique ID to the stream group resource and sets the status to ACTIVATING. It can take a few minutes for Amazon GameLift Streams to finish creating the stream group while it searches for unallocated compute resources and provisions them. When complete, the stream group status will be ACTIVE and you can start stream sessions by using StartStreamSession. To check the stream group's status, call GetStreamGroup.

Stream groups should be recreated every 3-4 weeks to pick up important service updates and fixes. Stream groups that are older than 180 days can no longer be updated with new application associations. Stream groups expire when they are 365 days old, at which point they can no longer stream sessions. The exact expiration date is indicated by the date value in the ExpiresAt field.

", + "documentation":"

Stream groups manage how Amazon GameLift Streams allocates resources and handles concurrent streams, allowing you to effectively manage capacity and costs. Within a stream group, you specify an application to stream, streaming locations and their capacity, and the stream class you want to use when streaming applications to your end-users. A stream class defines the hardware configuration of the compute resources that Amazon GameLift Streams will use when streaming, such as the CPU, GPU, and memory.

Stream capacity represents the number of concurrent streams that can be active at a time. You set stream capacity per location, per stream group. The following capacity settings are available:

  • Always-on capacity: This setting, if non-zero, indicates minimum streaming capacity which is allocated to you and is never released back to the service. You pay for this base level of capacity at all times, whether used or idle.

  • Maximum capacity: This indicates the maximum capacity that the service can allocate for you. Newly created streams may take a few minutes to start. Capacity is released back to the service when idle. You pay for capacity that is allocated to you until it is released.

  • Target-idle capacity: This indicates idle capacity which the service pre-allocates and holds for you in anticipation of future activity. This helps to insulate your users from capacity-allocation delays. You pay for capacity which is held in this intentional idle state.

Values for capacity must be whole number multiples of the tenancy value of the stream group's stream class.

To adjust the capacity of any ACTIVE stream group, call UpdateStreamGroup.

If the CreateStreamGroup request is successful, Amazon GameLift Streams assigns a unique ID to the stream group resource and sets the status to ACTIVATING. It can take a few minutes for Amazon GameLift Streams to finish creating the stream group while it searches for unallocated compute resources and provisions them. When complete, the stream group status will be ACTIVE and you can start stream sessions by using StartStreamSession. To check the stream group's status, call GetStreamGroup.

Stream groups should be recreated every 3-4 weeks to pick up important service updates and fixes. Stream groups that are older than 180 days can no longer be updated with new application associations. Stream groups expire when they are 365 days old, at which point they can no longer stream sessions. The exact expiration date is indicated by the date value in the ExpiresAt field.

", "idempotent":true }, "CreateStreamSessionConnection":{ @@ -462,7 +462,7 @@ {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

Updates the configuration settings for an Amazon GameLift Streams stream group resource. To update a stream group, it must be in ACTIVE status. You can change the description, the set of locations, and the requested capacity of a stream group per location. If you want to change the stream class, create a new stream group.

Stream capacity represents the number of concurrent streams that can be active at a time. You set stream capacity per location, per stream group. There are two types of capacity, always-on and on-demand:

  • Always-on: The streaming capacity that is allocated and ready to handle stream requests without delay. You pay for this capacity whether it's in use or not. Best for quickest time from streaming request to streaming session. Default is 1 (2 for high stream classes) when creating a stream group or adding a location.

  • On-demand: The streaming capacity that Amazon GameLift Streams can allocate in response to stream requests, and then de-allocate when the session has terminated. This offers a cost control measure at the expense of a greater startup time (typically under 5 minutes). Default is 0 when creating a stream group or adding a location.

Values for capacity must be whole number multiples of the tenancy value of the stream group's stream class.

To update a stream group, specify the stream group's Amazon Resource Name (ARN) and provide the new values. If the request is successful, Amazon GameLift Streams returns the complete updated metadata for the stream group. Expired stream groups cannot be updated.

" + "documentation":"

Updates the configuration settings for an Amazon GameLift Streams stream group resource. To update a stream group, it must be in ACTIVE status. You can change the description, the set of locations, and the requested capacity of a stream group per location. If you want to change the stream class, create a new stream group.

Stream capacity represents the number of concurrent streams that can be active at a time. You set stream capacity per location, per stream group. The following capacity settings are available:

  • Always-on capacity: This setting, if non-zero, indicates minimum streaming capacity which is allocated to you and is never released back to the service. You pay for this base level of capacity at all times, whether used or idle.

  • Maximum capacity: This indicates the maximum capacity that the service can allocate for you. Newly created streams may take a few minutes to start. Capacity is released back to the service when idle. You pay for capacity that is allocated to you until it is released.

  • Target-idle capacity: This indicates idle capacity which the service pre-allocates and holds for you in anticipation of future activity. This helps to insulate your users from capacity-allocation delays. You pay for capacity which is held in this intentional idle state.

Values for capacity must be whole number multiples of the tenancy value of the stream group's stream class.

To update a stream group, specify the stream group's Amazon Resource Name (ARN) and provide the new values. If the request is successful, Amazon GameLift Streams returns the complete updated metadata for the stream group. Expired stream groups cannot be updated.

" } }, "shapes":{ @@ -632,6 +632,10 @@ } } }, + "Boolean":{ + "type":"boolean", + "box":true + }, "CapacityValue":{ "type":"integer", "box":true, @@ -784,7 +788,7 @@ }, "StreamClass":{ "shape":"StreamClass", - "documentation":"

The target stream quality for sessions that are hosted in this stream group. Set a stream class that is appropriate to the type of content that you're streaming. Stream class determines the type of computing resources Amazon GameLift Streams uses and impacts the cost of streaming. The following options are available:

A stream class can be one of the following:

  • gen5n_win2022 (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.4, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA A10G Tensor GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen5n_high (NVIDIA, high) Supports applications with moderate to high 3D scene complexity. Uses NVIDIA A10G Tensor GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 4 vCPUs, 16 GB RAM, 12 GB VRAM

    • Tenancy: Supports up to 2 concurrent stream sessions

  • gen5n_ultra (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Uses dedicated NVIDIA A10G Tensor GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen4n_win2022 (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.4, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA T4 Tensor GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 16 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen4n_high (NVIDIA, high) Supports applications with moderate to high 3D scene complexity. Uses NVIDIA T4 Tensor GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 4 vCPUs, 16 GB RAM, 8 GB VRAM

    • Tenancy: Supports up to 2 concurrent stream sessions

  • gen4n_ultra (NVIDIA, ultra) Supports applications with high 3D scene complexity. Uses dedicated NVIDIA T4 Tensor GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 16 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

" + "documentation":"

The target stream quality for sessions that are hosted in this stream group. Set a stream class that is appropriate to the type of content that you're streaming. Stream class determines the type of computing resources Amazon GameLift Streams uses and impacts the cost of streaming. The following options are available:

A stream class can be one of the following:

  • gen6n_pro_win2022 (NVIDIA, pro) Supports applications with extremely high 3D scene complexity which require maximum resources. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.6, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA L4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 16 vCPUs, 64 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen6n_pro (NVIDIA, pro) Supports applications with extremely high 3D scene complexity which require maximum resources. Uses dedicated NVIDIA L4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 16 vCPUs, 64 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen6n_ultra_win2022 (NVIDIA, ultra) Supports applications with high 3D scene complexity. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.6, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA L4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen6n_ultra (NVIDIA, ultra) Supports applications with high 3D scene complexity. Uses dedicated NVIDIA L4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen6n_high (NVIDIA, high) Supports applications with moderate to high 3D scene complexity. Uses NVIDIA L4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 4 vCPUs, 16 GB RAM, 12 GB VRAM

    • Tenancy: Supports up to 2 concurrent stream sessions

  • gen6n_medium (NVIDIA, medium) Supports applications with moderate 3D scene complexity. Uses NVIDIA L4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 2 vCPUs, 8 GB RAM, 6 GB VRAM

    • Tenancy: Supports up to 4 concurrent stream sessions

  • gen6n_small (NVIDIA, small) Supports applications with lightweight 3D scene complexity and low CPU usage. Uses NVIDIA L4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 1 vCPUs, 4 GB RAM, 2 GB VRAM

    • Tenancy: Supports up to 12 concurrent stream sessions

  • gen5n_win2022 (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.6, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA A10G Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen5n_high (NVIDIA, high) Supports applications with moderate to high 3D scene complexity. Uses NVIDIA A10G Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 4 vCPUs, 16 GB RAM, 12 GB VRAM

    • Tenancy: Supports up to 2 concurrent stream sessions

  • gen5n_ultra (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Uses dedicated NVIDIA A10G Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen4n_win2022 (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.6, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA T4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 16 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen4n_high (NVIDIA, high) Supports applications with moderate to high 3D scene complexity. Uses NVIDIA T4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 4 vCPUs, 16 GB RAM, 8 GB VRAM

    • Tenancy: Supports up to 2 concurrent stream sessions

  • gen4n_ultra (NVIDIA, ultra) Supports applications with high 3D scene complexity. Uses dedicated NVIDIA T4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 16 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

" }, "DefaultApplicationIdentifier":{ "shape":"Identifier", @@ -827,7 +831,7 @@ }, "StreamClass":{ "shape":"StreamClass", - "documentation":"

The target stream quality for the stream group.

A stream class can be one of the following:

  • gen5n_win2022 (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.4, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA A10G Tensor GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen5n_high (NVIDIA, high) Supports applications with moderate to high 3D scene complexity. Uses NVIDIA A10G Tensor GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 4 vCPUs, 16 GB RAM, 12 GB VRAM

    • Tenancy: Supports up to 2 concurrent stream sessions

  • gen5n_ultra (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Uses dedicated NVIDIA A10G Tensor GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen4n_win2022 (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.4, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA T4 Tensor GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 16 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen4n_high (NVIDIA, high) Supports applications with moderate to high 3D scene complexity. Uses NVIDIA T4 Tensor GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 4 vCPUs, 16 GB RAM, 8 GB VRAM

    • Tenancy: Supports up to 2 concurrent stream sessions

  • gen4n_ultra (NVIDIA, ultra) Supports applications with high 3D scene complexity. Uses dedicated NVIDIA T4 Tensor GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 16 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

" + "documentation":"

The target stream quality for the stream group.

A stream class can be one of the following:

  • gen6n_pro_win2022 (NVIDIA, pro) Supports applications with extremely high 3D scene complexity which require maximum resources. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.6, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA L4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 16 vCPUs, 64 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen6n_pro (NVIDIA, pro) Supports applications with extremely high 3D scene complexity which require maximum resources. Uses dedicated NVIDIA L4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 16 vCPUs, 64 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen6n_ultra_win2022 (NVIDIA, ultra) Supports applications with high 3D scene complexity. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.6, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA L4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen6n_ultra (NVIDIA, ultra) Supports applications with high 3D scene complexity. Uses dedicated NVIDIA L4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen6n_high (NVIDIA, high) Supports applications with moderate to high 3D scene complexity. Uses NVIDIA L4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 4 vCPUs, 16 GB RAM, 12 GB VRAM

    • Tenancy: Supports up to 2 concurrent stream sessions

  • gen6n_medium (NVIDIA, medium) Supports applications with moderate 3D scene complexity. Uses NVIDIA L4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 2 vCPUs, 8 GB RAM, 6 GB VRAM

    • Tenancy: Supports up to 4 concurrent stream sessions

  • gen6n_small (NVIDIA, small) Supports applications with lightweight 3D scene complexity and low CPU usage. Uses NVIDIA L4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 1 vCPUs, 4 GB RAM, 2 GB VRAM

    • Tenancy: Supports up to 12 concurrent stream sessions

  • gen5n_win2022 (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.6, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA A10G Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen5n_high (NVIDIA, high) Supports applications with moderate to high 3D scene complexity. Uses NVIDIA A10G Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 4 vCPUs, 16 GB RAM, 12 GB VRAM

    • Tenancy: Supports up to 2 concurrent stream sessions

  • gen5n_ultra (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Uses dedicated NVIDIA A10G Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen4n_win2022 (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.6, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA T4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 16 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen4n_high (NVIDIA, high) Supports applications with moderate to high 3D scene complexity. Uses NVIDIA T4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 4 vCPUs, 16 GB RAM, 8 GB VRAM

    • Tenancy: Supports up to 2 concurrent stream sessions

  • gen4n_ultra (NVIDIA, ultra) Supports applications with high 3D scene complexity. Uses dedicated NVIDIA T4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 16 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

" }, "Id":{ "shape":"Id", @@ -839,7 +843,7 @@ }, "StatusReason":{ "shape":"StreamGroupStatusReason", - "documentation":"

A short description of the reason that the stream group is in ERROR status. The possible reasons can be one of the following:

  • internalError: The request can't process right now because of an issue with the server. Try again later.

  • noAvailableInstances: Amazon GameLift Streams does not currently have enough available on-demand capacity to fulfill your request. Wait a few minutes and retry the request as capacity can shift frequently. You can also try to make the request using a different stream class or in another region.

" + "documentation":"

A short description of the reason that the stream group is in ERROR status. The possible reasons can be one of the following:

  • internalError: The request can't process right now because of an issue with the server. Try again later.

  • noAvailableInstances: Amazon GameLift Streams does not currently have enough available capacity to fulfill your request. Wait a few minutes and retry the request as capacity can shift frequently. You can also try to make the request using a different stream class or in another region.

" }, "LastUpdatedAt":{ "shape":"Timestamp", @@ -1185,7 +1189,7 @@ }, "StreamClass":{ "shape":"StreamClass", - "documentation":"

The target stream quality for the stream group.

A stream class can be one of the following:

  • gen5n_win2022 (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.4, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA A10G Tensor GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen5n_high (NVIDIA, high) Supports applications with moderate to high 3D scene complexity. Uses NVIDIA A10G Tensor GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 4 vCPUs, 16 GB RAM, 12 GB VRAM

    • Tenancy: Supports up to 2 concurrent stream sessions

  • gen5n_ultra (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Uses dedicated NVIDIA A10G Tensor GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen4n_win2022 (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.4, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA T4 Tensor GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 16 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen4n_high (NVIDIA, high) Supports applications with moderate to high 3D scene complexity. Uses NVIDIA T4 Tensor GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 4 vCPUs, 16 GB RAM, 8 GB VRAM

    • Tenancy: Supports up to 2 concurrent stream sessions

  • gen4n_ultra (NVIDIA, ultra) Supports applications with high 3D scene complexity. Uses dedicated NVIDIA T4 Tensor GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 16 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

" + "documentation":"

The target stream quality for the stream group.

A stream class can be one of the following:

  • gen6n_pro_win2022 (NVIDIA, pro) Supports applications with extremely high 3D scene complexity which require maximum resources. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.6, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA L4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 16 vCPUs, 64 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen6n_pro (NVIDIA, pro) Supports applications with extremely high 3D scene complexity which require maximum resources. Uses dedicated NVIDIA L4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 16 vCPUs, 64 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen6n_ultra_win2022 (NVIDIA, ultra) Supports applications with high 3D scene complexity. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.6, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA L4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen6n_ultra (NVIDIA, ultra) Supports applications with high 3D scene complexity. Uses dedicated NVIDIA L4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen6n_high (NVIDIA, high) Supports applications with moderate to high 3D scene complexity. Uses NVIDIA L4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 4 vCPUs, 16 GB RAM, 12 GB VRAM

    • Tenancy: Supports up to 2 concurrent stream sessions

  • gen6n_medium (NVIDIA, medium) Supports applications with moderate 3D scene complexity. Uses NVIDIA L4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 2 vCPUs, 8 GB RAM, 6 GB VRAM

    • Tenancy: Supports up to 4 concurrent stream sessions

  • gen6n_small (NVIDIA, small) Supports applications with lightweight 3D scene complexity and low CPU usage. Uses NVIDIA L4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 1 vCPUs, 4 GB RAM, 2 GB VRAM

    • Tenancy: Supports up to 12 concurrent stream sessions

  • gen5n_win2022 (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.6, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA A10G Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen5n_high (NVIDIA, high) Supports applications with moderate to high 3D scene complexity. Uses NVIDIA A10G Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 4 vCPUs, 16 GB RAM, 12 GB VRAM

    • Tenancy: Supports up to 2 concurrent stream sessions

  • gen5n_ultra (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Uses dedicated NVIDIA A10G Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen4n_win2022 (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.6, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA T4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 16 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen4n_high (NVIDIA, high) Supports applications with moderate to high 3D scene complexity. Uses NVIDIA T4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 4 vCPUs, 16 GB RAM, 8 GB VRAM

    • Tenancy: Supports up to 2 concurrent stream sessions

  • gen4n_ultra (NVIDIA, ultra) Supports applications with high 3D scene complexity. Uses dedicated NVIDIA T4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 16 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

" }, "Id":{ "shape":"Id", @@ -1197,7 +1201,7 @@ }, "StatusReason":{ "shape":"StreamGroupStatusReason", - "documentation":"

A short description of the reason that the stream group is in ERROR status. The possible reasons can be one of the following:

  • internalError: The request can't process right now because of an issue with the server. Try again later.

  • noAvailableInstances: Amazon GameLift Streams does not currently have enough available on-demand capacity to fulfill your request. Wait a few minutes and retry the request as capacity can shift frequently. You can also try to make the request using a different stream class or in another region.

" + "documentation":"

A short description of the reason that the stream group is in ERROR status. The possible reasons can be one of the following:

  • internalError: The request can't process right now because of an issue with the server. Try again later.

  • noAvailableInstances: Amazon GameLift Streams does not currently have enough available capacity to fulfill your request. Wait a few minutes and retry the request as capacity can shift frequently. You can also try to make the request using a different stream class or in another region.

" }, "LastUpdatedAt":{ "shape":"Timestamp", @@ -1297,6 +1301,10 @@ "shape":"EnvironmentVariables", "documentation":"

A set of options that you can use to control the stream session runtime environment, expressed as a set of key-value pairs. You can use this to configure the application or stream session details. You can also provide custom environment variables that Amazon GameLift Streams passes to your game client.

If you want to debug your application with environment variables, we recommend that you do so in a local environment outside of Amazon GameLift Streams. For more information, refer to the Compatibility Guidance in the troubleshooting section of the Developer Guide.

AdditionalEnvironmentVariables and AdditionalLaunchArgs have similar purposes. AdditionalEnvironmentVariables passes data using environment variables; while AdditionalLaunchArgs passes data using command-line arguments.

" }, + "PerformanceStatsConfiguration":{ + "shape":"PerformanceStatsConfiguration", + "documentation":"

The performance stats configuration for the stream session

" + }, "LogFileLocationUri":{ "shape":"FileLocationUri", "documentation":"

Access location for log files that your content generates during a stream session. These log files are uploaded to cloud storage location at the end of a stream session. The Amazon GameLift Streams application resource defines which log files to upload.

" @@ -1538,11 +1546,22 @@ }, "AlwaysOnCapacity":{ "shape":"AlwaysOnCapacity", - "documentation":"

The streaming capacity that is allocated and ready to handle stream requests without delay. You pay for this capacity whether it's in use or not. Best for quickest time from streaming request to streaming session. Default is 1 (2 for high stream classes) when creating a stream group or adding a location.

" + "documentation":"

This setting, if non-zero, indicates minimum streaming capacity which is allocated to you and is never released back to the service. You pay for this base level of capacity at all times, whether used or idle.

" }, "OnDemandCapacity":{ "shape":"OnDemandCapacity", - "documentation":"

The streaming capacity that Amazon GameLift Streams can allocate in response to stream requests, and then de-allocate when the session has terminated. This offers a cost control measure at the expense of a greater startup time (typically under 5 minutes). Default is 0 when creating a stream group or adding a location.

" + "documentation":"

This field is deprecated. Use MaximumCapacity instead. This parameter cannot be used with MaximumCapacity or TargetIdleCapacity in the same location configuration.

The streaming capacity that Amazon GameLift Streams can allocate in response to stream requests, and then de-allocate when the session has terminated. This offers a cost control measure at the expense of a greater startup time (typically under 5 minutes). Default is 0 when creating a stream group or adding a location.

", + "deprecated":true, + "deprecatedMessage":"This input field is deprecated in favor of explicit MaximumCapacity values.", + "deprecatedSince":"2025-12-17" + }, + "TargetIdleCapacity":{ + "shape":"TargetIdleCapacity", + "documentation":"

This indicates idle capacity which the service pre-allocates and holds for you in anticipation of future activity. This helps to insulate your users from capacity-allocation delays. You pay for capacity which is held in this intentional idle state.

" + }, + "MaximumCapacity":{ + "shape":"MaximumCapacity", + "documentation":"

This indicates the maximum capacity that the service can allocate for you. Newly created streams may take a few minutes to start. Capacity is released back to the service when idle. You pay for capacity that is allocated to you until it is released.

" } }, "documentation":"

Configuration settings that define a stream group's stream capacity for a location. When configuring a location for the first time, you must specify a numeric value for at least one of the two capacity types. To update the capacity for an existing stream group, call UpdateStreamGroup. To add a new location and specify its capacity, call AddStreamGroupLocations.

" @@ -1577,19 +1596,27 @@ }, "AlwaysOnCapacity":{ "shape":"AlwaysOnCapacity", - "documentation":"

The streaming capacity that is allocated and ready to handle stream requests without delay. You pay for this capacity whether it's in use or not. Best for quickest time from streaming request to streaming session. Default is 1 (2 for high stream classes) when creating a stream group or adding a location.

" + "documentation":"

This setting, if non-zero, indicates minimum streaming capacity which is allocated to you and is never released back to the service. You pay for this base level of capacity at all times, whether used or idle.

" }, "OnDemandCapacity":{ "shape":"OnDemandCapacity", "documentation":"

The streaming capacity that Amazon GameLift Streams can allocate in response to stream requests, and then de-allocate when the session has terminated. This offers a cost control measure at the expense of a greater startup time (typically under 5 minutes). Default is 0 when creating a stream group or adding a location.

" }, + "TargetIdleCapacity":{ + "shape":"TargetIdleCapacity", + "documentation":"

This indicates idle capacity which the service pre-allocates and holds for you in anticipation of future activity. This helps to insulate your users from capacity-allocation delays. You pay for capacity which is held in this intentional idle state.

" + }, + "MaximumCapacity":{ + "shape":"MaximumCapacity", + "documentation":"

This indicates the maximum capacity that the service can allocate for you. Newly created streams may take a few minutes to start. Capacity is released back to the service when idle. You pay for capacity that is allocated to you until it is released.

" + }, "RequestedCapacity":{ "shape":"CapacityValue", "documentation":"

This value is the always-on capacity that you most recently requested for a stream group. You request capacity separately for each location in a stream group. In response to an increase in requested capacity, Amazon GameLift Streams attempts to provision compute resources to make the stream group's allocated capacity meet requested capacity. When always-on capacity is decreased, it can take a few minutes to deprovision allocated capacity to match the requested capacity.

" }, "AllocatedCapacity":{ "shape":"CapacityValue", - "documentation":"

This value is the stream capacity that Amazon GameLift Streams has provisioned in a stream group that can respond immediately to stream requests. It includes resources that are currently streaming and resources that are idle and ready to respond to stream requests. You pay for this capacity whether it's in use or not. After making changes to capacity, it can take a few minutes for the allocated capacity count to reflect the change while compute resources are allocated or deallocated. Similarly, when allocated on-demand capacity is no longer needed, it can take a few minutes for Amazon GameLift Streams to spin down the allocated capacity.

" + "documentation":"

This value is the stream capacity that Amazon GameLift Streams has provisioned in a stream group that can respond immediately to stream requests. It includes resources that are currently streaming and resources that are idle and ready to respond to stream requests. When target-idle capacity is configured, the idle resources include the capacity buffer maintained beyond ongoing sessions. You pay for this capacity whether it's in use or not. After making changes to capacity, it can take a few minutes for the allocated capacity count to reflect the change while compute resources are allocated or deallocated. Similarly, when allocated on-demand capacity is no longer needed, it can take a few minutes for Amazon GameLift Streams to spin down the allocated capacity.

" }, "IdleCapacity":{ "shape":"CapacityValue", @@ -1614,6 +1641,11 @@ "max":100, "min":1 }, + "MaximumCapacity":{ + "type":"integer", + "box":true, + "min":0 + }, "NextToken":{"type":"string"}, "OnDemandCapacity":{ "type":"integer", @@ -1626,6 +1658,16 @@ "min":0, "pattern":"s3://.*(/|\\.zip|\\.ZIP)" }, + "PerformanceStatsConfiguration":{ + "type":"structure", + "members":{ + "SharedWithClient":{ + "shape":"Boolean", + "documentation":"

Performance stats for the session are streamed to the client when set to true. Defaults to false.

" + } + }, + "documentation":"

Configuration settings for sharing the stream session's performance stats with the client

" + }, "Protocol":{ "type":"string", "enum":["WebRTC"] @@ -1813,6 +1855,10 @@ "AdditionalEnvironmentVariables":{ "shape":"EnvironmentVariables", "documentation":"

A set of options that you can use to control the stream session runtime environment, expressed as a set of key-value pairs. You can use this to configure the application or stream session details. You can also provide custom environment variables that Amazon GameLift Streams passes to your game client.

If you want to debug your application with environment variables, we recommend that you do so in a local environment outside of Amazon GameLift Streams. For more information, refer to the Compatibility Guidance in the troubleshooting section of the Developer Guide.

AdditionalEnvironmentVariables and AdditionalLaunchArgs have similar purposes. AdditionalEnvironmentVariables passes data using environment variables; while AdditionalLaunchArgs passes data using command-line arguments.

" + }, + "PerformanceStatsConfiguration":{ + "shape":"PerformanceStatsConfiguration", + "documentation":"

Configuration settings for sharing the stream session's performance stats with the client

" } } }, @@ -1875,6 +1921,10 @@ "shape":"EnvironmentVariables", "documentation":"

A set of options that you can use to control the stream session runtime environment, expressed as a set of key-value pairs. You can use this to configure the application or stream session details. You can also provide custom environment variables that Amazon GameLift Streams passes to your game client.

If you want to debug your application with environment variables, we recommend that you do so in a local environment outside of Amazon GameLift Streams. For more information, refer to the Compatibility Guidance in the troubleshooting section of the Developer Guide.

AdditionalEnvironmentVariables and AdditionalLaunchArgs have similar purposes. AdditionalEnvironmentVariables passes data using environment variables; while AdditionalLaunchArgs passes data using command-line arguments.

" }, + "PerformanceStatsConfiguration":{ + "shape":"PerformanceStatsConfiguration", + "documentation":"

The performance stats configuration for the stream session

" + }, "LogFileLocationUri":{ "shape":"FileLocationUri", "documentation":"

Access location for log files that your content generates during a stream session. These log files are uploaded to cloud storage location at the end of a stream session. The Amazon GameLift Streams application resource defines which log files to upload.

" @@ -1909,7 +1959,14 @@ "gen4n_win2022", "gen5n_high", "gen5n_ultra", - "gen5n_win2022" + "gen5n_win2022", + "gen6n_small", + "gen6n_medium", + "gen6n_high", + "gen6n_ultra", + "gen6n_ultra_win2022", + "gen6n_pro", + "gen6n_pro_win2022" ] }, "StreamGroupLocationStatus":{ @@ -1962,7 +2019,7 @@ }, "StreamClass":{ "shape":"StreamClass", - "documentation":"

The target stream quality for the stream group.

A stream class can be one of the following:

  • gen5n_win2022 (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.4, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA A10G Tensor GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen5n_high (NVIDIA, high) Supports applications with moderate to high 3D scene complexity. Uses NVIDIA A10G Tensor GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 4 vCPUs, 16 GB RAM, 12 GB VRAM

    • Tenancy: Supports up to 2 concurrent stream sessions

  • gen5n_ultra (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Uses dedicated NVIDIA A10G Tensor GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen4n_win2022 (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.4, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA T4 Tensor GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 16 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen4n_high (NVIDIA, high) Supports applications with moderate to high 3D scene complexity. Uses NVIDIA T4 Tensor GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 4 vCPUs, 16 GB RAM, 8 GB VRAM

    • Tenancy: Supports up to 2 concurrent stream sessions

  • gen4n_ultra (NVIDIA, ultra) Supports applications with high 3D scene complexity. Uses dedicated NVIDIA T4 Tensor GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 16 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

" + "documentation":"

The target stream quality for the stream group.

A stream class can be one of the following:

  • gen6n_pro_win2022 (NVIDIA, pro) Supports applications with extremely high 3D scene complexity which require maximum resources. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.6, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA L4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 16 vCPUs, 64 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen6n_pro (NVIDIA, pro) Supports applications with extremely high 3D scene complexity which require maximum resources. Uses dedicated NVIDIA L4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 16 vCPUs, 64 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen6n_ultra_win2022 (NVIDIA, ultra) Supports applications with high 3D scene complexity. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.6, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA L4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen6n_ultra (NVIDIA, ultra) Supports applications with high 3D scene complexity. Uses dedicated NVIDIA L4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen6n_high (NVIDIA, high) Supports applications with moderate to high 3D scene complexity. Uses NVIDIA L4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 4 vCPUs, 16 GB RAM, 12 GB VRAM

    • Tenancy: Supports up to 2 concurrent stream sessions

  • gen6n_medium (NVIDIA, medium) Supports applications with moderate 3D scene complexity. Uses NVIDIA L4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 2 vCPUs, 8 GB RAM, 6 GB VRAM

    • Tenancy: Supports up to 4 concurrent stream sessions

  • gen6n_small (NVIDIA, small) Supports applications with lightweight 3D scene complexity and low CPU usage. Uses NVIDIA L4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 1 vCPUs, 4 GB RAM, 2 GB VRAM

    • Tenancy: Supports up to 12 concurrent stream sessions

  • gen5n_win2022 (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.6, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA A10G Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen5n_high (NVIDIA, high) Supports applications with moderate to high 3D scene complexity. Uses NVIDIA A10G Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 4 vCPUs, 16 GB RAM, 12 GB VRAM

    • Tenancy: Supports up to 2 concurrent stream sessions

  • gen5n_ultra (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Uses dedicated NVIDIA A10G Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen4n_win2022 (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.6, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA T4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 16 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen4n_high (NVIDIA, high) Supports applications with moderate to high 3D scene complexity. Uses NVIDIA T4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 4 vCPUs, 16 GB RAM, 8 GB VRAM

    • Tenancy: Supports up to 2 concurrent stream sessions

  • gen4n_ultra (NVIDIA, ultra) Supports applications with high 3D scene complexity. Uses dedicated NVIDIA T4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 16 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

" }, "Status":{ "shape":"StreamGroupStatus", @@ -2030,6 +2087,10 @@ "shape":"StreamSessionStatus", "documentation":"

The current status of the stream session resource.

  • ACTIVATING: The stream session is starting and preparing to stream.

  • ACTIVE: The stream session is ready and waiting for a client connection. A client has ConnectionTimeoutSeconds (specified in StartStreamSession) from when the session reaches ACTIVE state to establish a connection. If no client connects within this timeframe, the session automatically terminates.

  • CONNECTED: The stream session has a connected client. A session will automatically terminate if there is no user input for 60 minutes, or if the maximum length of a session specified by SessionLengthSeconds in StartStreamSession is exceeded.

  • ERROR: The stream session failed to activate. See StatusReason (returned by GetStreamSession and StartStreamSession) for more information.

  • PENDING_CLIENT_RECONNECTION: A client has recently disconnected and the stream session is waiting for the client to reconnect. A client has ConnectionTimeoutSeconds (specified in StartStreamSession) from when the session reaches PENDING_CLIENT_RECONNECTION state to re-establish a connection. If no client connects within this timeframe, the session automatically terminates.

  • RECONNECTING: A client has initiated a reconnect to a session that was in PENDING_CLIENT_RECONNECTION state.

  • TERMINATING: The stream session is ending.

  • TERMINATED: The stream session has ended.

" }, + "StatusReason":{ + "shape":"StreamSessionStatusReason", + "documentation":"

A short description of the reason the stream session is in ERROR status or TERMINATED status.

ERROR status reasons:

  • applicationLogS3DestinationError: Could not write the application log to the Amazon S3 bucket that is configured for the streaming application. Make sure the bucket still exists.

  • internalError: An internal service error occurred. Start a new stream session to continue streaming.

  • invalidSignalRequest: The WebRTC signal request that was sent is not valid. When starting or reconnecting to a stream session, use generateSignalRequest in the Amazon GameLift Streams Web SDK to generate a new signal request.

  • placementTimeout: Amazon GameLift Streams could not find available stream capacity to start a stream session. Increase the stream capacity in the stream group or wait until capacity becomes available.

TERMINATED status reasons:

  • apiTerminated: The stream session was terminated by an API call to TerminateStreamSession.

  • applicationExit: The streaming application exited or crashed. The stream session was terminated because the application is no longer running.

  • connectionTimeout: The stream session was terminated because the client failed to connect within the connection timeout period specified by ConnectionTimeoutSeconds.

  • idleTimeout: The stream session was terminated because it exceeded the idle timeout period of 60 minutes with no user input activity.

  • maxSessionLengthTimeout: The stream session was terminated because it exceeded the maximum session length timeout period specified by SessionLengthSeconds.

  • reconnectionTimeout: The stream session was terminated because the client failed to reconnect within the reconnection timeout period specified by ConnectionTimeoutSeconds after losing connection.

" + }, "Protocol":{ "shape":"Protocol", "documentation":"

The data transfer protocol in use with the stream session.

" @@ -2108,6 +2169,11 @@ "max":50, "min":1 }, + "TargetIdleCapacity":{ + "type":"integer", + "box":true, + "min":0 + }, "TerminateStreamSessionInput":{ "type":"structure", "required":[ @@ -2304,7 +2370,7 @@ }, "StreamClass":{ "shape":"StreamClass", - "documentation":"

The target stream quality for the stream group.

A stream class can be one of the following:

  • gen5n_win2022 (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.4, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA A10G Tensor GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen5n_high (NVIDIA, high) Supports applications with moderate to high 3D scene complexity. Uses NVIDIA A10G Tensor GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 4 vCPUs, 16 GB RAM, 12 GB VRAM

    • Tenancy: Supports up to 2 concurrent stream sessions

  • gen5n_ultra (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Uses dedicated NVIDIA A10G Tensor GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen4n_win2022 (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.4, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA T4 Tensor GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 16 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen4n_high (NVIDIA, high) Supports applications with moderate to high 3D scene complexity. Uses NVIDIA T4 Tensor GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 4 vCPUs, 16 GB RAM, 8 GB VRAM

    • Tenancy: Supports up to 2 concurrent stream sessions

  • gen4n_ultra (NVIDIA, ultra) Supports applications with high 3D scene complexity. Uses dedicated NVIDIA T4 Tensor GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 16 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

" + "documentation":"

The target stream quality for the stream group.

A stream class can be one of the following:

  • gen6n_pro_win2022 (NVIDIA, pro) Supports applications with extremely high 3D scene complexity which require maximum resources. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.6, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA L4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 16 vCPUs, 64 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen6n_pro (NVIDIA, pro) Supports applications with extremely high 3D scene complexity which require maximum resources. Uses dedicated NVIDIA L4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 16 vCPUs, 64 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen6n_ultra_win2022 (NVIDIA, ultra) Supports applications with high 3D scene complexity. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.6, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA L4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen6n_ultra (NVIDIA, ultra) Supports applications with high 3D scene complexity. Uses dedicated NVIDIA L4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen6n_high (NVIDIA, high) Supports applications with moderate to high 3D scene complexity. Uses NVIDIA L4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 4 vCPUs, 16 GB RAM, 12 GB VRAM

    • Tenancy: Supports up to 2 concurrent stream sessions

  • gen6n_medium (NVIDIA, medium) Supports applications with moderate 3D scene complexity. Uses NVIDIA L4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 2 vCPUs, 8 GB RAM, 6 GB VRAM

    • Tenancy: Supports up to 4 concurrent stream sessions

  • gen6n_small (NVIDIA, small) Supports applications with lightweight 3D scene complexity and low CPU usage. Uses NVIDIA L4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 1 vCPUs, 4 GB RAM, 2 GB VRAM

    • Tenancy: Supports up to 12 concurrent stream sessions

  • gen5n_win2022 (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.6, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA A10G Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen5n_high (NVIDIA, high) Supports applications with moderate to high 3D scene complexity. Uses NVIDIA A10G Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 4 vCPUs, 16 GB RAM, 12 GB VRAM

    • Tenancy: Supports up to 2 concurrent stream sessions

  • gen5n_ultra (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Uses dedicated NVIDIA A10G Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen4n_win2022 (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.6, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA T4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 16 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

  • gen4n_high (NVIDIA, high) Supports applications with moderate to high 3D scene complexity. Uses NVIDIA T4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 4 vCPUs, 16 GB RAM, 8 GB VRAM

    • Tenancy: Supports up to 2 concurrent stream sessions

  • gen4n_ultra (NVIDIA, ultra) Supports applications with high 3D scene complexity. Uses dedicated NVIDIA T4 Tensor Core GPU.

    • Reference resolution: 1080p

    • Reference frame rate: 60 fps

    • Workload specifications: 8 vCPUs, 32 GB RAM, 16 GB VRAM

    • Tenancy: Supports 1 concurrent stream session

" }, "Id":{ "shape":"Id", @@ -2316,7 +2382,7 @@ }, "StatusReason":{ "shape":"StreamGroupStatusReason", - "documentation":"

A short description of the reason that the stream group is in ERROR status. The possible reasons can be one of the following:

  • internalError: The request can't process right now because of an issue with the server. Try again later.

  • noAvailableInstances: Amazon GameLift Streams does not currently have enough available on-demand capacity to fulfill your request. Wait a few minutes and retry the request as capacity can shift frequently. You can also try to make the request using a different stream class or in another region.

" + "documentation":"

A short description of the reason that the stream group is in ERROR status. The possible reasons can be one of the following:

  • internalError: The request can't process right now because of an issue with the server. Try again later.

  • noAvailableInstances: Amazon GameLift Streams does not currently have enough available capacity to fulfill your request. Wait a few minutes and retry the request as capacity can shift frequently. You can also try to make the request using a different stream class or in another region.

" }, "LastUpdatedAt":{ "shape":"Timestamp", diff --git a/awscli/botocore/data/guardduty/2017-11-28/service-2.json b/awscli/botocore/data/guardduty/2017-11-28/service-2.json index 6c93955e9ba8..fcd1daa79bfc 100644 --- a/awscli/botocore/data/guardduty/2017-11-28/service-2.json +++ b/awscli/botocore/data/guardduty/2017-11-28/service-2.json @@ -9221,6 +9221,11 @@ "documentation":"

The Amazon Resource Name (ARN) that identifies the database instance involved in the finding.

", "locationName":"dbInstanceArn" }, + "DbiResourceId":{ + "shape":"String", + "documentation":"

The unique ID of the database resource involved in the activity that prompted GuardDuty to generate the finding.

", + "locationName":"dbiResourceId" + }, "Tags":{ "shape":"Tags", "documentation":"

Information about the tag key-value pairs.

", diff --git a/awscli/botocore/data/inspector-scan/2023-08-08/service-2.json b/awscli/botocore/data/inspector-scan/2023-08-08/service-2.json index c1cfffd58ad3..dc0d26a9f4ac 100644 --- a/awscli/botocore/data/inspector-scan/2023-08-08/service-2.json +++ b/awscli/botocore/data/inspector-scan/2023-08-08/service-2.json @@ -2,9 +2,10 @@ "version":"2.0", "metadata":{ "apiVersion":"2023-08-08", + "auth":["aws.auth#sigv4"], "endpointPrefix":"inspector-scan", - "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceAbbreviation":"inspector-scan", "serviceFullName":"Inspector Scan", "serviceId":"Inspector Scan", @@ -28,7 +29,7 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Scans a provided CycloneDX 1.5 SBOM and reports on any vulnerabilities discovered in that SBOM. You can generate compatible SBOMs for your resources using the Amazon Inspector SBOM generator.

", + "documentation":"

Scans a provided CycloneDX 1.5 SBOM and reports on any vulnerabilities discovered in that SBOM. You can generate compatible SBOMs for your resources using the Amazon Inspector SBOM generator.

The output of this action reports NVD and CVSS scores when NVD and CVSS scores are available. Because the output reports both scores, you might notice a discrepency between them. However, you can triage the severity of either score depending on the vendor of your choosing.

", "idempotent":true } }, @@ -86,13 +87,13 @@ "type":"string", "enum":[ "CYCLONE_DX_1_5", - "INSPECTOR" + "INSPECTOR", + "INSPECTOR_ALT" ] }, "Sbom":{ "type":"structure", - "members":{ - }, + "members":{}, "document":true }, "ScanSbomRequest":{ @@ -101,7 +102,7 @@ "members":{ "sbom":{ "shape":"Sbom", - "documentation":"

The JSON file for the SBOM you want to scan. The SBOM must be in CycloneDX 1.5 format.

" + "documentation":"

The JSON file for the SBOM you want to scan. The SBOM must be in CycloneDX 1.5 format. This format limits you to passing 2000 components before throwing a ValidException error.

" }, "outputFormat":{ "shape":"OutputFormat", diff --git a/awscli/botocore/data/kafkaconnect/2021-09-14/service-2.json b/awscli/botocore/data/kafkaconnect/2021-09-14/service-2.json index 4cb6bb79e6fc..c24afee203c5 100644 --- a/awscli/botocore/data/kafkaconnect/2021-09-14/service-2.json +++ b/awscli/botocore/data/kafkaconnect/2021-09-14/service-2.json @@ -24,8 +24,8 @@ "input":{"shape":"CreateConnectorRequest"}, "output":{"shape":"CreateConnectorResponse"}, "errors":[ - {"shape":"NotFoundException"}, {"shape":"ConflictException"}, + {"shape":"NotFoundException"}, {"shape":"BadRequestException"}, {"shape":"ForbiddenException"}, {"shape":"ServiceUnavailableException"}, @@ -45,8 +45,8 @@ "input":{"shape":"CreateCustomPluginRequest"}, "output":{"shape":"CreateCustomPluginResponse"}, "errors":[ - {"shape":"NotFoundException"}, {"shape":"ConflictException"}, + {"shape":"NotFoundException"}, {"shape":"BadRequestException"}, {"shape":"ForbiddenException"}, {"shape":"ServiceUnavailableException"}, @@ -66,8 +66,8 @@ "input":{"shape":"CreateWorkerConfigurationRequest"}, "output":{"shape":"CreateWorkerConfigurationResponse"}, "errors":[ - {"shape":"NotFoundException"}, {"shape":"ConflictException"}, + {"shape":"NotFoundException"}, {"shape":"BadRequestException"}, {"shape":"ForbiddenException"}, {"shape":"ServiceUnavailableException"}, @@ -158,7 +158,8 @@ {"shape":"UnauthorizedException"}, {"shape":"InternalServerErrorException"} ], - "documentation":"

Returns summary information about the connector.

" + "documentation":"

Returns summary information about the connector.

", + "readonly":true }, "DescribeConnectorOperation":{ "name":"DescribeConnectorOperation", @@ -178,7 +179,8 @@ {"shape":"UnauthorizedException"}, {"shape":"InternalServerErrorException"} ], - "documentation":"

Returns information about the specified connector's operations.

" + "documentation":"

Returns information about the specified connector's operations.

", + "readonly":true }, "DescribeCustomPlugin":{ "name":"DescribeCustomPlugin", @@ -198,7 +200,8 @@ {"shape":"UnauthorizedException"}, {"shape":"InternalServerErrorException"} ], - "documentation":"

A summary description of the custom plugin.

" + "documentation":"

A summary description of the custom plugin.

", + "readonly":true }, "DescribeWorkerConfiguration":{ "name":"DescribeWorkerConfiguration", @@ -218,7 +221,8 @@ {"shape":"UnauthorizedException"}, {"shape":"InternalServerErrorException"} ], - "documentation":"

Returns information about a worker configuration.

" + "documentation":"

Returns information about a worker configuration.

", + "readonly":true }, "ListConnectorOperations":{ "name":"ListConnectorOperations", @@ -238,7 +242,8 @@ {"shape":"UnauthorizedException"}, {"shape":"InternalServerErrorException"} ], - "documentation":"

Lists information about a connector's operation(s).

" + "documentation":"

Lists information about a connector's operation(s).

", + "readonly":true }, "ListConnectors":{ "name":"ListConnectors", @@ -258,7 +263,8 @@ {"shape":"UnauthorizedException"}, {"shape":"InternalServerErrorException"} ], - "documentation":"

Returns a list of all the connectors in this account and Region. The list is limited to connectors whose name starts with the specified prefix. The response also includes a description of each of the listed connectors.

" + "documentation":"

Returns a list of all the connectors in this account and Region. The list is limited to connectors whose name starts with the specified prefix. The response also includes a description of each of the listed connectors.

", + "readonly":true }, "ListCustomPlugins":{ "name":"ListCustomPlugins", @@ -278,7 +284,8 @@ {"shape":"UnauthorizedException"}, {"shape":"InternalServerErrorException"} ], - "documentation":"

Returns a list of all of the custom plugins in this account and Region.

" + "documentation":"

Returns a list of all of the custom plugins in this account and Region.

", + "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -298,7 +305,8 @@ {"shape":"UnauthorizedException"}, {"shape":"InternalServerErrorException"} ], - "documentation":"

Lists all the tags attached to the specified resource.

" + "documentation":"

Lists all the tags attached to the specified resource.

", + "readonly":true }, "ListWorkerConfigurations":{ "name":"ListWorkerConfigurations", @@ -318,7 +326,8 @@ {"shape":"UnauthorizedException"}, {"shape":"InternalServerErrorException"} ], - "documentation":"

Returns a list of all of the worker configurations in this account and Region.

" + "documentation":"

Returns a list of all of the worker configurations in this account and Region.

", + "readonly":true }, "TagResource":{ "name":"TagResource", @@ -330,8 +339,8 @@ "input":{"shape":"TagResourceRequest"}, "output":{"shape":"TagResourceResponse"}, "errors":[ - {"shape":"NotFoundException"}, {"shape":"ConflictException"}, + {"shape":"NotFoundException"}, {"shape":"BadRequestException"}, {"shape":"ForbiddenException"}, {"shape":"ServiceUnavailableException"}, @@ -381,7 +390,7 @@ {"shape":"UnauthorizedException"}, {"shape":"InternalServerErrorException"} ], - "documentation":"

Updates the specified connector.

", + "documentation":"

Updates the specified connector. For request body, specify only one parameter: either capacity or connectorConfiguration.

", "idempotent":true } }, @@ -757,6 +766,10 @@ "shape":"LogDeliveryDescription", "documentation":"

The settings for delivering connector logs to Amazon CloudWatch Logs.

" }, + "networkType":{ + "shape":"NetworkType", + "documentation":"

The network type of the connector. It gives connectors connectivity to either IPv4 (IPV4) or IPv4 and IPv6 (DUAL) destinations. Defaults to IPV4.

" + }, "plugins":{ "shape":"__listOfPluginDescription", "documentation":"

Specifies which plugins were used for this connector.

" @@ -822,9 +835,13 @@ "shape":"LogDelivery", "documentation":"

Details about log delivery.

" }, + "networkType":{ + "shape":"NetworkType", + "documentation":"

The network type of the connector. It gives connectors connectivity to either IPv4 (IPV4) or IPv4 and IPv6 (DUAL) destinations. Defaults to IPV4.

" + }, "plugins":{ "shape":"__listOfPlugin", - "documentation":"

Amazon MSK Connect does not currently support specifying multiple plugins as a list. To use more than one plugin for your connector, you can create a single custom plugin using a ZIP file that bundles multiple plugins together.

Specifies which plugin to use for the connector. You must specify a single-element list containing one customPlugin object.

" + "documentation":"

Amazon MSK Connect does not currently support specifying multiple plugins as a list. To use more than one plugin for your connector, you can create a single custom plugin using a ZIP file that bundles multiple plugins together.

Specifies which plugin to use for the connector. You must specify a single-element list containing one customPlugin object.

" }, "serviceExecutionRoleArn":{ "shape":"__string", @@ -1313,6 +1330,10 @@ "shape":"LogDeliveryDescription", "documentation":"

Details about delivering logs to Amazon CloudWatch Logs.

" }, + "networkType":{ + "shape":"NetworkType", + "documentation":"

The network type of the connector. It gives connectors connectivity to either IPv4 (IPV4) or IPv4 and IPv6 (DUAL) destinations. Defaults to IPV4.

" + }, "plugins":{ "shape":"__listOfPluginDescription", "documentation":"

Specifies which plugins were used for this connector.

" @@ -1738,6 +1759,14 @@ "max":100, "min":1 }, + "NetworkType":{ + "type":"string", + "documentation":"

The network type of a connector.

", + "enum":[ + "IPV4", + "DUAL" + ] + }, "NotFoundException":{ "type":"structure", "members":{ @@ -2018,8 +2047,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -2080,8 +2108,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateConnectorRequest":{ "type":"structure", diff --git a/awscli/botocore/data/mediaconvert/2017-08-29/service-2.json b/awscli/botocore/data/mediaconvert/2017-08-29/service-2.json index 692571747709..a598ecceb06e 100644 --- a/awscli/botocore/data/mediaconvert/2017-08-29/service-2.json +++ b/awscli/botocore/data/mediaconvert/2017-08-29/service-2.json @@ -2146,7 +2146,7 @@ }, "AudioDefaultSelection": { "type": "string", - "documentation": "Enable this setting on one audio selector to set it as the default for the job. The service uses this default for outputs where it can't find the specified input audio. If you don't set a default, those outputs have no audio.", + "documentation": "Specify a fallback audio selector for this input. Use to ensure outputs have audio even when the audio selector you specify in your output is missing from the source. DEFAULT (Checked in the MediaConvert console): If your output settings specify an audio selector that does not exist in this input, MediaConvert uses this audio selector instead. This is useful when you have multiple inputs with a different number of audio tracks. NOT_DEFAULT (Unchecked in the MediaConvert console): MediaConvert will not fallback from any missing audio selector. Any output specifying a missing audio selector will be silent.", "enum": [ "DEFAULT", "NOT_DEFAULT" @@ -2375,7 +2375,7 @@ "DefaultSelection": { "shape": "AudioDefaultSelection", "locationName": "defaultSelection", - "documentation": "Enable this setting on one audio selector to set it as the default for the job. The service uses this default for outputs where it can't find the specified input audio. If you don't set a default, those outputs have no audio." + "documentation": "Specify a fallback audio selector for this input. Use to ensure outputs have audio even when the audio selector you specify in your output is missing from the source. DEFAULT (Checked in the MediaConvert console): If your output settings specify an audio selector that does not exist in this input, MediaConvert uses this audio selector instead. This is useful when you have multiple inputs with a different number of audio tracks. NOT_DEFAULT (Unchecked in the MediaConvert console): MediaConvert will not fallback from any missing audio selector. Any output specifying a missing audio selector will be silent." }, "ExternalAudioFileInput": { "shape": "__stringPatternS3Https", @@ -3400,7 +3400,8 @@ "TELETEXT", "NULL_SOURCE", "IMSC", - "WEBVTT" + "WEBVTT", + "TT_3GPP" ] }, "CaptionSourceUpconvertSTLToTeletext": { @@ -7284,6 +7285,22 @@ "FOLLOW_BOTTOM_FIELD" ] }, + "H265MvOverPictureBoundaries": { + "type": "string", + "documentation": "If you are setting up the picture as a tile, you must set this to \"disabled\". In all other configurations, you typically enter \"enabled\".", + "enum": [ + "ENABLED", + "DISABLED" + ] + }, + "H265MvTemporalPredictor": { + "type": "string", + "documentation": "If you are setting up the picture as a tile, you must set this to \"disabled\". In other configurations, you typically enter \"enabled\".", + "enum": [ + "ENABLED", + "DISABLED" + ] + }, "H265ParControl": { "type": "string", "documentation": "Optional. Specify how the service determines the pixel aspect ratio (PAR) for this output. The default behavior, Follow source, uses the PAR from your input video for your output. To specify a different PAR, choose any value other than Follow source. When you choose SPECIFIED for this setting, you must also specify values for the parNumerator and parDenominator settings.", @@ -7480,6 +7497,16 @@ "locationName": "minIInterval", "documentation": "Specify the minimum number of frames allowed between two IDR-frames in your output. This includes frames created at the start of a GOP or a scene change. Use Min I-Interval to improve video compression by varying GOP size when two IDR-frames would be created near each other. For example, if a regular cadence-driven IDR-frame would fall within 5 frames of a scene-change IDR-frame, and you set Min I-interval to 5, then the encoder would only write an IDR-frame for the scene-change. In this way, one GOP is shortened or extended. If a cadence-driven IDR-frame would be further than 5 frames from a scene-change IDR-frame, then the encoder leaves all IDR-frames in place. To use an automatically determined interval: We recommend that you keep this value blank. This allows for MediaConvert to use an optimal setting according to the characteristics of your input video, and results in better video compression. To manually specify an interval: Enter a value from 1 to 30. Use when your downstream systems have specific GOP size requirements. To disable GOP size variance: Enter 0. MediaConvert will only create IDR-frames at the start of your output's cadence-driven GOP. Use when your downstream systems require a regular GOP size." }, + "MvOverPictureBoundaries": { + "shape": "H265MvOverPictureBoundaries", + "locationName": "mvOverPictureBoundaries", + "documentation": "If you are setting up the picture as a tile, you must set this to \"disabled\". In all other configurations, you typically enter \"enabled\"." + }, + "MvTemporalPredictor": { + "shape": "H265MvTemporalPredictor", + "locationName": "mvTemporalPredictor", + "documentation": "If you are setting up the picture as a tile, you must set this to \"disabled\". In other configurations, you typically enter \"enabled\"." + }, "NumberBFramesBetweenReferenceFrames": { "shape": "__integerMin0Max7", "locationName": "numberBFramesBetweenReferenceFrames", @@ -7570,11 +7597,31 @@ "locationName": "temporalIds", "documentation": "Enables temporal layer identifiers in the encoded bitstream. Up to 3 layers are supported depending on GOP structure: I- and P-frames form one layer, reference B-frames can form a second layer and non-reference b-frames can form a third layer. Decoders can optionally decode only the lower temporal layers to generate a lower frame rate output. For example, given a bitstream with temporal IDs and with b-frames = 1 (i.e. IbPbPb display order), a decoder could decode all the frames for full frame rate output or only the I and P frames (lowest temporal layer) for a half frame rate output." }, + "TileHeight": { + "shape": "__integerMin64Max2160", + "locationName": "tileHeight", + "documentation": "Set this field to set up the picture as a tile. You must also set TileWidth. The tile height must result in 22 or fewer rows in the frame. The tile width must result in 20 or fewer columns in the frame. And finally, the product of the column count and row count must be 64 or less. If the tile width and height are specified, MediaConvert will override the video codec slices field with a value that MediaConvert calculates." + }, + "TilePadding": { + "shape": "H265TilePadding", + "locationName": "tilePadding", + "documentation": "Set to \"padded\" to force MediaConvert to add padding to the frame, to obtain a frame that is a whole multiple of the tile size. If you are setting up the picture as a tile, you must enter \"padded\". In all other configurations, you typically enter \"none\"." + }, + "TileWidth": { + "shape": "__integerMin256Max3840", + "locationName": "tileWidth", + "documentation": "Set this field to set up the picture as a tile. See TileHeight for more information." + }, "Tiles": { "shape": "H265Tiles", "locationName": "tiles", "documentation": "Enable use of tiles, allowing horizontal as well as vertical subdivision of the encoded pictures." }, + "TreeBlockSize": { + "shape": "H265TreeBlockSize", + "locationName": "treeBlockSize", + "documentation": "Select the tree block size used for encoding. If you enter \"auto\", the encoder will pick the best size. If you are setting up the picture as a tile, you must set this to 32x32. In all other configurations, you typically enter \"auto\"." + }, "UnregisteredSeiTimecode": { "shape": "H265UnregisteredSeiTimecode", "locationName": "unregisteredSeiTimecode", @@ -7629,6 +7676,14 @@ "ENABLED" ] }, + "H265TilePadding": { + "type": "string", + "documentation": "Set to \"padded\" to force MediaConvert to add padding to the frame, to obtain a frame that is a whole multiple of the tile size. If you are setting up the picture as a tile, you must enter \"padded\". In all other configurations, you typically enter \"none\".", + "enum": [ + "NONE", + "PADDED" + ] + }, "H265Tiles": { "type": "string", "documentation": "Enable use of tiles, allowing horizontal as well as vertical subdivision of the encoded pictures.", @@ -7637,6 +7692,14 @@ "ENABLED" ] }, + "H265TreeBlockSize": { + "type": "string", + "documentation": "Select the tree block size used for encoding. If you enter \"auto\", the encoder will pick the best size. If you are setting up the picture as a tile, you must set this to 32x32. In all other configurations, you typically enter \"auto\".", + "enum": [ + "AUTO", + "TREE_SIZE_32X32" + ] + }, "H265UnregisteredSeiTimecode": { "type": "string", "documentation": "Inserts timecode for each frame as 4 bytes of an unregistered SEI message.", @@ -8830,6 +8893,11 @@ "locationName": "height", "documentation": "Specify the height, in pixels, for your video generator input. This is useful for positioning when you include one or more video overlays for this input. To use the default resolution 540x360: Leave both width and height blank. To specify a height: Enter an even integer from 32 to 8192. When you do, you must also specify a value for width." }, + "ImageInput": { + "shape": "__stringMin14PatternS3BmpBMPPngPNGTgaTGAHttpsBmpBMPPngPNGTgaTGA", + "locationName": "imageInput", + "documentation": "Specify the HTTP, HTTPS, or Amazon S3 location of the image that you want to overlay on the video. Use a PNG or TGA file." + }, "SampleRate": { "shape": "__integerMin32000Max48000", "locationName": "sampleRate", @@ -14145,6 +14213,11 @@ "VideoOverlayInput": { "type": "structure", "members": { + "AudioSelectors": { + "shape": "__mapOfAudioSelector", + "locationName": "audioSelectors", + "documentation": "Use Audio selectors to specify audio to use during your Video overlay. You can use multiple Audio selectors per Video overlay. When you include an Audio selector within a Video overlay, MediaConvert mutes any Audio selectors with the same name from the underlying input. For example, if your underlying input has Audio selector 1 and Audio selector 2, and your Video overlay only has Audio selector 1, then MediaConvert replaces all audio for Audio selector 1 during the Video overlay. To replace all audio for all Audio selectors from the underlying input by using a single Audio selector in your overlay, set DefaultSelection to DEFAULT (Check \\\"Use as default\\\" in the MediaConvert console)." + }, "FileInput": { "shape": "__stringPatternS3Https", "locationName": "fileInput", @@ -15601,6 +15674,11 @@ "min": 24, "max": 60000 }, + "__integerMin256Max3840": { + "type": "integer", + "min": 256, + "max": 3840 + }, "__integerMin25Max10000": { "type": "integer", "min": 25, @@ -15681,6 +15759,11 @@ "min": 64000, "max": 640000 }, + "__integerMin64Max2160": { + "type": "integer", + "min": 64, + "max": 2160 + }, "__integerMin6Max16": { "type": "integer", "min": 6, diff --git a/awscli/botocore/data/mediapackagev2/2022-12-25/service-2.json b/awscli/botocore/data/mediapackagev2/2022-12-25/service-2.json index 7c56910e5085..94c42e7b5496 100644 --- a/awscli/botocore/data/mediapackagev2/2022-12-25/service-2.json +++ b/awscli/botocore/data/mediapackagev2/2022-12-25/service-2.json @@ -3818,10 +3818,20 @@ "Url":{ "shape":"SpekeKeyProviderUrlString", "documentation":"

The URL of the API Gateway proxy that you set up to talk to your key server. The API Gateway proxy must reside in the same AWS Region as MediaPackage and must start with https://.

The following example shows a URL: https://1wm2dx1f33.execute-api.us-west-2.amazonaws.com/SpekeSample/copyProtection

" + }, + "CertificateArn":{ + "shape":"SpekeKeyProviderCertificateArnString", + "documentation":"

The ARN for the certificate that you imported to AWS Certificate Manager to add content key encryption to this endpoint. For this feature to work, your DRM key provider must support content key encryption.

" } }, "documentation":"

The parameters for the SPEKE key provider.

" }, + "SpekeKeyProviderCertificateArnString":{ + "type":"string", + "max":2048, + "min":20, + "pattern":"arn:([^:\\n]+):acm:([^:\\n]+):([0-9]+):certificate/[a-zA-Z0-9-_]+" + }, "SpekeKeyProviderDrmSystemsList":{ "type":"list", "member":{"shape":"DrmSystem"}, @@ -4361,7 +4371,16 @@ "MALFORMED_SECRET_ARN", "SECRET_FROM_DIFFERENT_ACCOUNT", "SECRET_FROM_DIFFERENT_REGION", - "INVALID_SECRET" + "INVALID_SECRET", + "RESOURCE_NOT_IN_SAME_REGION", + "CERTIFICATE_RESOURCE_NOT_FOUND", + "CERTIFICATE_ACCESS_DENIED", + "DESCRIBE_CERTIFICATE_FAILED", + "INVALID_CERTIFICATE_STATUS", + "INVALID_CERTIFICATE_KEY_ALGORITHM", + "INVALID_CERTIFICATE_SIGNATURE_ALGORITHM", + "MISSING_CERTIFICATE_DOMAIN_NAME", + "INVALID_ARN" ] } }, diff --git a/awscli/botocore/data/payment-cryptography-data/2022-02-03/service-2.json b/awscli/botocore/data/payment-cryptography-data/2022-02-03/service-2.json index 20e6d1cdf162..17dadde2096e 100644 --- a/awscli/botocore/data/payment-cryptography-data/2022-02-03/service-2.json +++ b/awscli/botocore/data/payment-cryptography-data/2022-02-03/service-2.json @@ -49,6 +49,24 @@ ], "documentation":"

Encrypts plaintext data to ciphertext using a symmetric (TDES, AES), asymmetric (RSA), or derived (DUKPT or EMV) encryption key scheme. For more information, see Encrypt data in the Amazon Web Services Payment Cryptography User Guide.

You can generate an encryption key within Amazon Web Services Payment Cryptography by calling CreateKey. You can import your own encryption key by calling ImportKey.

For this operation, the key must have KeyModesOfUse set to Encrypt. In asymmetric encryption, plaintext is encrypted using public component. You can import the public component of an asymmetric key pair created outside Amazon Web Services Payment Cryptography by calling ImportKey.

This operation also supports dynamic keys, allowing you to pass a dynamic encryption key as a TR-31 WrappedKeyBlock. This can be used when key material is frequently rotated, such as during every card transaction, and there is need to avoid importing short-lived keys into Amazon Web Services Payment Cryptography. To encrypt using dynamic keys, the keyARN is the Key Encryption Key (KEK) of the TR-31 wrapped encryption key material. The incoming wrapped key shall have a key purpose of D0 with a mode of use of B or D. For more information, see Using Dynamic Keys in the Amazon Web Services Payment Cryptography User Guide.

For symmetric and DUKPT encryption, Amazon Web Services Payment Cryptography supports TDES and AES algorithms. For EMV encryption, Amazon Web Services Payment Cryptography supports TDES algorithms.For asymmetric encryption, Amazon Web Services Payment Cryptography supports RSA.

When you use TDES or TDES DUKPT, the plaintext data length must be a multiple of 8 bytes. For AES or AES DUKPT, the plaintext data length must be a multiple of 16 bytes. For RSA, it sould be equal to the key size unless padding is enabled.

To encrypt using DUKPT, you must already have a BDK (Base Derivation Key) key in your account with KeyModesOfUse set to DeriveKey, or you can generate a new DUKPT key by calling CreateKey. To encrypt using EMV, you must already have an IMK (Issuer Master Key) key in your account with KeyModesOfUse set to DeriveKey.

For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.

Cross-account use: This operation can't be used across different Amazon Web Services accounts.

Related operations:

" }, + "GenerateAs2805KekValidation":{ + "name":"GenerateAs2805KekValidation", + "http":{ + "method":"POST", + "requestUri":"/as2805kekvalidation/generate", + "responseCode":200 + }, + "input":{"shape":"GenerateAs2805KekValidationInput"}, + "output":{"shape":"GenerateAs2805KekValidationOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Establishes node-to-node initialization between payment processing nodes such as an acquirer, issuer or payment network using Australian Standard 2805 (AS2805).

During node-to-node initialization, both communicating nodes must validate that they possess the correct Key Encrypting Keys (KEKs) before proceeding with session key exchange. In AS2805, the sending KEK (KEKs) of one node corresponds to the receiving KEK (KEKr) of its partner node. Each node uses its KEK to encrypt and decrypt session keys exchanged between the nodes. A KEK can be created or imported into Amazon Web Services Payment Cryptography using either the CreateKey or ImportKey operations.

The node initiating communication can use GenerateAS2805KekValidation to generate a combined KEK validation request and KEK validation response to send to the partnering node for validation. When invoked, the API internally generates a random sending key encrypted under KEKs and provides a receiving key encrypted under KEKr as response. The initiating node sends the response returned by this API to its partner for validation.

For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.

Cross-account use: This operation can't be used across different Amazon Web Services accounts.

" + }, "GenerateCardValidationData":{ "name":"GenerateCardValidationData", "http":{ @@ -83,7 +101,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

Generates a Message Authentication Code (MAC) cryptogram within Amazon Web Services Payment Cryptography.

You can use this operation to authenticate card-related data by using known data values to generate MAC for data validation between the sending and receiving parties. This operation uses message data, a secret encryption key and MAC algorithm to generate a unique MAC value for transmission. The receiving party of the MAC must use the same message data, secret encryption key and MAC algorithm to reproduce another MAC value for comparision.

You can use this operation to generate a DUPKT, CMAC, HMAC or EMV MAC by setting generation attributes and algorithm to the associated values. The MAC generation encryption key must have valid values for KeyUsage such as TR31_M7_HMAC_KEY for HMAC generation, and the key must have KeyModesOfUse set to Generate and Verify.

For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.

Cross-account use: This operation can't be used across different Amazon Web Services accounts.

Related operations:

" + "documentation":"

Generates a Message Authentication Code (MAC) cryptogram within Amazon Web Services Payment Cryptography.

You can use this operation to authenticate card-related data by using known data values to generate MAC for data validation between the sending and receiving parties. This operation uses message data, a secret encryption key and MAC algorithm to generate a unique MAC value for transmission. The receiving party of the MAC must use the same message data, secret encryption key and MAC algorithm to reproduce another MAC value for comparision.

You can use this operation to generate a DUPKT, CMAC, HMAC or EMV MAC by setting generation attributes and algorithm to the associated values. The MAC generation encryption key must have valid values for KeyUsage such as TR31_M7_HMAC_KEY for HMAC generation, and the key must have KeyModesOfUse set to Generate.

For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.

Cross-account use: This operation can't be used across different Amazon Web Services accounts.

Related operations:

" }, "GenerateMacEmvPinChange":{ "name":"GenerateMacEmvPinChange", @@ -155,7 +173,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

Translates an encryption key between different wrapping keys without importing the key into Amazon Web Services Payment Cryptography.

This operation can be used when key material is frequently rotated, such as during every card transaction, and there is a need to avoid importing short-lived keys into Amazon Web Services Payment Cryptography. It translates short-lived transaction keys such as Pin Encryption Key (PEK) generated for each transaction and wrapped with an ECDH (Elliptic Curve Diffie-Hellman) derived wrapping key to another KEK (Key Encryption Key) wrapping key.

Before using this operation, you must first request the public key certificate of the ECC key pair generated within Amazon Web Services Payment Cryptography to establish an ECDH key agreement. In TranslateKeyData, the service uses its own ECC key pair, public certificate of receiving ECC key pair, and the key derivation parameters to generate a derived key. The service uses this derived key to unwrap the incoming transaction key received as a TR31WrappedKeyBlock and re-wrap using a user provided KEK to generate an outgoing Tr31WrappedKeyBlock. For more information on establishing ECDH derived keys, see the Creating keys in the Amazon Web Services Payment Cryptography User Guide.

For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.

Cross-account use: This operation can't be used across different Amazon Web Services accounts.

Related operations:

" + "documentation":"

Translates an cryptographic key between different wrapping keys without importing the key into Amazon Web Services Payment Cryptography.

This operation can be used when key material is frequently rotated, such as during every card transaction, and there is a need to avoid importing short-lived keys into Amazon Web Services Payment Cryptography. It translates short-lived transaction keys such as PEK generated for each transaction and wrapped with an ECDH derived wrapping key to another KEK wrapping key.

Before using this operation, you must first request the public key certificate of the ECC key pair generated within Amazon Web Services Payment Cryptography to establish an ECDH key agreement. In TranslateKeyData, the service uses its own ECC key pair, public certificate of receiving ECC key pair, and the key derivation parameters to generate a derived key. The service uses this derived key to unwrap the incoming transaction key received as a TR31WrappedKeyBlock and re-wrap using a user provided KEK to generate an outgoing Tr31WrappedKeyBlock.

For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.

Cross-account use: This operation can't be used across different Amazon Web Services accounts.

Related operations:

" }, "TranslatePinData":{ "name":"TranslatePinData", @@ -338,6 +356,46 @@ "pattern":"[0-9a-fA-F]+", "sensitive":true }, + "As2805KekValidationType":{ + "type":"structure", + "members":{ + "KekValidationRequest":{ + "shape":"KekValidationRequest", + "documentation":"

Parameter information for generating a KEK validation request during node-to-node initialization.

" + }, + "KekValidationResponse":{ + "shape":"KekValidationResponse", + "documentation":"

Parameter information for generating a KEK validation response during node-to-node initialization.

" + } + }, + "documentation":"

Parameter information for generating a random key for KEK validation to perform node-to-node initialization.

", + "union":true + }, + "As2805PekDerivationAttributes":{ + "type":"structure", + "required":[ + "SystemTraceAuditNumber", + "TransactionAmount" + ], + "members":{ + "SystemTraceAuditNumber":{ + "shape":"SystemTraceAuditNumberType", + "documentation":"

The system trace audit number for the transaction.

" + }, + "TransactionAmount":{ + "shape":"TransactionAmountType", + "documentation":"

The transaction amount for the transaction.

" + } + }, + "documentation":"

Parameter information to use a PEK derived using AS2805.

" + }, + "As2805RandomKeyMaterial":{ + "type":"string", + "max":48, + "min":32, + "pattern":"(?:[0-9a-fA-F]{32}|[0-9a-fA-F]{48})", + "sensitive":true + }, "AsymmetricEncryptionAttributes":{ "type":"structure", "members":{ @@ -1076,6 +1134,55 @@ "OFB" ] }, + "GenerateAs2805KekValidationInput":{ + "type":"structure", + "required":[ + "KeyIdentifier", + "KekValidationType", + "RandomKeySendVariantMask" + ], + "members":{ + "KeyIdentifier":{ + "shape":"KeyArnOrKeyAliasType", + "documentation":"

The keyARN of sending KEK that Amazon Web Services Payment Cryptography uses for node-to-node initialization

" + }, + "KekValidationType":{ + "shape":"As2805KekValidationType", + "documentation":"

Parameter information for generating a random key for KEK validation to perform node-to-node initialization.

" + }, + "RandomKeySendVariantMask":{ + "shape":"RandomKeySendVariantMask", + "documentation":"

The key variant to use for generating a random key for KEK validation during node-to-node initialization.

" + } + } + }, + "GenerateAs2805KekValidationOutput":{ + "type":"structure", + "required":[ + "KeyArn", + "KeyCheckValue", + "RandomKeySend", + "RandomKeyReceive" + ], + "members":{ + "KeyArn":{ + "shape":"KeyArn", + "documentation":"

The keyARN of sending KEK that Amazon Web Services Payment Cryptography validates for node-to-node initialization

" + }, + "KeyCheckValue":{ + "shape":"KeyCheckValue", + "documentation":"

The key check value (KCV) of the sending KEK that Amazon Web Services Payment Cryptography validates for node-to-node initialization.

" + }, + "RandomKeySend":{ + "shape":"As2805RandomKeyMaterial", + "documentation":"

The random key generated for sending KEK validation.

" + }, + "RandomKeyReceive":{ + "shape":"As2805RandomKeyMaterial", + "documentation":"

The random key generated for receiving KEK validation. The initiating node sends this key to its partner node for validation.

" + } + } + }, "GenerateCardValidationDataInput":{ "type":"structure", "required":[ @@ -1296,7 +1403,7 @@ }, "PinBlockFormat":{ "shape":"PinBlockFormatForPinData", - "documentation":"

The PIN encoding format for pin data generation as specified in ISO 9564. Amazon Web Services Payment Cryptography supports ISO_Format_0, ISO_Format_3 and ISO_Format_4.

The ISO_Format_0 PIN block format is equivalent to the ANSI X9.8, VISA-1, and ECI-1 PIN block formats. It is similar to a VISA-4 PIN block format. It supports a PIN from 4 to 12 digits in length.

The ISO_Format_3 PIN block format is the same as ISO_Format_0 except that the fill digits are random values from 10 to 15.

The ISO_Format_4 PIN block format is the only one supporting AES encryption. It is similar to ISO_Format_3 but doubles the pin block length by padding with fill digit A and random values from 10 to 15.

" + "documentation":"

The PIN encoding format for pin data generation as specified in ISO 9564. Amazon Web Services Payment Cryptography supports ISO_Format_0, ISO_Format_3 and ISO_Format_4.

The ISO_Format_0 PIN block format is equivalent to the ANSI X9.8, VISA-1, and ECI-1 PIN block formats. It is similar to a VISA-4 PIN block format. It supports a PIN from 4 to 12 digits in length.

The ISO_Format_3 PIN block format is the same as ISO_Format_0 except that the fill digits are random values from 10 to 15.

The ISO_Format_4 PIN block format is the only one supporting AES encryption.

" }, "EncryptionWrappedKey":{"shape":"WrappedKey"} } @@ -1608,6 +1715,28 @@ "exception":true, "fault":true }, + "KekValidationRequest":{ + "type":"structure", + "required":["DeriveKeyAlgorithm"], + "members":{ + "DeriveKeyAlgorithm":{ + "shape":"SymmetricKeyAlgorithm", + "documentation":"

The key derivation algorithm to use for generating a KEK validation request.

" + } + }, + "documentation":"

Parameter information for generating a KEK validation request during node-to-node initialization.

" + }, + "KekValidationResponse":{ + "type":"structure", + "required":["RandomKeySend"], + "members":{ + "RandomKeySend":{ + "shape":"As2805RandomKeyMaterial", + "documentation":"

The random key for generating a KEK validation response.

" + } + }, + "documentation":"

Parameter information for generating a KEK validation response during node-to-node initialization.

" + }, "KeyArn":{ "type":"string", "max":150, @@ -1653,7 +1782,7 @@ "KeyMaterial":{ "type":"string", "max":16384, - "min":48, + "min":32, "sensitive":true }, "MacAlgorithm":{ @@ -1666,7 +1795,8 @@ "HMAC_SHA224", "HMAC_SHA256", "HMAC_SHA384", - "HMAC_SHA512" + "HMAC_SHA512", + "AS2805_4_1" ] }, "MacAlgorithmDukpt":{ @@ -1992,6 +2122,13 @@ "pattern":"[0-9a-fA-F]+", "sensitive":true }, + "RandomKeySendVariantMask":{ + "type":"string", + "enum":[ + "VARIANT_MASK_82C0", + "VARIANT_MASK_82" + ] + }, "ReEncryptDataInput":{ "type":"structure", "required":[ @@ -2299,6 +2436,12 @@ "HMAC_SHA224" ] }, + "SystemTraceAuditNumberType":{ + "type":"string", + "max":6, + "min":6, + "pattern":"[0-9]+" + }, "ThrottlingException":{ "type":"structure", "members":{ @@ -2325,6 +2468,12 @@ "pattern":"[0-9a-fA-F]+", "sensitive":true }, + "TransactionAmountType":{ + "type":"string", + "max":12, + "min":12, + "pattern":"[0-9]+" + }, "TransactionDataType":{ "type":"string", "max":1024, @@ -2349,7 +2498,7 @@ }, "KeyCheckValueAlgorithm":{ "shape":"KeyCheckValueAlgorithm", - "documentation":"

The key check value (KCV) algorithm used for calculating the KCV.

" + "documentation":"

The key check value (KCV) algorithm used for calculating the KCV of the derived key.

" } } }, @@ -2408,6 +2557,10 @@ "OutgoingWrappedKey":{ "shape":"WrappedKey", "documentation":"

The WrappedKeyBlock containing the encryption key for encrypting outgoing PIN block data.

" + }, + "IncomingAs2805Attributes":{ + "shape":"As2805PekDerivationAttributes", + "documentation":"

The attributes and values to use for incoming AS2805 encryption key for PIN block translation.

" } } }, @@ -2438,24 +2591,39 @@ "members":{ "IsoFormat0":{ "shape":"TranslationPinDataIsoFormat034", - "documentation":"

Parameters that are required for ISO9564 PIN format 0 tranlation.

" + "documentation":"

Parameters that are required for ISO9564 PIN format 0 translation.

" }, "IsoFormat1":{ "shape":"TranslationPinDataIsoFormat1", - "documentation":"

Parameters that are required for ISO9564 PIN format 1 tranlation.

" + "documentation":"

Parameters that are required for ISO9564 PIN format 1 translation.

" }, "IsoFormat3":{ "shape":"TranslationPinDataIsoFormat034", - "documentation":"

Parameters that are required for ISO9564 PIN format 3 tranlation.

" + "documentation":"

Parameters that are required for ISO9564 PIN format 3 translation.

" }, "IsoFormat4":{ "shape":"TranslationPinDataIsoFormat034", - "documentation":"

Parameters that are required for ISO9564 PIN format 4 tranlation.

" + "documentation":"

Parameters that are required for ISO9564 PIN format 4 translation.

" + }, + "As2805Format0":{ + "shape":"TranslationPinDataAs2805Format0", + "documentation":"

Parameters that are required for AS2805 PIN format 0 translation.

" } }, "documentation":"

Parameters that are required for translation between ISO9564 PIN block formats 0,1,3,4.

", "union":true }, + "TranslationPinDataAs2805Format0":{ + "type":"structure", + "required":["PrimaryAccountNumber"], + "members":{ + "PrimaryAccountNumber":{ + "shape":"PrimaryAccountNumberType", + "documentation":"

The Primary Account Number (PAN) of the cardholder. A PAN is a unique identifier for a payment credit or debit card and associates the card to a specific account holder.

" + } + }, + "documentation":"

Parameters that are required for translation between AS2805 PIN format 0 translation.

" + }, "TranslationPinDataIsoFormat034":{ "type":"structure", "required":["PrimaryAccountNumber"], @@ -2465,12 +2633,12 @@ "documentation":"

The Primary Account Number (PAN) of the cardholder. A PAN is a unique identifier for a payment credit or debit card and associates the card to a specific account holder.

" } }, - "documentation":"

Parameters that are required for tranlation between ISO9564 PIN format 0,3,4 tranlation.

" + "documentation":"

Parameters that are required for translation between ISO9564 PIN format 0,3,4 translation.

" }, "TranslationPinDataIsoFormat1":{ "type":"structure", "members":{}, - "documentation":"

Parameters that are required for ISO9564 PIN format 1 tranlation.

" + "documentation":"

Parameters that are required for ISO9564 PIN format 1 translation.

" }, "ValidationDataType":{ "type":"string", diff --git a/awscli/botocore/data/payment-cryptography/2021-09-14/service-2.json b/awscli/botocore/data/payment-cryptography/2021-09-14/service-2.json index 7e52376227a0..d7fbcafc5c20 100644 --- a/awscli/botocore/data/payment-cryptography/2021-09-14/service-2.json +++ b/awscli/botocore/data/payment-cryptography/2021-09-14/service-2.json @@ -584,6 +584,15 @@ "type":"list", "member":{"shape":"Alias"} }, + "As2805KeyVariant":{ + "type":"string", + "enum":[ + "TERMINAL_MAJOR_KEY_VARIANT_00", + "PIN_ENCRYPTION_KEY_VARIANT_28", + "MESSAGE_AUTHENTICATION_KEY_VARIANT_24", + "DATA_ENCRYPTION_KEY_VARIANT_22" + ] + }, "Boolean":{ "type":"boolean", "box":true @@ -617,7 +626,7 @@ }, "Country":{ "shape":"CertificateSubjectTypeCountryString", - "documentation":"

The city you provide to create the certificate signing request.

" + "documentation":"

The country you provide to create the certificate signing request.

" }, "StateOrProvince":{ "shape":"CertificateSubjectTypeStateOrProvinceString", @@ -883,6 +892,21 @@ "min":16, "pattern":"(?:[0-9a-fA-F][0-9a-fA-F])+" }, + "ExportAs2805KeyCryptogram":{ + "type":"structure", + "required":[ + "WrappingKeyIdentifier", + "As2805KeyVariant" + ], + "members":{ + "WrappingKeyIdentifier":{"shape":"KeyArnOrKeyAliasType"}, + "As2805KeyVariant":{ + "shape":"As2805KeyVariant", + "documentation":"

The cryptographic usage of the key under export.

" + } + }, + "documentation":"

Parameter information for key material export using AS2805 key cryptogram format.

" + }, "ExportAttributes":{ "type":"structure", "members":{ @@ -1013,6 +1037,10 @@ "DiffieHellmanTr31KeyBlock":{ "shape":"ExportDiffieHellmanTr31KeyBlock", "documentation":"

Key derivation parameter information for key material export using asymmetric ECDH key exchange method.

" + }, + "As2805KeyCryptogram":{ + "shape":"ExportAs2805KeyCryptogram", + "documentation":"

Parameter information for key material export using AS2805 key cryptogram format.

" } }, "documentation":"

Parameter information for key material export from Amazon Web Services Payment Cryptography using TR-31 or TR-34 or RSA wrap and unwrap key exchange method.

", @@ -1308,6 +1336,38 @@ "min":20, "pattern":"[0-9A-F]{20}$|^[0-9A-F]{24}" }, + "ImportAs2805KeyCryptogram":{ + "type":"structure", + "required":[ + "As2805KeyVariant", + "KeyModesOfUse", + "KeyAlgorithm", + "Exportable", + "WrappingKeyIdentifier", + "WrappedKeyCryptogram" + ], + "members":{ + "As2805KeyVariant":{ + "shape":"As2805KeyVariant", + "documentation":"

The cryptographic usage of the key under import.

" + }, + "KeyModesOfUse":{"shape":"KeyModesOfUse"}, + "KeyAlgorithm":{ + "shape":"KeyAlgorithm", + "documentation":"

The key algorithm of the key under import.

" + }, + "Exportable":{ + "shape":"Boolean", + "documentation":"

Specified whether the key is exportable. This data is immutable after the key is imported.

" + }, + "WrappingKeyIdentifier":{"shape":"KeyArnOrKeyAliasType"}, + "WrappedKeyCryptogram":{ + "shape":"WrappedKeyCryptogram", + "documentation":"

The wrapped key cryptogram under import.

" + } + }, + "documentation":"

Parameter information for key material import using AS2805 key cryptogram format.

" + }, "ImportDiffieHellmanTr31KeyBlock":{ "type":"structure", "required":[ @@ -1434,6 +1494,10 @@ "DiffieHellmanTr31KeyBlock":{ "shape":"ImportDiffieHellmanTr31KeyBlock", "documentation":"

Key derivation parameter information for key material import using asymmetric ECDH key exchange method.

" + }, + "As2805KeyCryptogram":{ + "shape":"ImportAs2805KeyCryptogram", + "documentation":"

Parameter information for key material import using AS2805 key cryptogram format.

" } }, "documentation":"

Parameter information for key material import into Amazon Web Services Payment Cryptography using TR-31 or TR-34 or RSA wrap and unwrap key exchange method.

", @@ -1886,6 +1950,7 @@ "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", + "TR31_M0_ISO_16609_MAC_KEY", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M1_ISO_9797_1_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", diff --git a/awscli/botocore/data/sagemaker/2017-07-24/service-2.json b/awscli/botocore/data/sagemaker/2017-07-24/service-2.json index 95be304bc839..26c2fb315a23 100644 --- a/awscli/botocore/data/sagemaker/2017-07-24/service-2.json +++ b/awscli/botocore/data/sagemaker/2017-07-24/service-2.json @@ -9447,7 +9447,8 @@ "ml.r7i.12xlarge", "ml.r7i.16xlarge", "ml.r7i.24xlarge", - "ml.r7i.48xlarge" + "ml.r7i.48xlarge", + "ml.p6-b300.48xlarge" ] }, "ClusterKubernetesConfig":{ @@ -9815,7 +9816,6 @@ }, "ClusterOrchestrator":{ "type":"structure", - "required":["Eks"], "members":{ "Eks":{ "shape":"ClusterOrchestratorEksConfig", @@ -27014,7 +27014,7 @@ "type":"integer", "documentation":"

Optional. Customer requested period in seconds for which the Training cluster is kept alive after the job is finished.

", "box":true, - "max":3600, + "max":21600, "min":0 }, "KendraSettings":{ @@ -39781,7 +39781,8 @@ "ml.p6-b200.48xlarge", "ml.p4de.24xlarge", "ml.p6e-gb200.36xlarge", - "ml.p5.4xlarge" + "ml.p5.4xlarge", + "ml.p6-b300.48xlarge" ] }, "ReservedCapacityOffering":{ @@ -43475,7 +43476,8 @@ "ml.r7i.24xlarge", "ml.r7i.48xlarge", "ml.p6e-gb200.36xlarge", - "ml.p5.4xlarge" + "ml.p5.4xlarge", + "ml.p6-b300.48xlarge" ] }, "TrainingInstanceTypes":{ From dd8b2fc2b124e78cd5c2a4e2f4ea4ecafec131dd Mon Sep 17 00:00:00 2001 From: aws-sdk-python-automation Date: Wed, 17 Dec 2025 19:05:42 +0000 Subject: [PATCH 23/37] Update endpoints model --- awscli/botocore/data/endpoints.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/awscli/botocore/data/endpoints.json b/awscli/botocore/data/endpoints.json index 517b1d53c53b..2a4fbe0d4d5c 100644 --- a/awscli/botocore/data/endpoints.json +++ b/awscli/botocore/data/endpoints.json @@ -1578,6 +1578,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { "variants" : [ { @@ -4960,12 +4961,14 @@ "tags" : [ "dualstack" ] } ] }, + "ap-southeast-5" : { }, "ca-central-1" : { "variants" : [ { "hostname" : "cloudhsmv2.ca-central-1.api.aws", "tags" : [ "dualstack" ] } ] }, + "ca-west-1" : { }, "eu-central-1" : { "variants" : [ { "hostname" : "cloudhsmv2.eu-central-1.api.aws", @@ -5027,6 +5030,7 @@ "tags" : [ "dualstack" ] } ] }, + "mx-central-1" : { }, "sa-east-1" : { "variants" : [ { "hostname" : "cloudhsmv2.sa-east-1.api.aws", From 08c42f9c47e8b46196f297e1fe250cd014ad9958 Mon Sep 17 00:00:00 2001 From: aws-sdk-python-automation Date: Wed, 17 Dec 2025 19:07:22 +0000 Subject: [PATCH 24/37] Bump version to 2.32.19 --- .changes/2.32.19.json | 47 +++++++++++++++++++ .../api-change-gameliftstreams-68916.json | 5 -- .../api-change-guardduty-31590.json | 5 -- .../api-change-inspectorscan-1908.json | 5 -- .../api-change-kafkaconnect-5064.json | 5 -- .../api-change-mediaconvert-48267.json | 5 -- .../api-change-mediapackagev2-89826.json | 5 -- .../api-change-paymentcryptography-42168.json | 5 -- ...-change-paymentcryptographydata-36648.json | 5 -- .../api-change-sagemaker-5585.json | 5 -- CHANGELOG.rst | 14 ++++++ awscli/__init__.py | 2 +- configure | 14 +++--- configure.ac | 2 +- doc/source/conf.py | 2 +- 15 files changed, 71 insertions(+), 55 deletions(-) create mode 100644 .changes/2.32.19.json delete mode 100644 .changes/next-release/api-change-gameliftstreams-68916.json delete mode 100644 .changes/next-release/api-change-guardduty-31590.json delete mode 100644 .changes/next-release/api-change-inspectorscan-1908.json delete mode 100644 .changes/next-release/api-change-kafkaconnect-5064.json delete mode 100644 .changes/next-release/api-change-mediaconvert-48267.json delete mode 100644 .changes/next-release/api-change-mediapackagev2-89826.json delete mode 100644 .changes/next-release/api-change-paymentcryptography-42168.json delete mode 100644 .changes/next-release/api-change-paymentcryptographydata-36648.json delete mode 100644 .changes/next-release/api-change-sagemaker-5585.json diff --git a/.changes/2.32.19.json b/.changes/2.32.19.json new file mode 100644 index 000000000000..be1ab3e00aca --- /dev/null +++ b/.changes/2.32.19.json @@ -0,0 +1,47 @@ +[ + { + "category": "``payment-cryptography``", + "description": "Support for AS2805 standard. Modifications to import-key and export-key to support AS2805 variants.", + "type": "api-change" + }, + { + "category": "``kafkaconnect``", + "description": "Support dual-stack network connectivity for connectors via NetworkType field.", + "type": "api-change" + }, + { + "category": "``inspector-scan``", + "description": "Adds an additional OutputFormat", + "type": "api-change" + }, + { + "category": "``mediaconvert``", + "description": "Adds support for tile encoding in HEVC and audio for video overlays.", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "Adding the newly launched p6-b300.48xlarge ec2 instance support in Sagemaker(Hyperpod,Training and Sceptor)", + "type": "api-change" + }, + { + "category": "``payment-cryptography-data``", + "description": "Support for AS2805 standard. New API GenerateAs2805KekValidation and changes to translate pin, GenerateMac and VerifyMac to support AS2805 key variants.", + "type": "api-change" + }, + { + "category": "``mediapackagev2``", + "description": "This release adds support for SPEKE V2 content key encryption in MediaPackage v2 Origin Endpoints.", + "type": "api-change" + }, + { + "category": "``gameliftstreams``", + "description": "Added new stream group operation parameters for scale-on-demand capacity with automatic prewarming. Added new Gen6 stream classes based on the EC2 G6 instance family. Added new StartStreamSession parameter for exposure of real-time performance stats to clients.", + "type": "api-change" + }, + { + "category": "``guardduty``", + "description": "Add support for dbiResourceId in finding.", + "type": "api-change" + } +] \ No newline at end of file diff --git a/.changes/next-release/api-change-gameliftstreams-68916.json b/.changes/next-release/api-change-gameliftstreams-68916.json deleted file mode 100644 index 01e425e1bfa6..000000000000 --- a/.changes/next-release/api-change-gameliftstreams-68916.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``gameliftstreams``", - "description": "Added new stream group operation parameters for scale-on-demand capacity with automatic prewarming. Added new Gen6 stream classes based on the EC2 G6 instance family. Added new StartStreamSession parameter for exposure of real-time performance stats to clients." -} diff --git a/.changes/next-release/api-change-guardduty-31590.json b/.changes/next-release/api-change-guardduty-31590.json deleted file mode 100644 index c535e606b347..000000000000 --- a/.changes/next-release/api-change-guardduty-31590.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``guardduty``", - "description": "Add support for dbiResourceId in finding." -} diff --git a/.changes/next-release/api-change-inspectorscan-1908.json b/.changes/next-release/api-change-inspectorscan-1908.json deleted file mode 100644 index 5eb532ef1fc9..000000000000 --- a/.changes/next-release/api-change-inspectorscan-1908.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``inspector-scan``", - "description": "Adds an additional OutputFormat" -} diff --git a/.changes/next-release/api-change-kafkaconnect-5064.json b/.changes/next-release/api-change-kafkaconnect-5064.json deleted file mode 100644 index cc231298d93d..000000000000 --- a/.changes/next-release/api-change-kafkaconnect-5064.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``kafkaconnect``", - "description": "Support dual-stack network connectivity for connectors via NetworkType field." -} diff --git a/.changes/next-release/api-change-mediaconvert-48267.json b/.changes/next-release/api-change-mediaconvert-48267.json deleted file mode 100644 index 59548c028d18..000000000000 --- a/.changes/next-release/api-change-mediaconvert-48267.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``mediaconvert``", - "description": "Adds support for tile encoding in HEVC and audio for video overlays." -} diff --git a/.changes/next-release/api-change-mediapackagev2-89826.json b/.changes/next-release/api-change-mediapackagev2-89826.json deleted file mode 100644 index b9b30f721dc1..000000000000 --- a/.changes/next-release/api-change-mediapackagev2-89826.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``mediapackagev2``", - "description": "This release adds support for SPEKE V2 content key encryption in MediaPackage v2 Origin Endpoints." -} diff --git a/.changes/next-release/api-change-paymentcryptography-42168.json b/.changes/next-release/api-change-paymentcryptography-42168.json deleted file mode 100644 index 308abe46fbfb..000000000000 --- a/.changes/next-release/api-change-paymentcryptography-42168.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``payment-cryptography``", - "description": "Support for AS2805 standard. Modifications to import-key and export-key to support AS2805 variants." -} diff --git a/.changes/next-release/api-change-paymentcryptographydata-36648.json b/.changes/next-release/api-change-paymentcryptographydata-36648.json deleted file mode 100644 index c75583f6015b..000000000000 --- a/.changes/next-release/api-change-paymentcryptographydata-36648.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``payment-cryptography-data``", - "description": "Support for AS2805 standard. New API GenerateAs2805KekValidation and changes to translate pin, GenerateMac and VerifyMac to support AS2805 key variants." -} diff --git a/.changes/next-release/api-change-sagemaker-5585.json b/.changes/next-release/api-change-sagemaker-5585.json deleted file mode 100644 index f64abe85a784..000000000000 --- a/.changes/next-release/api-change-sagemaker-5585.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``sagemaker``", - "description": "Adding the newly launched p6-b300.48xlarge ec2 instance support in Sagemaker(Hyperpod,Training and Sceptor)" -} diff --git a/CHANGELOG.rst b/CHANGELOG.rst index a0de3c3ae5be..046f366eae49 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -2,6 +2,20 @@ CHANGELOG ========= +2.32.19 +======= + +* api-change:``payment-cryptography``: Support for AS2805 standard. Modifications to import-key and export-key to support AS2805 variants. +* api-change:``kafkaconnect``: Support dual-stack network connectivity for connectors via NetworkType field. +* api-change:``inspector-scan``: Adds an additional OutputFormat +* api-change:``mediaconvert``: Adds support for tile encoding in HEVC and audio for video overlays. +* api-change:``sagemaker``: Adding the newly launched p6-b300.48xlarge ec2 instance support in Sagemaker(Hyperpod,Training and Sceptor) +* api-change:``payment-cryptography-data``: Support for AS2805 standard. New API GenerateAs2805KekValidation and changes to translate pin, GenerateMac and VerifyMac to support AS2805 key variants. +* api-change:``mediapackagev2``: This release adds support for SPEKE V2 content key encryption in MediaPackage v2 Origin Endpoints. +* api-change:``gameliftstreams``: Added new stream group operation parameters for scale-on-demand capacity with automatic prewarming. Added new Gen6 stream classes based on the EC2 G6 instance family. Added new StartStreamSession parameter for exposure of real-time performance stats to clients. +* api-change:``guardduty``: Add support for dbiResourceId in finding. + + 2.32.18 ======= diff --git a/awscli/__init__.py b/awscli/__init__.py index 0ebf59a05ab5..efd68ffb48be 100644 --- a/awscli/__init__.py +++ b/awscli/__init__.py @@ -20,7 +20,7 @@ import os import sys -__version__ = '2.32.18' +__version__ = '2.32.19' # # Get our data path to be added to botocore's search path diff --git a/configure b/configure index b2b883c75a8a..1e6583892893 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for awscli 2.32.18. +# Generated by GNU Autoconf 2.71 for awscli 2.32.19. # # # Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation, @@ -607,8 +607,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='awscli' PACKAGE_TARNAME='awscli' -PACKAGE_VERSION='2.32.18' -PACKAGE_STRING='awscli 2.32.18' +PACKAGE_VERSION='2.32.19' +PACKAGE_STRING='awscli 2.32.19' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1255,7 +1255,7 @@ _ACEOF fi if $ac_init_version; then cat <<\_ACEOF -awscli configure 2.32.18 +awscli configure 2.32.19 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. @@ -1292,7 +1292,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by awscli $as_me 2.32.18, which was +It was created by awscli $as_me 2.32.19, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -2668,7 +2668,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by awscli $as_me 2.32.18, which was +This file was extended by awscli $as_me 2.32.19, which was generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -2723,7 +2723,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -awscli config.status 2.32.18 +awscli config.status 2.32.19 configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index ca06b77caf94..578546716e0d 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ AC_CONFIG_MACRO_DIRS([m4]) -AC_INIT([awscli], [2.32.18]) +AC_INIT([awscli], [2.32.19]) AC_CONFIG_SRCDIR([bin/aws]) AM_PATH_PYTHON([3.8]) diff --git a/doc/source/conf.py b/doc/source/conf.py index a996211121f5..adb247d4ed35 100644 --- a/doc/source/conf.py +++ b/doc/source/conf.py @@ -66,7 +66,7 @@ # The short X.Y version. version = '2.0' # The full version, including alpha/beta/rc tags. -release = '2.32.18' +release = '2.32.19' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. From 1800d259969edd18ba13a3b34bb7b9ee7839dcb0 Mon Sep 17 00:00:00 2001 From: Sasanka Mouli Veleti Date: Thu, 18 Dec 2025 07:30:16 -0800 Subject: [PATCH 25/37] Add prefix to CloudTrail S3 digest file listing (#9933) Scope S3 list_objects call to trail's region by adding prefix parameter. This prevents processing digest files from all regions and improves validate-logs command performance when validating logs near current time. Add _create_digest_prefix method to generate region-specific prefix for both regular and organizational trails. Update existing tests and add new test coverage for prefix generation. Co-authored-by: Sasanka Mouli Subrahmanya Sri Veleti --- .../enhancement-cloudtrail-89408.json | 5 ++ .../customizations/cloudtrail/validation.py | 24 ++++++- .../cloudtrail/test_validation.py | 67 ++++++++++++++++--- 3 files changed, 85 insertions(+), 11 deletions(-) create mode 100644 .changes/next-release/enhancement-cloudtrail-89408.json diff --git a/.changes/next-release/enhancement-cloudtrail-89408.json b/.changes/next-release/enhancement-cloudtrail-89408.json new file mode 100644 index 000000000000..a752bebf8659 --- /dev/null +++ b/.changes/next-release/enhancement-cloudtrail-89408.json @@ -0,0 +1,5 @@ +{ + "type": "enhancement", + "category": "cloudtrail", + "description": "Fixed performance issue in cloudtrail validate-logs command by scoping S3 digest file listing to the trail's region instead of processing digest files from all regions." +} diff --git a/awscli/customizations/cloudtrail/validation.py b/awscli/customizations/cloudtrail/validation.py index f4229bade451..d5255f4b8438 100644 --- a/awscli/customizations/cloudtrail/validation.py +++ b/awscli/customizations/cloudtrail/validation.py @@ -274,9 +274,10 @@ def load_digest_keys_in_range(self, bucket, prefix, start_date, end_date): """ digests = [] marker = self._create_digest_key(start_date, prefix) + s3_digest_files_prefix = self._create_digest_prefix(start_date, prefix) client = self._client_provider.get_client(bucket) paginator = client.get_paginator('list_objects') - page_iterator = paginator.paginate(Bucket=bucket, Marker=marker) + page_iterator = paginator.paginate(Bucket=bucket, Marker=marker, Prefix=s3_digest_files_prefix) key_filter = page_iterator.search('Contents[*].Key') # Create a target start end end date target_start_date = format_date(normalize_date(start_date)) @@ -287,7 +288,7 @@ def load_digest_keys_in_range(self, bucket, prefix, start_date, end_date): # Ensure digests are from the same trail. digest_key_regex = re.compile(self._create_digest_key_regex(prefix)) for key in key_filter: - if digest_key_regex.match(key): + if key and digest_key_regex.match(key): # Use a lexicographic comparison to know when to stop. extracted_date = extract_digest_key_date(key) if extracted_date > target_end_date: @@ -358,6 +359,25 @@ def _create_digest_key(self, start_date, key_prefix): key = key_prefix + '/' + key return key + def _create_digest_prefix(self, start_date, key_prefix): + """Creates an S3 prefix to scope listing to trail's region. + + :return: Returns a prefix string to limit S3 listing scope. + """ + template = 'AWSLogs/' + template_params = { + 'account_id': self.account_id, + 'source_region': self.trail_source_region + } + if self.organization_id: + template += '{organization_id}/' + template_params['organization_id'] = self.organization_id + template += '{account_id}/CloudTrail-Digest/{source_region}' + prefix = template.format(**template_params) + if key_prefix: + prefix = key_prefix + '/' + prefix + return prefix + def _create_digest_key_regex(self, key_prefix): """Creates a regular expression used to match against S3 keys""" template = 'AWSLogs/' diff --git a/tests/unit/customizations/cloudtrail/test_validation.py b/tests/unit/customizations/cloudtrail/test_validation.py index 6c9a28599994..41a8f485cb4a 100644 --- a/tests/unit/customizations/cloudtrail/test_validation.py +++ b/tests/unit/customizations/cloudtrail/test_validation.py @@ -595,15 +595,16 @@ def test_calls_list_objects_correctly(self): mock_search = mock_paginate.return_value.search mock_search.return_value = [] provider = self._get_mock_provider(s3_client) - provider.load_digest_keys_in_range('1', 'prefix', START_DATE, END_DATE) - marker = ( - 'prefix/AWSLogs/{account}/CloudTrail-Digest/us-east-1/' - '2014/08/09/{account}_CloudTrail-Digest_us-east-1_foo_' - 'us-east-1_20140809T235900Z.json.gz' - ) + provider.load_digest_keys_in_range( + '1', 'prefix', START_DATE, END_DATE) + marker = ('prefix/AWSLogs/{account}/CloudTrail-Digest/us-east-1/' + '2014/08/09/{account}_CloudTrail-Digest_us-east-1_foo_' + 'us-east-1_20140809T235900Z.json.gz') + prefix = 'prefix/AWSLogs/{account}/CloudTrail-Digest/us-east-1' mock_paginate.assert_called_once_with( - Bucket='1', Marker=marker.format(account=TEST_ACCOUNT_ID) - ) + Bucket='1', + Marker=marker.format(account=TEST_ACCOUNT_ID), + Prefix=prefix.format(account=TEST_ACCOUNT_ID)) def test_calls_list_objects_correctly_org_trails(self): s3_client = mock.Mock() @@ -627,14 +628,62 @@ def test_calls_list_objects_correctly_org_trails(self): '2014/08/09/{member_account}_CloudTrail-Digest_us-east-1_foo_' 'us-east-1_20140809T235900Z.json.gz' ) + prefix = ( + 'prefix/AWSLogs/{organization_id}/{member_account}/' + 'CloudTrail-Digest/us-east-1' + ) mock_paginate.assert_called_once_with( Bucket='1', Marker=marker.format( member_account=TEST_ORGANIZATION_ACCOUNT_ID, - organization_id=TEST_ORGANIZATION_ID, + organization_id=TEST_ORGANIZATION_ID ), + Prefix=prefix.format( + member_account=TEST_ORGANIZATION_ACCOUNT_ID, + organization_id=TEST_ORGANIZATION_ID + ) ) + def test_create_digest_prefix_without_key_prefix(self): + mock_s3_client_provider = mock.Mock() + provider = DigestProvider( + mock_s3_client_provider, TEST_ACCOUNT_ID, 'foo', 'us-east-1') + prefix = provider._create_digest_prefix(START_DATE, None) + expected = 'AWSLogs/{account}/CloudTrail-Digest/us-east-1'.format( + account=TEST_ACCOUNT_ID) + self.assertEqual(expected, prefix) + + def test_create_digest_prefix_with_key_prefix(self): + mock_s3_client_provider = mock.Mock() + provider = DigestProvider( + mock_s3_client_provider, TEST_ACCOUNT_ID, 'foo', 'us-east-1') + prefix = provider._create_digest_prefix(START_DATE, 'my-prefix') + expected = 'my-prefix/AWSLogs/{account}/CloudTrail-Digest/us-east-1'.format( + account=TEST_ACCOUNT_ID) + self.assertEqual(expected, prefix) + + def test_create_digest_prefix_org_trail(self): + mock_s3_client_provider = mock.Mock() + provider = DigestProvider( + mock_s3_client_provider, TEST_ORGANIZATION_ACCOUNT_ID, + 'foo', 'us-east-1', 'us-east-1', TEST_ORGANIZATION_ID) + prefix = provider._create_digest_prefix(START_DATE, None) + expected = 'AWSLogs/{org}/{account}/CloudTrail-Digest/us-east-1'.format( + org=TEST_ORGANIZATION_ID, + account=TEST_ORGANIZATION_ACCOUNT_ID) + self.assertEqual(expected, prefix) + + def test_create_digest_prefix_org_trail_with_key_prefix(self): + mock_s3_client_provider = mock.Mock() + provider = DigestProvider( + mock_s3_client_provider, TEST_ORGANIZATION_ACCOUNT_ID, + 'foo', 'us-east-1', 'us-east-1', TEST_ORGANIZATION_ID) + prefix = provider._create_digest_prefix(START_DATE, 'custom-prefix') + expected = 'custom-prefix/AWSLogs/{org}/{account}/CloudTrail-Digest/us-east-1'.format( + org=TEST_ORGANIZATION_ID, + account=TEST_ORGANIZATION_ACCOUNT_ID) + self.assertEqual(expected, prefix) + def test_ensures_digest_has_proper_metadata(self): out = BytesIO() f = gzip.GzipFile(fileobj=out, mode="wb") From 4f569440ca7821b9d5b97f845d94974d2769e9f6 Mon Sep 17 00:00:00 2001 From: aws-sdk-python-automation Date: Thu, 18 Dec 2025 19:05:31 +0000 Subject: [PATCH 26/37] Update to latest models --- .../api-change-appstream-61861.json | 5 + .../api-change-arcregionswitch-94132.json | 5 + .../api-change-artifact-73270.json | 5 + ...-change-bedrockagentcorecontrol-18800.json | 5 + ...pi-change-bedrockdataautomation-59489.json | 5 + .../api-change-cleanrooms-76184.json | 5 + .../next-release/api-change-ec2-86905.json | 5 + .../next-release/api-change-ecr-65886.json | 5 + .../next-release/api-change-ecs-31649.json | 5 + .../next-release/api-change-iot-46707.json | 5 + .../api-change-opensearch-13486.json | 5 + .../next-release/api-change-sesv2-21668.json | 5 + .../next-release/api-change-ssmsap-85492.json | 5 + .../data/appstream/2016-12-01/service-2.json | 22 +- .../2022-07-26/endpoint-rule-set-1.json | 8 +- .../2022-07-26/paginators-1.json | 6 + .../2022-07-26/service-2.json | 102 ++++++- .../artifact/2018-05-10/paginators-1.json | 6 + .../data/artifact/2018-05-10/service-2.json | 79 ++++- .../2023-06-05/service-2.json | 70 +++++ .../2023-07-26/service-2.json | 284 +++++++++++++++++- .../data/cleanrooms/2022-02-17/service-2.json | 129 +++++++- .../data/ec2/2016-11-15/service-2.json | 29 +- .../data/ecr/2015-09-21/service-2.json | 11 +- .../data/ecs/2014-11-13/service-2.json | 18 +- .../data/iot/2015-05-28/service-2.json | 42 +++ .../data/opensearch/2021-01-01/service-2.json | 3 +- .../data/sesv2/2019-09-27/service-2.json | 185 +++++++++++- .../data/ssm-sap/2018-05-10/service-2.json | 48 ++- .../artifact/endpoint-tests-1.json | 116 +++---- 30 files changed, 1096 insertions(+), 127 deletions(-) create mode 100644 .changes/next-release/api-change-appstream-61861.json create mode 100644 .changes/next-release/api-change-arcregionswitch-94132.json create mode 100644 .changes/next-release/api-change-artifact-73270.json create mode 100644 .changes/next-release/api-change-bedrockagentcorecontrol-18800.json create mode 100644 .changes/next-release/api-change-bedrockdataautomation-59489.json create mode 100644 .changes/next-release/api-change-cleanrooms-76184.json create mode 100644 .changes/next-release/api-change-ec2-86905.json create mode 100644 .changes/next-release/api-change-ecr-65886.json create mode 100644 .changes/next-release/api-change-ecs-31649.json create mode 100644 .changes/next-release/api-change-iot-46707.json create mode 100644 .changes/next-release/api-change-opensearch-13486.json create mode 100644 .changes/next-release/api-change-sesv2-21668.json create mode 100644 .changes/next-release/api-change-ssmsap-85492.json diff --git a/.changes/next-release/api-change-appstream-61861.json b/.changes/next-release/api-change-appstream-61861.json new file mode 100644 index 000000000000..03d3f125846b --- /dev/null +++ b/.changes/next-release/api-change-appstream-61861.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``appstream``", + "description": "Added support for new operating systems (1) Ubuntu 24.04 Pro LTS on Elastic fleets, and (2) Microsoft Server 2025 on Always-On and On-Demand fleets" +} diff --git a/.changes/next-release/api-change-arcregionswitch-94132.json b/.changes/next-release/api-change-arcregionswitch-94132.json new file mode 100644 index 000000000000..6142fbac9a75 --- /dev/null +++ b/.changes/next-release/api-change-arcregionswitch-94132.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``arc-region-switch``", + "description": "New API to list Route 53 health checks created by ARC region switch for a plan in a specific AWS Region using the Region switch Regional data plane." +} diff --git a/.changes/next-release/api-change-artifact-73270.json b/.changes/next-release/api-change-artifact-73270.json new file mode 100644 index 000000000000..1e66bfa2cc8a --- /dev/null +++ b/.changes/next-release/api-change-artifact-73270.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``artifact``", + "description": "Add support for ListReportVersions API for the calling AWS account." +} diff --git a/.changes/next-release/api-change-bedrockagentcorecontrol-18800.json b/.changes/next-release/api-change-bedrockagentcorecontrol-18800.json new file mode 100644 index 000000000000..1e262e9f227a --- /dev/null +++ b/.changes/next-release/api-change-bedrockagentcorecontrol-18800.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``bedrock-agentcore-control``", + "description": "Feature to support header exchanges between Bedrock AgentCore Gateway Targets and client, along with propagating query parameter to the configured targets." +} diff --git a/.changes/next-release/api-change-bedrockdataautomation-59489.json b/.changes/next-release/api-change-bedrockdataautomation-59489.json new file mode 100644 index 000000000000..67da3ecc02b1 --- /dev/null +++ b/.changes/next-release/api-change-bedrockdataautomation-59489.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``bedrock-data-automation``", + "description": "Blueprint Optimization (BPO) is a new Amazon Bedrock Data Automation (BDA) capability that improves blueprint inference accuracy using example content assets and ground truth data. BPO works by generating better instructions for fields in the Blueprint using provided data." +} diff --git a/.changes/next-release/api-change-cleanrooms-76184.json b/.changes/next-release/api-change-cleanrooms-76184.json new file mode 100644 index 000000000000..c639683bc065 --- /dev/null +++ b/.changes/next-release/api-change-cleanrooms-76184.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``cleanrooms``", + "description": "Adding support for collaboration change requests requiring an approval workflow. Adding support for change requests that grant or revoke results receiver ability and modifying auto approved change types in an existing collaboration." +} diff --git a/.changes/next-release/api-change-ec2-86905.json b/.changes/next-release/api-change-ec2-86905.json new file mode 100644 index 000000000000..1e641e2a8137 --- /dev/null +++ b/.changes/next-release/api-change-ec2-86905.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``ec2``", + "description": "This release adds AvailabilityZoneId support for CreateFleet, ModifyFleet, DescribeFleets, RequestSpotFleet, ModifySpotFleetRequests and DescribeSpotFleetRequests APIs." +} diff --git a/.changes/next-release/api-change-ecr-65886.json b/.changes/next-release/api-change-ecr-65886.json new file mode 100644 index 000000000000..f439ed91f983 --- /dev/null +++ b/.changes/next-release/api-change-ecr-65886.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``ecr``", + "description": "Adds support for ECR Create On Push" +} diff --git a/.changes/next-release/api-change-ecs-31649.json b/.changes/next-release/api-change-ecs-31649.json new file mode 100644 index 000000000000..379cc9b9abb9 --- /dev/null +++ b/.changes/next-release/api-change-ecs-31649.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``ecs``", + "description": "Adding support for Event Windows via a new ECS account setting \"fargateEventWindows\". When enabled, ECS Fargate will use the configured event window for patching tasks. Introducing \"CapacityOptionType\" for CreateCapacityProvider API, allowing support for Spot capacity for ECS Managed Instances." +} diff --git a/.changes/next-release/api-change-iot-46707.json b/.changes/next-release/api-change-iot-46707.json new file mode 100644 index 000000000000..ce532f171a94 --- /dev/null +++ b/.changes/next-release/api-change-iot-46707.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``iot``", + "description": "This release adds message batching for the IoT Rules Engine HTTP action." +} diff --git a/.changes/next-release/api-change-opensearch-13486.json b/.changes/next-release/api-change-opensearch-13486.json new file mode 100644 index 000000000000..0f604ba296d3 --- /dev/null +++ b/.changes/next-release/api-change-opensearch-13486.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``opensearch``", + "description": "Amazon OpenSearch Service adds support for warm nodes, enabling new multi-tier architecture." +} diff --git a/.changes/next-release/api-change-sesv2-21668.json b/.changes/next-release/api-change-sesv2-21668.json new file mode 100644 index 000000000000..67fff4e23a4d --- /dev/null +++ b/.changes/next-release/api-change-sesv2-21668.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``sesv2``", + "description": "Amazon SES introduces Email Validation feature which checks email addresses for syntax errors, domain validity, and risky addresses to help maintain deliverability and protect sender reputation. SES also adds resource tagging and ABAC support for EmailTemplates and CustomVerificationEmailTemplates." +} diff --git a/.changes/next-release/api-change-ssmsap-85492.json b/.changes/next-release/api-change-ssmsap-85492.json new file mode 100644 index 000000000000..e35131c62598 --- /dev/null +++ b/.changes/next-release/api-change-ssmsap-85492.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``ssm-sap``", + "description": "Added \"Stopping\" for the HANA Database Status." +} diff --git a/awscli/botocore/data/appstream/2016-12-01/service-2.json b/awscli/botocore/data/appstream/2016-12-01/service-2.json index 8bbb9176bee4..82e597095032 100644 --- a/awscli/botocore/data/appstream/2016-12-01/service-2.json +++ b/awscli/botocore/data/appstream/2016-12-01/service-2.json @@ -2396,7 +2396,7 @@ }, "Platforms":{ "shape":"Platforms", - "documentation":"

The platforms the application supports. WINDOWS_SERVER_2019 and AMAZON_LINUX2 are supported for Elastic fleets.

" + "documentation":"

The platforms the application supports. WINDOWS_SERVER_2019, AMAZON_LINUX2 and UBUNTU_PRO_2404 are supported for Elastic fleets.

" }, "InstanceFamilies":{ "shape":"StringList", @@ -2552,7 +2552,7 @@ }, "InstanceType":{ "shape":"String", - "documentation":"

The instance type to use when launching fleet instances. The following instance types are available:

  • stream.standard.small

  • stream.standard.medium

  • stream.standard.large

  • stream.standard.xlarge

  • stream.standard.2xlarge

  • stream.compute.large

  • stream.compute.xlarge

  • stream.compute.2xlarge

  • stream.compute.4xlarge

  • stream.compute.8xlarge

  • stream.memory.large

  • stream.memory.xlarge

  • stream.memory.2xlarge

  • stream.memory.4xlarge

  • stream.memory.8xlarge

  • stream.memory.z1d.large

  • stream.memory.z1d.xlarge

  • stream.memory.z1d.2xlarge

  • stream.memory.z1d.3xlarge

  • stream.memory.z1d.6xlarge

  • stream.memory.z1d.12xlarge

  • stream.graphics-design.large

  • stream.graphics-design.xlarge

  • stream.graphics-design.2xlarge

  • stream.graphics-design.4xlarge

  • stream.graphics.g4dn.xlarge

  • stream.graphics.g4dn.2xlarge

  • stream.graphics.g4dn.4xlarge

  • stream.graphics.g4dn.8xlarge

  • stream.graphics.g4dn.12xlarge

  • stream.graphics.g4dn.16xlarge

  • stream.graphics.g5.xlarge

  • stream.graphics.g5.2xlarge

  • stream.graphics.g5.4xlarge

  • stream.graphics.g5.8xlarge

  • stream.graphics.g5.12xlarge

  • stream.graphics.g5.16xlarge

  • stream.graphics.g5.24xlarge

  • stream.graphics.g6.xlarge

  • stream.graphics.g6.2xlarge

  • stream.graphics.g6.4xlarge

  • stream.graphics.g6.8xlarge

  • stream.graphics.g6.16xlarge

  • stream.graphics.g6.12xlarge

  • stream.graphics.g6.24xlarge

  • stream.graphics.gr6.4xlarge

  • stream.graphics.gr6.8xlarge

  • stream.graphics.g6f.large

  • stream.graphics.g6f.xlarge

  • stream.graphics.g6f.2xlarge

  • stream.graphics.g6f.4xlarge

  • stream.graphics.gr6f.4xlarge

The following instance types are available for Elastic fleets:

  • stream.standard.small

  • stream.standard.medium

  • stream.standard.large

  • stream.standard.xlarge

  • stream.standard.2xlarge

" + "documentation":"

The instance type to use when launching fleet instances. The following instance types are available:

  • stream.standard.small

  • stream.standard.medium

  • stream.standard.large

  • stream.standard.xlarge

  • stream.standard.2xlarge

  • stream.compute.large

  • stream.compute.xlarge

  • stream.compute.2xlarge

  • stream.compute.4xlarge

  • stream.compute.8xlarge

  • stream.memory.large

  • stream.memory.xlarge

  • stream.memory.2xlarge

  • stream.memory.4xlarge

  • stream.memory.8xlarge

  • stream.memory.z1d.large

  • stream.memory.z1d.xlarge

  • stream.memory.z1d.2xlarge

  • stream.memory.z1d.3xlarge

  • stream.memory.z1d.6xlarge

  • stream.memory.z1d.12xlarge

  • stream.graphics.g4dn.xlarge

  • stream.graphics.g4dn.2xlarge

  • stream.graphics.g4dn.4xlarge

  • stream.graphics.g4dn.8xlarge

  • stream.graphics.g4dn.12xlarge

  • stream.graphics.g4dn.16xlarge

  • stream.graphics.g5.xlarge

  • stream.graphics.g5.2xlarge

  • stream.graphics.g5.4xlarge

  • stream.graphics.g5.8xlarge

  • stream.graphics.g5.12xlarge

  • stream.graphics.g5.16xlarge

  • stream.graphics.g5.24xlarge

  • stream.graphics.g6.xlarge

  • stream.graphics.g6.2xlarge

  • stream.graphics.g6.4xlarge

  • stream.graphics.g6.8xlarge

  • stream.graphics.g6.16xlarge

  • stream.graphics.g6.12xlarge

  • stream.graphics.g6.24xlarge

  • stream.graphics.gr6.4xlarge

  • stream.graphics.gr6.8xlarge

  • stream.graphics.g6f.large

  • stream.graphics.g6f.xlarge

  • stream.graphics.g6f.2xlarge

  • stream.graphics.g6f.4xlarge

  • stream.graphics.gr6f.4xlarge

The following instance types are available for Elastic fleets:

  • stream.standard.small

  • stream.standard.medium

  • stream.standard.large

  • stream.standard.xlarge

  • stream.standard.2xlarge

" }, "FleetType":{ "shape":"FleetType", @@ -2608,7 +2608,7 @@ }, "Platform":{ "shape":"PlatformType", - "documentation":"

The fleet platform. WINDOWS_SERVER_2019 and AMAZON_LINUX2 are supported for Elastic fleets.

" + "documentation":"

The fleet platform. WINDOWS_SERVER_2019, AMAZON_LINUX2 and UBUNTU_PRO_2404 are supported for Elastic fleets.

" }, "MaxConcurrentSessions":{ "shape":"Integer", @@ -2662,7 +2662,7 @@ }, "InstanceType":{ "shape":"String", - "documentation":"

The instance type to use when launching the image builder. The following instance types are available:

  • stream.standard.small

  • stream.standard.medium

  • stream.standard.large

  • stream.compute.large

  • stream.compute.xlarge

  • stream.compute.2xlarge

  • stream.compute.4xlarge

  • stream.compute.8xlarge

  • stream.memory.large

  • stream.memory.xlarge

  • stream.memory.2xlarge

  • stream.memory.4xlarge

  • stream.memory.8xlarge

  • stream.memory.z1d.large

  • stream.memory.z1d.xlarge

  • stream.memory.z1d.2xlarge

  • stream.memory.z1d.3xlarge

  • stream.memory.z1d.6xlarge

  • stream.memory.z1d.12xlarge

  • stream.graphics-design.large

  • stream.graphics-design.xlarge

  • stream.graphics-design.2xlarge

  • stream.graphics-design.4xlarge

  • stream.graphics.g4dn.xlarge

  • stream.graphics.g4dn.2xlarge

  • stream.graphics.g4dn.4xlarge

  • stream.graphics.g4dn.8xlarge

  • stream.graphics.g4dn.12xlarge

  • stream.graphics.g4dn.16xlarge

  • stream.graphics.g5.xlarge

  • stream.graphics.g5.2xlarge

  • stream.graphics.g5.4xlarge

  • stream.graphics.g5.8xlarge

  • stream.graphics.g5.16xlarge

  • stream.graphics.g5.12xlarge

  • stream.graphics.g5.24xlarge

  • stream.graphics.g6.xlarge

  • stream.graphics.g6.2xlarge

  • stream.graphics.g6.4xlarge

  • stream.graphics.g6.8xlarge

  • stream.graphics.g6.16xlarge

  • stream.graphics.g6.12xlarge

  • stream.graphics.g6.24xlarge

  • stream.graphics.gr6.4xlarge

  • stream.graphics.gr6.8xlarge

  • stream.graphics.g6f.large

  • stream.graphics.g6f.xlarge

  • stream.graphics.g6f.2xlarge

  • stream.graphics.g6f.4xlarge

  • stream.graphics.gr6f.4xlarge

" + "documentation":"

The instance type to use when launching the image builder. The following instance types are available:

  • stream.standard.small

  • stream.standard.medium

  • stream.standard.large

  • stream.compute.large

  • stream.compute.xlarge

  • stream.compute.2xlarge

  • stream.compute.4xlarge

  • stream.compute.8xlarge

  • stream.memory.large

  • stream.memory.xlarge

  • stream.memory.2xlarge

  • stream.memory.4xlarge

  • stream.memory.8xlarge

  • stream.memory.z1d.large

  • stream.memory.z1d.xlarge

  • stream.memory.z1d.2xlarge

  • stream.memory.z1d.3xlarge

  • stream.memory.z1d.6xlarge

  • stream.memory.z1d.12xlarge

  • stream.graphics.g4dn.xlarge

  • stream.graphics.g4dn.2xlarge

  • stream.graphics.g4dn.4xlarge

  • stream.graphics.g4dn.8xlarge

  • stream.graphics.g4dn.12xlarge

  • stream.graphics.g4dn.16xlarge

  • stream.graphics.g5.xlarge

  • stream.graphics.g5.2xlarge

  • stream.graphics.g5.4xlarge

  • stream.graphics.g5.8xlarge

  • stream.graphics.g5.16xlarge

  • stream.graphics.g5.12xlarge

  • stream.graphics.g5.24xlarge

  • stream.graphics.g6.xlarge

  • stream.graphics.g6.2xlarge

  • stream.graphics.g6.4xlarge

  • stream.graphics.g6.8xlarge

  • stream.graphics.g6.16xlarge

  • stream.graphics.g6.12xlarge

  • stream.graphics.g6.24xlarge

  • stream.graphics.gr6.4xlarge

  • stream.graphics.gr6.8xlarge

  • stream.graphics.g6f.large

  • stream.graphics.g6f.xlarge

  • stream.graphics.g6f.2xlarge

  • stream.graphics.g6f.4xlarge

  • stream.graphics.gr6f.4xlarge

" }, "Description":{ "shape":"Description", @@ -4400,7 +4400,7 @@ }, "InstanceType":{ "shape":"String", - "documentation":"

The instance type to use when launching fleet instances. The following instance types are available:

  • stream.standard.small

  • stream.standard.medium

  • stream.standard.large

  • stream.compute.large

  • stream.compute.xlarge

  • stream.compute.2xlarge

  • stream.compute.4xlarge

  • stream.compute.8xlarge

  • stream.memory.large

  • stream.memory.xlarge

  • stream.memory.2xlarge

  • stream.memory.4xlarge

  • stream.memory.8xlarge

  • stream.memory.z1d.large

  • stream.memory.z1d.xlarge

  • stream.memory.z1d.2xlarge

  • stream.memory.z1d.3xlarge

  • stream.memory.z1d.6xlarge

  • stream.memory.z1d.12xlarge

  • stream.graphics-design.large

  • stream.graphics-design.xlarge

  • stream.graphics-design.2xlarge

  • stream.graphics-design.4xlarge

  • stream.graphics.g4dn.xlarge

  • stream.graphics.g4dn.2xlarge

  • stream.graphics.g4dn.4xlarge

  • stream.graphics.g4dn.8xlarge

  • stream.graphics.g4dn.12xlarge

  • stream.graphics.g4dn.16xlarge

  • stream.graphics.g5.xlarge

  • stream.graphics.g5.2xlarge

  • stream.graphics.g5.4xlarge

  • stream.graphics.g5.8xlarge

  • stream.graphics.g5.16xlarge

  • stream.graphics.g5.12xlarge

  • stream.graphics.g5.24xlarge

  • stream.graphics.g6.xlarge

  • stream.graphics.g6.2xlarge

  • stream.graphics.g6.4xlarge

  • stream.graphics.g6.8xlarge

  • stream.graphics.g6.16xlarge

  • stream.graphics.g6.12xlarge

  • stream.graphics.g6.24xlarge

  • stream.graphics.gr6.4xlarge

  • stream.graphics.gr6.8xlarge

  • stream.graphics.g6f.large

  • stream.graphics.g6f.xlarge

  • stream.graphics.g6f.2xlarge

  • stream.graphics.g6f.4xlarge

  • stream.graphics.gr6f.4xlarge

" + "documentation":"

The instance type to use when launching fleet instances. The following instance types are available:

  • stream.standard.small

  • stream.standard.medium

  • stream.standard.large

  • stream.compute.large

  • stream.compute.xlarge

  • stream.compute.2xlarge

  • stream.compute.4xlarge

  • stream.compute.8xlarge

  • stream.memory.large

  • stream.memory.xlarge

  • stream.memory.2xlarge

  • stream.memory.4xlarge

  • stream.memory.8xlarge

  • stream.memory.z1d.large

  • stream.memory.z1d.xlarge

  • stream.memory.z1d.2xlarge

  • stream.memory.z1d.3xlarge

  • stream.memory.z1d.6xlarge

  • stream.memory.z1d.12xlarge

  • stream.graphics.g4dn.xlarge

  • stream.graphics.g4dn.2xlarge

  • stream.graphics.g4dn.4xlarge

  • stream.graphics.g4dn.8xlarge

  • stream.graphics.g4dn.12xlarge

  • stream.graphics.g4dn.16xlarge

  • stream.graphics.g5.xlarge

  • stream.graphics.g5.2xlarge

  • stream.graphics.g5.4xlarge

  • stream.graphics.g5.8xlarge

  • stream.graphics.g5.16xlarge

  • stream.graphics.g5.12xlarge

  • stream.graphics.g5.24xlarge

  • stream.graphics.g6.xlarge

  • stream.graphics.g6.2xlarge

  • stream.graphics.g6.4xlarge

  • stream.graphics.g6.8xlarge

  • stream.graphics.g6.16xlarge

  • stream.graphics.g6.12xlarge

  • stream.graphics.g6.24xlarge

  • stream.graphics.gr6.4xlarge

  • stream.graphics.gr6.8xlarge

  • stream.graphics.g6f.large

  • stream.graphics.g6f.xlarge

  • stream.graphics.g6f.2xlarge

  • stream.graphics.g6f.4xlarge

  • stream.graphics.gr6f.4xlarge

" }, "FleetType":{ "shape":"FleetType", @@ -4672,7 +4672,7 @@ }, "SupportedInstanceFamilies":{ "shape":"StringList", - "documentation":"

The supported instances families that determine which image a customer can use when the customer launches a fleet or image builder. The following instances families are supported:

  • General Purpose

  • Compute Optimized

  • Memory Optimized

  • Graphics

  • Graphics Design

  • Graphics Pro

  • Graphics G4

  • Graphics G5

" + "documentation":"

The supported instances families that determine which image a customer can use when the customer launches a fleet or image builder. The following instances families are supported:

  • General Purpose

  • Compute Optimized

  • Memory Optimized

  • Graphics G4

  • Graphics G5

  • Graphics G6

" }, "DynamicAppProvidersEnabled":{ "shape":"DynamicAppProvidersEnabled", @@ -4723,7 +4723,7 @@ }, "InstanceType":{ "shape":"String", - "documentation":"

The instance type for the image builder. The following instance types are available:

  • stream.standard.small

  • stream.standard.medium

  • stream.standard.large

  • stream.compute.large

  • stream.compute.xlarge

  • stream.compute.2xlarge

  • stream.compute.4xlarge

  • stream.compute.8xlarge

  • stream.memory.large

  • stream.memory.xlarge

  • stream.memory.2xlarge

  • stream.memory.4xlarge

  • stream.memory.8xlarge

  • stream.memory.z1d.large

  • stream.memory.z1d.xlarge

  • stream.memory.z1d.2xlarge

  • stream.memory.z1d.3xlarge

  • stream.memory.z1d.6xlarge

  • stream.memory.z1d.12xlarge

  • stream.graphics-design.large

  • stream.graphics-design.xlarge

  • stream.graphics-design.2xlarge

  • stream.graphics-design.4xlarge

  • stream.graphics.g4dn.xlarge

  • stream.graphics.g4dn.2xlarge

  • stream.graphics.g4dn.4xlarge

  • stream.graphics.g4dn.8xlarge

  • stream.graphics.g4dn.12xlarge

  • stream.graphics.g4dn.16xlarge

  • stream.graphics.g5.xlarge

  • stream.graphics.g5.2xlarge

  • stream.graphics.g5.4xlarge

  • stream.graphics.g5.8xlarge

  • stream.graphics.g5.16xlarge

  • stream.graphics.g5.12xlarge

  • stream.graphics.g5.24xlarge

  • stream.graphics.g6.xlarge

  • stream.graphics.g6.2xlarge

  • stream.graphics.g6.4xlarge

  • stream.graphics.g6.8xlarge

  • stream.graphics.g6.16xlarge

  • stream.graphics.g6.12xlarge

  • stream.graphics.g6.24xlarge

  • stream.graphics.gr6.4xlarge

  • stream.graphics.gr6.8xlarge

  • stream.graphics.g6f.large

  • stream.graphics.g6f.xlarge

  • stream.graphics.g6f.2xlarge

  • stream.graphics.g6f.4xlarge

  • stream.graphics.gr6f.4xlarge

" + "documentation":"

The instance type for the image builder. The following instance types are available:

  • stream.standard.small

  • stream.standard.medium

  • stream.standard.large

  • stream.compute.large

  • stream.compute.xlarge

  • stream.compute.2xlarge

  • stream.compute.4xlarge

  • stream.compute.8xlarge

  • stream.memory.large

  • stream.memory.xlarge

  • stream.memory.2xlarge

  • stream.memory.4xlarge

  • stream.memory.8xlarge

  • stream.memory.z1d.large

  • stream.memory.z1d.xlarge

  • stream.memory.z1d.2xlarge

  • stream.memory.z1d.3xlarge

  • stream.memory.z1d.6xlarge

  • stream.memory.z1d.12xlarge

  • stream.graphics.g4dn.xlarge

  • stream.graphics.g4dn.2xlarge

  • stream.graphics.g4dn.4xlarge

  • stream.graphics.g4dn.8xlarge

  • stream.graphics.g4dn.12xlarge

  • stream.graphics.g4dn.16xlarge

  • stream.graphics.g5.xlarge

  • stream.graphics.g5.2xlarge

  • stream.graphics.g5.4xlarge

  • stream.graphics.g5.8xlarge

  • stream.graphics.g5.16xlarge

  • stream.graphics.g5.12xlarge

  • stream.graphics.g5.24xlarge

  • stream.graphics.g6.xlarge

  • stream.graphics.g6.2xlarge

  • stream.graphics.g6.4xlarge

  • stream.graphics.g6.8xlarge

  • stream.graphics.g6.16xlarge

  • stream.graphics.g6.12xlarge

  • stream.graphics.g6.24xlarge

  • stream.graphics.gr6.4xlarge

  • stream.graphics.gr6.8xlarge

  • stream.graphics.g6f.large

  • stream.graphics.g6f.xlarge

  • stream.graphics.g6f.2xlarge

  • stream.graphics.g6f.4xlarge

  • stream.graphics.gr6f.4xlarge

" }, "Platform":{ "shape":"PlatformType", @@ -5200,9 +5200,11 @@ "WINDOWS_SERVER_2016", "WINDOWS_SERVER_2019", "WINDOWS_SERVER_2022", + "WINDOWS_SERVER_2025", "AMAZON_LINUX2", "RHEL8", - "ROCKY_LINUX8" + "ROCKY_LINUX8", + "UBUNTU_PRO_2404" ] }, "Platforms":{ @@ -6182,7 +6184,7 @@ }, "InstanceType":{ "shape":"String", - "documentation":"

The instance type to use when launching fleet instances. The following instance types are available:

  • stream.standard.small

  • stream.standard.medium

  • stream.standard.large

  • stream.standard.xlarge

  • stream.standard.2xlarge

  • stream.compute.large

  • stream.compute.xlarge

  • stream.compute.2xlarge

  • stream.compute.4xlarge

  • stream.compute.8xlarge

  • stream.memory.large

  • stream.memory.xlarge

  • stream.memory.2xlarge

  • stream.memory.4xlarge

  • stream.memory.8xlarge

  • stream.memory.z1d.large

  • stream.memory.z1d.xlarge

  • stream.memory.z1d.2xlarge

  • stream.memory.z1d.3xlarge

  • stream.memory.z1d.6xlarge

  • stream.memory.z1d.12xlarge

  • stream.graphics-design.large

  • stream.graphics-design.xlarge

  • stream.graphics-design.2xlarge

  • stream.graphics-design.4xlarge

  • stream.graphics.g4dn.xlarge

  • stream.graphics.g4dn.2xlarge

  • stream.graphics.g4dn.4xlarge

  • stream.graphics.g4dn.8xlarge

  • stream.graphics.g4dn.12xlarge

  • stream.graphics.g4dn.16xlarge

  • stream.graphics.g5.xlarge

  • stream.graphics.g5.2xlarge

  • stream.graphics.g5.4xlarge

  • stream.graphics.g5.8xlarge

  • stream.graphics.g5.16xlarge

  • stream.graphics.g5.12xlarge

  • stream.graphics.g5.24xlarge

  • stream.graphics.g6.xlarge

  • stream.graphics.g6.2xlarge

  • stream.graphics.g6.4xlarge

  • stream.graphics.g6.8xlarge

  • stream.graphics.g6.16xlarge

  • stream.graphics.g6.12xlarge

  • stream.graphics.g6.24xlarge

  • stream.graphics.gr6.4xlarge

  • stream.graphics.gr6.8xlarge

  • stream.graphics.g6f.large

  • stream.graphics.g6f.xlarge

  • stream.graphics.g6f.2xlarge

  • stream.graphics.g6f.4xlarge

  • stream.graphics.gr6f.4xlarge

The following instance types are available for Elastic fleets:

  • stream.standard.small

  • stream.standard.medium

  • stream.standard.large

  • stream.standard.xlarge

  • stream.standard.2xlarge

" + "documentation":"

The instance type to use when launching fleet instances. The following instance types are available:

  • stream.standard.small

  • stream.standard.medium

  • stream.standard.large

  • stream.standard.xlarge

  • stream.standard.2xlarge

  • stream.compute.large

  • stream.compute.xlarge

  • stream.compute.2xlarge

  • stream.compute.4xlarge

  • stream.compute.8xlarge

  • stream.memory.large

  • stream.memory.xlarge

  • stream.memory.2xlarge

  • stream.memory.4xlarge

  • stream.memory.8xlarge

  • stream.memory.z1d.large

  • stream.memory.z1d.xlarge

  • stream.memory.z1d.2xlarge

  • stream.memory.z1d.3xlarge

  • stream.memory.z1d.6xlarge

  • stream.memory.z1d.12xlarge

  • stream.graphics.g4dn.xlarge

  • stream.graphics.g4dn.2xlarge

  • stream.graphics.g4dn.4xlarge

  • stream.graphics.g4dn.8xlarge

  • stream.graphics.g4dn.12xlarge

  • stream.graphics.g4dn.16xlarge

  • stream.graphics.g5.xlarge

  • stream.graphics.g5.2xlarge

  • stream.graphics.g5.4xlarge

  • stream.graphics.g5.8xlarge

  • stream.graphics.g5.16xlarge

  • stream.graphics.g5.12xlarge

  • stream.graphics.g5.24xlarge

  • stream.graphics.g6.xlarge

  • stream.graphics.g6.2xlarge

  • stream.graphics.g6.4xlarge

  • stream.graphics.g6.8xlarge

  • stream.graphics.g6.16xlarge

  • stream.graphics.g6.12xlarge

  • stream.graphics.g6.24xlarge

  • stream.graphics.gr6.4xlarge

  • stream.graphics.gr6.8xlarge

  • stream.graphics.g6f.large

  • stream.graphics.g6f.xlarge

  • stream.graphics.g6f.2xlarge

  • stream.graphics.g6f.4xlarge

  • stream.graphics.gr6f.4xlarge

The following instance types are available for Elastic fleets:

  • stream.standard.small

  • stream.standard.medium

  • stream.standard.large

  • stream.standard.xlarge

  • stream.standard.2xlarge

" }, "ComputeCapacity":{ "shape":"ComputeCapacity", @@ -6239,7 +6241,7 @@ }, "Platform":{ "shape":"PlatformType", - "documentation":"

The platform of the fleet. WINDOWS_SERVER_2019 and AMAZON_LINUX2 are supported for Elastic fleets.

" + "documentation":"

The platform of the fleet. WINDOWS_SERVER_2019, AMAZON_LINUX2 and UBUNTU_PRO_2404 are supported for Elastic fleets.

" }, "MaxConcurrentSessions":{ "shape":"Integer", diff --git a/awscli/botocore/data/arc-region-switch/2022-07-26/endpoint-rule-set-1.json b/awscli/botocore/data/arc-region-switch/2022-07-26/endpoint-rule-set-1.json index 0a42812d7b62..abd72333dde9 100644 --- a/awscli/botocore/data/arc-region-switch/2022-07-26/endpoint-rule-set-1.json +++ b/awscli/botocore/data/arc-region-switch/2022-07-26/endpoint-rule-set-1.json @@ -6,24 +6,24 @@ "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" }, "Region": { "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseControlPlaneEndpoint": { "required": false, "documentation": "Whether the operation is a control plane operation. Control plane operations are routed to a centralized endpoint in the partition leader.", - "type": "Boolean" + "type": "boolean" } }, "rules": [ diff --git a/awscli/botocore/data/arc-region-switch/2022-07-26/paginators-1.json b/awscli/botocore/data/arc-region-switch/2022-07-26/paginators-1.json index 0bac1960ce59..2e521c97a9dd 100644 --- a/awscli/botocore/data/arc-region-switch/2022-07-26/paginators-1.json +++ b/awscli/botocore/data/arc-region-switch/2022-07-26/paginators-1.json @@ -41,6 +41,12 @@ "output_token": "nextToken", "limit_key": "maxResults", "result_key": "healthChecks" + }, + "ListRoute53HealthChecksInRegion": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "healthChecks" } } } diff --git a/awscli/botocore/data/arc-region-switch/2022-07-26/service-2.json b/awscli/botocore/data/arc-region-switch/2022-07-26/service-2.json index 016289076324..c807aad9ded5 100644 --- a/awscli/botocore/data/arc-region-switch/2022-07-26/service-2.json +++ b/awscli/botocore/data/arc-region-switch/2022-07-26/service-2.json @@ -89,6 +89,7 @@ {"shape":"ResourceNotFoundException"} ], "documentation":"

Retrieves detailed information about a Region switch plan. You must specify the ARN of the plan.

", + "readonly":true, "staticContextParams":{ "UseControlPlaneEndpoint":{"value":true} } @@ -105,7 +106,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves the evaluation status of a Region switch plan. The evaluation status provides information about the last time the plan was evaluated and any warnings or issues detected.

" + "documentation":"

Retrieves the evaluation status of a Region switch plan. The evaluation status provides information about the last time the plan was evaluated and any warnings or issues detected.

", + "readonly":true }, "GetPlanExecution":{ "name":"GetPlanExecution", @@ -119,7 +121,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves detailed information about a specific plan execution. You must specify the plan ARN and execution ID.

" + "documentation":"

Retrieves detailed information about a specific plan execution. You must specify the plan ARN and execution ID.

", + "readonly":true }, "GetPlanInRegion":{ "name":"GetPlanInRegion", @@ -133,7 +136,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves information about a Region switch plan in a specific Amazon Web Services Region. This operation is useful for getting Region-specific information about a plan.

" + "documentation":"

Retrieves information about a Region switch plan in a specific Amazon Web Services Region. This operation is useful for getting Region-specific information about a plan.

", + "readonly":true }, "ListPlanExecutionEvents":{ "name":"ListPlanExecutionEvents", @@ -147,7 +151,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Lists the events that occurred during a plan execution. These events provide a detailed timeline of the execution process.

" + "documentation":"

Lists the events that occurred during a plan execution. These events provide a detailed timeline of the execution process.

", + "readonly":true }, "ListPlanExecutions":{ "name":"ListPlanExecutions", @@ -161,7 +166,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Lists the executions of a Region switch plan. This operation returns information about both current and historical executions.

" + "documentation":"

Lists the executions of a Region switch plan. This operation returns information about both current and historical executions.

", + "readonly":true }, "ListPlans":{ "name":"ListPlans", @@ -172,6 +178,7 @@ "input":{"shape":"ListPlansRequest"}, "output":{"shape":"ListPlansResponse"}, "documentation":"

Lists all Region switch plans in your Amazon Web Services account.

", + "readonly":true, "staticContextParams":{ "UseControlPlaneEndpoint":{"value":true} } @@ -187,7 +194,8 @@ "errors":[ {"shape":"AccessDeniedException"} ], - "documentation":"

Lists all Region switch plans in your Amazon Web Services account that are available in the current Amazon Web Services Region.

" + "documentation":"

Lists all Region switch plans in your Amazon Web Services account that are available in the current Amazon Web Services Region.

", + "readonly":true }, "ListRoute53HealthChecks":{ "name":"ListRoute53HealthChecks", @@ -203,10 +211,28 @@ {"shape":"InternalServerException"} ], "documentation":"

List the Amazon Route 53 health checks.

", + "readonly":true, "staticContextParams":{ "UseControlPlaneEndpoint":{"value":true} } }, + "ListRoute53HealthChecksInRegion":{ + "name":"ListRoute53HealthChecksInRegion", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListRoute53HealthChecksInRegionRequest"}, + "output":{"shape":"ListRoute53HealthChecksInRegionResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"IllegalArgumentException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

List the Amazon Route 53 health checks in a specific Amazon Web Services Region.

", + "readonly":true + }, "ListTagsForResource":{ "name":"ListTagsForResource", "http":{ @@ -220,6 +246,7 @@ {"shape":"InternalServerException"} ], "documentation":"

Lists the tags attached to a Region switch resource.

", + "readonly":true, "staticContextParams":{ "UseControlPlaneEndpoint":{"value":true} } @@ -598,7 +625,7 @@ }, "AsgArn":{ "type":"string", - "pattern":"arn:aws:autoscaling:[a-z0-9-]+:\\d{12}:autoScalingGroup:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}:autoScalingGroupName/[\\S\\s]{1,255}" + "pattern":"arn:aws[a-zA-Z-]*:autoscaling:[a-z0-9-]+:\\d{12}:autoScalingGroup:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}:autoScalingGroupName/[\\S\\s]{1,255}" }, "AsgList":{ "type":"list", @@ -889,11 +916,11 @@ }, "EcsClusterArn":{ "type":"string", - "pattern":"arn:aws:ecs:[a-z0-9-]+:\\d{12}:cluster/[a-zA-Z0-9_-]{1,255}" + "pattern":"arn:aws[a-zA-Z-]*:ecs:[a-z0-9-]+:\\d{12}:cluster/[a-zA-Z0-9_-]{1,255}" }, "EcsServiceArn":{ "type":"string", - "pattern":"arn:aws:ecs:[a-z0-9-]+:\\d{12}:service/[a-zA-Z0-9_-]+/[a-zA-Z0-9_-]{1,255}" + "pattern":"arn:aws[a-zA-Z-]*:ecs:[a-z0-9-]+:\\d{12}:service/[a-zA-Z0-9_-]+/[a-zA-Z0-9_-]{1,255}" }, "EcsUngraceful":{ "type":"structure", @@ -1754,6 +1781,51 @@ } } }, + "ListRoute53HealthChecksInRegionRequest":{ + "type":"structure", + "required":["arn"], + "members":{ + "arn":{ + "shape":"PlanArn", + "documentation":"

The Amazon Resource Name (ARN) of the Arc Region Switch Plan.

" + }, + "hostedZoneId":{ + "shape":"Route53HostedZoneId", + "documentation":"

The hosted zone ID for the health checks.

" + }, + "recordName":{ + "shape":"Route53RecordName", + "documentation":"

The record name for the health checks.

" + }, + "maxResults":{ + "shape":"ListRoute53HealthChecksInRegionRequestMaxResultsInteger", + "documentation":"

The number of objects that you want to return with this call.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

Specifies that you want to receive the next page of results. Valid only if you received a nextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's nextToken response to request the next page of results.

" + } + } + }, + "ListRoute53HealthChecksInRegionRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ListRoute53HealthChecksInRegionResponse":{ + "type":"structure", + "members":{ + "healthChecks":{ + "shape":"Route53HealthCheckList", + "documentation":"

List of the health checks requested.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

Specifies that you want to receive the next page of results. Valid only if you received a nextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's nextToken response to request the next page of results.

" + } + } + }, "ListRoute53HealthChecksRequest":{ "type":"structure", "required":["arn"], @@ -2088,6 +2160,10 @@ "shape":"Route53HealthCheckId", "documentation":"

The Amazon Route 53 health check ID.

" }, + "status":{ + "shape":"Route53HealthCheckStatus", + "documentation":"

The Amazon Route 53 health check status.

" + }, "region":{ "shape":"Region", "documentation":"

The Amazon Route 53 Region.

" @@ -2143,6 +2219,14 @@ "type":"list", "member":{"shape":"Route53HealthCheck"} }, + "Route53HealthCheckStatus":{ + "type":"string", + "enum":[ + "healthy", + "unhealthy", + "unknown" + ] + }, "Route53HostedZoneId":{ "type":"string", "max":32, diff --git a/awscli/botocore/data/artifact/2018-05-10/paginators-1.json b/awscli/botocore/data/artifact/2018-05-10/paginators-1.json index ba4271a9e5c0..ae2de6dee1d8 100644 --- a/awscli/botocore/data/artifact/2018-05-10/paginators-1.json +++ b/awscli/botocore/data/artifact/2018-05-10/paginators-1.json @@ -11,6 +11,12 @@ "output_token": "nextToken", "limit_key": "maxResults", "result_key": "customerAgreements" + }, + "ListReportVersions": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "reports" } } } diff --git a/awscli/botocore/data/artifact/2018-05-10/service-2.json b/awscli/botocore/data/artifact/2018-05-10/service-2.json index f7b10da97124..7327dba275f9 100644 --- a/awscli/botocore/data/artifact/2018-05-10/service-2.json +++ b/awscli/botocore/data/artifact/2018-05-10/service-2.json @@ -31,7 +31,8 @@ {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

Get the account settings for Artifact.

" + "documentation":"

Get the account settings for Artifact.

", + "readonly":true }, "GetReport":{ "name":"GetReport", @@ -51,7 +52,8 @@ {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

Get the content for a single report.

" + "documentation":"

Get the content for a single report.

", + "readonly":true }, "GetReportMetadata":{ "name":"GetReportMetadata", @@ -70,7 +72,8 @@ {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

Get the metadata for a single report.

" + "documentation":"

Get the metadata for a single report.

", + "readonly":true }, "GetTermForReport":{ "name":"GetTermForReport", @@ -90,7 +93,8 @@ {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

Get the Term content associated with a single report.

" + "documentation":"

Get the Term content associated with a single report.

", + "readonly":true }, "ListCustomerAgreements":{ "name":"ListCustomerAgreements", @@ -107,7 +111,28 @@ {"shape":"InternalServerException"}, {"shape":"ValidationException"} ], - "documentation":"

List active customer-agreements applicable to calling identity.

" + "documentation":"

List active customer-agreements applicable to calling identity.

", + "readonly":true + }, + "ListReportVersions":{ + "name":"ListReportVersions", + "http":{ + "method":"GET", + "requestUri":"/v1/report/listVersions", + "responseCode":200 + }, + "input":{"shape":"ListReportVersionsRequest"}, + "output":{"shape":"ListReportVersionsResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ServiceQuotaExceededException"} + ], + "documentation":"

List available report versions for a given report.

", + "readonly":true }, "ListReports":{ "name":"ListReports", @@ -126,7 +151,8 @@ {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

List available reports.

" + "documentation":"

List available reports.

", + "readonly":true }, "PutAccountSettings":{ "name":"PutAccountSettings", @@ -296,8 +322,7 @@ }, "GetAccountSettingsRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetAccountSettingsResponse":{ "type":"structure", @@ -462,6 +487,44 @@ } } }, + "ListReportVersionsRequest":{ + "type":"structure", + "required":["reportId"], + "members":{ + "reportId":{ + "shape":"ReportId", + "documentation":"

Unique resource ID for the report resource.

", + "location":"querystring", + "locationName":"reportId" + }, + "maxResults":{ + "shape":"MaxResultsAttribute", + "documentation":"

Maximum number of resources to return in the paginated response.

", + "location":"querystring", + "locationName":"maxResults" + }, + "nextToken":{ + "shape":"NextTokenAttribute", + "documentation":"

Pagination token to request the next page of resources.

", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListReportVersionsResponse":{ + "type":"structure", + "required":["reports"], + "members":{ + "reports":{ + "shape":"ReportsList", + "documentation":"

List of report resources.

" + }, + "nextToken":{ + "shape":"NextTokenAttribute", + "documentation":"

Pagination token to request the next page of resources.

" + } + } + }, "ListReportsRequest":{ "type":"structure", "members":{ diff --git a/awscli/botocore/data/bedrock-agentcore-control/2023-06-05/service-2.json b/awscli/botocore/data/bedrock-agentcore-control/2023-06-05/service-2.json index b121951826ff..b5bf2129d4c1 100644 --- a/awscli/botocore/data/bedrock-agentcore-control/2023-06-05/service-2.json +++ b/awscli/botocore/data/bedrock-agentcore-control/2023-06-05/service-2.json @@ -1853,6 +1853,24 @@ "member":{"shape":"AllowedClient"}, "min":1 }, + "AllowedQueryParameters":{ + "type":"list", + "member":{"shape":"HttpQueryParameterName"}, + "max":10, + "min":1 + }, + "AllowedRequestHeaders":{ + "type":"list", + "member":{"shape":"HttpHeaderName"}, + "max":10, + "min":1 + }, + "AllowedResponseHeaders":{ + "type":"list", + "member":{"shape":"HttpHeaderName"}, + "max":10, + "min":1 + }, "AllowedScopeType":{ "type":"string", "max":255, @@ -3150,6 +3168,10 @@ "credentialProviderConfigurations":{ "shape":"CredentialProviderConfigurations", "documentation":"

The credential provider configurations for the target. These configurations specify how the gateway authenticates with the target endpoint.

" + }, + "metadataConfiguration":{ + "shape":"MetadataConfiguration", + "documentation":"

Optional configuration for HTTP header and query parameter propagation to and from the gateway target.

" } } }, @@ -3209,6 +3231,10 @@ "lastSynchronizedAt":{ "shape":"DateTimestamp", "documentation":"

The last synchronization of the target.

" + }, + "metadataConfiguration":{ + "shape":"MetadataConfiguration", + "documentation":"

The metadata configuration that was applied to the created gateway target.

" } } }, @@ -5272,6 +5298,10 @@ "lastSynchronizedAt":{ "shape":"DateTimestamp", "documentation":"

The last synchronization time.

" + }, + "metadataConfiguration":{ + "shape":"MetadataConfiguration", + "documentation":"

The metadata configuration for HTTP header and query parameter propagation to and from this gateway target.

" } }, "documentation":"

The gateway target.

" @@ -5882,6 +5912,10 @@ "lastSynchronizedAt":{ "shape":"DateTimestamp", "documentation":"

The last synchronization of the target.

" + }, + "metadataConfiguration":{ + "shape":"MetadataConfiguration", + "documentation":"

The metadata configuration for HTTP header and query parameter propagation for the retrieved gateway target.

" } } }, @@ -6425,6 +6459,16 @@ "min":1, "pattern":"(Authorization|X-Amzn-Bedrock-AgentCore-Runtime-Custom-[a-zA-Z0-9-]+)" }, + "HttpHeaderName":{ + "type":"string", + "max":100, + "min":1 + }, + "HttpQueryParameterName":{ + "type":"string", + "max":40, + "min":1 + }, "InboundTokenClaimNameType":{ "type":"string", "max":255, @@ -7725,6 +7769,24 @@ "max":50, "min":1 }, + "MetadataConfiguration":{ + "type":"structure", + "members":{ + "allowedRequestHeaders":{ + "shape":"AllowedRequestHeaders", + "documentation":"

A list of HTTP headers that are allowed to be propagated from incoming client requests to the target.

" + }, + "allowedQueryParameters":{ + "shape":"AllowedQueryParameters", + "documentation":"

A list of URL query parameters that are allowed to be propagated from incoming gateway URL to the target.

" + }, + "allowedResponseHeaders":{ + "shape":"AllowedResponseHeaders", + "documentation":"

A list of HTTP headers that are allowed to be propagated from the target response back to the client.

" + } + }, + "documentation":"

Configuration for HTTP header and query parameter propagation between the gateway and target servers.

" + }, "MicrosoftOauth2ProviderConfigInput":{ "type":"structure", "required":[ @@ -10403,6 +10465,10 @@ "credentialProviderConfigurations":{ "shape":"CredentialProviderConfigurations", "documentation":"

The updated credential provider configurations for the gateway target.

" + }, + "metadataConfiguration":{ + "shape":"MetadataConfiguration", + "documentation":"

Configuration for HTTP header and query parameter propagation to the gateway target.

" } } }, @@ -10459,6 +10525,10 @@ "lastSynchronizedAt":{ "shape":"DateTimestamp", "documentation":"

The date and time at which the targets were last synchronized.

" + }, + "metadataConfiguration":{ + "shape":"MetadataConfiguration", + "documentation":"

The metadata configuration that was applied to the gateway target.

" } } }, diff --git a/awscli/botocore/data/bedrock-data-automation/2023-07-26/service-2.json b/awscli/botocore/data/bedrock-data-automation/2023-07-26/service-2.json index a3619c37cda9..3de22bc2da39 100644 --- a/awscli/botocore/data/bedrock-data-automation/2023-07-26/service-2.json +++ b/awscli/botocore/data/bedrock-data-automation/2023-07-26/service-2.json @@ -13,6 +13,25 @@ "uid":"bedrock-data-automation-2023-07-26" }, "operations":{ + "CopyBlueprintStage":{ + "name":"CopyBlueprintStage", + "http":{ + "method":"PUT", + "requestUri":"/blueprints/{blueprintArn}/copy-stage", + "responseCode":200 + }, + "input":{"shape":"CopyBlueprintStageRequest"}, + "output":{"shape":"CopyBlueprintStageResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

Copies a Blueprint from one stage to another

", + "idempotent":true + }, "CreateBlueprint":{ "name":"CreateBlueprint", "http":{ @@ -130,6 +149,25 @@ "documentation":"

Gets an existing Amazon Bedrock Data Automation Blueprint

", "readonly":true }, + "GetBlueprintOptimizationStatus":{ + "name":"GetBlueprintOptimizationStatus", + "http":{ + "method":"POST", + "requestUri":"/getBlueprintOptimizationStatus/{invocationArn}", + "responseCode":200 + }, + "input":{"shape":"GetBlueprintOptimizationStatusRequest"}, + "output":{"shape":"GetBlueprintOptimizationStatusResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

API used to get blueprint optimization status.

", + "readonly":true + }, "GetDataAutomationProject":{ "name":"GetDataAutomationProject", "http":{ @@ -149,6 +187,26 @@ "documentation":"

Gets an existing Amazon Bedrock Data Automation Project

", "readonly":true }, + "InvokeBlueprintOptimizationAsync":{ + "name":"InvokeBlueprintOptimizationAsync", + "http":{ + "method":"POST", + "requestUri":"/invokeBlueprintOptimizationAsync", + "responseCode":200 + }, + "input":{"shape":"InvokeBlueprintOptimizationAsyncRequest"}, + "output":{"shape":"InvokeBlueprintOptimizationAsyncResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

Invoke an async job to perform Blueprint Optimization

", + "idempotent":true + }, "ListBlueprints":{ "name":"ListBlueprints", "http":{ @@ -419,7 +477,9 @@ "blueprintVersion":{"shape":"BlueprintVersion"}, "blueprintStage":{"shape":"BlueprintStage"}, "kmsKeyId":{"shape":"KmsKeyId"}, - "kmsEncryptionContext":{"shape":"KmsEncryptionContext"} + "kmsEncryptionContext":{"shape":"KmsEncryptionContext"}, + "optimizationSamples":{"shape":"BlueprintOptimizationSamples"}, + "optimizationTime":{"shape":"DateTimestamp"} }, "documentation":"

Contains the information of a Blueprint.

" }, @@ -463,6 +523,73 @@ "pattern":"[a-zA-Z0-9-_]+", "sensitive":true }, + "BlueprintOptimizationInvocationArn":{ + "type":"string", + "documentation":"

Invocation arn.

", + "max":128, + "min":1, + "pattern":"arn:aws(|-cn|-iso|-iso-[a-z]|-us-gov):bedrock:[a-zA-Z0-9-]*:[0-9]{12}:blueprint-optimization-invocation/[a-zA-Z0-9-_]+" + }, + "BlueprintOptimizationJobStatus":{ + "type":"string", + "documentation":"

List of status supported by optimization jobs

", + "enum":[ + "Created", + "InProgress", + "Success", + "ServiceError", + "ClientError" + ] + }, + "BlueprintOptimizationObject":{ + "type":"structure", + "required":["blueprintArn"], + "members":{ + "blueprintArn":{ + "shape":"BlueprintArn", + "documentation":"

Arn of blueprint.

" + }, + "stage":{ + "shape":"BlueprintStage", + "documentation":"

Stage of blueprint.

" + } + }, + "documentation":"

Structure for single blueprint entity.

" + }, + "BlueprintOptimizationOutputConfiguration":{ + "type":"structure", + "required":["s3Object"], + "members":{ + "s3Object":{ + "shape":"S3Object", + "documentation":"

S3 object.

" + } + }, + "documentation":"

Blueprint Optimization Output configuration.

" + }, + "BlueprintOptimizationSample":{ + "type":"structure", + "required":[ + "assetS3Object", + "groundTruthS3Object" + ], + "members":{ + "assetS3Object":{ + "shape":"S3Object", + "documentation":"

S3 Object of the asset

" + }, + "groundTruthS3Object":{ + "shape":"S3Object", + "documentation":"

Ground truth for the Blueprint and Asset combination

" + } + }, + "documentation":"

Blueprint Recommendation Sample

" + }, + "BlueprintOptimizationSamples":{ + "type":"list", + "member":{"shape":"BlueprintOptimizationSample"}, + "documentation":"

List of Blueprint Optimization Samples

" + }, "BlueprintSchema":{ "type":"string", "documentation":"

Schema of the blueprint

", @@ -546,6 +673,41 @@ }, "exception":true }, + "CopyBlueprintStageRequest":{ + "type":"structure", + "required":[ + "blueprintArn", + "sourceStage", + "targetStage" + ], + "members":{ + "blueprintArn":{ + "shape":"BlueprintArn", + "documentation":"

Blueprint to be copied

", + "location":"uri", + "locationName":"blueprintArn" + }, + "sourceStage":{ + "shape":"BlueprintStage", + "documentation":"

Source stage to copy from

" + }, + "targetStage":{ + "shape":"BlueprintStage", + "documentation":"

Target stage to copy to

" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

Client token for idempotency

", + "idempotencyToken":true + } + }, + "documentation":"

CopyBlueprintStage Request

" + }, + "CopyBlueprintStageResponse":{ + "type":"structure", + "members":{}, + "documentation":"

CopyBlueprintStage Response

" + }, "CreateBlueprintRequest":{ "type":"structure", "required":[ @@ -640,6 +802,13 @@ }, "documentation":"

Custom output configuration

" }, + "DataAutomationProfileArn":{ + "type":"string", + "documentation":"

Data automation profile arn.

", + "max":128, + "min":1, + "pattern":"arn:aws(|-cn|-us-gov):bedrock:[a-zA-Z0-9-]*:(aws|[0-9]{12}):data-automation-profile/[a-zA-Z0-9-_.]+" + }, "DataAutomationProject":{ "type":"structure", "required":[ @@ -944,6 +1113,41 @@ "min":1, "pattern":".*\\S.*" }, + "GetBlueprintOptimizationStatusRequest":{ + "type":"structure", + "required":["invocationArn"], + "members":{ + "invocationArn":{ + "shape":"BlueprintOptimizationInvocationArn", + "documentation":"

Invocation arn.

", + "location":"uri", + "locationName":"invocationArn" + } + }, + "documentation":"

Structure for request of GetBlueprintOptimizationStatus API.

" + }, + "GetBlueprintOptimizationStatusResponse":{ + "type":"structure", + "members":{ + "status":{ + "shape":"BlueprintOptimizationJobStatus", + "documentation":"

Job Status.

" + }, + "errorType":{ + "shape":"String", + "documentation":"

Error Type.

" + }, + "errorMessage":{ + "shape":"String", + "documentation":"

Error Message.

" + }, + "outputConfiguration":{ + "shape":"BlueprintOptimizationOutputConfiguration", + "documentation":"

Output configuration.

" + } + }, + "documentation":"

Response of GetBlueprintOptimizationStatus API.

" + }, "GetBlueprintRequest":{ "type":"structure", "required":["blueprintArn"], @@ -1087,6 +1291,53 @@ "exception":true, "fault":true }, + "InvokeBlueprintOptimizationAsyncRequest":{ + "type":"structure", + "required":[ + "blueprint", + "samples", + "outputConfiguration", + "dataAutomationProfileArn" + ], + "members":{ + "blueprint":{ + "shape":"BlueprintOptimizationObject", + "documentation":"

Blueprint to be optimized

" + }, + "samples":{ + "shape":"BlueprintOptimizationSamples", + "documentation":"

List of Blueprint Optimization Samples

" + }, + "outputConfiguration":{ + "shape":"BlueprintOptimizationOutputConfiguration", + "documentation":"

Output configuration where the results should be placed

" + }, + "dataAutomationProfileArn":{ + "shape":"DataAutomationProfileArn", + "documentation":"

Data automation profile ARN

" + }, + "encryptionConfiguration":{ + "shape":"EncryptionConfiguration", + "documentation":"

Encryption configuration.

" + }, + "tags":{ + "shape":"TagList", + "documentation":"

List of tags.

" + } + }, + "documentation":"

Invoke Blueprint Optimization Async Request

" + }, + "InvokeBlueprintOptimizationAsyncResponse":{ + "type":"structure", + "required":["invocationArn"], + "members":{ + "invocationArn":{ + "shape":"BlueprintOptimizationInvocationArn", + "documentation":"

ARN of the blueprint optimization job

" + } + }, + "documentation":"

Invoke Blueprint Optimization Async Response

" + }, "KmsEncryptionContext":{ "type":"map", "key":{"shape":"EncryptionContextKey"}, @@ -1306,6 +1557,34 @@ "ACCOUNT" ] }, + "S3Object":{ + "type":"structure", + "required":["s3Uri"], + "members":{ + "s3Uri":{ + "shape":"S3Uri", + "documentation":"

S3 uri.

" + }, + "version":{ + "shape":"S3ObjectVersion", + "documentation":"

S3 object version.

" + } + }, + "documentation":"

S3 object

" + }, + "S3ObjectVersion":{ + "type":"string", + "documentation":"

S3 object version.

", + "max":1024, + "min":1 + }, + "S3Uri":{ + "type":"string", + "documentation":"

A path in S3

", + "max":1024, + "min":1, + "pattern":"s3://[a-z0-9][\\.\\-a-z0-9]{1,61}[a-z0-9](/.*)?" + }, "SensitiveDataConfiguration":{ "type":"structure", "required":["detectionMode"], @@ -1393,6 +1672,7 @@ "DISABLED" ] }, + "String":{"type":"string"}, "Tag":{ "type":"structure", "required":[ @@ -1451,7 +1731,7 @@ "documentation":"

ARN of a taggable resource

", "max":1011, "min":20, - "pattern":"arn:aws(|-cn|-us-gov):bedrock:[a-z0-9-]*:[0-9]{12}:(blueprint|data-automation-project)/[a-zA-Z0-9-]{12,36}" + "pattern":"arn:aws(|-cn|-iso|-iso-[a-z]|-us-gov):bedrock:[a-z0-9-]*:[0-9]{12}:(blueprint|data-automation-project|blueprint-optimization-invocation)/[a-zA-Z0-9-]{12,36}" }, "ThrottlingException":{ "type":"structure", diff --git a/awscli/botocore/data/cleanrooms/2022-02-17/service-2.json b/awscli/botocore/data/cleanrooms/2022-02-17/service-2.json index d6b95a05460f..e51a72a9bc03 100644 --- a/awscli/botocore/data/cleanrooms/2022-02-17/service-2.json +++ b/awscli/botocore/data/cleanrooms/2022-02-17/service-2.json @@ -1456,6 +1456,25 @@ ], "documentation":"

Updates collaboration metadata and can only be called by the collaboration owner.

" }, + "UpdateCollaborationChangeRequest":{ + "name":"UpdateCollaborationChangeRequest", + "http":{ + "method":"PATCH", + "requestUri":"/collaborations/{collaborationIdentifier}/changeRequests/{changeRequestIdentifier}", + "responseCode":200 + }, + "input":{"shape":"UpdateCollaborationChangeRequestInput"}, + "output":{"shape":"UpdateCollaborationChangeRequestOutput"}, + "errors":[ + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Updates an existing collaboration change request. This operation allows approval actions for pending change requests in collaborations (APPROVE, DENY, CANCEL, COMMIT).

For change requests without automatic approval, a member in the collaboration can manually APPROVE or DENY a change request. The collaboration owner can manually CANCEL or COMMIT a change request.

" + }, "UpdateConfiguredAudienceModelAssociation":{ "name":"UpdateConfiguredAudienceModelAssociation", "http":{ @@ -2552,6 +2571,32 @@ "CLEAN_ROOMS_SQL" ] }, + "ApprovalStatus":{ + "type":"string", + "enum":[ + "APPROVED", + "DENIED", + "PENDING" + ] + }, + "ApprovalStatusDetails":{ + "type":"structure", + "required":["status"], + "members":{ + "status":{ + "shape":"ApprovalStatus", + "documentation":"

The approval status of a member's vote on the change request. Valid values are PENDING (if they haven't voted), APPROVED, or DENIED.

" + } + }, + "documentation":"

Contains detailed information about the approval state of a given member in the collaboration for a given collaboration change request.

" + }, + "ApprovalStatuses":{ + "type":"map", + "key":{"shape":"AccountId"}, + "value":{"shape":"ApprovalStatusDetails"}, + "max":50, + "min":1 + }, "AthenaDatabaseName":{ "type":"string", "max":128, @@ -2609,7 +2654,11 @@ }, "AutoApprovedChangeType":{ "type":"string", - "enum":["ADD_MEMBER"] + "enum":[ + "ADD_MEMBER", + "GRANT_RECEIVE_RESULTS_ABILITY", + "REVOKE_RECEIVE_RESULTS_ABILITY" + ] }, "AutoApprovedChangeTypeList":{ "type":"list", @@ -2941,6 +2990,15 @@ "max":10, "min":1 }, + "ChangeRequestAction":{ + "type":"string", + "enum":[ + "APPROVE", + "DENY", + "CANCEL", + "COMMIT" + ] + }, "ChangeRequestStatus":{ "type":"string", "enum":[ @@ -2957,6 +3015,10 @@ "member":{ "shape":"MemberChangeSpecification", "documentation":"

The member change specification when the change type is MEMBER.

" + }, + "collaboration":{ + "shape":"CollaborationChangeSpecification", + "documentation":"

The collaboration configuration changes being requested. Currently, this only supports modifying which change types are auto-approved for the collaboration.

" } }, "documentation":"

A union that contains the specification details for different types of changes.

", @@ -2964,11 +3026,19 @@ }, "ChangeSpecificationType":{ "type":"string", - "enum":["MEMBER"] + "enum":[ + "MEMBER", + "COLLABORATION" + ] }, "ChangeType":{ "type":"string", - "enum":["ADD_MEMBER"] + "enum":[ + "ADD_MEMBER", + "GRANT_RECEIVE_RESULTS_ABILITY", + "REVOKE_RECEIVE_RESULTS_ABILITY", + "EDIT_AUTO_APPROVED_CHANGE_TYPES" + ] }, "ChangeTypeList":{ "type":"list", @@ -3263,6 +3333,10 @@ "changes":{ "shape":"ChangeList", "documentation":"

The list of changes specified in this change request.

" + }, + "approvals":{ + "shape":"ApprovalStatuses", + "documentation":"

A list of approval details from collaboration members, including approval status and multi-party approval workflow information.

" } }, "documentation":"

Represents a request to modify a collaboration. Change requests enable structured modifications to collaborations after they have been created.

" @@ -3312,6 +3386,10 @@ "changes":{ "shape":"ChangeList", "documentation":"

Summary of the changes in this change request.

" + }, + "approvals":{ + "shape":"ApprovalStatuses", + "documentation":"

Summary of approval statuses from all collaboration members for this change request.

" } }, "documentation":"

Summary information about a collaboration change request.

" @@ -3320,6 +3398,16 @@ "type":"list", "member":{"shape":"CollaborationChangeRequestSummary"} }, + "CollaborationChangeSpecification":{ + "type":"structure", + "members":{ + "autoApprovedChangeTypes":{ + "shape":"AutoApprovedChangeTypeList", + "documentation":"

Defines requested updates to properties of the collaboration. Currently, this only supports modifying which change types are auto-approved for the collaboration.

" + } + }, + "documentation":"

Defines the specific changes being requested for a collaboration, including configuration modifications and approval requirements.

" + }, "CollaborationConfiguredAudienceModelAssociation":{ "type":"structure", "required":[ @@ -8577,7 +8665,7 @@ }, "ParameterValue":{ "type":"string", - "max":250, + "max":1000, "min":0 }, "PaymentConfiguration":{ @@ -10714,6 +10802,39 @@ } } }, + "UpdateCollaborationChangeRequestInput":{ + "type":"structure", + "required":[ + "collaborationIdentifier", + "changeRequestIdentifier", + "action" + ], + "members":{ + "collaborationIdentifier":{ + "shape":"CollaborationIdentifier", + "documentation":"

The unique identifier of the collaboration that contains the change request to be updated.

", + "location":"uri", + "locationName":"collaborationIdentifier" + }, + "changeRequestIdentifier":{ + "shape":"CollaborationChangeRequestIdentifier", + "documentation":"

The unique identifier of the specific change request to be updated within the collaboration.

", + "location":"uri", + "locationName":"changeRequestIdentifier" + }, + "action":{ + "shape":"ChangeRequestAction", + "documentation":"

The action to perform on the change request. Valid values include APPROVE (approve the change), DENY (reject the change), CANCEL (cancel the request), and COMMIT (commit after the request is approved).

For change requests without automatic approval, a member in the collaboration can manually APPROVE or DENY a change request. The collaboration owner can manually CANCEL or COMMIT a change request.

" + } + } + }, + "UpdateCollaborationChangeRequestOutput":{ + "type":"structure", + "required":["collaborationChangeRequest"], + "members":{ + "collaborationChangeRequest":{"shape":"CollaborationChangeRequest"} + } + }, "UpdateCollaborationInput":{ "type":"structure", "required":["collaborationIdentifier"], diff --git a/awscli/botocore/data/ec2/2016-11-15/service-2.json b/awscli/botocore/data/ec2/2016-11-15/service-2.json index 0c06064518b9..463c27ea7cc4 100644 --- a/awscli/botocore/data/ec2/2016-11-15/service-2.json +++ b/awscli/botocore/data/ec2/2016-11-15/service-2.json @@ -26391,7 +26391,7 @@ }, "Filters":{ "shape":"FilterList", - "documentation":"

The filters.

  • affinity - The affinity setting for an instance running on a Dedicated Host (default | host).

  • architecture - The instance architecture (i386 | x86_64 | arm64).

  • availability-zone - The Availability Zone of the instance.

  • availability-zone-id - The ID of the Availability Zone of the instance.

  • block-device-mapping.attach-time - The attach time for an EBS volume mapped to the instance, for example, 2022-09-15T17:15:20.000Z.

  • block-device-mapping.delete-on-termination - A Boolean that indicates whether the EBS volume is deleted on instance termination.

  • block-device-mapping.device-name - The device name specified in the block device mapping (for example, /dev/sdh or xvdh).

  • block-device-mapping.status - The status for the EBS volume (attaching | attached | detaching | detached).

  • block-device-mapping.volume-id - The volume ID of the EBS volume.

  • boot-mode - The boot mode that was specified by the AMI (legacy-bios | uefi | uefi-preferred).

  • capacity-reservation-id - The ID of the Capacity Reservation into which the instance was launched.

  • capacity-reservation-specification.capacity-reservation-preference - The instance's Capacity Reservation preference (open | none).

  • capacity-reservation-specification.capacity-reservation-target.capacity-reservation-id - The ID of the targeted Capacity Reservation.

  • capacity-reservation-specification.capacity-reservation-target.capacity-reservation-resource-group-arn - The ARN of the targeted Capacity Reservation group.

  • client-token - The idempotency token you provided when you launched the instance.

  • current-instance-boot-mode - The boot mode that is used to launch the instance at launch or start (legacy-bios | uefi).

  • dns-name - The public DNS name of the instance.

  • ebs-optimized - A Boolean that indicates whether the instance is optimized for Amazon EBS I/O.

  • ena-support - A Boolean that indicates whether the instance is enabled for enhanced networking with ENA.

  • enclave-options.enabled - A Boolean that indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves.

  • hibernation-options.configured - A Boolean that indicates whether the instance is enabled for hibernation. A value of true means that the instance is enabled for hibernation.

  • host-id - The ID of the Dedicated Host on which the instance is running, if applicable.

  • hypervisor - The hypervisor type of the instance (ovm | xen). The value xen is used for both Xen and Nitro hypervisors.

  • iam-instance-profile.arn - The instance profile associated with the instance. Specified as an ARN.

  • iam-instance-profile.id - The instance profile associated with the instance. Specified as an ID.

  • image-id - The ID of the image used to launch the instance.

  • instance-id - The ID of the instance.

  • instance-lifecycle - Indicates whether this is a Spot Instance, a Scheduled Instance, or a Capacity Block (spot | scheduled | capacity-block).

  • instance-state-code - The state of the instance, as a 16-bit unsigned integer. The high byte is used for internal purposes and should be ignored. The low byte is set based on the state represented. The valid values are: 0 (pending), 16 (running), 32 (shutting-down), 48 (terminated), 64 (stopping), and 80 (stopped).

  • instance-state-name - The state of the instance (pending | running | shutting-down | terminated | stopping | stopped).

  • instance-type - The type of instance (for example, t2.micro).

  • instance.group-id - The ID of the security group for the instance.

  • instance.group-name - The name of the security group for the instance.

  • ip-address - The public IPv4 address of the instance.

  • ipv6-address - The IPv6 address of the instance.

  • kernel-id - The kernel ID.

  • key-name - The name of the key pair used when the instance was launched.

  • launch-index - When launching multiple instances, this is the index for the instance in the launch group (for example, 0, 1, 2, and so on).

  • launch-time - The time when the instance was launched, in the ISO 8601 format in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ), for example, 2021-09-29T11:04:43.305Z. You can use a wildcard (*), for example, 2021-09-29T*, which matches an entire day.

  • maintenance-options.auto-recovery - The current automatic recovery behavior of the instance (disabled | default).

  • metadata-options.http-endpoint - The status of access to the HTTP metadata endpoint on your instance (enabled | disabled)

  • metadata-options.http-protocol-ipv4 - Indicates whether the IPv4 endpoint is enabled (disabled | enabled).

  • metadata-options.http-protocol-ipv6 - Indicates whether the IPv6 endpoint is enabled (disabled | enabled).

  • metadata-options.http-put-response-hop-limit - The HTTP metadata request put response hop limit (integer, possible values 1 to 64)

  • metadata-options.http-tokens - The metadata request authorization state (optional | required)

  • metadata-options.instance-metadata-tags - The status of access to instance tags from the instance metadata (enabled | disabled)

  • metadata-options.state - The state of the metadata option changes (pending | applied).

  • monitoring-state - Indicates whether detailed monitoring is enabled (disabled | enabled).

  • network-interface.addresses.association.allocation-id - The allocation ID.

  • network-interface.addresses.association.association-id - The association ID.

  • network-interface.addresses.association.carrier-ip - The carrier IP address.

  • network-interface.addresses.association.customer-owned-ip - The customer-owned IP address.

  • network-interface.addresses.association.ip-owner-id - The owner ID of the private IPv4 address associated with the network interface.

  • network-interface.addresses.association.public-dns-name - The public DNS name.

  • network-interface.addresses.association.public-ip - The ID of the association of an Elastic IP address (IPv4) with a network interface.

  • network-interface.addresses.primary - Specifies whether the IPv4 address of the network interface is the primary private IPv4 address.

  • network-interface.addresses.private-dns-name - The private DNS name.

  • network-interface.addresses.private-ip-address - The private IPv4 address associated with the network interface.

  • network-interface.association.allocation-id - The allocation ID returned when you allocated the Elastic IP address (IPv4) for your network interface.

  • network-interface.association.association-id - The association ID returned when the network interface was associated with an IPv4 address.

  • network-interface.association.carrier-ip - The customer-owned IP address.

  • network-interface.association.customer-owned-ip - The customer-owned IP address.

  • network-interface.association.ip-owner-id - The owner of the Elastic IP address (IPv4) associated with the network interface.

  • network-interface.association.public-dns-name - The public DNS name.

  • network-interface.association.public-ip - The address of the Elastic IP address (IPv4) bound to the network interface.

  • network-interface.attachment.attach-time - The time that the network interface was attached to an instance.

  • network-interface.attachment.attachment-id - The ID of the interface attachment.

  • network-interface.attachment.delete-on-termination - Specifies whether the attachment is deleted when an instance is terminated.

  • network-interface.attachment.device-index - The device index to which the network interface is attached.

  • network-interface.attachment.instance-id - The ID of the instance to which the network interface is attached.

  • network-interface.attachment.instance-owner-id - The owner ID of the instance to which the network interface is attached.

  • network-interface.attachment.network-card-index - The index of the network card.

  • network-interface.attachment.status - The status of the attachment (attaching | attached | detaching | detached).

  • network-interface.availability-zone - The Availability Zone for the network interface.

  • network-interface.deny-all-igw-traffic - A Boolean that indicates whether a network interface with an IPv6 address is unreachable from the public internet.

  • network-interface.description - The description of the network interface.

  • network-interface.group-id - The ID of a security group associated with the network interface.

  • network-interface.group-name - The name of a security group associated with the network interface.

  • network-interface.ipv4-prefixes.ipv4-prefix - The IPv4 prefixes that are assigned to the network interface.

  • network-interface.ipv6-address - The IPv6 address associated with the network interface.

  • network-interface.ipv6-addresses.ipv6-address - The IPv6 address associated with the network interface.

  • network-interface.ipv6-addresses.is-primary-ipv6 - A Boolean that indicates whether this is the primary IPv6 address.

  • network-interface.ipv6-native - A Boolean that indicates whether this is an IPv6 only network interface.

  • network-interface.ipv6-prefixes.ipv6-prefix - The IPv6 prefix assigned to the network interface.

  • network-interface.mac-address - The MAC address of the network interface.

  • network-interface.network-interface-id - The ID of the network interface.

  • network-interface.operator.managed - A Boolean that indicates whether the instance has a managed network interface.

  • network-interface.operator.principal - The principal that manages the network interface. Only valid for instances with managed network interfaces, where managed is true.

  • network-interface.outpost-arn - The ARN of the Outpost.

  • network-interface.owner-id - The ID of the owner of the network interface.

  • network-interface.private-dns-name - The private DNS name of the network interface.

  • network-interface.private-ip-address - The private IPv4 address.

  • network-interface.public-dns-name - The public DNS name.

  • network-interface.requester-id - The requester ID for the network interface.

  • network-interface.requester-managed - Indicates whether the network interface is being managed by Amazon Web Services.

  • network-interface.status - The status of the network interface (available) | in-use).

  • network-interface.source-dest-check - Whether the network interface performs source/destination checking. A value of true means that checking is enabled, and false means that checking is disabled. The value must be false for the network interface to perform network address translation (NAT) in your VPC.

  • network-interface.subnet-id - The ID of the subnet for the network interface.

  • network-interface.tag-key - The key of a tag assigned to the network interface.

  • network-interface.tag-value - The value of a tag assigned to the network interface.

  • network-interface.vpc-id - The ID of the VPC for the network interface.

  • network-performance-options.bandwidth-weighting - Where the performance boost is applied, if applicable. Valid values: default, vpc-1, ebs-1.

  • operator.managed - A Boolean that indicates whether this is a managed instance.

  • operator.principal - The principal that manages the instance. Only valid for managed instances, where managed is true.

  • outpost-arn - The Amazon Resource Name (ARN) of the Outpost.

  • owner-id - The Amazon Web Services account ID of the instance owner.

  • placement-group-name - The name of the placement group for the instance.

  • placement-partition-number - The partition in which the instance is located.

  • platform - The platform. To list only Windows instances, use windows.

  • platform-details - The platform (Linux/UNIX | Red Hat BYOL Linux | Red Hat Enterprise Linux | Red Hat Enterprise Linux with HA | Red Hat Enterprise Linux with High Availability | Red Hat Enterprise Linux with SQL Server Standard and HA | Red Hat Enterprise Linux with SQL Server Enterprise and HA | Red Hat Enterprise Linux with SQL Server Standard | Red Hat Enterprise Linux with SQL Server Web | Red Hat Enterprise Linux with SQL Server Enterprise | SQL Server Enterprise | SQL Server Standard | SQL Server Web | SUSE Linux | Ubuntu Pro | Windows | Windows BYOL | Windows with SQL Server Enterprise | Windows with SQL Server Standard | Windows with SQL Server Web).

  • private-dns-name - The private IPv4 DNS name of the instance.

  • private-dns-name-options.enable-resource-name-dns-a-record - A Boolean that indicates whether to respond to DNS queries for instance hostnames with DNS A records.

  • private-dns-name-options.enable-resource-name-dns-aaaa-record - A Boolean that indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records.

  • private-dns-name-options.hostname-type - The type of hostname (ip-name | resource-name).

  • private-ip-address - The private IPv4 address of the instance. This can only be used to filter by the primary IP address of the network interface attached to the instance. To filter by additional IP addresses assigned to the network interface, use the filter network-interface.addresses.private-ip-address.

  • product-code - The product code associated with the AMI used to launch the instance.

  • product-code.type - The type of product code (devpay | marketplace).

  • ramdisk-id - The RAM disk ID.

  • reason - The reason for the current state of the instance (for example, shows \"User Initiated [date]\" when you stop or terminate the instance). Similar to the state-reason-code filter.

  • requester-id - The ID of the entity that launched the instance on your behalf (for example, Amazon Web Services Management Console, Amazon EC2 Auto Scaling, and so on).

  • reservation-id - The ID of the instance's reservation. A reservation ID is created any time you launch an instance. A reservation ID has a one-to-one relationship with an instance launch request, but can be associated with more than one instance if you launch multiple instances using the same launch request. For example, if you launch one instance, you get one reservation ID. If you launch ten instances using the same launch request, you also get one reservation ID.

  • root-device-name - The device name of the root device volume (for example, /dev/sda1).

  • root-device-type - The type of the root device volume (ebs | instance-store).

  • source-dest-check - Indicates whether the instance performs source/destination checking. A value of true means that checking is enabled, and false means that checking is disabled. The value must be false for the instance to perform network address translation (NAT) in your VPC.

  • spot-instance-request-id - The ID of the Spot Instance request.

  • state-reason-code - The reason code for the state change.

  • state-reason-message - A message that describes the state change.

  • subnet-id - The ID of the subnet for the instance.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources that have a tag with a specific key, regardless of the tag value.

  • tenancy - The tenancy of an instance (dedicated | default | host).

  • tpm-support - Indicates if the instance is configured for NitroTPM support (v2.0).

  • usage-operation - The usage operation value for the instance (RunInstances | RunInstances:00g0 | RunInstances:0010 | RunInstances:1010 | RunInstances:1014 | RunInstances:1110 | RunInstances:0014 | RunInstances:0210 | RunInstances:0110 | RunInstances:0100 | RunInstances:0004 | RunInstances:0200 | RunInstances:000g | RunInstances:0g00 | RunInstances:0002 | RunInstances:0800 | RunInstances:0102 | RunInstances:0006 | RunInstances:0202).

  • usage-operation-update-time - The time that the usage operation was last updated, for example, 2022-09-15T17:15:20.000Z.

  • virtualization-type - The virtualization type of the instance (paravirtual | hvm).

  • vpc-id - The ID of the VPC that the instance is running in.

", + "documentation":"

The filters.

  • affinity - The affinity setting for an instance running on a Dedicated Host (default | host).

  • architecture - The instance architecture (i386 | x86_64 | arm64).

  • availability-zone - The Availability Zone of the instance.

  • availability-zone-id - The ID of the Availability Zone of the instance.

  • block-device-mapping.attach-time - The attach time for an EBS volume mapped to the instance, for example, 2022-09-15T17:15:20.000Z.

  • block-device-mapping.delete-on-termination - A Boolean that indicates whether the EBS volume is deleted on instance termination.

  • block-device-mapping.device-name - The device name specified in the block device mapping (for example, /dev/sdh or xvdh).

  • block-device-mapping.status - The status for the EBS volume (attaching | attached | detaching | detached).

  • block-device-mapping.volume-id - The volume ID of the EBS volume.

  • boot-mode - The boot mode that was specified by the AMI (legacy-bios | uefi | uefi-preferred).

  • capacity-reservation-id - The ID of the Capacity Reservation into which the instance was launched.

  • capacity-reservation-specification.capacity-reservation-preference - The instance's Capacity Reservation preference (open | none).

  • capacity-reservation-specification.capacity-reservation-target.capacity-reservation-id - The ID of the targeted Capacity Reservation.

  • capacity-reservation-specification.capacity-reservation-target.capacity-reservation-resource-group-arn - The ARN of the targeted Capacity Reservation group.

  • client-token - The idempotency token you provided when you launched the instance.

  • current-instance-boot-mode - The boot mode that is used to launch the instance at launch or start (legacy-bios | uefi).

  • dns-name - The public DNS name of the instance.

  • ebs-optimized - A Boolean that indicates whether the instance is optimized for Amazon EBS I/O.

  • ena-support - A Boolean that indicates whether the instance is enabled for enhanced networking with ENA.

  • enclave-options.enabled - A Boolean that indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves.

  • hibernation-options.configured - A Boolean that indicates whether the instance is enabled for hibernation. A value of true means that the instance is enabled for hibernation.

  • host-id - The ID of the Dedicated Host on which the instance is running, if applicable.

  • hypervisor - The hypervisor type of the instance (ovm | xen). The value xen is used for both Xen and Nitro hypervisors.

  • iam-instance-profile.arn - The instance profile associated with the instance. Specified as an ARN.

  • iam-instance-profile.id - The instance profile associated with the instance. Specified as an ID.

  • image-id - The ID of the image used to launch the instance.

  • instance-id - The ID of the instance.

  • instance-lifecycle - Indicates whether this is a Spot Instance, a Scheduled Instance, or a Capacity Block (spot | scheduled | capacity-block).

  • instance-state-code - The state of the instance, as a 16-bit unsigned integer. The high byte is used for internal purposes and should be ignored. The low byte is set based on the state represented. The valid values are: 0 (pending), 16 (running), 32 (shutting-down), 48 (terminated), 64 (stopping), and 80 (stopped).

  • instance-state-name - The state of the instance (pending | running | shutting-down | terminated | stopping | stopped).

  • instance-type - The type of instance (for example, t2.micro).

  • instance.group-id - The ID of the security group for the instance.

  • instance.group-name - The name of the security group for the instance.

  • ip-address - The public IPv4 address of the instance.

  • ipv6-address - The IPv6 address of the instance.

  • kernel-id - The kernel ID.

  • key-name - The name of the key pair used when the instance was launched.

  • launch-index - When launching multiple instances, this is the index for the instance in the launch group (for example, 0, 1, 2, and so on).

  • launch-time - The time when the instance was launched, in the ISO 8601 format in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ), for example, 2021-09-29T11:04:43.305Z. You can use a wildcard (*), for example, 2021-09-29T*, which matches an entire day.

  • maintenance-options.auto-recovery - The current automatic recovery behavior of the instance (disabled | default).

  • metadata-options.http-endpoint - The status of access to the HTTP metadata endpoint on your instance (enabled | disabled)

  • metadata-options.http-protocol-ipv4 - Indicates whether the IPv4 endpoint is enabled (disabled | enabled).

  • metadata-options.http-protocol-ipv6 - Indicates whether the IPv6 endpoint is enabled (disabled | enabled).

  • metadata-options.http-put-response-hop-limit - The HTTP metadata request put response hop limit (integer, possible values 1 to 64)

  • metadata-options.http-tokens - The metadata request authorization state (optional | required)

  • metadata-options.instance-metadata-tags - The status of access to instance tags from the instance metadata (enabled | disabled)

  • metadata-options.state - The state of the metadata option changes (pending | applied).

  • monitoring-state - Indicates whether detailed monitoring is enabled (disabled | enabled).

  • network-interface.addresses.association.allocation-id - The allocation ID.

  • network-interface.addresses.association.association-id - The association ID.

  • network-interface.addresses.association.carrier-ip - The carrier IP address.

  • network-interface.addresses.association.customer-owned-ip - The customer-owned IP address.

  • network-interface.addresses.association.ip-owner-id - The owner ID of the private IPv4 address associated with the network interface.

  • network-interface.addresses.association.public-dns-name - The public DNS name.

  • network-interface.addresses.association.public-ip - The ID of the association of an Elastic IP address (IPv4) with a network interface.

  • network-interface.addresses.primary - Specifies whether the IPv4 address of the network interface is the primary private IPv4 address.

  • network-interface.addresses.private-dns-name - The private DNS name.

  • network-interface.addresses.private-ip-address - The private IPv4 address associated with the network interface.

  • network-interface.association.allocation-id - The allocation ID returned when you allocated the Elastic IP address (IPv4) for your network interface.

  • network-interface.association.association-id - The association ID returned when the network interface was associated with an IPv4 address.

  • network-interface.association.carrier-ip - The customer-owned IP address.

  • network-interface.association.customer-owned-ip - The customer-owned IP address.

  • network-interface.association.ip-owner-id - The owner of the Elastic IP address (IPv4) associated with the network interface.

  • network-interface.association.public-dns-name - The public DNS name.

  • network-interface.association.public-ip - The address of the Elastic IP address (IPv4) bound to the network interface.

  • network-interface.attachment.attach-time - The time that the network interface was attached to an instance.

  • network-interface.attachment.attachment-id - The ID of the interface attachment.

  • network-interface.attachment.delete-on-termination - Specifies whether the attachment is deleted when an instance is terminated.

  • network-interface.attachment.device-index - The device index to which the network interface is attached.

  • network-interface.attachment.instance-id - The ID of the instance to which the network interface is attached.

  • network-interface.attachment.instance-owner-id - The owner ID of the instance to which the network interface is attached.

  • network-interface.attachment.network-card-index - The index of the network card.

  • network-interface.attachment.status - The status of the attachment (attaching | attached | detaching | detached).

  • network-interface.availability-zone - The Availability Zone for the network interface.

  • network-interface.deny-all-igw-traffic - A Boolean that indicates whether a network interface with an IPv6 address is unreachable from the public internet.

  • network-interface.description - The description of the network interface.

  • network-interface.group-id - The ID of a security group associated with the network interface.

  • network-interface.group-name - The name of a security group associated with the network interface.

  • network-interface.ipv4-prefixes.ipv4-prefix - The IPv4 prefixes that are assigned to the network interface.

  • network-interface.ipv6-address - The IPv6 address associated with the network interface.

  • network-interface.ipv6-addresses.ipv6-address - The IPv6 address associated with the network interface.

  • network-interface.ipv6-addresses.is-primary-ipv6 - A Boolean that indicates whether this is the primary IPv6 address.

  • network-interface.ipv6-native - A Boolean that indicates whether this is an IPv6 only network interface.

  • network-interface.ipv6-prefixes.ipv6-prefix - The IPv6 prefix assigned to the network interface.

  • network-interface.mac-address - The MAC address of the network interface.

  • network-interface.network-interface-id - The ID of the network interface.

  • network-interface.operator.managed - A Boolean that indicates whether the instance has a managed network interface.

  • network-interface.operator.principal - The principal that manages the network interface. Only valid for instances with managed network interfaces, where managed is true.

  • network-interface.outpost-arn - The ARN of the Outpost.

  • network-interface.owner-id - The ID of the owner of the network interface.

  • network-interface.private-dns-name - The private DNS name of the network interface.

  • network-interface.private-ip-address - The private IPv4 address.

  • network-interface.public-dns-name - The public DNS name.

  • network-interface.requester-id - The requester ID for the network interface.

  • network-interface.requester-managed - Indicates whether the network interface is being managed by Amazon Web Services.

  • network-interface.status - The status of the network interface (available) | in-use).

  • network-interface.source-dest-check - Whether the network interface performs source/destination checking. A value of true means that checking is enabled, and false means that checking is disabled. The value must be false for the network interface to perform network address translation (NAT) in your VPC.

  • network-interface.subnet-id - The ID of the subnet for the network interface.

  • network-interface.tag-key - The key of a tag assigned to the network interface.

  • network-interface.tag-value - The value of a tag assigned to the network interface.

  • network-interface.vpc-id - The ID of the VPC for the network interface.

  • network-performance-options.bandwidth-weighting - Where the performance boost is applied, if applicable. Valid values: default, vpc-1, ebs-1.

  • operator.managed - A Boolean that indicates whether this is a managed instance.

  • operator.principal - The principal that manages the instance. Only valid for managed instances, where managed is true.

  • outpost-arn - The Amazon Resource Name (ARN) of the Outpost.

  • owner-id - The Amazon Web Services account ID of the instance owner.

  • placement-group-name - The name of the placement group for the instance.

  • placement-partition-number - The partition in which the instance is located.

  • platform - The platform. To list only Windows instances, use windows.

  • platform-details - The platform (Linux/UNIX | Red Hat BYOL Linux | Red Hat Enterprise Linux | Red Hat Enterprise Linux with HA | Red Hat Enterprise Linux with High Availability | Red Hat Enterprise Linux with SQL Server Standard and HA | Red Hat Enterprise Linux with SQL Server Enterprise and HA | Red Hat Enterprise Linux with SQL Server Standard | Red Hat Enterprise Linux with SQL Server Web | Red Hat Enterprise Linux with SQL Server Enterprise | SQL Server Enterprise | SQL Server Standard | SQL Server Web | SUSE Linux | Ubuntu Pro | Windows | Windows BYOL | Windows with SQL Server Enterprise | Windows with SQL Server Standard | Windows with SQL Server Web).

  • private-dns-name - The private IPv4 DNS name of the instance.

  • private-dns-name-options.enable-resource-name-dns-a-record - A Boolean that indicates whether to respond to DNS queries for instance hostnames with DNS A records.

  • private-dns-name-options.enable-resource-name-dns-aaaa-record - A Boolean that indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records.

  • private-dns-name-options.hostname-type - The type of hostname (ip-name | resource-name).

  • private-ip-address - The private IPv4 address of the instance. This can only be used to filter by the primary IP address of the network interface attached to the instance. To filter by additional IP addresses assigned to the network interface, use the filter network-interface.addresses.private-ip-address.

  • product-code - The product code associated with the AMI used to launch the instance.

  • product-code.type - The type of product code (devpay | marketplace).

  • ramdisk-id - The RAM disk ID.

  • reason - The reason for the current state of the instance (for example, shows \"User Initiated [date]\" when you stop or terminate the instance). Similar to the state-reason-code filter.

  • requester-id - The ID of the entity that launched the instance on your behalf (for example, Amazon Web Services Management Console, Auto Scaling, and so on).

  • reservation-id - The ID of the instance's reservation. A reservation ID is created any time you launch an instance. A reservation ID has a one-to-one relationship with an instance launch request, but can be associated with more than one instance if you launch multiple instances using the same launch request. For example, if you launch one instance, you get one reservation ID. If you launch ten instances using the same launch request, you also get one reservation ID.

  • root-device-name - The device name of the root device volume (for example, /dev/sda1).

  • root-device-type - The type of the root device volume (ebs | instance-store).

  • source-dest-check - Indicates whether the instance performs source/destination checking. A value of true means that checking is enabled, and false means that checking is disabled. The value must be false for the instance to perform network address translation (NAT) in your VPC.

  • spot-instance-request-id - The ID of the Spot Instance request.

  • state-reason-code - The reason code for the state change.

  • state-reason-message - A message that describes the state change.

  • subnet-id - The ID of the subnet for the instance.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources that have a tag with a specific key, regardless of the tag value.

  • tenancy - The tenancy of an instance (dedicated | default | host).

  • tpm-support - Indicates if the instance is configured for NitroTPM support (v2.0).

  • usage-operation - The usage operation value for the instance (RunInstances | RunInstances:00g0 | RunInstances:0010 | RunInstances:1010 | RunInstances:1014 | RunInstances:1110 | RunInstances:0014 | RunInstances:0210 | RunInstances:0110 | RunInstances:0100 | RunInstances:0004 | RunInstances:0200 | RunInstances:000g | RunInstances:0g00 | RunInstances:0002 | RunInstances:0800 | RunInstances:0102 | RunInstances:0006 | RunInstances:0202).

  • usage-operation-update-time - The time that the usage operation was last updated, for example, 2022-09-15T17:15:20.000Z.

  • virtualization-type - The virtualization type of the instance (paravirtual | hvm).

  • vpc-id - The ID of the VPC that the instance is running in.

", "locationName":"Filter" }, "NextToken":{ @@ -36462,7 +36462,7 @@ }, "AvailabilityZone":{ "shape":"AvailabilityZoneName", - "documentation":"

The Availability Zone in which to launch the instances.

", + "documentation":"

The Availability Zone in which to launch the instances. For example, us-east-2a.

Either AvailabilityZone or AvailabilityZoneId must be specified in the request, but not both.

", "locationName":"availabilityZone" }, "WeightedCapacity":{ @@ -36494,6 +36494,11 @@ "shape":"BlockDeviceMappingResponseList", "documentation":"

The block device mappings, which define the EBS volumes and instance store volumes to attach to the instance at launch.

Supported only for fleets of type instant.

For more information, see Block device mappings for volumes on Amazon EC2 instances in the Amazon EC2 User Guide.

", "locationName":"blockDeviceMappingSet" + }, + "AvailabilityZoneId":{ + "shape":"AvailabilityZoneId", + "documentation":"

The ID of the Availability Zone in which to launch the instances. For example, use2-az1.

Either AvailabilityZone or AvailabilityZoneId must be specified in the request, but not both.

", + "locationName":"availabilityZoneId" } }, "documentation":"

Describes overrides for a launch template.

" @@ -36529,7 +36534,7 @@ }, "AvailabilityZone":{ "shape":"AvailabilityZoneName", - "documentation":"

The Availability Zone in which to launch the instances.

" + "documentation":"

The Availability Zone in which to launch the instances. For example, us-east-2a.

Either AvailabilityZone or AvailabilityZoneId must be specified in the request, but not both.

" }, "WeightedCapacity":{ "shape":"Double", @@ -36555,6 +36560,10 @@ "ImageId":{ "shape":"String", "documentation":"

The ID of the AMI in the format ami-17characters00000.

Alternatively, you can specify a Systems Manager parameter, using one of the following formats. The Systems Manager parameter will resolve to an AMI ID on launch.

To reference a public parameter:

  • resolve:ssm:public-parameter

To reference a parameter stored in the same account:

  • resolve:ssm:parameter-name

  • resolve:ssm:parameter-name:version-number

  • resolve:ssm:parameter-name:label

To reference a parameter shared from another Amazon Web Services account:

  • resolve:ssm:parameter-ARN

  • resolve:ssm:parameter-ARN:version-number

  • resolve:ssm:parameter-ARN:label

For more information, see Use a Systems Manager parameter instead of an AMI ID in the Amazon EC2 User Guide.

This parameter is only available for fleets of type instant. For fleets of type maintain and request, you must specify the AMI ID in the launch template.

" + }, + "AvailabilityZoneId":{ + "shape":"AvailabilityZoneId", + "documentation":"

The ID of the Availability Zone in which to launch the instances. For example, use2-az1.

Either AvailabilityZone or AvailabilityZoneId must be specified in the request, but not both.

" } }, "documentation":"

Describes overrides for a launch template.

" @@ -49897,7 +49906,7 @@ }, "AvailabilityZone":{ "shape":"String", - "documentation":"

The Availability Zone in which to launch the instances.

", + "documentation":"

The Availability Zone in which to launch the instances. For example, us-east-2a.

Either AvailabilityZone or AvailabilityZoneId must be specified in the request, but not both.

", "locationName":"availabilityZone" }, "WeightedCapacity":{ @@ -49914,6 +49923,11 @@ "shape":"InstanceRequirements", "documentation":"

The instance requirements. When you specify instance requirements, Amazon EC2 will identify instance types with the provided requirements, and then use your On-Demand and Spot allocation strategies to launch instances from these instance types, in the same way as when you specify a list of instance types.

If you specify InstanceRequirements, you can't specify InstanceType.

", "locationName":"instanceRequirements" + }, + "AvailabilityZoneId":{ + "shape":"AvailabilityZoneId", + "documentation":"

The ID of the Availability Zone in which to launch the instances. For example, use2-az1.

Either AvailabilityZone or AvailabilityZoneId must be specified in the request, but not both.

", + "locationName":"availabilityZoneId" } }, "documentation":"

Describes overrides for a launch template.

" @@ -66855,7 +66869,7 @@ "members":{ "AvailabilityZone":{ "shape":"String", - "documentation":"

The Availability Zone.

[Spot Fleet only] To specify multiple Availability Zones, separate them using commas; for example, \"us-west-2a, us-west-2b\".

", + "documentation":"

The Availability Zone. For example, us-east-2a.

[Spot Fleet only] To specify multiple Availability Zones, separate them using commas; for example, \"us-east-2a, us-east-2b\".

Either AvailabilityZone or AvailabilityZoneId must be specified in the request, but not both.

", "locationName":"availabilityZone" }, "GroupName":{ @@ -66867,6 +66881,11 @@ "shape":"Tenancy", "documentation":"

The tenancy of the instance (if the instance is running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware. The host tenancy is not supported for Spot Instances.

", "locationName":"tenancy" + }, + "AvailabilityZoneId":{ + "shape":"String", + "documentation":"

The ID of the Availability Zone. For example, use2-az1.

[Spot Fleet only] To specify multiple Availability Zones, separate them using commas; for example, \"use2-az1, use2-bz1\".

Either AvailabilityZone or AvailabilityZoneId must be specified in the request, but not both.

", + "locationName":"availabilityZoneId" } }, "documentation":"

Describes Spot Instance placement.

" diff --git a/awscli/botocore/data/ecr/2015-09-21/service-2.json b/awscli/botocore/data/ecr/2015-09-21/service-2.json index 40ea39bc36bf..9913cbd3f5f6 100644 --- a/awscli/botocore/data/ecr/2015-09-21/service-2.json +++ b/awscli/botocore/data/ecr/2015-09-21/service-2.json @@ -1435,7 +1435,7 @@ }, "appliedFor":{ "shape":"RCTAppliedForList", - "documentation":"

A list of enumerable strings representing the Amazon ECR repository creation scenarios that this template will apply towards. The two supported scenarios are PULL_THROUGH_CACHE and REPLICATION

" + "documentation":"

A list of enumerable strings representing the Amazon ECR repository creation scenarios that this template will apply towards. The supported scenarios are PULL_THROUGH_CACHE, REPLICATION, and CREATE_ON_PUSH

" }, "customRoleArn":{ "shape":"CustomRoleArn", @@ -3139,7 +3139,7 @@ "type":"string", "max":2048, "min":0, - "pattern":"^$|arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key\\/[a-z0-9-]+" + "pattern":"^$|arn:aws[a-z0-9-]*:kms:[a-z0-9-]+:[0-9]{12}:key\\/[a-z0-9-]+" }, "LastActivatedAtTimestamp":{"type":"timestamp"}, "LastArchivedAtTimestamp":{"type":"timestamp"}, @@ -4016,7 +4016,8 @@ "type":"string", "enum":[ "REPLICATION", - "PULL_THROUGH_CACHE" + "PULL_THROUGH_CACHE", + "CREATE_ON_PUSH" ] }, "RCTAppliedForList":{ @@ -4304,7 +4305,7 @@ }, "appliedFor":{ "shape":"RCTAppliedForList", - "documentation":"

A list of enumerable Strings representing the repository creation scenarios that this template will apply towards. The two supported scenarios are PULL_THROUGH_CACHE and REPLICATION

" + "documentation":"

A list of enumerable Strings representing the repository creation scenarios that this template will apply towards. The supported scenarios are PULL_THROUGH_CACHE, REPLICATION, and CREATE_ON_PUSH

" }, "customRoleArn":{ "shape":"CustomRoleArn", @@ -5165,7 +5166,7 @@ }, "appliedFor":{ "shape":"RCTAppliedForList", - "documentation":"

Updates the list of enumerable strings representing the Amazon ECR repository creation scenarios that this template will apply towards. The two supported scenarios are PULL_THROUGH_CACHE and REPLICATION

" + "documentation":"

Updates the list of enumerable strings representing the Amazon ECR repository creation scenarios that this template will apply towards. The supported scenarios are PULL_THROUGH_CACHE, REPLICATION, and CREATE_ON_PUSH

" }, "customRoleArn":{ "shape":"CustomRoleArn", diff --git a/awscli/botocore/data/ecs/2014-11-13/service-2.json b/awscli/botocore/data/ecs/2014-11-13/service-2.json index e0bb90d1f474..63930f8f896b 100644 --- a/awscli/botocore/data/ecs/2014-11-13/service-2.json +++ b/awscli/botocore/data/ecs/2014-11-13/service-2.json @@ -1494,6 +1494,13 @@ }, "documentation":"

Configuration for a canary deployment strategy that shifts a fixed percentage of traffic to the new service revision, waits for a specified bake time, then shifts the remaining traffic.

This is only valid when you run CreateService or UpdateService with deploymentController set to ECS and a deploymentConfiguration with a strategy set to CANARY.

" }, + "CapacityOptionType":{ + "type":"string", + "enum":[ + "ON_DEMAND", + "SPOT" + ] + }, "CapacityProvider":{ "type":"structure", "members":{ @@ -4504,6 +4511,10 @@ "shape":"ManagedInstancesMonitoringOptions", "documentation":"

CloudWatch provides two categories of monitoring: basic monitoring and detailed monitoring. By default, your managed instance is configured for basic monitoring. You can optionally enable detailed monitoring to help you more quickly identify and act on operational issues. You can enable or turn off detailed monitoring at launch or when the managed instance is running or stopped. For more information, see Detailed monitoring for Amazon ECS Managed Instances in the Amazon ECS Developer Guide.

" }, + "capacityOptionType":{ + "shape":"CapacityOptionType", + "documentation":"

The capacity option type. This determines whether Amazon ECS launches On-Demand or Spot Instances for your managed instance capacity provider.

Valid values are:

  • ON_DEMAND - Launches standard On-Demand Instances. On-Demand Instances provide predictable pricing and availability.

  • SPOT - Launches Spot Instances that use spare Amazon EC2 capacity at reduced cost. Spot Instances can be interrupted by Amazon EC2 with a two-minute notification when the capacity is needed back.

The default is On-Demand

For more information about Amazon EC2 capacity options, see Instance purchasing options in the Amazon EC2 User Guide.

" + }, "instanceRequirements":{ "shape":"InstanceRequirementsRequest", "documentation":"

The instance requirements. You can specify:

  • The instance types

  • Instance requirements such as vCPU count, memory, network performance, and accelerator specifications

Amazon ECS automatically selects the instances that match the specified criteria.

" @@ -6251,7 +6262,7 @@ "members":{ "name":{ "shape":"SettingName", - "documentation":"

The resource name for which to modify the account setting.

The following are the valid values for the account setting name.

  • serviceLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.

  • taskLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.

  • containerInstanceLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.

  • awsvpcTrunking - When modified, the elastic network interface (ENI) limit for any new container instances that support the feature is changed. If awsvpcTrunking is turned on, any new container instances that support the feature are launched have the increased ENI limits available to them. For more information, see Elastic Network Interface Trunking in the Amazon Elastic Container Service Developer Guide.

  • containerInsights - Container Insights with enhanced observability provides all the Container Insights metrics, plus additional task and container metrics. This version supports enhanced observability for Amazon ECS clusters using the Amazon EC2 and Fargate launch types. After you configure Container Insights with enhanced observability on Amazon ECS, Container Insights auto-collects detailed infrastructure telemetry from the cluster level down to the container level in your environment and displays these critical performance data in curated dashboards removing the heavy lifting in observability set-up.

    To use Container Insights with enhanced observability, set the containerInsights account setting to enhanced.

    To use Container Insights, set the containerInsights account setting to enabled.

    For more information, see Monitor Amazon ECS containers using Container Insights with enhanced observability in the Amazon Elastic Container Service Developer Guide.

  • dualStackIPv6 - When turned on, when using a VPC in dual stack mode, your tasks using the awsvpc network mode can have an IPv6 address assigned. For more information on using IPv6 with tasks launched on Amazon EC2 instances, see Using a VPC in dual-stack mode. For more information on using IPv6 with tasks launched on Fargate, see Using a VPC in dual-stack mode.

  • fargateFIPSMode - If you specify fargateFIPSMode, Fargate FIPS 140 compliance is affected.

  • fargateTaskRetirementWaitPeriod - When Amazon Web Services determines that a security or infrastructure update is needed for an Amazon ECS task hosted on Fargate, the tasks need to be stopped and new tasks launched to replace them. Use fargateTaskRetirementWaitPeriod to configure the wait time to retire a Fargate task. For information about the Fargate tasks maintenance, see Amazon Web Services Fargate task maintenance in the Amazon ECS Developer Guide.

  • tagResourceAuthorization - Amazon ECS is introducing tagging authorization for resource creation. Users must have permissions for actions that create the resource, such as ecsCreateCluster. If tags are specified when you create a resource, Amazon Web Services performs additional authorization to verify if users or roles have permissions to create tags. Therefore, you must grant explicit permissions to use the ecs:TagResource action. For more information, see Grant permission to tag resources on creation in the Amazon ECS Developer Guide.

  • defaultLogDriverMode -Amazon ECS supports setting a default delivery mode of log messages from a container to the logDriver that you specify in the container's logConfiguration. The delivery mode affects application stability when the flow of logs from the container to the log driver is interrupted. The defaultLogDriverMode setting supports two values: blocking and non-blocking. If you don't specify a delivery mode in your container definition's logConfiguration, the mode you specify using this account setting will be used as the default. For more information about log delivery modes, see LogConfiguration.

    On June 25, 2025, Amazon ECS changed the default log driver mode from blocking to non-blocking to prioritize task availability over logging. To continue using the blocking mode after this change, do one of the following:

    • Set the mode option in your container definition's logConfiguration as blocking.

    • Set the defaultLogDriverMode account setting to blocking.

  • guardDutyActivate - The guardDutyActivate parameter is read-only in Amazon ECS and indicates whether Amazon ECS Runtime Monitoring is enabled or disabled by your security administrator in your Amazon ECS account. Amazon GuardDuty controls this account setting on your behalf. For more information, see Protecting Amazon ECS workloads with Amazon ECS Runtime Monitoring.

" + "documentation":"

The resource name for which to modify the account setting.

The following are the valid values for the account setting name.

  • serviceLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.

  • taskLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.

  • containerInstanceLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.

  • awsvpcTrunking - When modified, the elastic network interface (ENI) limit for any new container instances that support the feature is changed. If awsvpcTrunking is turned on, any new container instances that support the feature are launched have the increased ENI limits available to them. For more information, see Elastic Network Interface Trunking in the Amazon Elastic Container Service Developer Guide.

  • containerInsights - Container Insights with enhanced observability provides all the Container Insights metrics, plus additional task and container metrics. This version supports enhanced observability for Amazon ECS clusters using the Amazon EC2 and Fargate launch types. After you configure Container Insights with enhanced observability on Amazon ECS, Container Insights auto-collects detailed infrastructure telemetry from the cluster level down to the container level in your environment and displays these critical performance data in curated dashboards removing the heavy lifting in observability set-up.

    To use Container Insights with enhanced observability, set the containerInsights account setting to enhanced.

    To use Container Insights, set the containerInsights account setting to enabled.

    For more information, see Monitor Amazon ECS containers using Container Insights with enhanced observability in the Amazon Elastic Container Service Developer Guide.

  • dualStackIPv6 - When turned on, when using a VPC in dual stack mode, your tasks using the awsvpc network mode can have an IPv6 address assigned. For more information on using IPv6 with tasks launched on Amazon EC2 instances, see Using a VPC in dual-stack mode. For more information on using IPv6 with tasks launched on Fargate, see Using a VPC in dual-stack mode.

  • fargateFIPSMode - If you specify fargateFIPSMode, Fargate FIPS 140 compliance is affected.

  • fargateTaskRetirementWaitPeriod - When Amazon Web Services determines that a security or infrastructure update is needed for an Amazon ECS task hosted on Fargate, the tasks need to be stopped and new tasks launched to replace them. Use fargateTaskRetirementWaitPeriod to configure the wait time to retire a Fargate task. For information about the Fargate tasks maintenance, see Amazon Web Services Fargate task maintenance in the Amazon ECS Developer Guide.

  • fargateEventWindows - When Amazon Web Services determines that a security or infrastructure update is needed for an Amazon ECS task hosted on Fargate, the tasks need to be stopped and new tasks launched to replace them. Use fargateEventWindows to use EC2 Event Windows associated with Fargate tasks to configure time windows for task retirement.

  • tagResourceAuthorization - Amazon ECS is introducing tagging authorization for resource creation. Users must have permissions for actions that create the resource, such as ecsCreateCluster. If tags are specified when you create a resource, Amazon Web Services performs additional authorization to verify if users or roles have permissions to create tags. Therefore, you must grant explicit permissions to use the ecs:TagResource action. For more information, see Grant permission to tag resources on creation in the Amazon ECS Developer Guide.

  • defaultLogDriverMode -Amazon ECS supports setting a default delivery mode of log messages from a container to the logDriver that you specify in the container's logConfiguration. The delivery mode affects application stability when the flow of logs from the container to the log driver is interrupted. The defaultLogDriverMode setting supports two values: blocking and non-blocking. If you don't specify a delivery mode in your container definition's logConfiguration, the mode you specify using this account setting will be used as the default. For more information about log delivery modes, see LogConfiguration.

    On June 25, 2025, Amazon ECS changed the default log driver mode from blocking to non-blocking to prioritize task availability over logging. To continue using the blocking mode after this change, do one of the following:

    • Set the mode option in your container definition's logConfiguration as blocking.

    • Set the defaultLogDriverMode account setting to blocking.

  • guardDutyActivate - The guardDutyActivate parameter is read-only in Amazon ECS and indicates whether Amazon ECS Runtime Monitoring is enabled or disabled by your security administrator in your Amazon ECS account. Amazon GuardDuty controls this account setting on your behalf. For more information, see Protecting Amazon ECS workloads with Amazon ECS Runtime Monitoring.

" }, "value":{ "shape":"String", @@ -6277,7 +6288,7 @@ "members":{ "name":{ "shape":"SettingName", - "documentation":"

The Amazon ECS account setting name to modify.

The following are the valid values for the account setting name.

  • serviceLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.

  • taskLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.

  • containerInstanceLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.

  • awsvpcTrunking - When modified, the elastic network interface (ENI) limit for any new container instances that support the feature is changed. If awsvpcTrunking is turned on, any new container instances that support the feature are launched have the increased ENI limits available to them. For more information, see Elastic Network Interface Trunking in the Amazon Elastic Container Service Developer Guide.

  • containerInsights - Container Insights with enhanced observability provides all the Container Insights metrics, plus additional task and container metrics. This version supports enhanced observability for Amazon ECS clusters using the Amazon EC2 and Fargate launch types. After you configure Container Insights with enhanced observability on Amazon ECS, Container Insights auto-collects detailed infrastructure telemetry from the cluster level down to the container level in your environment and displays these critical performance data in curated dashboards removing the heavy lifting in observability set-up.

    To use Container Insights with enhanced observability, set the containerInsights account setting to enhanced.

    To use Container Insights, set the containerInsights account setting to enabled.

    For more information, see Monitor Amazon ECS containers using Container Insights with enhanced observability in the Amazon Elastic Container Service Developer Guide.

  • dualStackIPv6 - When turned on, when using a VPC in dual stack mode, your tasks using the awsvpc network mode can have an IPv6 address assigned. For more information on using IPv6 with tasks launched on Amazon EC2 instances, see Using a VPC in dual-stack mode. For more information on using IPv6 with tasks launched on Fargate, see Using a VPC in dual-stack mode.

  • fargateTaskRetirementWaitPeriod - When Amazon Web Services determines that a security or infrastructure update is needed for an Amazon ECS task hosted on Fargate, the tasks need to be stopped and new tasks launched to replace them. Use fargateTaskRetirementWaitPeriod to configure the wait time to retire a Fargate task. For information about the Fargate tasks maintenance, see Amazon Web Services Fargate task maintenance in the Amazon ECS Developer Guide.

  • tagResourceAuthorization - Amazon ECS is introducing tagging authorization for resource creation. Users must have permissions for actions that create the resource, such as ecsCreateCluster. If tags are specified when you create a resource, Amazon Web Services performs additional authorization to verify if users or roles have permissions to create tags. Therefore, you must grant explicit permissions to use the ecs:TagResource action. For more information, see Grant permission to tag resources on creation in the Amazon ECS Developer Guide.

  • defaultLogDriverMode - Amazon ECS supports setting a default delivery mode of log messages from a container to the logDriver that you specify in the container's logConfiguration. The delivery mode affects application stability when the flow of logs from the container to the log driver is interrupted. The defaultLogDriverMode setting supports two values: blocking and non-blocking. If you don't specify a delivery mode in your container definition's logConfiguration, the mode you specify using this account setting will be used as the default. For more information about log delivery modes, see LogConfiguration.

    On June 25, 2025, Amazon ECS changed the default log driver mode from blocking to non-blocking to prioritize task availability over logging. To continue using the blocking mode after this change, do one of the following:

    • Set the mode option in your container definition's logConfiguration as blocking.

    • Set the defaultLogDriverMode account setting to blocking.

  • guardDutyActivate - The guardDutyActivate parameter is read-only in Amazon ECS and indicates whether Amazon ECS Runtime Monitoring is enabled or disabled by your security administrator in your Amazon ECS account. Amazon GuardDuty controls this account setting on your behalf. For more information, see Protecting Amazon ECS workloads with Amazon ECS Runtime Monitoring.

" + "documentation":"

The Amazon ECS account setting name to modify.

The following are the valid values for the account setting name.

  • serviceLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.

  • taskLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.

  • containerInstanceLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.

  • awsvpcTrunking - When modified, the elastic network interface (ENI) limit for any new container instances that support the feature is changed. If awsvpcTrunking is turned on, any new container instances that support the feature are launched have the increased ENI limits available to them. For more information, see Elastic Network Interface Trunking in the Amazon Elastic Container Service Developer Guide.

  • containerInsights - Container Insights with enhanced observability provides all the Container Insights metrics, plus additional task and container metrics. This version supports enhanced observability for Amazon ECS clusters using the Amazon EC2 and Fargate launch types. After you configure Container Insights with enhanced observability on Amazon ECS, Container Insights auto-collects detailed infrastructure telemetry from the cluster level down to the container level in your environment and displays these critical performance data in curated dashboards removing the heavy lifting in observability set-up.

    To use Container Insights with enhanced observability, set the containerInsights account setting to enhanced.

    To use Container Insights, set the containerInsights account setting to enabled.

    For more information, see Monitor Amazon ECS containers using Container Insights with enhanced observability in the Amazon Elastic Container Service Developer Guide.

  • dualStackIPv6 - When turned on, when using a VPC in dual stack mode, your tasks using the awsvpc network mode can have an IPv6 address assigned. For more information on using IPv6 with tasks launched on Amazon EC2 instances, see Using a VPC in dual-stack mode. For more information on using IPv6 with tasks launched on Fargate, see Using a VPC in dual-stack mode.

  • fargateTaskRetirementWaitPeriod - When Amazon Web Services determines that a security or infrastructure update is needed for an Amazon ECS task hosted on Fargate, the tasks need to be stopped and new tasks launched to replace them. Use fargateTaskRetirementWaitPeriod to configure the wait time to retire a Fargate task. For information about the Fargate tasks maintenance, see Amazon Web Services Fargate task maintenance in the Amazon ECS Developer Guide.

  • fargateEventWindows - When Amazon Web Services determines that a security or infrastructure update is needed for an Amazon ECS task hosted on Fargate, the tasks need to be stopped and new tasks launched to replace them. Use fargateEventWindows to use EC2 Event Windows associated with Fargate tasks to configure time windows for task retirement.

  • tagResourceAuthorization - Amazon ECS is introducing tagging authorization for resource creation. Users must have permissions for actions that create the resource, such as ecsCreateCluster. If tags are specified when you create a resource, Amazon Web Services performs additional authorization to verify if users or roles have permissions to create tags. Therefore, you must grant explicit permissions to use the ecs:TagResource action. For more information, see Grant permission to tag resources on creation in the Amazon ECS Developer Guide.

  • defaultLogDriverMode - Amazon ECS supports setting a default delivery mode of log messages from a container to the logDriver that you specify in the container's logConfiguration. The delivery mode affects application stability when the flow of logs from the container to the log driver is interrupted. The defaultLogDriverMode setting supports two values: blocking and non-blocking. If you don't specify a delivery mode in your container definition's logConfiguration, the mode you specify using this account setting will be used as the default. For more information about log delivery modes, see LogConfiguration.

    On June 25, 2025, Amazon ECS changed the default log driver mode from blocking to non-blocking to prioritize task availability over logging. To continue using the blocking mode after this change, do one of the following:

    • Set the mode option in your container definition's logConfiguration as blocking.

    • Set the defaultLogDriverMode account setting to blocking.

  • guardDutyActivate - The guardDutyActivate parameter is read-only in Amazon ECS and indicates whether Amazon ECS Runtime Monitoring is enabled or disabled by your security administrator in your Amazon ECS account. Amazon GuardDuty controls this account setting on your behalf. For more information, see Protecting Amazon ECS workloads with Amazon ECS Runtime Monitoring.

" }, "value":{ "shape":"String", @@ -7708,7 +7719,8 @@ "tagResourceAuthorization", "fargateTaskRetirementWaitPeriod", "guardDutyActivate", - "defaultLogDriverMode" + "defaultLogDriverMode", + "fargateEventWindows" ] }, "SettingType":{ diff --git a/awscli/botocore/data/iot/2015-05-28/service-2.json b/awscli/botocore/data/iot/2015-05-28/service-2.json index b50ef8443bd4..fc0c64c567f6 100644 --- a/awscli/botocore/data/iot/2015-05-28/service-2.json +++ b/awscli/botocore/data/iot/2015-05-28/service-2.json @@ -6107,6 +6107,24 @@ }, "documentation":"

Configures the command to treat the payloadTemplate as a JSON document for preprocessing. This preprocessor substitutes placeholders with parameter values to generate the command execution request payload.

" }, + "BatchConfig":{ + "type":"structure", + "members":{ + "maxBatchOpenMs":{ + "shape":"MaxBatchOpenMs", + "documentation":"

The maximum amount of time (in milliseconds) that an outgoing call waits for other calls with which it batches messages of the same type. The higher the setting, the longer the latency of the batched HTTP Action will be.

" + }, + "maxBatchSize":{ + "shape":"MaxBatchSize", + "documentation":"

The maximum number of messages that are batched together in a single action execution.

" + }, + "maxBatchSizeBytes":{ + "shape":"MaxBatchSizeBytes", + "documentation":"

Maximum size of a message batch, in bytes.

" + } + }, + "documentation":"

Configuration settings for batching.

" + }, "BatchMode":{"type":"boolean"}, "BeforeSubstitutionFlag":{"type":"boolean"}, "Behavior":{ @@ -11922,6 +11940,7 @@ "ElasticsearchId":{"type":"string"}, "ElasticsearchIndex":{"type":"string"}, "ElasticsearchType":{"type":"string"}, + "EnableBatching":{"type":"boolean"}, "EnableCachingForHttp":{"type":"boolean"}, "EnableIoTLoggingParams":{ "type":"structure", @@ -13111,6 +13130,14 @@ "auth":{ "shape":"HttpAuthorization", "documentation":"

The authentication method to use when sending data to an HTTPS endpoint.

" + }, + "enableBatching":{ + "shape":"EnableBatching", + "documentation":"

Whether to process the HTTP action messages into a single request. Value can be true or false.

" + }, + "batchConfig":{ + "shape":"BatchConfig", + "documentation":"

The configuration settings for batching. For more information, see Batching HTTP action messages.

" } }, "documentation":"

Send data to an HTTPS endpoint.

" @@ -17031,6 +17058,21 @@ "max":1024, "pattern":"[A-Za-z0-9+/]+={0,2}" }, + "MaxBatchOpenMs":{ + "type":"integer", + "max":200, + "min":5 + }, + "MaxBatchSize":{ + "type":"integer", + "max":10, + "min":2 + }, + "MaxBatchSizeBytes":{ + "type":"integer", + "max":131072, + "min":100 + }, "MaxBuckets":{ "type":"integer", "max":10000, diff --git a/awscli/botocore/data/opensearch/2021-01-01/service-2.json b/awscli/botocore/data/opensearch/2021-01-01/service-2.json index 6a044fe69ca0..472b2cb30c88 100644 --- a/awscli/botocore/data/opensearch/2021-01-01/service-2.json +++ b/awscli/botocore/data/opensearch/2021-01-01/service-2.json @@ -6351,7 +6351,8 @@ "enum":[ "Data", "Ultrawarm", - "Master" + "Master", + "Warm" ] }, "NonEmptyString":{ diff --git a/awscli/botocore/data/sesv2/2019-09-27/service-2.json b/awscli/botocore/data/sesv2/2019-09-27/service-2.json index 90af9ebd1800..0db96a52e29f 100644 --- a/awscli/botocore/data/sesv2/2019-09-27/service-2.json +++ b/awscli/botocore/data/sesv2/2019-09-27/service-2.json @@ -707,6 +707,20 @@ ], "documentation":"

Retrieve inbox placement and engagement rates for the domains that you use to send email.

" }, + "GetEmailAddressInsights":{ + "name":"GetEmailAddressInsights", + "http":{ + "method":"POST", + "requestUri":"/v2/email/email-address-insights/" + }, + "input":{"shape":"GetEmailAddressInsightsRequest"}, + "output":{"shape":"GetEmailAddressInsightsResponse"}, + "errors":[ + {"shape":"TooManyRequestsException"}, + {"shape":"BadRequestException"} + ], + "documentation":"

Provides validation insights about a specific email address, including syntax validation, DNS record checks, mailbox existence, and other deliverability factors.

" + }, "GetEmailIdentity":{ "name":"GetEmailIdentity", "http":{ @@ -2438,6 +2452,10 @@ "shape":"TemplateContent", "documentation":"

The content of the custom verification email. The total size of the email must be less than 10 MB. The message body may contain HTML, with some limitations. For more information, see Custom verification email frequently asked questions in the Amazon SES Developer Guide.

" }, + "Tags":{ + "shape":"TagList", + "documentation":"

An array of objects that define the tags (keys and values) to associate with the custom verification email template.

" + }, "SuccessRedirectionURL":{ "shape":"SuccessRedirectionURL", "documentation":"

The URL that the recipient of the verification email is sent to if his or her address is successfully verified.

" @@ -2609,6 +2627,10 @@ "TemplateContent":{ "shape":"EmailTemplateContent", "documentation":"

The content of the email template, composed of a subject line, an HTML part, and a text-only part.

" + }, + "Tags":{ + "shape":"TagList", + "documentation":"

An array of objects that define the tags (keys and values) to associate with the email template.

" } }, "documentation":"

Represents a request to create an email template. For more information, see the Amazon SES Developer Guide.

" @@ -3563,6 +3585,55 @@ "member":{"shape":"InsightsEmailAddress"}, "max":5 }, + "EmailAddressInsightsConfidenceVerdict":{ + "type":"string", + "documentation":"

The confidence level of SES that the email address meets the validation criteria:

  • LOW - Weak or no indication of the specific check (e.g., LOW for IsRoleAddress means the email is less likely to be a role-based address).

  • MEDIUM - Moderate indication of the specific check (e.g., MEDIUM for IsDisposable means the email might be a disposable address).

  • HIGH - Strong indication of the specific check (e.g., HIGH for IsRandomInput means the email is very likely randomly generated).

", + "enum":[ + "LOW", + "MEDIUM", + "HIGH" + ] + }, + "EmailAddressInsightsMailboxEvaluations":{ + "type":"structure", + "members":{ + "HasValidSyntax":{ + "shape":"EmailAddressInsightsVerdict", + "documentation":"

Checks that the email address follows proper RFC standards and contains valid characters in the correct format.

" + }, + "HasValidDnsRecords":{ + "shape":"EmailAddressInsightsVerdict", + "documentation":"

Checks that the domain exists, has valid DNS records, and is configured to receive email.

" + }, + "MailboxExists":{ + "shape":"EmailAddressInsightsVerdict", + "documentation":"

Checks that the mailbox exists and can receive messages without actually sending an email.

" + }, + "IsRoleAddress":{ + "shape":"EmailAddressInsightsVerdict", + "documentation":"

Identifies role-based addresses (such as admin@, support@, or info@) that may have lower engagement rates.

" + }, + "IsDisposable":{ + "shape":"EmailAddressInsightsVerdict", + "documentation":"

Checks disposable or temporary email addresses that could negatively impact your sender reputation.

" + }, + "IsRandomInput":{ + "shape":"EmailAddressInsightsVerdict", + "documentation":"

Checks if the input appears to be random text.

" + } + }, + "documentation":"

Contains individual validation checks performed on an email address.

" + }, + "EmailAddressInsightsVerdict":{ + "type":"structure", + "members":{ + "ConfidenceVerdict":{ + "shape":"EmailAddressInsightsConfidenceVerdict", + "documentation":"

The confidence level of the validation verdict.

" + } + }, + "documentation":"

Contains the overall validation verdict for an email address.

" + }, "EmailAddressList":{ "type":"list", "member":{"shape":"EmailAddress"} @@ -4242,6 +4313,10 @@ "shape":"TemplateContent", "documentation":"

The content of the custom verification email.

" }, + "Tags":{ + "shape":"TagList", + "documentation":"

An array of objects that define the tags (keys and values) that are associated with the custom verification email template.

" + }, "SuccessRedirectionURL":{ "shape":"SuccessRedirectionURL", "documentation":"

The URL that the recipient of the verification email is sent to if his or her address is successfully verified.

" @@ -4484,6 +4559,27 @@ }, "documentation":"

An object that includes statistics that are related to the domain that you specified.

" }, + "GetEmailAddressInsightsRequest":{ + "type":"structure", + "required":["EmailAddress"], + "members":{ + "EmailAddress":{ + "shape":"EmailAddress", + "documentation":"

The email address to analyze for validation insights.

" + } + }, + "documentation":"

A request to return validation insights about an email address.

" + }, + "GetEmailAddressInsightsResponse":{ + "type":"structure", + "members":{ + "MailboxValidation":{ + "shape":"MailboxValidation", + "documentation":"

Detailed validation results for the email address.

" + } + }, + "documentation":"

Validation insights about an email address.

" + }, "GetEmailIdentityPoliciesRequest":{ "type":"structure", "required":["EmailIdentity"], @@ -4593,6 +4689,10 @@ "TemplateContent":{ "shape":"EmailTemplateContent", "documentation":"

The content of the email template, composed of a subject line, an HTML part, and a text-only part.

" + }, + "Tags":{ + "shape":"TagList", + "documentation":"

An array of objects that define the tags (keys and values) that are associated with the email template.

" } }, "documentation":"

The following element is returned by the service.

" @@ -5936,6 +6036,20 @@ "TRANSACTIONAL" ] }, + "MailboxValidation":{ + "type":"structure", + "members":{ + "IsValid":{ + "shape":"EmailAddressInsightsVerdict", + "documentation":"

Overall validity assessment with a confidence verdict.

" + }, + "Evaluations":{ + "shape":"EmailAddressInsightsMailboxEvaluations", + "documentation":"

Specific validation checks performed on the email address.

" + } + }, + "documentation":"

Contains detailed validation information about an email address.

" + }, "Max24HourSend":{"type":"double"}, "MaxDeliverySeconds":{ "type":"long", @@ -6457,6 +6571,10 @@ "SuppressedReasons":{ "shape":"SuppressionListReasons", "documentation":"

A list that contains the reasons that email addresses will be automatically added to the suppression list for your account. This list can contain any or all of the following:

  • COMPLAINT – Amazon SES adds an email address to the suppression list for your account when a message sent to that address results in a complaint.

  • BOUNCE – Amazon SES adds an email address to the suppression list for your account when a message sent to that address results in a hard bounce.

" + }, + "ValidationAttributes":{ + "shape":"SuppressionValidationAttributes", + "documentation":"

An object that contains additional suppression attributes for your account.

" } }, "documentation":"

A request to change your account's suppression preferences.

" @@ -6590,6 +6708,10 @@ "SuppressedReasons":{ "shape":"SuppressionListReasons", "documentation":"

A list that contains the reasons that email addresses are automatically added to the suppression list for your account. This list can contain any or all of the following:

  • COMPLAINT – Amazon SES adds an email address to the suppression list for your account when a message sent to that address results in a complaint.

  • BOUNCE – Amazon SES adds an email address to the suppression list for your account when a message sent to that address results in a hard bounce.

" + }, + "ValidationOptions":{ + "shape":"SuppressionValidationOptions", + "documentation":"

An object that contains information about the email address suppression preferences for the configuration set in the current Amazon Web Services Region.

" } }, "documentation":"

A request to change the account suppression list preferences for a specific configuration set.

" @@ -7592,10 +7714,46 @@ "SuppressedReasons":{ "shape":"SuppressionListReasons", "documentation":"

A list that contains the reasons that email addresses will be automatically added to the suppression list for your account. This list can contain any or all of the following:

  • COMPLAINT – Amazon SES adds an email address to the suppression list for your account when a message sent to that address results in a complaint.

  • BOUNCE – Amazon SES adds an email address to the suppression list for your account when a message sent to that address results in a hard bounce.

" - } + }, + "ValidationAttributes":{"shape":"SuppressionValidationAttributes"} }, "documentation":"

An object that contains information about the email address suppression preferences for your account in the current Amazon Web Services Region.

" }, + "SuppressionConditionThreshold":{ + "type":"structure", + "required":["ConditionThresholdEnabled"], + "members":{ + "ConditionThresholdEnabled":{ + "shape":"FeatureStatus", + "documentation":"

Indicates whether Auto Validation is enabled for suppression. Set to ENABLED to enable the Auto Validation feature, or set to DISABLED to disable it.

" + }, + "OverallConfidenceThreshold":{ + "shape":"SuppressionConfidenceThreshold", + "documentation":"

The overall confidence threshold used to determine suppression decisions.

" + } + }, + "documentation":"

Contains Auto Validation settings, allowing you to suppress sending to specific destination(s) if they do not meet required threshold. For details on Auto Validation, see Auto Validation.

" + }, + "SuppressionConfidenceThreshold":{ + "type":"structure", + "required":["ConfidenceVerdictThreshold"], + "members":{ + "ConfidenceVerdictThreshold":{ + "shape":"SuppressionConfidenceVerdictThreshold", + "documentation":"

The confidence level threshold for suppression decisions.

" + } + }, + "documentation":"

Contains the confidence threshold settings for Auto Validation.

" + }, + "SuppressionConfidenceVerdictThreshold":{ + "type":"string", + "documentation":"

The confidence level threshold for suppression validation:

  • MEDIUM – Allows emails to be sent to addresses with medium or high delivery likelihood.

  • HIGH – Allows emails to be sent only to addresses with high delivery likelihood.

  • MANAGED – Managed confidence threshold where Amazon SES automatically determines the appropriate level.

", + "enum":[ + "MEDIUM", + "HIGH", + "MANAGED" + ] + }, "SuppressionListDestination":{ "type":"structure", "required":["SuppressionListImportAction"], @@ -7633,10 +7791,33 @@ "SuppressedReasons":{ "shape":"SuppressionListReasons", "documentation":"

A list that contains the reasons that email addresses are automatically added to the suppression list for your account. This list can contain any or all of the following:

  • COMPLAINT – Amazon SES adds an email address to the suppression list for your account when a message sent to that address results in a complaint.

  • BOUNCE – Amazon SES adds an email address to the suppression list for your account when a message sent to that address results in a hard bounce.

" - } + }, + "ValidationOptions":{"shape":"SuppressionValidationOptions"} }, "documentation":"

An object that contains information about the suppression list preferences for your account.

" }, + "SuppressionValidationAttributes":{ + "type":"structure", + "required":["ConditionThreshold"], + "members":{ + "ConditionThreshold":{ + "shape":"SuppressionConditionThreshold", + "documentation":"

Specifies the condition threshold settings for account-level suppression.

" + } + }, + "documentation":"

Structure containing validation attributes used for suppressing sending to specific destination on account level.

" + }, + "SuppressionValidationOptions":{ + "type":"structure", + "required":["ConditionThreshold"], + "members":{ + "ConditionThreshold":{ + "shape":"SuppressionConditionThreshold", + "documentation":"

Specifies the condition threshold settings for suppression validation.

" + } + }, + "documentation":"

Contains validation options for email address suppression.

" + }, "Tag":{ "type":"structure", "required":[ diff --git a/awscli/botocore/data/ssm-sap/2018-05-10/service-2.json b/awscli/botocore/data/ssm-sap/2018-05-10/service-2.json index ef62e27eec5d..ffbd8bfafe60 100644 --- a/awscli/botocore/data/ssm-sap/2018-05-10/service-2.json +++ b/awscli/botocore/data/ssm-sap/2018-05-10/service-2.json @@ -59,7 +59,8 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"

Gets an application registered with AWS Systems Manager for SAP. It also returns the components of the application.

" + "documentation":"

Gets an application registered with AWS Systems Manager for SAP. It also returns the components of the application.

", + "readonly":true }, "GetComponent":{ "name":"GetComponent", @@ -75,7 +76,8 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"

Gets the component of an application registered with AWS Systems Manager for SAP.

" + "documentation":"

Gets the component of an application registered with AWS Systems Manager for SAP.

", + "readonly":true }, "GetConfigurationCheckOperation":{ "name":"GetConfigurationCheckOperation", @@ -90,7 +92,8 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"

Gets the details of a configuration check operation by specifying the operation ID.

" + "documentation":"

Gets the details of a configuration check operation by specifying the operation ID.

", + "readonly":true }, "GetDatabase":{ "name":"GetDatabase", @@ -105,7 +108,8 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"

Gets the SAP HANA database of an application registered with AWS Systems Manager for SAP.

" + "documentation":"

Gets the SAP HANA database of an application registered with AWS Systems Manager for SAP.

", + "readonly":true }, "GetOperation":{ "name":"GetOperation", @@ -120,7 +124,8 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"

Gets the details of an operation by specifying the operation ID.

" + "documentation":"

Gets the details of an operation by specifying the operation ID.

", + "readonly":true }, "GetResourcePermission":{ "name":"GetResourcePermission", @@ -152,7 +157,8 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"

Lists all the applications registered with AWS Systems Manager for SAP.

" + "documentation":"

Lists all the applications registered with AWS Systems Manager for SAP.

", + "readonly":true }, "ListComponents":{ "name":"ListComponents", @@ -169,7 +175,8 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"

Lists all the components registered with AWS Systems Manager for SAP.

" + "documentation":"

Lists all the components registered with AWS Systems Manager for SAP.

", + "readonly":true }, "ListConfigurationCheckDefinitions":{ "name":"ListConfigurationCheckDefinitions", @@ -184,7 +191,8 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"

Lists all configuration check types supported by AWS Systems Manager for SAP.

" + "documentation":"

Lists all configuration check types supported by AWS Systems Manager for SAP.

", + "readonly":true }, "ListConfigurationCheckOperations":{ "name":"ListConfigurationCheckOperations", @@ -200,7 +208,8 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"

Lists the configuration check operations performed by AWS Systems Manager for SAP.

" + "documentation":"

Lists the configuration check operations performed by AWS Systems Manager for SAP.

", + "readonly":true }, "ListDatabases":{ "name":"ListDatabases", @@ -216,7 +225,8 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"

Lists the SAP HANA databases of an application registered with AWS Systems Manager for SAP.

" + "documentation":"

Lists the SAP HANA databases of an application registered with AWS Systems Manager for SAP.

", + "readonly":true }, "ListOperationEvents":{ "name":"ListOperationEvents", @@ -231,7 +241,8 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"

Returns a list of operations events.

Available parameters include OperationID, as well as optional parameters MaxResults, NextToken, and Filters.

" + "documentation":"

Returns a list of operations events.

Available parameters include OperationID, as well as optional parameters MaxResults, NextToken, and Filters.

", + "readonly":true }, "ListOperations":{ "name":"ListOperations", @@ -246,7 +257,8 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"

Lists the operations performed by AWS Systems Manager for SAP.

" + "documentation":"

Lists the operations performed by AWS Systems Manager for SAP.

", + "readonly":true }, "ListSubCheckResults":{ "name":"ListSubCheckResults", @@ -261,7 +273,8 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"

Lists the sub-check results of a specified configuration check operation.

" + "documentation":"

Lists the sub-check results of a specified configuration check operation.

", + "readonly":true }, "ListSubCheckRuleResults":{ "name":"ListSubCheckRuleResults", @@ -276,7 +289,8 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"

Lists the rules of a specified sub-check belonging to a configuration check operation.

" + "documentation":"

Lists the rules of a specified sub-check belonging to a configuration check operation.

", + "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -292,7 +306,8 @@ {"shape":"ValidationException"}, {"shape":"ConflictException"} ], - "documentation":"

Lists all tags on an SAP HANA application and/or database registered with AWS Systems Manager for SAP.

" + "documentation":"

Lists all tags on an SAP HANA application and/or database registered with AWS Systems Manager for SAP.

", + "readonly":true }, "PutResourcePermission":{ "name":"PutResourcePermission", @@ -1078,7 +1093,8 @@ "STOPPED", "WARNING", "UNKNOWN", - "ERROR" + "ERROR", + "STOPPING" ] }, "DatabaseSummary":{ diff --git a/tests/functional/botocore/endpoint-rules/artifact/endpoint-tests-1.json b/tests/functional/botocore/endpoint-rules/artifact/endpoint-tests-1.json index 37819cee8835..69d7ecd43bd8 100644 --- a/tests/functional/botocore/endpoint-rules/artifact/endpoint-tests-1.json +++ b/tests/functional/botocore/endpoint-rules/artifact/endpoint-tests-1.json @@ -202,85 +202,43 @@ } }, { - "documentation": "For region us-gov-west-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingRegion": "us-gov-west-1" - } - ] - }, - "url": "https://artifact-fips.us-gov-west-1.api.aws" - } - }, - "params": { - "Region": "us-gov-west-1", - "UseFIPS": true, - "UseDualStack": true - } - }, - { - "documentation": "For region us-gov-west-1 with FIPS enabled and DualStack disabled", + "documentation": "For region eusc-de-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { "properties": { "authSchemes": [ { "name": "sigv4", - "signingRegion": "us-gov-west-1" + "signingRegion": "eusc-de-east-1" } ] }, - "url": "https://artifact-fips.us-gov-west-1.amazonaws.com" + "url": "https://artifact-fips.eusc-de-east-1.amazonaws.eu" } }, "params": { - "Region": "us-gov-west-1", + "Region": "eusc-de-east-1", "UseFIPS": true, "UseDualStack": false } }, { - "documentation": "For region us-gov-west-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingRegion": "us-gov-west-1" - } - ] - }, - "url": "https://artifact.us-gov-west-1.api.aws" - } - }, - "params": { - "Region": "us-gov-west-1", - "UseFIPS": false, - "UseDualStack": true - } - }, - { - "documentation": "For region us-gov-west-1 with FIPS disabled and DualStack disabled", + "documentation": "For region eusc-de-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { "properties": { "authSchemes": [ { "name": "sigv4", - "signingRegion": "us-gov-west-1" + "signingRegion": "eusc-de-east-1" } ] }, - "url": "https://artifact.us-gov-west-1.amazonaws.com" + "url": "https://artifact.eusc-de-east-1.amazonaws.eu" } }, "params": { - "Region": "us-gov-west-1", + "Region": "eusc-de-east-1", "UseFIPS": false, "UseDualStack": false } @@ -454,43 +412,85 @@ } }, { - "documentation": "For region eusc-de-east-1 with FIPS enabled and DualStack disabled", + "documentation": "For region us-gov-west-1 with FIPS enabled and DualStack enabled", "expect": { "endpoint": { "properties": { "authSchemes": [ { "name": "sigv4", - "signingRegion": "eusc-de-east-1" + "signingRegion": "us-gov-west-1" } ] }, - "url": "https://artifact-fips.eusc-de-east-1.amazonaws.eu" + "url": "https://artifact-fips.us-gov-west-1.api.aws" } }, "params": { - "Region": "eusc-de-east-1", + "Region": "us-gov-west-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region us-gov-west-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-gov-west-1" + } + ] + }, + "url": "https://artifact-fips.us-gov-west-1.amazonaws.com" + } + }, + "params": { + "Region": "us-gov-west-1", "UseFIPS": true, "UseDualStack": false } }, { - "documentation": "For region eusc-de-east-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-gov-west-1 with FIPS disabled and DualStack enabled", "expect": { "endpoint": { "properties": { "authSchemes": [ { "name": "sigv4", - "signingRegion": "eusc-de-east-1" + "signingRegion": "us-gov-west-1" } ] }, - "url": "https://artifact.eusc-de-east-1.amazonaws.eu" + "url": "https://artifact.us-gov-west-1.api.aws" } }, "params": { - "Region": "eusc-de-east-1", + "Region": "us-gov-west-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region us-gov-west-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-gov-west-1" + } + ] + }, + "url": "https://artifact.us-gov-west-1.amazonaws.com" + } + }, + "params": { + "Region": "us-gov-west-1", "UseFIPS": false, "UseDualStack": false } From 3943d63b6d658c40ce0d0841fa10f664ea84baa8 Mon Sep 17 00:00:00 2001 From: aws-sdk-python-automation Date: Thu, 18 Dec 2025 19:05:31 +0000 Subject: [PATCH 27/37] Update endpoints model --- awscli/botocore/data/endpoints.json | 1 + 1 file changed, 1 insertion(+) diff --git a/awscli/botocore/data/endpoints.json b/awscli/botocore/data/endpoints.json index 2a4fbe0d4d5c..5b7f70ccd42b 100644 --- a/awscli/botocore/data/endpoints.json +++ b/awscli/botocore/data/endpoints.json @@ -25860,6 +25860,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, From 1df3abfa8c7a7e809d9f1274e499b6bc16b520d2 Mon Sep 17 00:00:00 2001 From: aws-sdk-python-automation Date: Thu, 18 Dec 2025 19:07:31 +0000 Subject: [PATCH 28/37] Bump version to 2.32.20 --- .changes/2.32.20.json | 72 +++++++++++++++++++ .../api-change-appstream-61861.json | 5 -- .../api-change-arcregionswitch-94132.json | 5 -- .../api-change-artifact-73270.json | 5 -- ...-change-bedrockagentcorecontrol-18800.json | 5 -- ...pi-change-bedrockdataautomation-59489.json | 5 -- .../api-change-cleanrooms-76184.json | 5 -- .../next-release/api-change-ec2-86905.json | 5 -- .../next-release/api-change-ecr-65886.json | 5 -- .../next-release/api-change-ecs-31649.json | 5 -- .../next-release/api-change-iot-46707.json | 5 -- .../api-change-opensearch-13486.json | 5 -- .../next-release/api-change-sesv2-21668.json | 5 -- .../next-release/api-change-ssmsap-85492.json | 5 -- .../enhancement-cloudtrail-89408.json | 5 -- CHANGELOG.rst | 19 +++++ awscli/__init__.py | 2 +- configure | 14 ++-- configure.ac | 2 +- doc/source/conf.py | 2 +- 20 files changed, 101 insertions(+), 80 deletions(-) create mode 100644 .changes/2.32.20.json delete mode 100644 .changes/next-release/api-change-appstream-61861.json delete mode 100644 .changes/next-release/api-change-arcregionswitch-94132.json delete mode 100644 .changes/next-release/api-change-artifact-73270.json delete mode 100644 .changes/next-release/api-change-bedrockagentcorecontrol-18800.json delete mode 100644 .changes/next-release/api-change-bedrockdataautomation-59489.json delete mode 100644 .changes/next-release/api-change-cleanrooms-76184.json delete mode 100644 .changes/next-release/api-change-ec2-86905.json delete mode 100644 .changes/next-release/api-change-ecr-65886.json delete mode 100644 .changes/next-release/api-change-ecs-31649.json delete mode 100644 .changes/next-release/api-change-iot-46707.json delete mode 100644 .changes/next-release/api-change-opensearch-13486.json delete mode 100644 .changes/next-release/api-change-sesv2-21668.json delete mode 100644 .changes/next-release/api-change-ssmsap-85492.json delete mode 100644 .changes/next-release/enhancement-cloudtrail-89408.json diff --git a/.changes/2.32.20.json b/.changes/2.32.20.json new file mode 100644 index 000000000000..0e5ecd97decb --- /dev/null +++ b/.changes/2.32.20.json @@ -0,0 +1,72 @@ +[ + { + "category": "``iot``", + "description": "This release adds message batching for the IoT Rules Engine HTTP action.", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "This release adds AvailabilityZoneId support for CreateFleet, ModifyFleet, DescribeFleets, RequestSpotFleet, ModifySpotFleetRequests and DescribeSpotFleetRequests APIs.", + "type": "api-change" + }, + { + "category": "``ecr``", + "description": "Adds support for ECR Create On Push", + "type": "api-change" + }, + { + "category": "``sesv2``", + "description": "Amazon SES introduces Email Validation feature which checks email addresses for syntax errors, domain validity, and risky addresses to help maintain deliverability and protect sender reputation. SES also adds resource tagging and ABAC support for EmailTemplates and CustomVerificationEmailTemplates.", + "type": "api-change" + }, + { + "category": "``ssm-sap``", + "description": "Added \"Stopping\" for the HANA Database Status.", + "type": "api-change" + }, + { + "category": "``cleanrooms``", + "description": "Adding support for collaboration change requests requiring an approval workflow. Adding support for change requests that grant or revoke results receiver ability and modifying auto approved change types in an existing collaboration.", + "type": "api-change" + }, + { + "category": "``opensearch``", + "description": "Amazon OpenSearch Service adds support for warm nodes, enabling new multi-tier architecture.", + "type": "api-change" + }, + { + "category": "``bedrock-agentcore-control``", + "description": "Feature to support header exchanges between Bedrock AgentCore Gateway Targets and client, along with propagating query parameter to the configured targets.", + "type": "api-change" + }, + { + "category": "``ecs``", + "description": "Adding support for Event Windows via a new ECS account setting \"fargateEventWindows\". When enabled, ECS Fargate will use the configured event window for patching tasks. Introducing \"CapacityOptionType\" for CreateCapacityProvider API, allowing support for Spot capacity for ECS Managed Instances.", + "type": "api-change" + }, + { + "category": "``arc-region-switch``", + "description": "New API to list Route 53 health checks created by ARC region switch for a plan in a specific AWS Region using the Region switch Regional data plane.", + "type": "api-change" + }, + { + "category": "``artifact``", + "description": "Add support for ListReportVersions API for the calling AWS account.", + "type": "api-change" + }, + { + "category": "``appstream``", + "description": "Added support for new operating systems (1) Ubuntu 24.04 Pro LTS on Elastic fleets, and (2) Microsoft Server 2025 on Always-On and On-Demand fleets", + "type": "api-change" + }, + { + "category": "``bedrock-data-automation``", + "description": "Blueprint Optimization (BPO) is a new Amazon Bedrock Data Automation (BDA) capability that improves blueprint inference accuracy using example content assets and ground truth data. BPO works by generating better instructions for fields in the Blueprint using provided data.", + "type": "api-change" + }, + { + "category": "cloudtrail", + "description": "Fixed performance issue in cloudtrail validate-logs command by scoping S3 digest file listing to the trail's region instead of processing digest files from all regions.", + "type": "enhancement" + } +] \ No newline at end of file diff --git a/.changes/next-release/api-change-appstream-61861.json b/.changes/next-release/api-change-appstream-61861.json deleted file mode 100644 index 03d3f125846b..000000000000 --- a/.changes/next-release/api-change-appstream-61861.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``appstream``", - "description": "Added support for new operating systems (1) Ubuntu 24.04 Pro LTS on Elastic fleets, and (2) Microsoft Server 2025 on Always-On and On-Demand fleets" -} diff --git a/.changes/next-release/api-change-arcregionswitch-94132.json b/.changes/next-release/api-change-arcregionswitch-94132.json deleted file mode 100644 index 6142fbac9a75..000000000000 --- a/.changes/next-release/api-change-arcregionswitch-94132.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``arc-region-switch``", - "description": "New API to list Route 53 health checks created by ARC region switch for a plan in a specific AWS Region using the Region switch Regional data plane." -} diff --git a/.changes/next-release/api-change-artifact-73270.json b/.changes/next-release/api-change-artifact-73270.json deleted file mode 100644 index 1e66bfa2cc8a..000000000000 --- a/.changes/next-release/api-change-artifact-73270.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``artifact``", - "description": "Add support for ListReportVersions API for the calling AWS account." -} diff --git a/.changes/next-release/api-change-bedrockagentcorecontrol-18800.json b/.changes/next-release/api-change-bedrockagentcorecontrol-18800.json deleted file mode 100644 index 1e262e9f227a..000000000000 --- a/.changes/next-release/api-change-bedrockagentcorecontrol-18800.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``bedrock-agentcore-control``", - "description": "Feature to support header exchanges between Bedrock AgentCore Gateway Targets and client, along with propagating query parameter to the configured targets." -} diff --git a/.changes/next-release/api-change-bedrockdataautomation-59489.json b/.changes/next-release/api-change-bedrockdataautomation-59489.json deleted file mode 100644 index 67da3ecc02b1..000000000000 --- a/.changes/next-release/api-change-bedrockdataautomation-59489.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``bedrock-data-automation``", - "description": "Blueprint Optimization (BPO) is a new Amazon Bedrock Data Automation (BDA) capability that improves blueprint inference accuracy using example content assets and ground truth data. BPO works by generating better instructions for fields in the Blueprint using provided data." -} diff --git a/.changes/next-release/api-change-cleanrooms-76184.json b/.changes/next-release/api-change-cleanrooms-76184.json deleted file mode 100644 index c639683bc065..000000000000 --- a/.changes/next-release/api-change-cleanrooms-76184.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``cleanrooms``", - "description": "Adding support for collaboration change requests requiring an approval workflow. Adding support for change requests that grant or revoke results receiver ability and modifying auto approved change types in an existing collaboration." -} diff --git a/.changes/next-release/api-change-ec2-86905.json b/.changes/next-release/api-change-ec2-86905.json deleted file mode 100644 index 1e641e2a8137..000000000000 --- a/.changes/next-release/api-change-ec2-86905.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``ec2``", - "description": "This release adds AvailabilityZoneId support for CreateFleet, ModifyFleet, DescribeFleets, RequestSpotFleet, ModifySpotFleetRequests and DescribeSpotFleetRequests APIs." -} diff --git a/.changes/next-release/api-change-ecr-65886.json b/.changes/next-release/api-change-ecr-65886.json deleted file mode 100644 index f439ed91f983..000000000000 --- a/.changes/next-release/api-change-ecr-65886.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``ecr``", - "description": "Adds support for ECR Create On Push" -} diff --git a/.changes/next-release/api-change-ecs-31649.json b/.changes/next-release/api-change-ecs-31649.json deleted file mode 100644 index 379cc9b9abb9..000000000000 --- a/.changes/next-release/api-change-ecs-31649.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``ecs``", - "description": "Adding support for Event Windows via a new ECS account setting \"fargateEventWindows\". When enabled, ECS Fargate will use the configured event window for patching tasks. Introducing \"CapacityOptionType\" for CreateCapacityProvider API, allowing support for Spot capacity for ECS Managed Instances." -} diff --git a/.changes/next-release/api-change-iot-46707.json b/.changes/next-release/api-change-iot-46707.json deleted file mode 100644 index ce532f171a94..000000000000 --- a/.changes/next-release/api-change-iot-46707.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``iot``", - "description": "This release adds message batching for the IoT Rules Engine HTTP action." -} diff --git a/.changes/next-release/api-change-opensearch-13486.json b/.changes/next-release/api-change-opensearch-13486.json deleted file mode 100644 index 0f604ba296d3..000000000000 --- a/.changes/next-release/api-change-opensearch-13486.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``opensearch``", - "description": "Amazon OpenSearch Service adds support for warm nodes, enabling new multi-tier architecture." -} diff --git a/.changes/next-release/api-change-sesv2-21668.json b/.changes/next-release/api-change-sesv2-21668.json deleted file mode 100644 index 67fff4e23a4d..000000000000 --- a/.changes/next-release/api-change-sesv2-21668.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``sesv2``", - "description": "Amazon SES introduces Email Validation feature which checks email addresses for syntax errors, domain validity, and risky addresses to help maintain deliverability and protect sender reputation. SES also adds resource tagging and ABAC support for EmailTemplates and CustomVerificationEmailTemplates." -} diff --git a/.changes/next-release/api-change-ssmsap-85492.json b/.changes/next-release/api-change-ssmsap-85492.json deleted file mode 100644 index e35131c62598..000000000000 --- a/.changes/next-release/api-change-ssmsap-85492.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``ssm-sap``", - "description": "Added \"Stopping\" for the HANA Database Status." -} diff --git a/.changes/next-release/enhancement-cloudtrail-89408.json b/.changes/next-release/enhancement-cloudtrail-89408.json deleted file mode 100644 index a752bebf8659..000000000000 --- a/.changes/next-release/enhancement-cloudtrail-89408.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "enhancement", - "category": "cloudtrail", - "description": "Fixed performance issue in cloudtrail validate-logs command by scoping S3 digest file listing to the trail's region instead of processing digest files from all regions." -} diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 046f366eae49..47635d02d672 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -2,6 +2,25 @@ CHANGELOG ========= +2.32.20 +======= + +* api-change:``iot``: This release adds message batching for the IoT Rules Engine HTTP action. +* api-change:``ec2``: This release adds AvailabilityZoneId support for CreateFleet, ModifyFleet, DescribeFleets, RequestSpotFleet, ModifySpotFleetRequests and DescribeSpotFleetRequests APIs. +* api-change:``ecr``: Adds support for ECR Create On Push +* api-change:``sesv2``: Amazon SES introduces Email Validation feature which checks email addresses for syntax errors, domain validity, and risky addresses to help maintain deliverability and protect sender reputation. SES also adds resource tagging and ABAC support for EmailTemplates and CustomVerificationEmailTemplates. +* api-change:``ssm-sap``: Added "Stopping" for the HANA Database Status. +* api-change:``cleanrooms``: Adding support for collaboration change requests requiring an approval workflow. Adding support for change requests that grant or revoke results receiver ability and modifying auto approved change types in an existing collaboration. +* api-change:``opensearch``: Amazon OpenSearch Service adds support for warm nodes, enabling new multi-tier architecture. +* api-change:``bedrock-agentcore-control``: Feature to support header exchanges between Bedrock AgentCore Gateway Targets and client, along with propagating query parameter to the configured targets. +* api-change:``ecs``: Adding support for Event Windows via a new ECS account setting "fargateEventWindows". When enabled, ECS Fargate will use the configured event window for patching tasks. Introducing "CapacityOptionType" for CreateCapacityProvider API, allowing support for Spot capacity for ECS Managed Instances. +* api-change:``arc-region-switch``: New API to list Route 53 health checks created by ARC region switch for a plan in a specific AWS Region using the Region switch Regional data plane. +* api-change:``artifact``: Add support for ListReportVersions API for the calling AWS account. +* api-change:``appstream``: Added support for new operating systems (1) Ubuntu 24.04 Pro LTS on Elastic fleets, and (2) Microsoft Server 2025 on Always-On and On-Demand fleets +* api-change:``bedrock-data-automation``: Blueprint Optimization (BPO) is a new Amazon Bedrock Data Automation (BDA) capability that improves blueprint inference accuracy using example content assets and ground truth data. BPO works by generating better instructions for fields in the Blueprint using provided data. +* enhancement:cloudtrail: Fixed performance issue in cloudtrail validate-logs command by scoping S3 digest file listing to the trail's region instead of processing digest files from all regions. + + 2.32.19 ======= diff --git a/awscli/__init__.py b/awscli/__init__.py index efd68ffb48be..38f7c38f602e 100644 --- a/awscli/__init__.py +++ b/awscli/__init__.py @@ -20,7 +20,7 @@ import os import sys -__version__ = '2.32.19' +__version__ = '2.32.20' # # Get our data path to be added to botocore's search path diff --git a/configure b/configure index 1e6583892893..eeaf6000b36b 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for awscli 2.32.19. +# Generated by GNU Autoconf 2.71 for awscli 2.32.20. # # # Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation, @@ -607,8 +607,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='awscli' PACKAGE_TARNAME='awscli' -PACKAGE_VERSION='2.32.19' -PACKAGE_STRING='awscli 2.32.19' +PACKAGE_VERSION='2.32.20' +PACKAGE_STRING='awscli 2.32.20' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1255,7 +1255,7 @@ _ACEOF fi if $ac_init_version; then cat <<\_ACEOF -awscli configure 2.32.19 +awscli configure 2.32.20 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. @@ -1292,7 +1292,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by awscli $as_me 2.32.19, which was +It was created by awscli $as_me 2.32.20, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -2668,7 +2668,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by awscli $as_me 2.32.19, which was +This file was extended by awscli $as_me 2.32.20, which was generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -2723,7 +2723,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -awscli config.status 2.32.19 +awscli config.status 2.32.20 configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 578546716e0d..bb96b8914099 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ AC_CONFIG_MACRO_DIRS([m4]) -AC_INIT([awscli], [2.32.19]) +AC_INIT([awscli], [2.32.20]) AC_CONFIG_SRCDIR([bin/aws]) AM_PATH_PYTHON([3.8]) diff --git a/doc/source/conf.py b/doc/source/conf.py index adb247d4ed35..d07a59927741 100644 --- a/doc/source/conf.py +++ b/doc/source/conf.py @@ -66,7 +66,7 @@ # The short X.Y version. version = '2.0' # The full version, including alpha/beta/rc tags. -release = '2.32.19' +release = '2.32.20' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. From d5294d8bb5c65f3029082071d1b486b3d9019407 Mon Sep 17 00:00:00 2001 From: Alex Shovlin Date: Fri, 19 Dec 2025 12:02:00 -0600 Subject: [PATCH 29/37] ci: Skip new internal build for fork-origin PRs (#9937) --- .github/workflows/pull-request-build.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pull-request-build.yml b/.github/workflows/pull-request-build.yml index f2e056085a0b..ea5e395e8702 100644 --- a/.github/workflows/pull-request-build.yml +++ b/.github/workflows/pull-request-build.yml @@ -18,7 +18,8 @@ env: jobs: aws-cli-v2-pr-build: - if: github.event.pull_request.draft == false + # Don't run on drafts or for fork-orign PRs, since they won't have access + if: github.event.pull_request.draft == false && github.event.pull_request.head.repo.full_name == github.repository runs-on: ubuntu-latest permissions: id-token: write From f83e308c72bf6c629c363f826df6540d72d86b53 Mon Sep 17 00:00:00 2001 From: Alex Shovlin Date: Fri, 19 Dec 2025 12:04:56 -0600 Subject: [PATCH 30/37] Adding new examples for medical-imaging's create-datastore and get-datastore (#9934) Co-authored-by: laiqmuhh --- .../medical-imaging/create-datastore.rst | 21 +++++++++- .../medical-imaging/get-datastore.rst | 40 ++++++++++++++----- 2 files changed, 50 insertions(+), 11 deletions(-) diff --git a/awscli/examples/medical-imaging/create-datastore.rst b/awscli/examples/medical-imaging/create-datastore.rst index ca8d1e86cad3..9f1f7884a601 100644 --- a/awscli/examples/medical-imaging/create-datastore.rst +++ b/awscli/examples/medical-imaging/create-datastore.rst @@ -1,6 +1,7 @@ -**To create a data store** +**Example 1: To create a data store** -The following ``create-datastore`` code example creates a data store with the name ``my-datastore``. When you create a datastore without specifying a ``--lossless-storage-format``, AWS HealthImaging defaults to HTJ2K (High Throughput JPEG 2000). :: +The following ``create-datastore`` code example creates a data store with the name ``my-datastore``. +When you create a datastore without specifying a ``--lossless-storage-format``, AWS HealthImaging defaults to HTJ2K (High Throughput JPEG 2000). :: aws medical-imaging create-datastore \ --datastore-name "my-datastore" @@ -12,4 +13,20 @@ Output:: "datastoreStatus": "CREATING" } +**Example 2: To create a data store with JPEG 2000 Lossless storage format** + +A data store configured with JPEG 2000 Lossless storage format will transcode and persist lossless image frames in JPEG 2000 format. Image frames can then be retrieved in +JPEG 2000 Lossless without transcoding. The following ``create-datastore`` code example creates a data store configured for JPEG 2000 Lossless storage format with the name ``my-datastore``. :: + + aws medical-imaging create-datastore \ + --datastore-name "my-datastore" \ + --lossless-storage-format JPEG_2000_LOSSLESS + +Output:: + + { + "datastoreId": "12345678901234567890123456789012", + "datastoreStatus": "CREATING" + } + For more information, see `Creating a data store `__ in the *AWS HealthImaging Developer Guide*. diff --git a/awscli/examples/medical-imaging/get-datastore.rst b/awscli/examples/medical-imaging/get-datastore.rst index e74dcde8961e..6c3d924c45c8 100644 --- a/awscli/examples/medical-imaging/get-datastore.rst +++ b/awscli/examples/medical-imaging/get-datastore.rst @@ -1,4 +1,4 @@ -**To get a data store's properties** +**Example 1: To get a data store's properties** The following ``get-datastore`` code example gets a data store's properties. :: @@ -9,14 +9,36 @@ The following ``get-datastore`` code example gets a data store's properties. :: Output:: { - "datastoreProperties": { - "datastoreId": "12345678901234567890123456789012", - "datastoreName": "TestDatastore123", - "datastoreStatus": "ACTIVE", - "losslessStorageFormat": "JPEG_2000_LOSSLESS", - "datastoreArn": "arn:aws:medical-imaging:us-east-1:123456789012:datastore/12345678901234567890123456789012", - "createdAt": "2022-11-15T23:33:09.643000+00:00", - "updatedAt": "2022-11-15T23:33:09.643000+00:00" + "datastoreProperties": { + "datastoreId": "12345678901234567890123456789012", + "datastoreName": "TestDatastore123", + "datastoreStatus": "ACTIVE", + "losslessStorageFormat": "HTJ2K" + "datastoreArn": "arn:aws:medical-imaging:us-east-1:123456789012:datastore/12345678901234567890123456789012", + "createdAt": "2022-11-15T23:33:09.643000+00:00", + "updatedAt": "2022-11-15T23:33:09.643000+00:00" + } + } + +**Example 2: To get data store's properties configured for JPEG2000** + +The following ``get-datastore`` code example gets a data store's properties for a data store configured for JPEG 2000 Lossless storage format. :: + + aws medical-imaging get-datastore \ + --datastore-id 12345678901234567890123456789012 + + +Output:: + + { + "datastoreProperties": { + "datastoreId": "12345678901234567890123456789012", + "datastoreName": "TestDatastore123", + "datastoreStatus": "ACTIVE", + "losslessStorageFormat": "JPEG_2000_LOSSLESS", + "datastoreArn": "arn:aws:medical-imaging:us-east-1:123456789012:datastore/12345678901234567890123456789012", + "createdAt": "2022-11-15T23:33:09.643000+00:00", + "updatedAt": "2022-11-15T23:33:09.643000+00:00" } } From aad20f64dd9aea7025ae2cfdd72260cbb684681e Mon Sep 17 00:00:00 2001 From: aws-sdk-python-automation Date: Fri, 19 Dec 2025 19:07:09 +0000 Subject: [PATCH 31/37] Merge customizations for ARC Region switch --- .../arc-region-switch/2022-07-26/paginators-1.sdk-extras.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/awscli/botocore/data/arc-region-switch/2022-07-26/paginators-1.sdk-extras.json b/awscli/botocore/data/arc-region-switch/2022-07-26/paginators-1.sdk-extras.json index e07c05710c29..f8c1737219d0 100644 --- a/awscli/botocore/data/arc-region-switch/2022-07-26/paginators-1.sdk-extras.json +++ b/awscli/botocore/data/arc-region-switch/2022-07-26/paginators-1.sdk-extras.json @@ -25,7 +25,8 @@ "planArn", "actualRecoveryTime", "version", - "mode" + "mode", + "generatedReportDetails" ] } } From 5bc50259caf5a23f9cd00961b5314b21559b1b87 Mon Sep 17 00:00:00 2001 From: aws-sdk-python-automation Date: Fri, 19 Dec 2025 19:07:16 +0000 Subject: [PATCH 32/37] Update to latest models --- .../api-change-arcregionswitch-12965.json | 5 + .../api-change-connect-57971.json | 5 + .../api-change-emrserverless-10973.json | 5 + .../next-release/api-change-iot-20461.json | 5 + .../api-change-qbusiness-81372.json | 5 + .../next-release/api-change-wickr-45774.json | 5 + .../api-change-workspacesweb-19372.json | 5 + .../2022-07-26/service-2.json | 213 +- .../data/connect/2017-08-08/service-2.json | 73 +- .../emr-serverless/2021-07-13/service-2.json | 22 + .../data/iot/2015-05-28/service-2.json | 54 +- .../data/qbusiness/2023-11-27/service-2.json | 227 +- .../wickr/2024-02-01/endpoint-rule-set-1.json | 350 ++ .../data/wickr/2024-02-01/paginators-1.json | 52 + .../data/wickr/2024-02-01/service-2.json | 4174 +++++++++++++++++ .../data/wickr/2024-02-01/waiters-2.json | 5 + .../workspaces-web/2020-07-08/service-2.json | 16 + .../wickr/endpoint-tests-1.json | 270 ++ 18 files changed, 5355 insertions(+), 136 deletions(-) create mode 100644 .changes/next-release/api-change-arcregionswitch-12965.json create mode 100644 .changes/next-release/api-change-connect-57971.json create mode 100644 .changes/next-release/api-change-emrserverless-10973.json create mode 100644 .changes/next-release/api-change-iot-20461.json create mode 100644 .changes/next-release/api-change-qbusiness-81372.json create mode 100644 .changes/next-release/api-change-wickr-45774.json create mode 100644 .changes/next-release/api-change-workspacesweb-19372.json create mode 100644 awscli/botocore/data/wickr/2024-02-01/endpoint-rule-set-1.json create mode 100644 awscli/botocore/data/wickr/2024-02-01/paginators-1.json create mode 100644 awscli/botocore/data/wickr/2024-02-01/service-2.json create mode 100644 awscli/botocore/data/wickr/2024-02-01/waiters-2.json create mode 100644 tests/functional/botocore/endpoint-rules/wickr/endpoint-tests-1.json diff --git a/.changes/next-release/api-change-arcregionswitch-12965.json b/.changes/next-release/api-change-arcregionswitch-12965.json new file mode 100644 index 000000000000..49d72d3ede39 --- /dev/null +++ b/.changes/next-release/api-change-arcregionswitch-12965.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``arc-region-switch``", + "description": "Automatic Plan Execution Reports allow customers to maintain a concise record of their Region switch Plan executions. This enables customer SREs and leadership to have a clear view of their recovery posture based on the generated reports for their Plan executions." +} diff --git a/.changes/next-release/api-change-connect-57971.json b/.changes/next-release/api-change-connect-57971.json new file mode 100644 index 000000000000..f8399f62e13f --- /dev/null +++ b/.changes/next-release/api-change-connect-57971.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``connect``", + "description": "Adding support for Custom Metrics and Pre-Defined Attributes to GetCurrentMetricData API." +} diff --git a/.changes/next-release/api-change-emrserverless-10973.json b/.changes/next-release/api-change-emrserverless-10973.json new file mode 100644 index 000000000000..f72cae3942ba --- /dev/null +++ b/.changes/next-release/api-change-emrserverless-10973.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``emr-serverless``", + "description": "Added JobLevelCostAllocationConfiguration field to enable cost allocation reporting at the job level, providing more granular visibility into EMR Serverless charges" +} diff --git a/.changes/next-release/api-change-iot-20461.json b/.changes/next-release/api-change-iot-20461.json new file mode 100644 index 000000000000..8255405e7e88 --- /dev/null +++ b/.changes/next-release/api-change-iot-20461.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``iot``", + "description": "This release adds event-based logging feature that enables granular event logging controls for AWS IoT logs." +} diff --git a/.changes/next-release/api-change-qbusiness-81372.json b/.changes/next-release/api-change-qbusiness-81372.json new file mode 100644 index 000000000000..6fbeba115bad --- /dev/null +++ b/.changes/next-release/api-change-qbusiness-81372.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``qbusiness``", + "description": "It is a internal bug fix for region expansion" +} diff --git a/.changes/next-release/api-change-wickr-45774.json b/.changes/next-release/api-change-wickr-45774.json new file mode 100644 index 000000000000..986450468a85 --- /dev/null +++ b/.changes/next-release/api-change-wickr-45774.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``wickr``", + "description": "AWS Wickr now provides a suite of admin APIs to allow you to programmatically manage secure communication for Wickr networks at scale. These APIs enable you to automate administrative workflows including user lifecycle management, network configuration, and security group administration." +} diff --git a/.changes/next-release/api-change-workspacesweb-19372.json b/.changes/next-release/api-change-workspacesweb-19372.json new file mode 100644 index 000000000000..409bac5bbe9a --- /dev/null +++ b/.changes/next-release/api-change-workspacesweb-19372.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``workspaces-web``", + "description": "Add support for WebAuthn under user settings." +} diff --git a/awscli/botocore/data/arc-region-switch/2022-07-26/service-2.json b/awscli/botocore/data/arc-region-switch/2022-07-26/service-2.json index c807aad9ded5..cfe804cd819e 100644 --- a/awscli/botocore/data/arc-region-switch/2022-07-26/service-2.json +++ b/awscli/botocore/data/arc-region-switch/2022-07-26/service-2.json @@ -728,6 +728,7 @@ "shape":"TriggerList", "documentation":"

The triggers associated with a Region switch plan.

" }, + "reportConfiguration":{"shape":"ReportConfiguration"}, "name":{ "shape":"PlanName", "documentation":"

The name of a Region switch plan.

" @@ -815,6 +816,83 @@ "type":"structure", "members":{} }, + "DocumentDbClusterArn":{ + "type":"string", + "pattern":"arn:aws[a-zA-Z-]*:rds:[a-z0-9-]+:\\d{12}:cluster:[a-zA-Z0-9][a-zA-Z0-9-_]{0,99}" + }, + "DocumentDbClusterArns":{ + "type":"list", + "member":{"shape":"DocumentDbClusterArn"} + }, + "DocumentDbConfiguration":{ + "type":"structure", + "required":[ + "behavior", + "globalClusterIdentifier", + "databaseClusterArns" + ], + "members":{ + "timeoutMinutes":{ + "shape":"DocumentDbConfigurationTimeoutMinutesInteger", + "documentation":"

The timeout value specified for the configuration.

" + }, + "crossAccountRole":{ + "shape":"IamRoleArn", + "documentation":"

The cross account role for the configuration.

" + }, + "externalId":{ + "shape":"String", + "documentation":"

The external ID (secret key) for the configuration.

" + }, + "behavior":{ + "shape":"DocumentDbDefaultBehavior", + "documentation":"

The behavior for a global cluster, that is, only allow switchover or also allow failover.

" + }, + "ungraceful":{ + "shape":"DocumentDbUngraceful", + "documentation":"

The settings for ungraceful execution.

" + }, + "globalClusterIdentifier":{ + "shape":"DocumentDbGlobalClusterIdentifier", + "documentation":"

The global cluster identifier for a DocumentDB global cluster.

" + }, + "databaseClusterArns":{ + "shape":"DocumentDbClusterArns", + "documentation":"

The database cluster Amazon Resource Names (ARNs) for a DocumentDB global cluster.

" + } + }, + "documentation":"

Configuration for Amazon DocumentDB global clusters used in a Region switch plan.

" + }, + "DocumentDbConfigurationTimeoutMinutesInteger":{ + "type":"integer", + "box":true, + "min":1 + }, + "DocumentDbDefaultBehavior":{ + "type":"string", + "enum":[ + "switchoverOnly", + "failover" + ] + }, + "DocumentDbGlobalClusterIdentifier":{ + "type":"string", + "pattern":"[A-Za-z][0-9A-Za-z-:._]*" + }, + "DocumentDbUngraceful":{ + "type":"structure", + "members":{ + "ungraceful":{ + "shape":"DocumentDbUngracefulBehavior", + "documentation":"

The settings for ungraceful execution.

" + } + }, + "documentation":"

Configuration for handling failures when performing operations on DocumentDB global clusters.

" + }, + "DocumentDbUngracefulBehavior":{ + "type":"string", + "enum":["failover"] + }, "Duration":{ "type":"string", "pattern":"P(?!$)(\\d+Y)?(\\d+M)?(\\d+D)?(T(?=\\d)(\\d+H)?(\\d+M)?(\\d+S)?)?" @@ -1111,7 +1189,8 @@ "route53HealthCheckConfig":{ "shape":"Route53HealthCheckConfiguration", "documentation":"

The Amazon Route 53 health check configuration.

" - } + }, + "documentDbConfig":{"shape":"DocumentDbConfiguration"} }, "documentation":"

Execution block configurations for a workflow in a Region switch plan. An execution block represents a specific type of action to perform during a Region switch.

", "union":true @@ -1128,7 +1207,8 @@ "Parallel", "ECSServiceScaling", "EKSResourceScaling", - "Route53HealthCheck" + "Route53HealthCheck", + "DocumentDb" ] }, "ExecutionComment":{ @@ -1210,7 +1290,8 @@ "stepCanceled", "stepPendingApproval", "stepExecutionBehaviorChangedToUngraceful", - "stepPendingApplicationHealthMonitor" + "stepPendingApplicationHealthMonitor", + "planEvaluationWarning" ] }, "ExecutionId":{"type":"string"}, @@ -1237,10 +1318,52 @@ "completedMonitoringApplicationHealth" ] }, + "FailedReportErrorCode":{ + "type":"string", + "enum":[ + "insufficientPermissions", + "invalidResource", + "configurationError" + ] + }, + "FailedReportOutput":{ + "type":"structure", + "members":{ + "errorCode":{ + "shape":"FailedReportErrorCode", + "documentation":"

The error code for the failed report generation.

" + }, + "errorMessage":{ + "shape":"String", + "documentation":"

The error message for the failed report generation.

" + } + }, + "documentation":"

Information about a report generation that failed.

" + }, "Float":{ "type":"float", "box":true }, + "GeneratedReport":{ + "type":"structure", + "members":{ + "reportGenerationTime":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the report was generated.

" + }, + "reportOutput":{ + "shape":"ReportOutput", + "documentation":"

The output location or cause of a failure in report generation.

" + } + }, + "documentation":"

Information about a generated execution report.

" + }, + "GeneratedReportDetails":{ + "type":"list", + "member":{"shape":"GeneratedReport"}, + "max":1, + "min":0 + }, "GetPlanEvaluationStatusRequest":{ "type":"structure", "required":["planArn"], @@ -1386,6 +1509,10 @@ "shape":"Duration", "documentation":"

The actual recovery time that Region switch calculates for a plan execution. Actual recovery time includes the time for the plan to run added to the time elapsed until the application health alarms that you've specified are healthy again.

" }, + "generatedReportDetails":{ + "shape":"GeneratedReportDetails", + "documentation":"

Information about the location of a generated report, or the cause of its failure.

" + }, "nextToken":{ "shape":"String", "documentation":"

Specifies that you want to receive the next page of results. Valid only if you received a nextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's nextToken response to request the next page of results.

" @@ -1966,6 +2093,10 @@ "shape":"TriggerList", "documentation":"

The triggers for a plan.

" }, + "reportConfiguration":{ + "shape":"ReportConfiguration", + "documentation":"

The report configuration for a plan.

" + }, "name":{ "shape":"PlanName", "documentation":"

The name for a plan.

" @@ -2074,6 +2205,48 @@ "key":{"shape":"Region"}, "value":{"shape":"KubernetesScalingResource"} }, + "ReportConfiguration":{ + "type":"structure", + "members":{ + "reportOutput":{ + "shape":"ReportOutputList", + "documentation":"

The output configuration for the report.

" + } + }, + "documentation":"

Configuration for automatic report generation for plan executions. When configured, Region switch automatically generates a report after each plan execution that includes execution events, plan configuration, and CloudWatch alarm states.

" + }, + "ReportOutput":{ + "type":"structure", + "members":{ + "s3ReportOutput":{ + "shape":"S3ReportOutput", + "documentation":"

Information about a report delivered to Amazon S3.

" + }, + "failedReportOutput":{ + "shape":"FailedReportOutput", + "documentation":"

The details about a failed report generation.

" + } + }, + "documentation":"

The output location or cause of a failure in report generation.

", + "union":true + }, + "ReportOutputConfiguration":{ + "type":"structure", + "members":{ + "s3Configuration":{ + "shape":"S3ReportOutputConfiguration", + "documentation":"

Configuration for delivering reports to an Amazon S3 bucket.

" + } + }, + "documentation":"

Configuration for report output destinations used in a Region switch plan.

", + "union":true + }, + "ReportOutputList":{ + "type":"list", + "member":{"shape":"ReportOutputConfiguration"}, + "max":1, + "min":1 + }, "ResourceArn":{"type":"string"}, "ResourceNotFoundException":{ "type":"structure", @@ -2268,6 +2441,36 @@ "Off" ] }, + "S3ReportOutput":{ + "type":"structure", + "members":{ + "s3ObjectKey":{ + "shape":"String", + "documentation":"

The S3 object key where the generated report is stored.

" + } + }, + "documentation":"

Information about a report delivered to Amazon S3.

" + }, + "S3ReportOutputConfiguration":{ + "type":"structure", + "members":{ + "bucketPath":{ + "shape":"S3ReportOutputConfigurationBucketPathString", + "documentation":"

The S3 bucket name and optional prefix where reports are stored. Format: bucket-name or bucket-name/prefix.

" + }, + "bucketOwner":{ + "shape":"AccountId", + "documentation":"

The Amazon Web Services account ID that owns the S3 bucket. Required to ensure the bucket is still owned by the same expected owner at generation time.

" + } + }, + "documentation":"

Configuration for delivering generated reports to an Amazon S3 bucket.

" + }, + "S3ReportOutputConfigurationBucketPathString":{ + "type":"string", + "max":512, + "min":3, + "pattern":"(?:s3://)?[a-z0-9][a-z0-9-]{1,61}[a-z0-9](?:/[^/ ][^/]*)*/?" + }, "Service":{ "type":"structure", "members":{ @@ -2673,6 +2876,10 @@ "triggers":{ "shape":"TriggerList", "documentation":"

The updated conditions that can automatically trigger the execution of the plan.

" + }, + "reportConfiguration":{ + "shape":"ReportConfiguration", + "documentation":"

The updated report configuration for the plan.

" } } }, diff --git a/awscli/botocore/data/connect/2017-08-08/service-2.json b/awscli/botocore/data/connect/2017-08-08/service-2.json index 6493a09e23ba..0a3ddc3da5be 100644 --- a/awscli/botocore/data/connect/2017-08-08/service-2.json +++ b/awscli/botocore/data/connect/2017-08-08/service-2.json @@ -711,7 +711,7 @@ {"shape":"InvalidParameterException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

Creates a new data table with the specified properties. Supports the creation of all table properties except for attributes and values. A table with no attributes and values is a valid state for a table. The number of tables per instance is limited to 100 per instance. Customers can request an increase by using AWS Service Quotas.

" + "documentation":"

Creates a new data table with the specified properties. Supports the creation of all table properties except for attributes and values. A table with no attributes and values is a valid state for a table. The number of tables per instance is limited to 100 per instance. Customers can request an increase by using Amazon Web Services Service Quotas.

" }, "CreateDataTableAttribute":{ "name":"CreateDataTableAttribute", @@ -2665,7 +2665,7 @@ {"shape":"AccessDeniedException"}, {"shape":"InvalidParameterException"} ], - "documentation":"

Evaluates values at the time of the request and returns them. It considers the request's timezone or the table's timezone, in that order, when accessing time based tables. When a value is accessed, the accessor's identity and the time of access are saved alongside the value to help identify values that are actively in use. The term \"Batch\" is not included in the operation name since it does not meet all the criteria for a batch operation as specified in Batch Operations: AWS API Standards.

" + "documentation":"

Evaluates values at the time of the request and returns them. It considers the request's timezone or the table's timezone, in that order, when accessing time based tables. When a value is accessed, the accessor's identity and the time of access are saved alongside the value to help identify values that are actively in use. The term \"Batch\" is not included in the operation name since it does not meet all the criteria for a batch operation as specified in Batch Operations: Amazon Web Services API Standards.

" }, "GetAttachedFile":{ "name":"GetAttachedFile", @@ -3180,7 +3180,7 @@ {"shape":"AccessDeniedException"}, {"shape":"InvalidParameterException"} ], - "documentation":"

Returns all attributes for a specified data table. A maximum of 100 attributes per data table is allowed. Customers can request an increase by using AWS Service Quotas. The response can be filtered by specific attribute IDs for CloudFormation integration.

" + "documentation":"

Returns all attributes for a specified data table. A maximum of 100 attributes per data table is allowed. Customers can request an increase by using Amazon Web Services Service Quotas. The response can be filtered by specific attribute IDs for CloudFormation integration.

" }, "ListDataTablePrimaryValues":{ "name":"ListDataTablePrimaryValues", @@ -4683,7 +4683,7 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Initiates a new outbound SMS contact to a customer. Response of this API provides the ContactId of the outbound SMS contact created.

SourceEndpoint only supports Endpoints with CONNECT_PHONENUMBER_ARN as Type and DestinationEndpoint only supports Endpoints with TELEPHONE_NUMBER as Type. ContactFlowId initiates the flow to manage the new SMS contact created.

This API can be used to initiate outbound SMS contacts for an agent, or it can also deflect an ongoing contact to an outbound SMS contact by using the StartOutboundChatContact Flow Action.

For more information about using SMS in Amazon Connect, see the following topics in the Amazon Connect Administrator Guide:

" + "documentation":"

Initiates a new outbound SMS or WhatsApp contact to a customer. Response of this API provides the ContactId of the outbound SMS or WhatsApp contact created.

SourceEndpoint only supports Endpoints with CONNECT_PHONENUMBER_ARN as Type and DestinationEndpoint only supports Endpoints with TELEPHONE_NUMBER as Type. ContactFlowId initiates the flow to manage the new contact created.

This API can be used to initiate outbound SMS or WhatsApp contacts for an agent, or it can also deflect an ongoing contact to an outbound SMS or WhatsApp contact by using the StartOutboundChatContact Flow Action.

For more information about using SMS or WhatsApp in Amazon Connect, see the following topics in the Amazon Connect Administrator Guide:

" }, "StartOutboundEmailContact":{ "name":"StartOutboundEmailContact", @@ -12030,12 +12030,16 @@ "shape":"CurrentMetricName", "documentation":"

The name of the metric.

" }, + "MetricId":{ + "shape":"CurrentMetricId", + "documentation":"

Out of the box current metrics or custom metrics can be referenced via this field. This field is a valid AWS Connect Arn or a UUID.

" + }, "Unit":{ "shape":"Unit", - "documentation":"

The unit for the metric.

" + "documentation":"

The Unit parameter is not supported for custom metrics.

The unit for the metric.

" } }, - "documentation":"

Contains information about a real-time metric. For a description of each metric, see Metrics definitions in the Amazon Connect Administrator Guide.

" + "documentation":"

Contains information about a real-time metric. For a description of each metric, see Metrics definitions in the Amazon Connect Administrator Guide.

Only one of either the Name or MetricId is required.

" }, "CurrentMetricData":{ "type":"structure", @@ -12056,6 +12060,10 @@ "type":"list", "member":{"shape":"CurrentMetricData"} }, + "CurrentMetricId":{ + "type":"string", + "pattern":"^([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})|(arn:[a-z0-9-]+:connect:[a-z0-9-]+:(?:([0-9]{12}):instance/[a-z0-9-]+/metric/[a-z0-9-]+(?::[a-z0-9-]+)?|aws:metric/[A-Z_]+))$" + }, "CurrentMetricName":{ "type":"string", "documentation":"

The current metric names.

", @@ -12230,7 +12238,7 @@ }, "LastModifiedRegion":{ "shape":"RegionName", - "documentation":"

The AWS region where the data table was last modified, used for region replication.

" + "documentation":"

The Amazon Web Services Region where the data table was last modified, used for region replication.

" }, "Tags":{ "shape":"TagMap", @@ -12298,7 +12306,7 @@ }, "LastModifiedRegion":{ "shape":"RegionName", - "documentation":"

The AWS region where this attribute was last modified, used for region replication.

" + "documentation":"

The Amazon Web Services Region where this attribute was last modified, used for region replication.

" }, "Validation":{ "shape":"Validation", @@ -14783,6 +14791,14 @@ "AgentStatus":{ "shape":"AgentStatusIdentifier", "documentation":"

Information about the agent status assigned to the user.

" + }, + "Subtype":{ + "shape":"Subtype", + "documentation":"

The subtype of the channel used for the contact.

" + }, + "ValidationTestType":{ + "shape":"ValidationTestType", + "documentation":"

The testing and simulation type

" } }, "documentation":"

Contains information about the dimensions for a set of metrics.

" @@ -17885,6 +17901,14 @@ "AgentStatuses":{ "shape":"AgentStatuses", "documentation":"

A list of up to 50 agent status IDs or ARNs.

" + }, + "Subtypes":{ + "shape":"Subtypes", + "documentation":"

A list of up to 10 subtypes can be provided.

" + }, + "ValidationTestTypes":{ + "shape":"ValidationTestTypes", + "documentation":"

A list of up to 10 validationTestTypes can be provided.

" } }, "documentation":"

Contains the filter to apply when retrieving metrics.

" @@ -18171,15 +18195,15 @@ }, "Filters":{ "shape":"Filters", - "documentation":"

The filters to apply to returned metrics. You can filter up to the following limits:

  • Queues: 100

  • Routing profiles: 100

  • Channels: 3 (VOICE, CHAT, and TASK channels are supported.)

  • RoutingStepExpressions: 50

  • AgentStatuses: 50

Metric data is retrieved only for the resources associated with the queues or routing profiles, and by any channels included in the filter. (You cannot filter by both queue AND routing profile.) You can include both resource IDs and resource ARNs in the same request.

When using AgentStatuses as filter make sure Queues is added as primary filter.

When using the RoutingStepExpression filter, you need to pass exactly one QueueId. The filter is also case sensitive so when using the RoutingStepExpression filter, grouping by ROUTING_STEP_EXPRESSION is required.

Currently tagging is only supported on the resources that are passed in the filter.

" + "documentation":"

The filters to apply to returned metrics. You can filter up to the following limits:

  • Queues: 100

  • Routing profiles: 100

  • Channels: 3 (VOICE, CHAT, and TASK channels are supported.)

  • RoutingStepExpressions: 50

  • AgentStatuses: 50

  • Subtypes: 10

  • ValidationTestTypes: 10

Metric data is retrieved only for the resources associated with the queues or routing profiles, and by any channels included in the filter. (You cannot filter by both queue AND routing profile.) You can include both resource IDs and resource ARNs in the same request.

When using AgentStatuses as filter make sure Queues is added as primary filter.

When using Subtypes as filter make sure Queues is added as primary filter.

When using ValidationTestTypes as filter make sure Queues is added as primary filter.

When using the RoutingStepExpression filter, you need to pass exactly one QueueId. The filter is also case sensitive so when using the RoutingStepExpression filter, grouping by ROUTING_STEP_EXPRESSION is required.

Currently tagging is only supported on the resources that are passed in the filter.

" }, "Groupings":{ "shape":"Groupings", - "documentation":"

Defines the level of aggregation for metrics data by a dimension(s). Its similar to sorting items into buckets based on a common characteristic, then counting or calculating something for each bucket. For example, when grouped by QUEUE, the metrics returned apply to each queue rather than aggregated for all queues.

The grouping list is an ordered list, with the first item in the list defined as the primary grouping. If no grouping is included in the request, the aggregation happens at the instance-level.

  • If you group by CHANNEL, you should include a Channels filter. VOICE, CHAT, and TASK channels are supported.

  • If you group by AGENT_STATUS, you must include the QUEUE as the primary grouping and use queue filter. When you group by AGENT_STATUS, the only metric available is the AGENTS_ONLINE metric.

  • If you group by ROUTING_PROFILE, you must include either a queue or routing profile filter. In addition, a routing profile filter is required for metrics CONTACTS_SCHEDULED, CONTACTS_IN_QUEUE, and OLDEST_CONTACT_AGE.

  • When using the RoutingStepExpression filter, group by ROUTING_STEP_EXPRESSION is required.

" + "documentation":"

Defines the level of aggregation for metrics data by a dimension(s). Its similar to sorting items into buckets based on a common characteristic, then counting or calculating something for each bucket. For example, when grouped by QUEUE, the metrics returned apply to each queue rather than aggregated for all queues.

The grouping list is an ordered list, with the first item in the list defined as the primary grouping. If no grouping is included in the request, the aggregation happens at the instance-level.

  • If you group by CHANNEL, you should include a Channels filter. VOICE, CHAT, and TASK channels are supported.

  • If you group by AGENT_STATUS, you must include the QUEUE as the primary grouping and use queue filter. When you group by AGENT_STATUS, the only metric available is the AGENTS_ONLINE metric.

  • If you group by SUBTYPE or VALIDATION_TEST_TYPE as secondary grouping then you must include QUEUE as primary grouping and use Queue as filter

  • If you group by ROUTING_PROFILE, you must include either a queue or routing profile filter. In addition, a routing profile filter is required for metrics CONTACTS_SCHEDULED, CONTACTS_IN_QUEUE, and OLDEST_CONTACT_AGE.

  • When using the RoutingStepExpression filter, group by ROUTING_STEP_EXPRESSION is required.

" }, "CurrentMetrics":{ "shape":"CurrentMetrics", - "documentation":"

The metrics to retrieve. Specify the name and unit for each metric. The following metrics are available. For a description of all the metrics, see Metrics definitions in the Amazon Connect Administrator Guide.

AGENTS_AFTER_CONTACT_WORK

Unit: COUNT

Name in real-time metrics report: ACW

AGENTS_AVAILABLE

Unit: COUNT

Name in real-time metrics report: Available

AGENTS_ERROR

Unit: COUNT

Name in real-time metrics report: Error

AGENTS_NON_PRODUCTIVE

Unit: COUNT

Name in real-time metrics report: NPT (Non-Productive Time)

AGENTS_ON_CALL

Unit: COUNT

Name in real-time metrics report: On contact

AGENTS_ON_CONTACT

Unit: COUNT

Name in real-time metrics report: On contact

AGENTS_ONLINE

Unit: COUNT

Name in real-time metrics report: Online

AGENTS_STAFFED

Unit: COUNT

Name in real-time metrics report: Staffed

CONTACTS_IN_QUEUE

Unit: COUNT

Name in real-time metrics report: In queue

CONTACTS_SCHEDULED

Unit: COUNT

Name in real-time metrics report: Scheduled

OLDEST_CONTACT_AGE

Unit: SECONDS

When you use groupings, Unit says SECONDS and the Value is returned in SECONDS.

When you do not use groupings, Unit says SECONDS but the Value is returned in MILLISECONDS. For example, if you get a response like this:

{ \"Metric\": { \"Name\": \"OLDEST_CONTACT_AGE\", \"Unit\": \"SECONDS\" }, \"Value\": 24113.0 }

The actual OLDEST_CONTACT_AGE is 24 seconds.

When the filter RoutingStepExpression is used, this metric is still calculated from enqueue time. For example, if a contact that has been queued under <Expression 1> for 10 seconds has expired and <Expression 2> becomes active, then OLDEST_CONTACT_AGE for this queue will be counted starting from 10, not 0.

Name in real-time metrics report: Oldest

SLOTS_ACTIVE

Unit: COUNT

Name in real-time metrics report: Active

SLOTS_AVAILABLE

Unit: COUNT

Name in real-time metrics report: Availability

" + "documentation":"

The metrics to retrieve. Specify the name or metricId, and unit for each metric. The following metrics are available. For a description of all the metrics, see Metrics definitions in the Amazon Connect Administrator Guide.

MetricId should be used to reference custom metrics or out of the box metrics as Arn. If using MetricId, the limit is 10 MetricId per request.
AGENTS_AFTER_CONTACT_WORK

Unit: COUNT

Name in real-time metrics report: ACW

AGENTS_AVAILABLE

Unit: COUNT

Name in real-time metrics report: Available

AGENTS_ERROR

Unit: COUNT

Name in real-time metrics report: Error

AGENTS_NON_PRODUCTIVE

Unit: COUNT

Name in real-time metrics report: NPT (Non-Productive Time)

AGENTS_ON_CALL

Unit: COUNT

Name in real-time metrics report: On contact

AGENTS_ON_CONTACT

Unit: COUNT

Name in real-time metrics report: On contact

AGENTS_ONLINE

Unit: COUNT

Name in real-time metrics report: Online

AGENTS_STAFFED

Unit: COUNT

Name in real-time metrics report: Staffed

CONTACTS_IN_QUEUE

Unit: COUNT

Name in real-time metrics report: In queue

CONTACTS_SCHEDULED

Unit: COUNT

Name in real-time metrics report: Scheduled

OLDEST_CONTACT_AGE

Unit: SECONDS

When you use groupings, Unit says SECONDS and the Value is returned in SECONDS.

When you do not use groupings, Unit says SECONDS but the Value is returned in MILLISECONDS. For example, if you get a response like this:

{ \"Metric\": { \"Name\": \"OLDEST_CONTACT_AGE\", \"Unit\": \"SECONDS\" }, \"Value\": 24113.0 }

The actual OLDEST_CONTACT_AGE is 24 seconds.

When the filter RoutingStepExpression is used, this metric is still calculated from enqueue time. For example, if a contact that has been queued under <Expression 1> for 10 seconds has expired and <Expression 2> becomes active, then OLDEST_CONTACT_AGE for this queue will be counted starting from 10, not 0.

Name in real-time metrics report: Oldest

SLOTS_ACTIVE

Unit: COUNT

Name in real-time metrics report: Active

SLOTS_AVAILABLE

Unit: COUNT

Name in real-time metrics report: Availability

" }, "NextToken":{ "shape":"NextToken", @@ -18700,7 +18724,9 @@ "CHANNEL", "ROUTING_PROFILE", "ROUTING_STEP_EXPRESSION", - "AGENT_STATUS" + "AGENT_STATUS", + "SUBTYPE", + "VALIDATION_TEST_TYPE" ] }, "GroupingV2":{"type":"string"}, @@ -21632,7 +21658,7 @@ }, "InstanceId":{ "shape":"InstanceId", - "documentation":"

The identifier of the Amazon Connect instance that phone numbers are claimed to. You can find the instance ID in the Amazon Resource Name (ARN) of the instance. If both TargetArn and InstanceId are not provided, this API lists numbers claimed to all the Amazon Connect instances belonging to your account in the same AWS Region as the request.

" + "documentation":"

The identifier of the Amazon Connect instance that phone numbers are claimed to. You can find the instance ID in the Amazon Resource Name (ARN) of the instance. If both TargetArn and InstanceId are not provided, this API lists numbers claimed to all the Amazon Connect instances belonging to your account in the same Amazon Web Services Region as the request.

" }, "MaxResults":{ "shape":"MaxResult1000", @@ -29198,7 +29224,7 @@ }, "DisconnectOnCustomerExit":{ "shape":"DisconnectOnCustomerExit", - "documentation":"

A list of participant types to automatically disconnect when the end customer ends the chat session, allowing them to continue through disconnect flows such as surveys or feedback forms.

Valid value: AGENT.

With the DisconnectOnCustomerExit parameter, you can configure automatic agent disconnection when end customers end the chat, ensuring that disconnect flows are triggered consistently regardless of which participant disconnects first.

" + "documentation":"

A list of participant types to automatically disconnect when the end customer ends the chat session, allowing them to continue through disconnect flows such as surveys or feedback forms.

" } } }, @@ -29466,7 +29492,7 @@ }, "SegmentAttributes":{ "shape":"SegmentAttributes", - "documentation":"

A set of system defined key-value pairs stored on individual contact segments using an attribute map. The attributes are standard Amazon Connect attributes. They can be accessed in flows.

  • Attribute keys can include only alphanumeric, -, and _.

  • This field can be used to show channel subtype, such as connect:Guide and connect:SMS.

" + "documentation":"

A set of system defined key-value pairs stored on individual contact segments using an attribute map. The attributes are standard Amazon Connect attributes. They can be accessed in flows.

  • Attribute keys can include only alphanumeric, -, and _.

  • This field can be used to show channel subtype, such as connect:SMS and connect:WhatsApp.

" }, "Attributes":{ "shape":"Attributes", @@ -29493,7 +29519,7 @@ }, "ClientToken":{ "shape":"ClientToken", - "documentation":"

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the AWS SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs. The token is valid for 7 days after creation. If a contact is already started, the contact ID is returned.

", + "documentation":"

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs. The token is valid for 7 days after creation. If a contact is already started, the contact ID is returned.

", "idempotencyToken":true } } @@ -30086,6 +30112,11 @@ "max":100, "min":1 }, + "Subtypes":{ + "type":"list", + "member":{"shape":"Subtype"}, + "max":10 + }, "SuccessfulBatchAssociationSummary":{ "type":"structure", "members":{ @@ -33788,6 +33819,12 @@ "type":"list", "member":{"shape":"String"} }, + "ValidationTestType":{"type":"string"}, + "ValidationTestTypes":{ + "type":"list", + "member":{"shape":"ValidationTestType"}, + "max":10 + }, "Value":{"type":"double"}, "ValueBoundary":{ "type":"integer", @@ -34330,7 +34367,7 @@ }, "LastModifiedRegion":{ "shape":"RegionName", - "documentation":"

The AWS Region where the workspace was last modified.

" + "documentation":"

The Amazon Web Services Region where the workspace was last modified.

" }, "Tags":{ "shape":"TagMap", @@ -34573,7 +34610,7 @@ }, "LastModifiedRegion":{ "shape":"RegionName", - "documentation":"

The AWS Region where the workspace was last modified.

" + "documentation":"

The Amazon Web Services Region where the workspace was last modified.

" } }, "documentation":"

Contains summary information about a workspace.

" diff --git a/awscli/botocore/data/emr-serverless/2021-07-13/service-2.json b/awscli/botocore/data/emr-serverless/2021-07-13/service-2.json index d6a472ed4cbc..a617bb90ad05 100644 --- a/awscli/botocore/data/emr-serverless/2021-07-13/service-2.json +++ b/awscli/botocore/data/emr-serverless/2021-07-13/service-2.json @@ -385,6 +385,10 @@ "identityCenterConfiguration":{ "shape":"IdentityCenterConfiguration", "documentation":"

The IAM Identity Center configuration applied to enable trusted identity propagation.

" + }, + "jobLevelCostAllocationConfiguration":{ + "shape":"JobLevelCostAllocationConfiguration", + "documentation":"

The configuration object that enables job level cost allocation.

" } }, "documentation":"

Information about an application. Amazon EMR Serverless uses applications to run jobs.

" @@ -763,6 +767,10 @@ "identityCenterConfiguration":{ "shape":"IdentityCenterConfigurationInput", "documentation":"

The IAM Identity Center Configuration accepts the Identity Center instance parameter required to enable trusted identity propagation. This configuration allows identity propagation between integrated services and the Identity Center instance.

" + }, + "jobLevelCostAllocationConfiguration":{ + "shape":"JobLevelCostAllocationConfiguration", + "documentation":"

The configuration object that enables job level cost allocation.

" } } }, @@ -1142,6 +1150,16 @@ "documentation":"

The driver that the job runs on.

", "union":true }, + "JobLevelCostAllocationConfiguration":{ + "type":"structure", + "members":{ + "enabled":{ + "shape":"Boolean", + "documentation":"

Enables job level cost allocation for the application.

" + } + }, + "documentation":"

The configuration object that enables job level cost allocation.

" + }, "JobRun":{ "type":"structure", "required":[ @@ -2281,6 +2299,10 @@ "identityCenterConfiguration":{ "shape":"IdentityCenterConfigurationInput", "documentation":"

Specifies the IAM Identity Center configuration used to enable or disable trusted identity propagation. When provided, this configuration determines how the application interacts with IAM Identity Center for user authentication and access control.

" + }, + "jobLevelCostAllocationConfiguration":{ + "shape":"JobLevelCostAllocationConfiguration", + "documentation":"

The configuration object that enables job level cost allocation.

" } } }, diff --git a/awscli/botocore/data/iot/2015-05-28/service-2.json b/awscli/botocore/data/iot/2015-05-28/service-2.json index fc0c64c567f6..aa85d09f3407 100644 --- a/awscli/botocore/data/iot/2015-05-28/service-2.json +++ b/awscli/botocore/data/iot/2015-05-28/service-2.json @@ -13063,7 +13063,14 @@ }, "GetV2LoggingOptionsRequest":{ "type":"structure", - "members":{} + "members":{ + "verbose":{ + "shape":"VerboseFlag", + "documentation":"

The flag is used to get all the event types and their respective configuration that event-based logging supports.

", + "location":"querystring", + "locationName":"verbose" + } + } }, "GetV2LoggingOptionsResponse":{ "type":"structure", @@ -13079,6 +13086,10 @@ "disableAllLogs":{ "shape":"DisableAllLogs", "documentation":"

Disables all logs.

" + }, + "eventConfigurations":{ + "shape":"LogEventConfigurations", + "documentation":"

The list of event configurations that override account-level logging.

" } } }, @@ -13137,7 +13148,7 @@ }, "batchConfig":{ "shape":"BatchConfig", - "documentation":"

The configuration settings for batching. For more information, see Batching HTTP action messages.

" + "documentation":"

The configuration settings for batching. For more information, see Batching HTTP action messages.

" } }, "documentation":"

Send data to an HTTPS endpoint.

" @@ -16898,6 +16909,40 @@ }, "documentation":"

Describes how to interpret an application-defined timestamp value from an MQTT message payload and the precision of that value.

" }, + "LogDestination":{ + "type":"string", + "max":512, + "min":1, + "pattern":"^[.\\-_/#A-Za-z0-9]+$" + }, + "LogEventConfiguration":{ + "type":"structure", + "required":["eventType"], + "members":{ + "eventType":{ + "shape":"LogEventType", + "documentation":"

The type of event to log. These include event types like Connect, Publish, and Disconnect.

" + }, + "logLevel":{ + "shape":"LogLevel", + "documentation":"

The logging level for the specified event type. Determines the verbosity of log messages generated for this event type.

" + }, + "logDestination":{ + "shape":"LogDestination", + "documentation":"

CloudWatch Log Group for event-based logging. Specifies where log events should be sent. The log destination for event-based logging overrides default Log Group for the specified event type and applies to all resources associated with that event.

" + } + }, + "documentation":"

Configuration for event-based logging that specifies which event types to log and their logging settings. Used for account-level logging overrides.

" + }, + "LogEventConfigurations":{ + "type":"list", + "member":{"shape":"LogEventConfiguration"} + }, + "LogEventType":{ + "type":"string", + "max":512, + "min":1 + }, "LogGroupName":{"type":"string"}, "LogLevel":{ "type":"string", @@ -19474,6 +19519,10 @@ "disableAllLogs":{ "shape":"DisableAllLogs", "documentation":"

If true all logs are disabled. The default is false.

" + }, + "eventConfigurations":{ + "shape":"LogEventConfigurations", + "documentation":"

The list of event configurations that override account-level logging.

" } } }, @@ -22503,6 +22552,7 @@ "pattern":"[\\s\\S]*" }, "Variance":{"type":"double"}, + "VerboseFlag":{"type":"boolean"}, "VerificationState":{ "type":"string", "enum":[ diff --git a/awscli/botocore/data/qbusiness/2023-11-27/service-2.json b/awscli/botocore/data/qbusiness/2023-11-27/service-2.json index a0e6756c3ac8..ec6f506080e3 100644 --- a/awscli/botocore/data/qbusiness/2023-11-27/service-2.json +++ b/awscli/botocore/data/qbusiness/2023-11-27/service-2.json @@ -150,7 +150,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Verifies if a user has access permissions for a specified document and returns the actual ACL attached to the document. Resolves user access on the document via user aliases and groups when verifying user access.

" + "documentation":"

Verifies if a user has access permissions for a specified document and returns the actual ACL attached to the document. Resolves user access on the document via user aliases and groups when verifying user access.

", + "readonly":true }, "CreateAnonymousWebExperienceUrl":{ "name":"CreateAnonymousWebExperienceUrl", @@ -673,7 +674,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Gets information about an existing Amazon Q Business application.

" + "documentation":"

Gets information about an existing Amazon Q Business application.

", + "readonly":true }, "GetChatControlsConfiguration":{ "name":"GetChatControlsConfiguration", @@ -691,7 +693,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Gets information about chat controls configured for an existing Amazon Q Business application.

" + "documentation":"

Gets information about chat controls configured for an existing Amazon Q Business application.

", + "readonly":true }, "GetChatResponseConfiguration":{ "name":"GetChatResponseConfiguration", @@ -709,7 +712,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves detailed information about a specific chat response configuration from an Amazon Q Business application. This operation returns the complete configuration settings and metadata.

" + "documentation":"

Retrieves detailed information about a specific chat response configuration from an Amazon Q Business application. This operation returns the complete configuration settings and metadata.

", + "readonly":true }, "GetDataAccessor":{ "name":"GetDataAccessor", @@ -727,7 +731,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves information about a specified data accessor. This operation returns details about the data accessor, including its display name, unique identifier, Amazon Resource Name (ARN), the associated Amazon Q Business application and IAM Identity Center application, the IAM role for the ISV, the action configurations, and the timestamps for when the data accessor was created and last updated.

" + "documentation":"

Retrieves information about a specified data accessor. This operation returns details about the data accessor, including its display name, unique identifier, Amazon Resource Name (ARN), the associated Amazon Q Business application and IAM Identity Center application, the IAM role for the ISV, the action configurations, and the timestamps for when the data accessor was created and last updated.

", + "readonly":true }, "GetDataSource":{ "name":"GetDataSource", @@ -745,7 +750,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Gets information about an existing Amazon Q Business data source connector.

" + "documentation":"

Gets information about an existing Amazon Q Business data source connector.

", + "readonly":true }, "GetDocumentContent":{ "name":"GetDocumentContent", @@ -763,7 +769,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves the content of a document that was ingested into Amazon Q Business. This API validates user authorization against document ACLs before returning a pre-signed URL for secure document access. You can download or view source documents referenced in chat responses through the URL.

" + "documentation":"

Retrieves the content of a document that was ingested into Amazon Q Business. This API validates user authorization against document ACLs before returning a pre-signed URL for secure document access. You can download or view source documents referenced in chat responses through the URL.

", + "readonly":true }, "GetGroup":{ "name":"GetGroup", @@ -782,7 +789,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Describes a group by group name.

" + "documentation":"

Describes a group by group name.

", + "readonly":true }, "GetIndex":{ "name":"GetIndex", @@ -800,7 +808,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Gets information about an existing Amazon Q Business index.

" + "documentation":"

Gets information about an existing Amazon Q Business index.

", + "readonly":true }, "GetMedia":{ "name":"GetMedia", @@ -820,7 +829,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Returns the image bytes corresponding to a media object. If you have implemented your own application with the Chat and ChatSync APIs, and have enabled content extraction from visual data in Amazon Q Business, you use the GetMedia API operation to download the images so you can show them in your UI with responses.

For more information, see Extracting semantic meaning from images and visuals.

" + "documentation":"

Returns the image bytes corresponding to a media object. If you have implemented your own application with the Chat and ChatSync APIs, and have enabled content extraction from visual data in Amazon Q Business, you use the GetMedia API operation to download the images so you can show them in your UI with responses.

For more information, see Extracting semantic meaning from images and visuals.

", + "readonly":true }, "GetPlugin":{ "name":"GetPlugin", @@ -838,7 +848,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Gets information about an existing Amazon Q Business plugin.

" + "documentation":"

Gets information about an existing Amazon Q Business plugin.

", + "readonly":true }, "GetPolicy":{ "name":"GetPolicy", @@ -856,7 +867,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves the current permission policy for a Amazon Q Business application. The policy is returned as a JSON-formatted string and defines the IAM actions that are allowed or denied for the application's resources.

" + "documentation":"

Retrieves the current permission policy for a Amazon Q Business application. The policy is returned as a JSON-formatted string and defines the IAM actions that are allowed or denied for the application's resources.

", + "readonly":true }, "GetRetriever":{ "name":"GetRetriever", @@ -874,7 +886,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Gets information about an existing retriever used by an Amazon Q Business application.

" + "documentation":"

Gets information about an existing retriever used by an Amazon Q Business application.

", + "readonly":true }, "GetUser":{ "name":"GetUser", @@ -893,7 +906,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Describes the universally unique identifier (UUID) associated with a local user in a data source.

" + "documentation":"

Describes the universally unique identifier (UUID) associated with a local user in a data source.

", + "readonly":true }, "GetWebExperience":{ "name":"GetWebExperience", @@ -911,7 +925,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Gets information about an existing Amazon Q Business web experience.

" + "documentation":"

Gets information about an existing Amazon Q Business web experience.

", + "readonly":true }, "ListApplications":{ "name":"ListApplications", @@ -928,7 +943,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Lists Amazon Q Business applications.

Amazon Q Business applications may securely transmit data for processing across Amazon Web Services Regions within your geography. For more information, see Cross region inference in Amazon Q Business.

" + "documentation":"

Lists Amazon Q Business applications.

Amazon Q Business applications may securely transmit data for processing across Amazon Web Services Regions within your geography. For more information, see Cross region inference in Amazon Q Business.

", + "readonly":true }, "ListAttachments":{ "name":"ListAttachments", @@ -947,7 +963,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Gets a list of attachments associated with an Amazon Q Business web experience or a list of attachements associated with a specific Amazon Q Business conversation.

" + "documentation":"

Gets a list of attachments associated with an Amazon Q Business web experience or a list of attachements associated with a specific Amazon Q Business conversation.

", + "readonly":true }, "ListChatResponseConfigurations":{ "name":"ListChatResponseConfigurations", @@ -965,7 +982,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves a list of all chat response configurations available in a specified Amazon Q Business application. This operation returns summary information about each configuration to help administrators manage and select appropriate response settings.

" + "documentation":"

Retrieves a list of all chat response configurations available in a specified Amazon Q Business application. This operation returns summary information about each configuration to help administrators manage and select appropriate response settings.

", + "readonly":true }, "ListConversations":{ "name":"ListConversations", @@ -984,7 +1002,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Lists one or more Amazon Q Business conversations.

" + "documentation":"

Lists one or more Amazon Q Business conversations.

", + "readonly":true }, "ListDataAccessors":{ "name":"ListDataAccessors", @@ -1002,7 +1021,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Lists the data accessors for a Amazon Q Business application. This operation returns a paginated list of data accessor summaries, including the friendly name, unique identifier, ARN, associated IAM role, and creation/update timestamps for each data accessor.

" + "documentation":"

Lists the data accessors for a Amazon Q Business application. This operation returns a paginated list of data accessor summaries, including the friendly name, unique identifier, ARN, associated IAM role, and creation/update timestamps for each data accessor.

", + "readonly":true }, "ListDataSourceSyncJobs":{ "name":"ListDataSourceSyncJobs", @@ -1021,7 +1041,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Get information about an Amazon Q Business data source connector synchronization.

" + "documentation":"

Get information about an Amazon Q Business data source connector synchronization.

", + "readonly":true }, "ListDataSources":{ "name":"ListDataSources", @@ -1039,7 +1060,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Lists the Amazon Q Business data source connectors that you have created.

" + "documentation":"

Lists the Amazon Q Business data source connectors that you have created.

", + "readonly":true }, "ListDocuments":{ "name":"ListDocuments", @@ -1057,7 +1079,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

A list of documents attached to an index.

" + "documentation":"

A list of documents attached to an index.

", + "readonly":true }, "ListGroups":{ "name":"ListGroups", @@ -1076,7 +1099,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Provides a list of groups that are mapped to users.

" + "documentation":"

Provides a list of groups that are mapped to users.

", + "readonly":true }, "ListIndices":{ "name":"ListIndices", @@ -1094,7 +1118,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Lists the Amazon Q Business indices you have created.

" + "documentation":"

Lists the Amazon Q Business indices you have created.

", + "readonly":true }, "ListMessages":{ "name":"ListMessages", @@ -1113,7 +1138,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Gets a list of messages associated with an Amazon Q Business web experience.

" + "documentation":"

Gets a list of messages associated with an Amazon Q Business web experience.

", + "readonly":true }, "ListPluginActions":{ "name":"ListPluginActions", @@ -1131,7 +1157,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Lists configured Amazon Q Business actions for a specific plugin in an Amazon Q Business application.

" + "documentation":"

Lists configured Amazon Q Business actions for a specific plugin in an Amazon Q Business application.

", + "readonly":true }, "ListPluginTypeActions":{ "name":"ListPluginTypeActions", @@ -1148,7 +1175,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Lists configured Amazon Q Business actions for any plugin type—both built-in and custom.

" + "documentation":"

Lists configured Amazon Q Business actions for any plugin type—both built-in and custom.

", + "readonly":true }, "ListPluginTypeMetadata":{ "name":"ListPluginTypeMetadata", @@ -1165,7 +1193,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Lists metadata for all Amazon Q Business plugin types.

" + "documentation":"

Lists metadata for all Amazon Q Business plugin types.

", + "readonly":true }, "ListPlugins":{ "name":"ListPlugins", @@ -1183,7 +1212,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Lists configured Amazon Q Business plugins.

" + "documentation":"

Lists configured Amazon Q Business plugins.

", + "readonly":true }, "ListRetrievers":{ "name":"ListRetrievers", @@ -1201,7 +1231,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Lists the retriever used by an Amazon Q Business application.

" + "documentation":"

Lists the retriever used by an Amazon Q Business application.

", + "readonly":true }, "ListSubscriptions":{ "name":"ListSubscriptions", @@ -1220,7 +1251,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Lists all subscriptions created in an Amazon Q Business application.

" + "documentation":"

Lists all subscriptions created in an Amazon Q Business application.

", + "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -1238,7 +1270,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Gets a list of tags associated with a specified resource. Amazon Q Business applications and data sources can have tags associated with them.

" + "documentation":"

Gets a list of tags associated with a specified resource. Amazon Q Business applications and data sources can have tags associated with them.

", + "readonly":true }, "ListWebExperiences":{ "name":"ListWebExperiences", @@ -1256,7 +1289,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Lists one or more Amazon Q Business Web Experiences.

" + "documentation":"

Lists one or more Amazon Q Business Web Experiences.

", + "readonly":true }, "PutFeedback":{ "name":"PutFeedback", @@ -1798,8 +1832,7 @@ }, "ActionPayloadFieldValue":{ "type":"structure", - "members":{ - }, + "members":{}, "document":true }, "ActionReview":{ @@ -1926,8 +1959,7 @@ }, "ActionReviewPayloadFieldArrayItemJsonSchema":{ "type":"structure", - "members":{ - }, + "members":{}, "document":true }, "ActionSummary":{ @@ -1990,7 +2022,7 @@ }, "quickSightConfiguration":{ "shape":"QuickSightConfiguration", - "documentation":"

The Amazon QuickSight configuration for an Amazon Q Business application that uses QuickSight as the identity provider.

" + "documentation":"

The Amazon Quick Suite configuration for an Amazon Q Business application that uses Quick Suite as the identity provider.

" } }, "documentation":"

Summary information for an Amazon Q Business application.

" @@ -3343,7 +3375,7 @@ }, "quickSightConfiguration":{ "shape":"QuickSightConfiguration", - "documentation":"

The Amazon QuickSight configuration for an Amazon Q Business application that uses QuickSight for authentication. This configuration is required if your application uses QuickSight as the identity provider. For more information, see Creating an Amazon QuickSight integrated application.

" + "documentation":"

The Amazon Quick Suite configuration for an Amazon Q Business application that uses Quick Suite for authentication. This configuration is required if your application uses Quick Suite as the identity provider. For more information, see Creating an Amazon Quick Suite integrated application.

" } } }, @@ -3799,8 +3831,7 @@ }, "CreateUserResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateWebExperienceRequest":{ "type":"structure", @@ -4100,8 +4131,7 @@ }, "DataSourceConfiguration":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Provides the configuration information for an Amazon Q Business data source.

", "document":true }, @@ -4267,8 +4297,7 @@ }, "DeleteApplicationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteAttachmentRequest":{ "type":"structure", @@ -4306,8 +4335,7 @@ }, "DeleteAttachmentResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteChatControlsConfigurationRequest":{ "type":"structure", @@ -4323,8 +4351,7 @@ }, "DeleteChatControlsConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteChatResponseConfigurationRequest":{ "type":"structure", @@ -4349,8 +4376,7 @@ }, "DeleteChatResponseConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteConversationRequest":{ "type":"structure", @@ -4381,8 +4407,7 @@ }, "DeleteConversationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteDataAccessorRequest":{ "type":"structure", @@ -4407,8 +4432,7 @@ }, "DeleteDataAccessorResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteDataSourceRequest":{ "type":"structure", @@ -4440,8 +4464,7 @@ }, "DeleteDataSourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteDocument":{ "type":"structure", @@ -4494,8 +4517,7 @@ }, "DeleteGroupResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteIndexRequest":{ "type":"structure", @@ -4520,8 +4542,7 @@ }, "DeleteIndexResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeletePluginRequest":{ "type":"structure", @@ -4546,8 +4567,7 @@ }, "DeletePluginResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteRetrieverRequest":{ "type":"structure", @@ -4572,8 +4592,7 @@ }, "DeleteRetrieverResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteUserRequest":{ "type":"structure", @@ -4598,8 +4617,7 @@ }, "DeleteUserResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteWebExperienceRequest":{ "type":"structure", @@ -4624,8 +4642,7 @@ }, "DeleteWebExperienceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "Description":{ "type":"string", @@ -4656,8 +4673,7 @@ }, "DisassociatePermissionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisplayName":{ "type":"string", @@ -5091,8 +5107,7 @@ }, "EndOfInputEvent":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The end of the streaming input for the Chat API.

", "event":true }, @@ -5299,7 +5314,7 @@ }, "quickSightConfiguration":{ "shape":"QuickSightConfiguration", - "documentation":"

The Amazon QuickSight authentication configuration for the Amazon Q Business application.

" + "documentation":"

The Amazon Quick Suite authentication configuration for the Amazon Q Business application.

" } } }, @@ -6205,13 +6220,13 @@ "type":"string", "max":2048, "min":20, - "pattern":"arn:aws:iam::\\d{12}:(oidc-provider|saml-provider)/[a-zA-Z0-9_\\.\\/@\\-]+" + "pattern":"arn:[a-z0-9-\\.]{1,63}:iam::\\d{12}:(oidc-provider|saml-provider)/[a-zA-Z0-9_\\.\\/@\\-]+" }, "IdcApplicationArn":{ "type":"string", "max":1224, "min":10, - "pattern":"arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso::\\d{12}:application/(sso)?ins-[a-zA-Z0-9-.]{16}/apl-[a-zA-Z0-9]{16}" + "pattern":"arn:[a-z0-9-\\.]{1,63}:sso::\\d{12}:application/(sso)?ins-[a-zA-Z0-9-.]{16}/apl-[a-zA-Z0-9]{16}" }, "IdcAuthConfiguration":{ "type":"structure", @@ -6235,7 +6250,7 @@ "type":"string", "max":1284, "min":0, - "pattern":"arn:aws:sso::[0-9]{12}:trustedTokenIssuer/(sso)?ins-[a-zA-Z0-9-.]{16}/tti-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" + "pattern":"arn:[a-z0-9-\\.]{1,63}:sso::[0-9]{12}:trustedTokenIssuer/(sso)?ins-[a-zA-Z0-9-.]{16}/tti-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" }, "IdentityProviderConfiguration":{ "type":"structure", @@ -6410,7 +6425,7 @@ "type":"string", "max":1224, "min":10, - "pattern":"arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::instance/(sso)?ins-[a-zA-Z0-9-.]{16}" + "pattern":"arn:[a-z0-9-\\.]{1,63}:sso:::instance/(sso)?ins-[a-zA-Z0-9-.]{16}" }, "Instruction":{ "type":"string", @@ -6498,7 +6513,7 @@ "type":"string", "max":2048, "min":1, - "pattern":"arn:aws[a-zA-Z-]*:lambda:[a-z-]*-[0-9]:[0-9]{12}:function:[a-zA-Z0-9-_]+(/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})?(:[a-zA-Z0-9-_]+)?" + "pattern":"arn:[a-z0-9-\\.]{1,63}:lambda:[a-z-]*-[0-9]:[0-9]{12}:function:[a-zA-Z0-9-_]+(/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})?(:[a-zA-Z0-9-_]+)?" }, "LicenseNotFoundException":{ "type":"structure", @@ -7698,8 +7713,7 @@ }, "NoAuthConfiguration":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Information about invoking a custom plugin without any authentication or authorization requirement.

" }, "NumberAttributeBoostingConfiguration":{ @@ -7828,7 +7842,7 @@ }, "PermissionConditionKey":{ "type":"string", - "pattern":"aws:PrincipalTag/qbusiness-dataaccessor:[a-zA-Z]+.*" + "pattern":"aws:[a-zA-Z][a-zA-Z0-9-/:]*" }, "PermissionConditionOperator":{ "type":"string", @@ -7838,7 +7852,7 @@ "type":"string", "max":1000, "min":1, - "pattern":"[a-zA-Z0-9][a-zA-Z0-9_-]*" + "pattern":"[a-zA-Z0-9][a-zA-Z0-9._-]*" }, "PermissionConditionValues":{ "type":"list", @@ -8076,7 +8090,7 @@ "type":"string", "max":1284, "min":1, - "pattern":"arn:aws:iam::[0-9]{12}:role/[a-zA-Z0-9_/+=,.@-]+" + "pattern":"arn:[a-z0-9-\\.]{1,63}:iam::[0-9]{12}:role/[a-zA-Z0-9_/+=,.@-]+" }, "PrincipalUser":{ "type":"structure", @@ -8186,8 +8200,7 @@ }, "PutGroupResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "QAppsConfiguration":{ "type":"structure", @@ -8224,10 +8237,10 @@ "members":{ "clientNamespace":{ "shape":"ClientNamespace", - "documentation":"

The Amazon QuickSight namespace that is used as the identity provider. For more information about QuickSight namespaces, see Namespace operations.

" + "documentation":"

The Amazon Quick Suite namespace that is used as the identity provider. For more information about Quick Suite namespaces, see Namespace operations.

" } }, - "documentation":"

The Amazon QuickSight configuration for an Amazon Q Business application that uses QuickSight as the identity provider. For more information, see Creating an Amazon QuickSight integrated application.

" + "documentation":"

The Amazon Quick Suite configuration for an Amazon Q Business application that uses Quick Suite as the identity provider. For more information, see Creating an Amazon Quick Suite integrated application.

" }, "ReadAccessType":{ "type":"string", @@ -8839,8 +8852,7 @@ }, "StopDataSourceSyncJobResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "String":{ "type":"string", @@ -9052,8 +9064,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -9245,8 +9256,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateApplicationRequest":{ "type":"structure", @@ -9294,8 +9304,7 @@ }, "UpdateApplicationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateChatControlsConfigurationRequest":{ "type":"structure", @@ -9344,8 +9353,7 @@ }, "UpdateChatControlsConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateChatResponseConfigurationRequest":{ "type":"structure", @@ -9384,8 +9392,7 @@ }, "UpdateChatResponseConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateDataAccessorRequest":{ "type":"structure", @@ -9423,8 +9430,7 @@ }, "UpdateDataAccessorResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateDataSourceRequest":{ "type":"structure", @@ -9479,8 +9485,7 @@ }, "UpdateDataSourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateIndexRequest":{ "type":"structure", @@ -9521,8 +9526,7 @@ }, "UpdateIndexResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdatePluginRequest":{ "type":"structure", @@ -9567,8 +9571,7 @@ }, "UpdatePluginResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateRetrieverRequest":{ "type":"structure", @@ -9602,8 +9605,7 @@ }, "UpdateRetrieverResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateSubscriptionRequest":{ "type":"structure", @@ -9759,8 +9761,7 @@ }, "UpdateWebExperienceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "Url":{ "type":"string", diff --git a/awscli/botocore/data/wickr/2024-02-01/endpoint-rule-set-1.json b/awscli/botocore/data/wickr/2024-02-01/endpoint-rule-set-1.json new file mode 100644 index 000000000000..1f95801d1f4b --- /dev/null +++ b/awscli/botocore/data/wickr/2024-02-01/endpoint-rule-set-1.json @@ -0,0 +1,350 @@ +{ + "version": "1.0", + "parameters": { + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "string" + }, + "UseDualStack": { + "builtIn": "AWS::UseDualStack", + "required": true, + "default": false, + "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", + "type": "boolean" + }, + "UseFIPS": { + "builtIn": "AWS::UseFIPS", + "required": true, + "default": false, + "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", + "type": "boolean" + }, + "Endpoint": { + "builtIn": "SDK::Endpoint", + "required": false, + "documentation": "Override the endpoint used to send this request", + "type": "string" + } + }, + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://admin.wickr-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + }, + true + ] + } + ], + "rules": [ + { + "conditions": [], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://admin.wickr-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://admin.wickr.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://admin.wickr.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" + } + ], + "type": "tree" + } + ] +} \ No newline at end of file diff --git a/awscli/botocore/data/wickr/2024-02-01/paginators-1.json b/awscli/botocore/data/wickr/2024-02-01/paginators-1.json new file mode 100644 index 000000000000..f51f71e26c6b --- /dev/null +++ b/awscli/botocore/data/wickr/2024-02-01/paginators-1.json @@ -0,0 +1,52 @@ +{ + "pagination": { + "ListBlockedGuestUsers": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "blocklist" + }, + "ListBots": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "bots" + }, + "ListDevicesForUser": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "devices" + }, + "ListGuestUsers": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "guestlist" + }, + "ListNetworks": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "networks" + }, + "ListSecurityGroupUsers": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "users" + }, + "ListSecurityGroups": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "securityGroups" + }, + "ListUsers": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "users" + } + } +} diff --git a/awscli/botocore/data/wickr/2024-02-01/service-2.json b/awscli/botocore/data/wickr/2024-02-01/service-2.json new file mode 100644 index 000000000000..c87cd4fa02d2 --- /dev/null +++ b/awscli/botocore/data/wickr/2024-02-01/service-2.json @@ -0,0 +1,4174 @@ +{ + "version":"2.0", + "metadata":{ + "apiVersion":"2024-02-01", + "auth":["aws.auth#sigv4"], + "endpointPrefix":"admin.wickr", + "protocol":"rest-json", + "protocols":["rest-json"], + "serviceFullName":"AWS Wickr Admin API", + "serviceId":"Wickr", + "signatureVersion":"v4", + "signingName":"wickr", + "uid":"wickr-2024-02-01" + }, + "operations":{ + "BatchCreateUser":{ + "name":"BatchCreateUser", + "http":{ + "method":"POST", + "requestUri":"/networks/{networkId}/users", + "responseCode":200 + }, + "input":{"shape":"BatchCreateUserRequest"}, + "output":{"shape":"BatchCreateUserResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Creates multiple users in a specified Wickr network. This operation allows you to provision multiple user accounts simultaneously, optionally specifying security groups, and validation requirements for each user.

codeValidation, inviteCode, and inviteCodeTtl are restricted to networks under preview only.

" + }, + "BatchDeleteUser":{ + "name":"BatchDeleteUser", + "http":{ + "method":"POST", + "requestUri":"/networks/{networkId}/users/batch-delete", + "responseCode":200 + }, + "input":{"shape":"BatchDeleteUserRequest"}, + "output":{"shape":"BatchDeleteUserResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Deletes multiple users from a specified Wickr network. This operation permanently removes user accounts and their associated data from the network.

", + "idempotent":true + }, + "BatchLookupUserUname":{ + "name":"BatchLookupUserUname", + "http":{ + "method":"POST", + "requestUri":"/networks/{networkId}/users/uname-lookup", + "responseCode":200 + }, + "input":{"shape":"BatchLookupUserUnameRequest"}, + "output":{"shape":"BatchLookupUserUnameResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Looks up multiple user usernames from their unique username hashes (unames). This operation allows you to retrieve the email addresses associated with a list of username hashes.

" + }, + "BatchReinviteUser":{ + "name":"BatchReinviteUser", + "http":{ + "method":"PATCH", + "requestUri":"/networks/{networkId}/users/re-invite", + "responseCode":200 + }, + "input":{"shape":"BatchReinviteUserRequest"}, + "output":{"shape":"BatchReinviteUserResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Resends invitation codes to multiple users who have pending invitations in a Wickr network. This operation is useful when users haven't accepted their initial invitations or when invitations have expired.

" + }, + "BatchResetDevicesForUser":{ + "name":"BatchResetDevicesForUser", + "http":{ + "method":"PATCH", + "requestUri":"/networks/{networkId}/users/{userId}/devices", + "responseCode":200 + }, + "input":{"shape":"BatchResetDevicesForUserRequest"}, + "output":{"shape":"BatchResetDevicesForUserResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Resets multiple devices for a specific user in a Wickr network. This operation forces the selected devices to log out and requires users to re-authenticate, which is useful for security purposes or when devices need to be revoked.

", + "idempotent":true + }, + "BatchToggleUserSuspendStatus":{ + "name":"BatchToggleUserSuspendStatus", + "http":{ + "method":"PATCH", + "requestUri":"/networks/{networkId}/users/toggleSuspend", + "responseCode":200 + }, + "input":{"shape":"BatchToggleUserSuspendStatusRequest"}, + "output":{"shape":"BatchToggleUserSuspendStatusResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Suspends or unsuspends multiple users in a Wickr network. Suspended users cannot access the network until they are unsuspended. This operation is useful for temporarily restricting access without deleting user accounts.

", + "idempotent":true + }, + "CreateBot":{ + "name":"CreateBot", + "http":{ + "method":"POST", + "requestUri":"/networks/{networkId}/bots", + "responseCode":200 + }, + "input":{"shape":"CreateBotRequest"}, + "output":{"shape":"CreateBotResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Creates a new bot in a specified Wickr network. Bots are automated accounts that can send and receive messages, enabling integration with external systems and automation of tasks.

" + }, + "CreateDataRetentionBot":{ + "name":"CreateDataRetentionBot", + "http":{ + "method":"POST", + "requestUri":"/networks/{networkId}/data-retention-bots", + "responseCode":200 + }, + "input":{"shape":"CreateDataRetentionBotRequest"}, + "output":{"shape":"CreateDataRetentionBotResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Creates a data retention bot in a Wickr network. Data retention bots are specialized bots that handle message archiving and compliance by capturing and storing messages for regulatory or organizational requirements.

" + }, + "CreateDataRetentionBotChallenge":{ + "name":"CreateDataRetentionBotChallenge", + "http":{ + "method":"POST", + "requestUri":"/networks/{networkId}/data-retention-bots/challenge", + "responseCode":200 + }, + "input":{"shape":"CreateDataRetentionBotChallengeRequest"}, + "output":{"shape":"CreateDataRetentionBotChallengeResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Creates a new challenge password for the data retention bot. This password is used for authentication when the bot connects to the network.

" + }, + "CreateNetwork":{ + "name":"CreateNetwork", + "http":{ + "method":"POST", + "requestUri":"/networks", + "responseCode":200 + }, + "input":{"shape":"CreateNetworkRequest"}, + "output":{"shape":"CreateNetworkResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Creates a new Wickr network with specified access level and configuration. This operation provisions a new communication network for your organization.

", + "idempotent":true + }, + "CreateSecurityGroup":{ + "name":"CreateSecurityGroup", + "http":{ + "method":"POST", + "requestUri":"/networks/{networkId}/security-groups", + "responseCode":200 + }, + "input":{"shape":"CreateSecurityGroupRequest"}, + "output":{"shape":"CreateSecurityGroupResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Creates a new security group in a Wickr network. Security groups allow you to organize users and control their permissions, features, and security settings.

", + "idempotent":true + }, + "DeleteBot":{ + "name":"DeleteBot", + "http":{ + "method":"DELETE", + "requestUri":"/networks/{networkId}/bots/{botId}", + "responseCode":200 + }, + "input":{"shape":"DeleteBotRequest"}, + "output":{"shape":"DeleteBotResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Deletes a bot from a specified Wickr network. This operation permanently removes the bot account and its associated data from the network.

", + "idempotent":true + }, + "DeleteDataRetentionBot":{ + "name":"DeleteDataRetentionBot", + "http":{ + "method":"DELETE", + "requestUri":"/networks/{networkId}/data-retention-bots", + "responseCode":200 + }, + "input":{"shape":"DeleteDataRetentionBotRequest"}, + "output":{"shape":"DeleteDataRetentionBotResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Deletes the data retention bot from a Wickr network. This operation permanently removes the bot and all its associated data from the database.

", + "idempotent":true + }, + "DeleteNetwork":{ + "name":"DeleteNetwork", + "http":{ + "method":"DELETE", + "requestUri":"/networks/{networkId}", + "responseCode":200 + }, + "input":{"shape":"DeleteNetworkRequest"}, + "output":{"shape":"DeleteNetworkResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Deletes a Wickr network and all its associated resources, including users, bots, security groups, and settings. This operation is permanent and cannot be undone.

", + "idempotent":true + }, + "DeleteSecurityGroup":{ + "name":"DeleteSecurityGroup", + "http":{ + "method":"DELETE", + "requestUri":"/networks/{networkId}/security-groups/{groupId}", + "responseCode":200 + }, + "input":{"shape":"DeleteSecurityGroupRequest"}, + "output":{"shape":"DeleteSecurityGroupResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Deletes a security group from a Wickr network. This operation cannot be performed on the default security group.

", + "idempotent":true + }, + "GetBot":{ + "name":"GetBot", + "http":{ + "method":"GET", + "requestUri":"/networks/{networkId}/bots/{botId}", + "responseCode":200 + }, + "input":{"shape":"GetBotRequest"}, + "output":{"shape":"GetBotResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Retrieves detailed information about a specific bot in a Wickr network, including its status, group membership, and authentication details.

", + "readonly":true + }, + "GetBotsCount":{ + "name":"GetBotsCount", + "http":{ + "method":"GET", + "requestUri":"/networks/{networkId}/bots/count", + "responseCode":200 + }, + "input":{"shape":"GetBotsCountRequest"}, + "output":{"shape":"GetBotsCountResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Retrieves the count of bots in a Wickr network, categorized by their status (pending, active, and total).

", + "readonly":true + }, + "GetDataRetentionBot":{ + "name":"GetDataRetentionBot", + "http":{ + "method":"GET", + "requestUri":"/networks/{networkId}/data-retention-bots", + "responseCode":200 + }, + "input":{"shape":"GetDataRetentionBotRequest"}, + "output":{"shape":"GetDataRetentionBotResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Retrieves information about the data retention bot in a Wickr network, including its status and whether the data retention service is enabled.

", + "readonly":true + }, + "GetGuestUserHistoryCount":{ + "name":"GetGuestUserHistoryCount", + "http":{ + "method":"GET", + "requestUri":"/networks/{networkId}/guest-users/count", + "responseCode":200 + }, + "input":{"shape":"GetGuestUserHistoryCountRequest"}, + "output":{"shape":"GetGuestUserHistoryCountResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Retrieves historical guest user count data for a Wickr network, showing the number of guest users per billing period over the past 90 days.

", + "readonly":true + }, + "GetNetwork":{ + "name":"GetNetwork", + "http":{ + "method":"GET", + "requestUri":"/networks/{networkId}", + "responseCode":200 + }, + "input":{"shape":"GetNetworkRequest"}, + "output":{"shape":"GetNetworkResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Retrieves detailed information about a specific Wickr network, including its configuration, access level, and status.

", + "readonly":true + }, + "GetNetworkSettings":{ + "name":"GetNetworkSettings", + "http":{ + "method":"GET", + "requestUri":"/networks/{networkId}/settings", + "responseCode":200 + }, + "input":{"shape":"GetNetworkSettingsRequest"}, + "output":{"shape":"GetNetworkSettingsResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Retrieves all network-level settings for a Wickr network, including client metrics, data retention, and other configuration options.

", + "readonly":true + }, + "GetOidcInfo":{ + "name":"GetOidcInfo", + "http":{ + "method":"GET", + "requestUri":"/networks/{networkId}/oidc", + "responseCode":200 + }, + "input":{"shape":"GetOidcInfoRequest"}, + "output":{"shape":"GetOidcInfoResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Retrieves the OpenID Connect (OIDC) configuration for a Wickr network, including SSO settings and optional token information if access token parameters are provided.

", + "readonly":true + }, + "GetSecurityGroup":{ + "name":"GetSecurityGroup", + "http":{ + "method":"GET", + "requestUri":"/networks/{networkId}/security-groups/{groupId}", + "responseCode":200 + }, + "input":{"shape":"GetSecurityGroupRequest"}, + "output":{"shape":"GetSecurityGroupResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Retrieves detailed information about a specific security group in a Wickr network, including its settings, member counts, and configuration.

", + "readonly":true + }, + "GetUser":{ + "name":"GetUser", + "http":{ + "method":"GET", + "requestUri":"/networks/{networkId}/users/{userId}", + "responseCode":200 + }, + "input":{"shape":"GetUserRequest"}, + "output":{"shape":"GetUserResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Retrieves detailed information about a specific user in a Wickr network, including their profile, status, and activity history.

", + "readonly":true + }, + "GetUsersCount":{ + "name":"GetUsersCount", + "http":{ + "method":"GET", + "requestUri":"/networks/{networkId}/users/count", + "responseCode":200 + }, + "input":{"shape":"GetUsersCountRequest"}, + "output":{"shape":"GetUsersCountResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Retrieves the count of users in a Wickr network, categorized by their status (pending, active, rejected) and showing how many users can still be added.

", + "readonly":true + }, + "ListBlockedGuestUsers":{ + "name":"ListBlockedGuestUsers", + "http":{ + "method":"GET", + "requestUri":"/networks/{networkId}/guest-users/blocklist", + "responseCode":200 + }, + "input":{"shape":"ListBlockedGuestUsersRequest"}, + "output":{"shape":"ListBlockedGuestUsersResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Retrieves a paginated list of guest users who have been blocked from a Wickr network. You can filter and sort the results.

", + "readonly":true + }, + "ListBots":{ + "name":"ListBots", + "http":{ + "method":"GET", + "requestUri":"/networks/{networkId}/bots", + "responseCode":200 + }, + "input":{"shape":"ListBotsRequest"}, + "output":{"shape":"ListBotsResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Retrieves a paginated list of bots in a specified Wickr network. You can filter and sort the results based on various criteria.

", + "readonly":true + }, + "ListDevicesForUser":{ + "name":"ListDevicesForUser", + "http":{ + "method":"GET", + "requestUri":"/networks/{networkId}/users/{userId}/devices", + "responseCode":200 + }, + "input":{"shape":"ListDevicesForUserRequest"}, + "output":{"shape":"ListDevicesForUserResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Retrieves a paginated list of devices associated with a specific user in a Wickr network. This operation returns information about all devices where the user has logged into Wickr.

", + "readonly":true + }, + "ListGuestUsers":{ + "name":"ListGuestUsers", + "http":{ + "method":"GET", + "requestUri":"/networks/{networkId}/guest-users", + "responseCode":200 + }, + "input":{"shape":"ListGuestUsersRequest"}, + "output":{"shape":"ListGuestUsersResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Retrieves a paginated list of guest users who have communicated with your Wickr network. Guest users are external users from federated networks who can communicate with network members.

", + "readonly":true + }, + "ListNetworks":{ + "name":"ListNetworks", + "http":{ + "method":"GET", + "requestUri":"/networks", + "responseCode":200 + }, + "input":{"shape":"ListNetworksRequest"}, + "output":{"shape":"ListNetworksResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Retrieves a paginated list of all Wickr networks associated with your Amazon Web Services account. You can sort the results by network ID or name.

", + "readonly":true + }, + "ListSecurityGroupUsers":{ + "name":"ListSecurityGroupUsers", + "http":{ + "method":"GET", + "requestUri":"/networks/{networkId}/security-groups/{groupId}/users", + "responseCode":200 + }, + "input":{"shape":"ListSecurityGroupUsersRequest"}, + "output":{"shape":"ListSecurityGroupUsersResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Retrieves a paginated list of users who belong to a specific security group in a Wickr network.

", + "readonly":true + }, + "ListSecurityGroups":{ + "name":"ListSecurityGroups", + "http":{ + "method":"GET", + "requestUri":"/networks/{networkId}/security-groups", + "responseCode":200 + }, + "input":{"shape":"ListSecurityGroupsRequest"}, + "output":{"shape":"ListSecurityGroupsResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Retrieves a paginated list of security groups in a specified Wickr network. You can sort the results by various criteria.

", + "readonly":true + }, + "ListUsers":{ + "name":"ListUsers", + "http":{ + "method":"GET", + "requestUri":"/networks/{networkId}/users", + "responseCode":200 + }, + "input":{"shape":"ListUsersRequest"}, + "output":{"shape":"ListUsersResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Retrieves a paginated list of users in a specified Wickr network. You can filter and sort the results based on various criteria such as name, status, or security group membership.

", + "readonly":true + }, + "RegisterOidcConfig":{ + "name":"RegisterOidcConfig", + "http":{ + "method":"POST", + "requestUri":"/networks/{networkId}/oidc/save", + "responseCode":200 + }, + "input":{"shape":"RegisterOidcConfigRequest"}, + "output":{"shape":"RegisterOidcConfigResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Registers and saves an OpenID Connect (OIDC) configuration for a Wickr network, enabling Single Sign-On (SSO) authentication through an identity provider.

" + }, + "RegisterOidcConfigTest":{ + "name":"RegisterOidcConfigTest", + "http":{ + "method":"POST", + "requestUri":"/networks/{networkId}/oidc/test", + "responseCode":200 + }, + "input":{"shape":"RegisterOidcConfigTestRequest"}, + "output":{"shape":"RegisterOidcConfigTestResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Tests an OpenID Connect (OIDC) configuration for a Wickr network by validating the connection to the identity provider and retrieving its supported capabilities.

" + }, + "UpdateBot":{ + "name":"UpdateBot", + "http":{ + "method":"PATCH", + "requestUri":"/networks/{networkId}/bots/{botId}", + "responseCode":200 + }, + "input":{"shape":"UpdateBotRequest"}, + "output":{"shape":"UpdateBotResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Updates the properties of an existing bot in a Wickr network. This operation allows you to modify the bot's display name, security group, password, or suspension status.

", + "idempotent":true + }, + "UpdateDataRetention":{ + "name":"UpdateDataRetention", + "http":{ + "method":"PATCH", + "requestUri":"/networks/{networkId}/data-retention-bots", + "responseCode":200 + }, + "input":{"shape":"UpdateDataRetentionRequest"}, + "output":{"shape":"UpdateDataRetentionResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Updates the data retention bot settings, allowing you to enable or disable the data retention service, or acknowledge the public key message.

", + "idempotent":true + }, + "UpdateGuestUser":{ + "name":"UpdateGuestUser", + "http":{ + "method":"PATCH", + "requestUri":"/networks/{networkId}/guest-users/{usernameHash}", + "responseCode":200 + }, + "input":{"shape":"UpdateGuestUserRequest"}, + "output":{"shape":"UpdateGuestUserResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Updates the block status of a guest user in a Wickr network. This operation allows you to block or unblock a guest user from accessing the network.

" + }, + "UpdateNetwork":{ + "name":"UpdateNetwork", + "http":{ + "method":"PATCH", + "requestUri":"/networks/{networkId}", + "responseCode":200 + }, + "input":{"shape":"UpdateNetworkRequest"}, + "output":{"shape":"UpdateNetworkResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Updates the properties of an existing Wickr network, such as its name or encryption key configuration.

", + "idempotent":true + }, + "UpdateNetworkSettings":{ + "name":"UpdateNetworkSettings", + "http":{ + "method":"PATCH", + "requestUri":"/networks/{networkId}/settings", + "responseCode":200 + }, + "input":{"shape":"UpdateNetworkSettingsRequest"}, + "output":{"shape":"UpdateNetworkSettingsResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Updates network-level settings for a Wickr network. You can modify settings such as client metrics, data retention, and other network-wide options.

", + "idempotent":true + }, + "UpdateSecurityGroup":{ + "name":"UpdateSecurityGroup", + "http":{ + "method":"PATCH", + "requestUri":"/networks/{networkId}/security-groups/{groupId}", + "responseCode":200 + }, + "input":{"shape":"UpdateSecurityGroupRequest"}, + "output":{"shape":"UpdateSecurityGroupResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Updates the properties of an existing security group in a Wickr network, such as its name or settings.

", + "idempotent":true + }, + "UpdateUser":{ + "name":"UpdateUser", + "http":{ + "method":"PATCH", + "requestUri":"/networks/{networkId}/users", + "responseCode":200 + }, + "input":{"shape":"UpdateUserRequest"}, + "output":{"shape":"UpdateUserResponse"}, + "errors":[ + {"shape":"ValidationError"}, + {"shape":"BadRequestError"}, + {"shape":"ResourceNotFoundError"}, + {"shape":"ForbiddenError"}, + {"shape":"UnauthorizedError"}, + {"shape":"InternalServerError"}, + {"shape":"RateLimitError"} + ], + "documentation":"

Updates the properties of an existing user in a Wickr network. This operation allows you to modify the user's name, password, security group membership, and invite code settings.

codeValidation, inviteCode, and inviteCodeTtl are restricted to networks under preview only.

", + "idempotent":true + } + }, + "shapes":{ + "AccessLevel":{ + "type":"string", + "enum":[ + "STANDARD", + "PREMIUM" + ] + }, + "AppIds":{ + "type":"list", + "member":{"shape":"GenericString"} + }, + "BadRequestError":{ + "type":"structure", + "members":{ + "message":{ + "shape":"GenericString", + "documentation":"

A detailed message explaining what was wrong with the request and how to correct it.

" + } + }, + "documentation":"

The request was invalid or malformed. This error occurs when the request parameters do not meet the API requirements, such as invalid field values, missing required parameters, or improperly formatted data.

", + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, + "BasicDeviceObject":{ + "type":"structure", + "members":{ + "appId":{ + "shape":"GenericString", + "documentation":"

The unique application ID for the Wickr app on this device.

" + }, + "created":{ + "shape":"GenericString", + "documentation":"

The timestamp when the device first appeared in the Wickr database.

" + }, + "lastLogin":{ + "shape":"GenericString", + "documentation":"

The timestamp when the device last successfully logged into Wickr. This is also used to determine SSO idle time.

" + }, + "statusText":{ + "shape":"GenericString", + "documentation":"

The current status of the device, either 'Active' or 'Reset' depending on whether the device is currently active or has been marked for reset.

" + }, + "suspend":{ + "shape":"Boolean", + "documentation":"

Indicates whether the device is suspended.

" + }, + "type":{ + "shape":"GenericString", + "documentation":"

The operating system of the device (e.g., 'MacOSX', 'Windows', 'iOS', 'Android').

" + } + }, + "documentation":"

Represents a device where a user has logged into Wickr, containing information about the device's type, status, and login history.

" + }, + "BatchCreateUserRequest":{ + "type":"structure", + "required":[ + "networkId", + "users" + ], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network where users will be created.

", + "location":"uri", + "locationName":"networkId" + }, + "users":{ + "shape":"BatchCreateUserRequestItems", + "documentation":"

A list of user objects containing the details for each user to be created, including username, name, security groups, and optional invite codes. Maximum 50 users per batch request.

" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique identifier for this request to ensure idempotency. If you retry a request with the same client token, the service will return the same response without creating duplicate users.

", + "idempotencyToken":true, + "location":"header", + "locationName":"X-Client-Token" + } + } + }, + "BatchCreateUserRequestItem":{ + "type":"structure", + "required":[ + "securityGroupIds", + "username" + ], + "members":{ + "firstName":{ + "shape":"SensitiveString", + "documentation":"

The first name of the user.

" + }, + "lastName":{ + "shape":"SensitiveString", + "documentation":"

The last name of the user.

" + }, + "securityGroupIds":{ + "shape":"SecurityGroupIdList", + "documentation":"

A list of security group IDs to which the user should be assigned.

" + }, + "username":{ + "shape":"GenericString", + "documentation":"

The email address or username for the user. Must be unique within the network.

" + }, + "inviteCode":{ + "shape":"GenericString", + "documentation":"

A custom invite code for the user. If not provided, one will be generated automatically.

" + }, + "inviteCodeTtl":{ + "shape":"Integer", + "documentation":"

The time-to-live for the invite code in days. After this period, the invite code will expire.

" + }, + "codeValidation":{ + "shape":"Boolean", + "documentation":"

Indicates whether the user can be verified through a custom invite code.

" + } + }, + "documentation":"

Contains the details for a single user to be created in a batch user creation request.

A user can only be assigned to a single security group. Attempting to add a user to multiple security groups is not supported and will result in an error.

codeValidation, inviteCode, and inviteCodeTtl are restricted to networks under preview only.

" + }, + "BatchCreateUserRequestItems":{ + "type":"list", + "member":{"shape":"BatchCreateUserRequestItem"} + }, + "BatchCreateUserResponse":{ + "type":"structure", + "members":{ + "message":{ + "shape":"GenericString", + "documentation":"

A message indicating the overall result of the batch operation.

" + }, + "successful":{ + "shape":"Users", + "documentation":"

A list of user objects that were successfully created, including their assigned user IDs and invite codes.

" + }, + "failed":{ + "shape":"BatchUserErrorResponseItems", + "documentation":"

A list of user creation attempts that failed, including error details explaining why each user could not be created.

" + } + } + }, + "BatchDeleteUserRequest":{ + "type":"structure", + "required":[ + "networkId", + "userIds" + ], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network from which users will be deleted.

", + "location":"uri", + "locationName":"networkId" + }, + "userIds":{ + "shape":"UserIds", + "documentation":"

A list of user IDs identifying the users to be deleted from the network. Maximum 50 users per batch request.

" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique identifier for this request to ensure idempotency. If you retry a request with the same client token, the service will return the same response without attempting to delete users again.

", + "idempotencyToken":true, + "location":"header", + "locationName":"X-Client-Token" + } + } + }, + "BatchDeleteUserResponse":{ + "type":"structure", + "members":{ + "message":{ + "shape":"GenericString", + "documentation":"

A message indicating the overall result of the batch deletion operation.

" + }, + "successful":{ + "shape":"BatchUserSuccessResponseItems", + "documentation":"

A list of user IDs that were successfully deleted from the network.

" + }, + "failed":{ + "shape":"BatchUserErrorResponseItems", + "documentation":"

A list of user deletion attempts that failed, including error details explaining why each user could not be deleted.

" + } + } + }, + "BatchDeviceErrorResponseItem":{ + "type":"structure", + "required":["appId"], + "members":{ + "field":{ + "shape":"GenericString", + "documentation":"

The field that caused the error.

" + }, + "reason":{ + "shape":"GenericString", + "documentation":"

A description of why the device operation failed.

" + }, + "appId":{ + "shape":"GenericString", + "documentation":"

The application ID of the device that failed to be processed.

" + } + }, + "documentation":"

Contains error information for a device operation that failed in a batch device request.

" + }, + "BatchDeviceErrorResponseItems":{ + "type":"list", + "member":{"shape":"BatchDeviceErrorResponseItem"} + }, + "BatchDeviceSuccessResponseItem":{ + "type":"structure", + "required":["appId"], + "members":{ + "appId":{ + "shape":"GenericString", + "documentation":"

The application ID of the device that was successfully processed.

" + } + }, + "documentation":"

Contains information about a device that was successfully processed in a batch device operation.

" + }, + "BatchDeviceSuccessResponseItems":{ + "type":"list", + "member":{"shape":"BatchDeviceSuccessResponseItem"} + }, + "BatchLookupUserUnameRequest":{ + "type":"structure", + "required":[ + "networkId", + "unames" + ], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network where the users will be looked up.

", + "location":"uri", + "locationName":"networkId" + }, + "unames":{ + "shape":"Unames", + "documentation":"

A list of username hashes (unames) to look up. Each uname is a unique identifier for a user's username. Maximum 50 unames per batch request.

" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique identifier for this request to ensure idempotency.

", + "idempotencyToken":true, + "location":"header", + "locationName":"X-Client-Token" + } + } + }, + "BatchLookupUserUnameResponse":{ + "type":"structure", + "members":{ + "message":{ + "shape":"GenericString", + "documentation":"

A message indicating the overall result of the batch lookup operation.

" + }, + "successful":{ + "shape":"BatchUnameSuccessResponseItems", + "documentation":"

A list of successfully resolved username hashes with their corresponding email addresses.

" + }, + "failed":{ + "shape":"BatchUnameErrorResponseItems", + "documentation":"

A list of username hash lookup attempts that failed, including error details explaining why each lookup failed.

" + } + } + }, + "BatchReinviteUserRequest":{ + "type":"structure", + "required":[ + "networkId", + "userIds" + ], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network where users will be reinvited.

", + "location":"uri", + "locationName":"networkId" + }, + "userIds":{ + "shape":"UserIds", + "documentation":"

A list of user IDs identifying the users to be reinvited to the network. Maximum 50 users per batch request.

" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique identifier for this request to ensure idempotency.

", + "idempotencyToken":true, + "location":"header", + "locationName":"X-Client-Token" + } + } + }, + "BatchReinviteUserResponse":{ + "type":"structure", + "members":{ + "message":{ + "shape":"GenericString", + "documentation":"

A message indicating the overall result of the batch reinvitation operation.

" + }, + "successful":{ + "shape":"BatchUserSuccessResponseItems", + "documentation":"

A list of user IDs that were successfully reinvited.

" + }, + "failed":{ + "shape":"BatchUserErrorResponseItems", + "documentation":"

A list of reinvitation attempts that failed, including error details explaining why each user could not be reinvited.

" + } + } + }, + "BatchResetDevicesForUserRequest":{ + "type":"structure", + "required":[ + "networkId", + "userId", + "appIds" + ], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network containing the user whose devices will be reset.

", + "location":"uri", + "locationName":"networkId" + }, + "userId":{ + "shape":"UserId", + "documentation":"

The ID of the user whose devices will be reset.

", + "location":"uri", + "locationName":"userId" + }, + "appIds":{ + "shape":"AppIds", + "documentation":"

A list of application IDs identifying the specific devices to be reset for the user. Maximum 50 devices per batch request.

" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique identifier for this request to ensure idempotency.

", + "idempotencyToken":true, + "location":"header", + "locationName":"X-Client-Token" + } + } + }, + "BatchResetDevicesForUserResponse":{ + "type":"structure", + "members":{ + "message":{ + "shape":"GenericString", + "documentation":"

A message indicating the overall result of the batch device reset operation.

" + }, + "successful":{ + "shape":"BatchDeviceSuccessResponseItems", + "documentation":"

A list of application IDs that were successfully reset.

" + }, + "failed":{ + "shape":"BatchDeviceErrorResponseItems", + "documentation":"

A list of device reset attempts that failed, including error details explaining why each device could not be reset.

" + } + } + }, + "BatchToggleUserSuspendStatusRequest":{ + "type":"structure", + "required":[ + "networkId", + "suspend", + "userIds" + ], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network where users will be suspended or unsuspended.

", + "location":"uri", + "locationName":"networkId" + }, + "suspend":{ + "shape":"Boolean", + "documentation":"

A boolean value indicating whether to suspend (true) or unsuspend (false) the specified users.

", + "location":"querystring", + "locationName":"suspend" + }, + "userIds":{ + "shape":"UserIds", + "documentation":"

A list of user IDs identifying the users whose suspend status will be toggled. Maximum 50 users per batch request.

" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique identifier for this request to ensure idempotency.

", + "idempotencyToken":true, + "location":"header", + "locationName":"X-Client-Token" + } + } + }, + "BatchToggleUserSuspendStatusResponse":{ + "type":"structure", + "members":{ + "message":{ + "shape":"GenericString", + "documentation":"

A message indicating the overall result of the batch suspend status toggle operation.

" + }, + "successful":{ + "shape":"BatchUserSuccessResponseItems", + "documentation":"

A list of user IDs whose suspend status was successfully toggled.

" + }, + "failed":{ + "shape":"BatchUserErrorResponseItems", + "documentation":"

A list of suspend status toggle attempts that failed, including error details explaining why each user's status could not be changed.

" + } + } + }, + "BatchUnameErrorResponseItem":{ + "type":"structure", + "required":["uname"], + "members":{ + "field":{ + "shape":"GenericString", + "documentation":"

The field that caused the error.

" + }, + "reason":{ + "shape":"GenericString", + "documentation":"

A description of why the username hash lookup failed.

" + }, + "uname":{ + "shape":"Uname", + "documentation":"

The username hash that failed to be looked up.

" + } + }, + "documentation":"

Contains error information for a username hash lookup that failed in a batch uname lookup request.

" + }, + "BatchUnameErrorResponseItems":{ + "type":"list", + "member":{"shape":"BatchUnameErrorResponseItem"} + }, + "BatchUnameSuccessResponseItem":{ + "type":"structure", + "required":[ + "uname", + "username" + ], + "members":{ + "uname":{ + "shape":"Uname", + "documentation":"

The username hash that was successfully resolved.

" + }, + "username":{ + "shape":"GenericString", + "documentation":"

The email address or username corresponding to the username hash.

" + } + }, + "documentation":"

Contains information about a username hash that was successfully resolved in a batch uname lookup operation.

" + }, + "BatchUnameSuccessResponseItems":{ + "type":"list", + "member":{"shape":"BatchUnameSuccessResponseItem"} + }, + "BatchUserErrorResponseItem":{ + "type":"structure", + "required":["userId"], + "members":{ + "field":{ + "shape":"GenericString", + "documentation":"

The field that caused the error.

" + }, + "reason":{ + "shape":"GenericString", + "documentation":"

A description of why the user operation failed.

" + }, + "userId":{ + "shape":"UserId", + "documentation":"

The user ID associated with the failed operation.

" + } + }, + "documentation":"

Contains error information for a user operation that failed in a batch user request.

" + }, + "BatchUserErrorResponseItems":{ + "type":"list", + "member":{"shape":"BatchUserErrorResponseItem"} + }, + "BatchUserSuccessResponseItem":{ + "type":"structure", + "required":["userId"], + "members":{ + "userId":{ + "shape":"UserId", + "documentation":"

The user ID that was successfully processed.

" + } + }, + "documentation":"

Contains information about a user that was successfully processed in a batch user operation.

" + }, + "BatchUserSuccessResponseItems":{ + "type":"list", + "member":{"shape":"BatchUserSuccessResponseItem"} + }, + "BlockedGuestUser":{ + "type":"structure", + "required":[ + "username", + "admin", + "modified", + "usernameHash" + ], + "members":{ + "username":{ + "shape":"GenericString", + "documentation":"

The username of the blocked guest user.

" + }, + "admin":{ + "shape":"GenericString", + "documentation":"

The username of the administrator who blocked this guest user.

" + }, + "modified":{ + "shape":"GenericString", + "documentation":"

The timestamp when the guest user was blocked or last modified.

" + }, + "usernameHash":{ + "shape":"GenericString", + "documentation":"

The unique username hash identifier for the blocked guest user.

" + } + }, + "documentation":"

Represents a guest user who has been blocked from accessing a Wickr network.

" + }, + "BlockedGuestUserList":{ + "type":"list", + "member":{"shape":"BlockedGuestUser"} + }, + "Boolean":{ + "type":"boolean", + "box":true + }, + "Bot":{ + "type":"structure", + "members":{ + "botId":{ + "shape":"GenericString", + "documentation":"

The unique identifier of the bot.

" + }, + "displayName":{ + "shape":"GenericString", + "documentation":"

The display name of the bot that is visible to users.

" + }, + "username":{ + "shape":"GenericString", + "documentation":"

The username of the bot.

" + }, + "uname":{ + "shape":"GenericString", + "documentation":"

The unique username hash identifier for the bot.

" + }, + "pubkey":{ + "shape":"GenericString", + "documentation":"

The public key of the bot used for encryption.

" + }, + "status":{ + "shape":"BotStatus", + "documentation":"

The current status of the bot (1 for pending, 2 for active).

" + }, + "groupId":{ + "shape":"GenericString", + "documentation":"

The ID of the security group to which the bot belongs.

" + }, + "hasChallenge":{ + "shape":"Boolean", + "documentation":"

Indicates whether the bot has a password set.

" + }, + "suspended":{ + "shape":"Boolean", + "documentation":"

Indicates whether the bot is currently suspended.

" + }, + "lastLogin":{ + "shape":"GenericString", + "documentation":"

The timestamp of the bot's last login.

" + } + }, + "documentation":"

Represents a bot account in a Wickr network with all its informational fields.

" + }, + "BotId":{ + "type":"string", + "max":10, + "min":1, + "pattern":"[0-9]+" + }, + "BotStatus":{ + "type":"integer", + "box":true + }, + "Bots":{ + "type":"list", + "member":{"shape":"Bot"} + }, + "CallingSettings":{ + "type":"structure", + "members":{ + "canStart11Call":{ + "shape":"Boolean", + "documentation":"

Specifies whether users can start one-to-one calls.

" + }, + "canVideoCall":{ + "shape":"Boolean", + "documentation":"

Specifies whether users can make video calls (as opposed to audio-only calls). Valid only when audio call(canStart11Call) is enabled.

" + }, + "forceTcpCall":{ + "shape":"Boolean", + "documentation":"

When enabled, forces all calls to use TCP protocol instead of UDP for network traversal.

" + } + }, + "documentation":"

Defines the calling feature permissions and settings for users in a security group, controlling what types of calls users can initiate and participate in.

" + }, + "ClientToken":{ + "type":"string", + "max":64, + "min":1, + "pattern":"[a-zA-Z0-9-_:]+" + }, + "CreateBotRequest":{ + "type":"structure", + "required":[ + "networkId", + "username", + "groupId", + "challenge" + ], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network where the bot will be created.

", + "location":"uri", + "locationName":"networkId" + }, + "username":{ + "shape":"GenericString", + "documentation":"

The username for the bot. This must be unique within the network and follow the network's naming conventions.

" + }, + "displayName":{ + "shape":"GenericString", + "documentation":"

The display name for the bot that will be visible to users in the network.

" + }, + "groupId":{ + "shape":"GenericString", + "documentation":"

The ID of the security group to which the bot will be assigned.

" + }, + "challenge":{ + "shape":"SensitiveString", + "documentation":"

The password for the bot account.

" + } + } + }, + "CreateBotResponse":{ + "type":"structure", + "required":["botId"], + "members":{ + "message":{ + "shape":"GenericString", + "documentation":"

A message indicating the result of the bot creation operation.

" + }, + "botId":{ + "shape":"BotId", + "documentation":"

The unique identifier assigned to the newly created bot.

" + }, + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the network where the bot was created.

" + }, + "username":{ + "shape":"GenericString", + "documentation":"

The username of the newly created bot.

" + }, + "displayName":{ + "shape":"GenericString", + "documentation":"

The display name of the newly created bot.

" + }, + "groupId":{ + "shape":"GenericString", + "documentation":"

The ID of the security group to which the bot was assigned.

" + } + } + }, + "CreateDataRetentionBotChallengeRequest":{ + "type":"structure", + "required":["networkId"], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network containing the data retention bot.

", + "location":"uri", + "locationName":"networkId" + } + } + }, + "CreateDataRetentionBotChallengeResponse":{ + "type":"structure", + "required":["challenge"], + "members":{ + "challenge":{ + "shape":"SensitiveString", + "documentation":"

The newly generated challenge password for the data retention bot.

" + } + } + }, + "CreateDataRetentionBotRequest":{ + "type":"structure", + "required":["networkId"], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network where the data retention bot will be created.

", + "location":"uri", + "locationName":"networkId" + } + } + }, + "CreateDataRetentionBotResponse":{ + "type":"structure", + "members":{ + "message":{ + "shape":"GenericString", + "documentation":"

A message indicating that the data retention bot was successfully provisioned.

" + } + } + }, + "CreateNetworkRequest":{ + "type":"structure", + "required":[ + "networkName", + "accessLevel" + ], + "members":{ + "networkName":{ + "shape":"GenericString", + "documentation":"

The name for the new network. Must be between 1 and 20 characters.

" + }, + "accessLevel":{ + "shape":"AccessLevel", + "documentation":"

The access level for the network. Valid values are STANDARD or PREMIUM, which determine the features and capabilities available to network members.

" + }, + "enablePremiumFreeTrial":{ + "shape":"Boolean", + "documentation":"

Specifies whether to enable a premium free trial for the network. It is optional and has a default value as false. When set to true, the network starts with premium features for a limited trial period.

" + }, + "encryptionKeyArn":{ + "shape":"GenericString", + "documentation":"

The ARN of the Amazon Web Services KMS customer managed key to use for encrypting sensitive data in the network.

" + } + } + }, + "CreateNetworkResponse":{ + "type":"structure", + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The unique identifier assigned to the newly created network.

" + }, + "networkName":{ + "shape":"GenericString", + "documentation":"

The name of the newly created network.

" + }, + "encryptionKeyArn":{ + "shape":"GenericString", + "documentation":"

The ARN of the KMS key being used to encrypt sensitive data in the network.

" + } + } + }, + "CreateSecurityGroupRequest":{ + "type":"structure", + "required":[ + "networkId", + "name", + "securityGroupSettings" + ], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network where the security group will be created.

", + "location":"uri", + "locationName":"networkId" + }, + "name":{ + "shape":"GenericString", + "documentation":"

The name for the new security group.

" + }, + "securityGroupSettings":{ + "shape":"SecurityGroupSettingsRequest", + "documentation":"

The configuration settings for the security group, including permissions, federation settings, and feature controls.

" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique identifier for this request to ensure idempotency.

", + "idempotencyToken":true, + "location":"header", + "locationName":"X-Client-Token" + } + } + }, + "CreateSecurityGroupResponse":{ + "type":"structure", + "required":["securityGroup"], + "members":{ + "securityGroup":{ + "shape":"SecurityGroup", + "documentation":"

The details of the newly created security group, including its ID, name, and settings.

" + } + } + }, + "DataRetentionActionType":{ + "type":"string", + "enum":[ + "ENABLE", + "DISABLE", + "PUBKEY_MSG_ACK" + ] + }, + "DeleteBotRequest":{ + "type":"structure", + "required":[ + "networkId", + "botId" + ], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network from which the bot will be deleted.

", + "location":"uri", + "locationName":"networkId" + }, + "botId":{ + "shape":"BotId", + "documentation":"

The unique identifier of the bot to be deleted.

", + "location":"uri", + "locationName":"botId" + } + } + }, + "DeleteBotResponse":{ + "type":"structure", + "members":{ + "message":{ + "shape":"GenericString", + "documentation":"

A message indicating the result of the bot deletion operation.

" + } + } + }, + "DeleteDataRetentionBotRequest":{ + "type":"structure", + "required":["networkId"], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network from which the data retention bot will be deleted.

", + "location":"uri", + "locationName":"networkId" + } + } + }, + "DeleteDataRetentionBotResponse":{ + "type":"structure", + "members":{ + "message":{ + "shape":"GenericString", + "documentation":"

A message indicating that the data retention bot and all associated data were successfully deleted.

" + } + } + }, + "DeleteNetworkRequest":{ + "type":"structure", + "required":["networkId"], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network to delete.

", + "location":"uri", + "locationName":"networkId" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique identifier for this request to ensure idempotency. If you retry a request with the same client token, the service will return the same response without attempting to delete the network again.

", + "idempotencyToken":true, + "location":"header", + "locationName":"X-Client-Token" + } + } + }, + "DeleteNetworkResponse":{ + "type":"structure", + "members":{ + "message":{ + "shape":"GenericString", + "documentation":"

A message indicating that the network deletion has been initiated successfully.

" + } + } + }, + "DeleteSecurityGroupRequest":{ + "type":"structure", + "required":[ + "networkId", + "groupId" + ], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network from which the security group will be deleted.

", + "location":"uri", + "locationName":"networkId" + }, + "groupId":{ + "shape":"GenericString", + "documentation":"

The unique identifier of the security group to delete.

", + "location":"uri", + "locationName":"groupId" + } + } + }, + "DeleteSecurityGroupResponse":{ + "type":"structure", + "members":{ + "message":{ + "shape":"GenericString", + "documentation":"

A message indicating the result of the security group deletion operation.

" + }, + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the network from which the security group was deleted.

" + }, + "groupId":{ + "shape":"GenericString", + "documentation":"

The ID of the security group that was deleted.

" + } + } + }, + "Devices":{ + "type":"list", + "member":{"shape":"BasicDeviceObject"} + }, + "ErrorDetail":{ + "type":"structure", + "members":{ + "field":{ + "shape":"GenericString", + "documentation":"

The name of the field that contains an error or warning.

" + }, + "reason":{ + "shape":"GenericString", + "documentation":"

A detailed description of the error or warning.

" + } + }, + "documentation":"

Contains detailed error information explaining why an operation failed, including which field caused the error and the reason for the failure.

" + }, + "ErrorDetailList":{ + "type":"list", + "member":{"shape":"ErrorDetail"} + }, + "ForbiddenError":{ + "type":"structure", + "members":{ + "message":{ + "shape":"GenericString", + "documentation":"

A message explaining why access was denied and what permissions are required.

" + } + }, + "documentation":"

Access to the requested resource is forbidden. This error occurs when the authenticated user does not have the necessary permissions to perform the requested operation, even though they are authenticated.

", + "error":{ + "httpStatusCode":403, + "senderFault":true + }, + "exception":true + }, + "GenericString":{ + "type":"string", + "pattern":"[\\S\\s]*" + }, + "GetBotRequest":{ + "type":"structure", + "required":[ + "networkId", + "botId" + ], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network containing the bot.

", + "location":"uri", + "locationName":"networkId" + }, + "botId":{ + "shape":"BotId", + "documentation":"

The unique identifier of the bot to retrieve.

", + "location":"uri", + "locationName":"botId" + } + } + }, + "GetBotResponse":{ + "type":"structure", + "members":{ + "botId":{ + "shape":"GenericString", + "documentation":"

The unique identifier of the bot.

" + }, + "displayName":{ + "shape":"GenericString", + "documentation":"

The display name of the bot that is visible to users.

" + }, + "username":{ + "shape":"GenericString", + "documentation":"

The username of the bot.

" + }, + "uname":{ + "shape":"GenericString", + "documentation":"

The unique username hash identifier for the bot.

" + }, + "pubkey":{ + "shape":"GenericString", + "documentation":"

The public key of the bot used for encryption.

" + }, + "status":{ + "shape":"BotStatus", + "documentation":"

The current status of the bot (1 for pending, 2 for active).

" + }, + "groupId":{ + "shape":"GenericString", + "documentation":"

The ID of the security group to which the bot belongs.

" + }, + "hasChallenge":{ + "shape":"Boolean", + "documentation":"

Indicates whether the bot has a password set.

" + }, + "suspended":{ + "shape":"Boolean", + "documentation":"

Indicates whether the bot is currently suspended.

" + }, + "lastLogin":{ + "shape":"GenericString", + "documentation":"

The timestamp of the bot's last login.

" + } + } + }, + "GetBotsCountRequest":{ + "type":"structure", + "required":["networkId"], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network for which to retrieve bot counts.

", + "location":"uri", + "locationName":"networkId" + } + } + }, + "GetBotsCountResponse":{ + "type":"structure", + "required":[ + "pending", + "active", + "total" + ], + "members":{ + "pending":{ + "shape":"Integer", + "documentation":"

The number of bots with pending status (invited but not yet activated).

" + }, + "active":{ + "shape":"Integer", + "documentation":"

The number of bots with active status.

" + }, + "total":{ + "shape":"Integer", + "documentation":"

The total number of bots in the network (active and pending).

" + } + } + }, + "GetDataRetentionBotRequest":{ + "type":"structure", + "required":["networkId"], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network containing the data retention bot.

", + "location":"uri", + "locationName":"networkId" + } + } + }, + "GetDataRetentionBotResponse":{ + "type":"structure", + "members":{ + "botName":{ + "shape":"GenericString", + "documentation":"

The name of the data retention bot.

" + }, + "botExists":{ + "shape":"Boolean", + "documentation":"

Indicates whether a data retention bot exists in the network.

" + }, + "isBotActive":{ + "shape":"Boolean", + "documentation":"

Indicates whether the data retention bot is active and operational.

" + }, + "isDataRetentionBotRegistered":{ + "shape":"Boolean", + "documentation":"

Indicates whether the data retention bot has been registered with the network.

" + }, + "isDataRetentionServiceEnabled":{ + "shape":"Boolean", + "documentation":"

Indicates whether the data retention service is enabled for the network.

" + }, + "isPubkeyMsgAcked":{ + "shape":"Boolean", + "documentation":"

Indicates whether the public key message has been acknowledged by the bot.

" + } + } + }, + "GetGuestUserHistoryCountRequest":{ + "type":"structure", + "required":["networkId"], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network for which to retrieve guest user history.

", + "location":"uri", + "locationName":"networkId" + } + } + }, + "GetGuestUserHistoryCountResponse":{ + "type":"structure", + "required":["history"], + "members":{ + "history":{ + "shape":"GuestUserHistoryCountList", + "documentation":"

A list of historical guest user counts, organized by month and billing period.

" + } + } + }, + "GetNetworkRequest":{ + "type":"structure", + "required":["networkId"], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network to retrieve.

", + "location":"uri", + "locationName":"networkId" + } + } + }, + "GetNetworkResponse":{ + "type":"structure", + "required":[ + "networkId", + "networkName", + "accessLevel", + "awsAccountId", + "networkArn" + ], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The unique identifier of the network.

" + }, + "networkName":{ + "shape":"GenericString", + "documentation":"

The name of the network.

" + }, + "accessLevel":{ + "shape":"AccessLevel", + "documentation":"

The access level of the network (STANDARD or PREMIUM), which determines available features and capabilities.

" + }, + "awsAccountId":{ + "shape":"GenericString", + "documentation":"

The Amazon Web Services account ID that owns the network.

" + }, + "networkArn":{ + "shape":"GenericString", + "documentation":"

The Amazon Resource Name (ARN) of the network.

" + }, + "standing":{ + "shape":"Integer", + "documentation":"

The current standing or status of the network.

" + }, + "freeTrialExpiration":{ + "shape":"GenericString", + "documentation":"

The expiration date and time for the network's free trial period, if applicable.

" + }, + "migrationState":{ + "shape":"Integer", + "documentation":"

The SSO redirect URI migration state, managed by the SSO redirect migration wizard. Values: 0 (not started), 1 (in progress), or 2 (completed).

" + }, + "encryptionKeyArn":{ + "shape":"GenericString", + "documentation":"

The ARN of the Amazon Web Services KMS customer managed key used for encrypting sensitive data in the network.

" + } + } + }, + "GetNetworkSettingsRequest":{ + "type":"structure", + "required":["networkId"], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network whose settings will be retrieved.

", + "location":"uri", + "locationName":"networkId" + } + } + }, + "GetNetworkSettingsResponse":{ + "type":"structure", + "required":["settings"], + "members":{ + "settings":{ + "shape":"SettingsList", + "documentation":"

A list of network settings, where each setting includes a name, value, and type.

" + } + } + }, + "GetOidcInfoRequest":{ + "type":"structure", + "required":["networkId"], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network whose OIDC configuration will be retrieved.

", + "location":"uri", + "locationName":"networkId" + }, + "clientId":{ + "shape":"GenericString", + "documentation":"

The OAuth client ID for retrieving access tokens (optional).

", + "location":"querystring", + "locationName":"clientId" + }, + "code":{ + "shape":"GenericString", + "documentation":"

The authorization code for retrieving access tokens (optional).

", + "location":"querystring", + "locationName":"code" + }, + "grantType":{ + "shape":"GenericString", + "documentation":"

The OAuth grant type for retrieving access tokens (optional).

", + "location":"querystring", + "locationName":"grantType" + }, + "redirectUri":{ + "shape":"GenericString", + "documentation":"

The redirect URI for the OAuth flow (optional).

", + "location":"querystring", + "locationName":"redirectUri" + }, + "url":{ + "shape":"GenericString", + "documentation":"

The URL for the OIDC provider (optional).

", + "location":"querystring", + "locationName":"url" + }, + "clientSecret":{ + "shape":"SensitiveString", + "documentation":"

The OAuth client secret for retrieving access tokens (optional).

", + "location":"querystring", + "locationName":"clientSecret" + }, + "codeVerifier":{ + "shape":"GenericString", + "documentation":"

The PKCE code verifier for enhanced security in the OAuth flow (optional).

", + "location":"querystring", + "locationName":"codeVerifier" + }, + "certificate":{ + "shape":"GenericString", + "documentation":"

The CA certificate for secure communication with the OIDC provider (optional).

", + "location":"querystring", + "locationName":"certificate" + } + } + }, + "GetOidcInfoResponse":{ + "type":"structure", + "members":{ + "openidConnectInfo":{ + "shape":"OidcConfigInfo", + "documentation":"

The OpenID Connect configuration information for the network, including issuer, client ID, scopes, and other SSO settings.

" + }, + "tokenInfo":{ + "shape":"OidcTokenInfo", + "documentation":"

OAuth token information including access token, refresh token, and expiration details (only present if token parameters were provided in the request).

" + } + } + }, + "GetSecurityGroupRequest":{ + "type":"structure", + "required":[ + "networkId", + "groupId" + ], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network containing the security group.

", + "location":"uri", + "locationName":"networkId" + }, + "groupId":{ + "shape":"GenericString", + "documentation":"

The unique identifier of the security group to retrieve.

", + "location":"uri", + "locationName":"groupId" + } + } + }, + "GetSecurityGroupResponse":{ + "type":"structure", + "required":["securityGroup"], + "members":{ + "securityGroup":{ + "shape":"SecurityGroup", + "documentation":"

The detailed information about the security group, including all its settings and member counts.

" + } + } + }, + "GetUserRequest":{ + "type":"structure", + "required":[ + "networkId", + "userId" + ], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network containing the user.

", + "location":"uri", + "locationName":"networkId" + }, + "userId":{ + "shape":"UserId", + "documentation":"

The unique identifier of the user to retrieve.

", + "location":"uri", + "locationName":"userId" + }, + "startTime":{ + "shape":"SyntheticTimestamp_epoch_seconds", + "documentation":"

The start time for filtering the user's last activity. Only activity after this timestamp will be considered. Time is specified in epoch seconds.

", + "location":"querystring", + "locationName":"startTime" + }, + "endTime":{ + "shape":"SyntheticTimestamp_epoch_seconds", + "documentation":"

The end time for filtering the user's last activity. Only activity before this timestamp will be considered. Time is specified in epoch seconds.

", + "location":"querystring", + "locationName":"endTime" + } + } + }, + "GetUserResponse":{ + "type":"structure", + "required":["userId"], + "members":{ + "userId":{ + "shape":"UserId", + "documentation":"

The unique identifier of the user.

" + }, + "firstName":{ + "shape":"SensitiveString", + "documentation":"

The first name of the user.

" + }, + "lastName":{ + "shape":"SensitiveString", + "documentation":"

The last name of the user.

" + }, + "username":{ + "shape":"GenericString", + "documentation":"

The email address or username of the user.

" + }, + "isAdmin":{ + "shape":"Boolean", + "documentation":"

Indicates whether the user has administrator privileges in the network.

" + }, + "suspended":{ + "shape":"Boolean", + "documentation":"

Indicates whether the user is currently suspended.

" + }, + "status":{ + "shape":"Integer", + "documentation":"

The current status of the user (1 for pending, 2 for active).

" + }, + "lastActivity":{ + "shape":"Integer", + "documentation":"

The timestamp of the user's last activity in the network, specified in epoch seconds.

" + }, + "lastLogin":{ + "shape":"Integer", + "documentation":"

The timestamp of the user's last login to the network, specified in epoch seconds.

" + }, + "securityGroupIds":{ + "shape":"SecurityGroupIdList", + "documentation":"

A list of security group IDs to which the user belongs.

" + } + } + }, + "GetUsersCountRequest":{ + "type":"structure", + "required":["networkId"], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network for which to retrieve user counts.

", + "location":"uri", + "locationName":"networkId" + } + } + }, + "GetUsersCountResponse":{ + "type":"structure", + "required":[ + "pending", + "active", + "rejected", + "remaining", + "total" + ], + "members":{ + "pending":{ + "shape":"Integer", + "documentation":"

The number of users with pending status (invited but not yet accepted).

" + }, + "active":{ + "shape":"Integer", + "documentation":"

The number of users with active status in the network.

" + }, + "rejected":{ + "shape":"Integer", + "documentation":"

The number of users who have rejected network invitations.

" + }, + "remaining":{ + "shape":"Integer", + "documentation":"

The number of additional users that can be added to the network while maintaining premium free trial eligibility.

" + }, + "total":{ + "shape":"Integer", + "documentation":"

The total number of users in the network (active and pending combined).

" + } + } + }, + "GuestUser":{ + "type":"structure", + "required":[ + "billingPeriod", + "username", + "usernameHash" + ], + "members":{ + "billingPeriod":{ + "shape":"GenericString", + "documentation":"

The billing period when this guest user accessed the network (e.g., '2024-01').

" + }, + "username":{ + "shape":"GenericString", + "documentation":"

The username of the guest user.

" + }, + "usernameHash":{ + "shape":"GenericString", + "documentation":"

The unique username hash identifier for the guest user.

" + } + }, + "documentation":"

Represents a guest user who has accessed the network from a federated Wickr network.

" + }, + "GuestUserHistoryCount":{ + "type":"structure", + "required":[ + "month", + "count" + ], + "members":{ + "month":{ + "shape":"GenericString", + "documentation":"

The month and billing period in YYYY_MM format (e.g., '2024_01').

" + }, + "count":{ + "shape":"GenericString", + "documentation":"

The number of guest users who have communicated with your Wickr network during this billing period.

" + } + }, + "documentation":"

Contains the count of guest users for a specific billing period, used for tracking historical guest user activity.

" + }, + "GuestUserHistoryCountList":{ + "type":"list", + "member":{"shape":"GuestUserHistoryCount"} + }, + "GuestUserList":{ + "type":"list", + "member":{"shape":"GuestUser"} + }, + "Integer":{ + "type":"integer", + "box":true + }, + "InternalServerError":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{ + "shape":"GenericString", + "documentation":"

A message describing the internal server error that occurred.

" + } + }, + "documentation":"

An unexpected error occurred on the server while processing the request. This indicates a problem with the Wickr service itself rather than with the request. If this error persists, contact Amazon Web Services Support.

", + "error":{"httpStatusCode":500}, + "exception":true, + "fault":true + }, + "ListBlockedGuestUsersRequest":{ + "type":"structure", + "required":["networkId"], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network from which to list blocked guest users.

", + "location":"uri", + "locationName":"networkId" + }, + "maxResults":{ + "shape":"Integer", + "documentation":"

The maximum number of blocked guest users to return in a single page. Valid range is 1-100. Default is 10.

", + "location":"querystring", + "locationName":"maxResults" + }, + "sortDirection":{ + "shape":"SortDirection", + "documentation":"

The direction to sort results. Valid values are 'ASC' (ascending) or 'DESC' (descending). Default is 'DESC'.

", + "location":"querystring", + "locationName":"sortDirection" + }, + "sortFields":{ + "shape":"GenericString", + "documentation":"

The field to sort blocked guest users by. Accepted values include 'username', 'admin', and 'modified'.

", + "location":"querystring", + "locationName":"sortFields" + }, + "username":{ + "shape":"GenericString", + "documentation":"

Filter results to only include blocked guest users with usernames matching this value.

", + "location":"querystring", + "locationName":"username" + }, + "admin":{ + "shape":"GenericString", + "documentation":"

Filter results to only include blocked guest users that were blocked by this administrator.

", + "location":"querystring", + "locationName":"admin" + }, + "nextToken":{ + "shape":"GenericString", + "documentation":"

The token for retrieving the next page of results. This is returned from a previous request when there are more results available.

", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListBlockedGuestUsersResponse":{ + "type":"structure", + "required":["blocklist"], + "members":{ + "nextToken":{ + "shape":"GenericString", + "documentation":"

The token to use for retrieving the next page of results. If this is not present, there are no more results.

" + }, + "blocklist":{ + "shape":"BlockedGuestUserList", + "documentation":"

A list of blocked guest user objects within the current page.

" + } + } + }, + "ListBotsRequest":{ + "type":"structure", + "required":["networkId"], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network from which to list bots.

", + "location":"uri", + "locationName":"networkId" + }, + "nextToken":{ + "shape":"GenericString", + "documentation":"

The token for retrieving the next page of results. This is returned from a previous request when there are more results available.

", + "location":"querystring", + "locationName":"nextToken" + }, + "maxResults":{ + "shape":"Integer", + "documentation":"

The maximum number of bots to return in a single page. Valid range is 1-100. Default is 10.

", + "location":"querystring", + "locationName":"maxResults" + }, + "sortFields":{ + "shape":"GenericString", + "documentation":"

The fields to sort bots by. Multiple fields can be specified by separating them with '+'. Accepted values include 'username', 'firstName', 'displayName', 'status', and 'groupId'.

", + "location":"querystring", + "locationName":"sortFields" + }, + "sortDirection":{ + "shape":"SortDirection", + "documentation":"

The direction to sort results. Valid values are 'ASC' (ascending) or 'DESC' (descending). Default is 'DESC'.

", + "location":"querystring", + "locationName":"sortDirection" + }, + "displayName":{ + "shape":"GenericString", + "documentation":"

Filter results to only include bots with display names matching this value.

", + "location":"querystring", + "locationName":"displayName" + }, + "username":{ + "shape":"GenericString", + "documentation":"

Filter results to only include bots with usernames matching this value.

", + "location":"querystring", + "locationName":"username" + }, + "status":{ + "shape":"BotStatus", + "documentation":"

Filter results to only include bots with this status (1 for pending, 2 for active).

", + "location":"querystring", + "locationName":"status" + }, + "groupId":{ + "shape":"GenericString", + "documentation":"

Filter results to only include bots belonging to this security group.

", + "location":"querystring", + "locationName":"groupId" + } + } + }, + "ListBotsResponse":{ + "type":"structure", + "required":["bots"], + "members":{ + "bots":{ + "shape":"Bots", + "documentation":"

A list of bot objects matching the specified filters and within the current page.

" + }, + "nextToken":{ + "shape":"GenericString", + "documentation":"

The token to use for retrieving the next page of results. If this is not present, there are no more results.

" + } + } + }, + "ListDevicesForUserRequest":{ + "type":"structure", + "required":[ + "networkId", + "userId" + ], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network containing the user.

", + "location":"uri", + "locationName":"networkId" + }, + "userId":{ + "shape":"UserId", + "documentation":"

The unique identifier of the user whose devices will be listed.

", + "location":"uri", + "locationName":"userId" + }, + "nextToken":{ + "shape":"GenericString", + "documentation":"

The token for retrieving the next page of results. This is returned from a previous request when there are more results available.

", + "location":"querystring", + "locationName":"nextToken" + }, + "maxResults":{ + "shape":"Integer", + "documentation":"

The maximum number of devices to return in a single page. Valid range is 1-100. Default is 10.

", + "location":"querystring", + "locationName":"maxResults" + }, + "sortFields":{ + "shape":"GenericString", + "documentation":"

The fields to sort devices by. Multiple fields can be specified by separating them with '+'. Accepted values include 'lastlogin', 'type', 'suspend', and 'created'.

", + "location":"querystring", + "locationName":"sortFields" + }, + "sortDirection":{ + "shape":"SortDirection", + "documentation":"

The direction to sort results. Valid values are 'ASC' (ascending) or 'DESC' (descending). Default is 'DESC'.

", + "location":"querystring", + "locationName":"sortDirection" + } + } + }, + "ListDevicesForUserResponse":{ + "type":"structure", + "required":["devices"], + "members":{ + "nextToken":{ + "shape":"GenericString", + "documentation":"

The token to use for retrieving the next page of results. If this is not present, there are no more results.

" + }, + "devices":{ + "shape":"Devices", + "documentation":"

A list of device objects associated with the user within the current page.

" + } + } + }, + "ListGuestUsersRequest":{ + "type":"structure", + "required":["networkId"], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network from which to list guest users.

", + "location":"uri", + "locationName":"networkId" + }, + "maxResults":{ + "shape":"Integer", + "documentation":"

The maximum number of guest users to return in a single page. Valid range is 1-100. Default is 10.

", + "location":"querystring", + "locationName":"maxResults" + }, + "sortDirection":{ + "shape":"SortDirection", + "documentation":"

The direction to sort results. Valid values are 'ASC' (ascending) or 'DESC' (descending). Default is 'DESC'.

", + "location":"querystring", + "locationName":"sortDirection" + }, + "sortFields":{ + "shape":"GenericString", + "documentation":"

The field to sort guest users by. Accepted values include 'username' and 'billingPeriod'.

", + "location":"querystring", + "locationName":"sortFields" + }, + "username":{ + "shape":"GenericString", + "documentation":"

Filter results to only include guest users with usernames matching this value.

", + "location":"querystring", + "locationName":"username" + }, + "billingPeriod":{ + "shape":"GenericString", + "documentation":"

Filter results to only include guest users from this billing period (e.g., '2024-01').

", + "location":"querystring", + "locationName":"billingPeriod" + }, + "nextToken":{ + "shape":"GenericString", + "documentation":"

The token for retrieving the next page of results. This is returned from a previous request when there are more results available.

", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListGuestUsersResponse":{ + "type":"structure", + "required":["guestlist"], + "members":{ + "nextToken":{ + "shape":"GenericString", + "documentation":"

The token to use for retrieving the next page of results. If this is not present, there are no more results.

" + }, + "guestlist":{ + "shape":"GuestUserList", + "documentation":"

A list of guest user objects within the current page.

" + } + } + }, + "ListNetworksRequest":{ + "type":"structure", + "members":{ + "maxResults":{ + "shape":"Integer", + "documentation":"

The maximum number of networks to return in a single page. Valid range is 1-100. Default is 10.

", + "location":"querystring", + "locationName":"maxResults" + }, + "sortFields":{ + "shape":"GenericString", + "documentation":"

The field to sort networks by. Accepted values are 'networkId' and 'networkName'. Default is 'networkId'.

", + "location":"querystring", + "locationName":"sortFields" + }, + "sortDirection":{ + "shape":"SortDirection", + "documentation":"

The direction to sort results. Valid values are 'ASC' (ascending) or 'DESC' (descending). Default is 'DESC'.

", + "location":"querystring", + "locationName":"sortDirection" + }, + "nextToken":{ + "shape":"GenericString", + "documentation":"

The token for retrieving the next page of results. This is returned from a previous request when there are more results available.

", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListNetworksResponse":{ + "type":"structure", + "required":["networks"], + "members":{ + "networks":{ + "shape":"NetworkList", + "documentation":"

A list of network objects for the Amazon Web Services account.

" + }, + "nextToken":{ + "shape":"GenericString", + "documentation":"

The token to use for retrieving the next page of results. If this is not present, there are no more results.

" + } + } + }, + "ListSecurityGroupUsersRequest":{ + "type":"structure", + "required":[ + "networkId", + "groupId" + ], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network containing the security group.

", + "location":"uri", + "locationName":"networkId" + }, + "groupId":{ + "shape":"GenericString", + "documentation":"

The unique identifier of the security group whose users will be listed.

", + "location":"uri", + "locationName":"groupId" + }, + "nextToken":{ + "shape":"GenericString", + "documentation":"

The token for retrieving the next page of results. This is returned from a previous request when there are more results available.

", + "location":"querystring", + "locationName":"nextToken" + }, + "maxResults":{ + "shape":"Integer", + "documentation":"

The maximum number of users to return in a single page. Valid range is 1-100. Default is 10.

", + "location":"querystring", + "locationName":"maxResults" + }, + "sortFields":{ + "shape":"GenericString", + "documentation":"

The field to sort users by. Multiple fields can be specified by separating them with '+'. Accepted values include 'username', 'firstName', and 'lastName'.

", + "location":"querystring", + "locationName":"sortFields" + }, + "sortDirection":{ + "shape":"SortDirection", + "documentation":"

The direction to sort results. Valid values are 'ASC' (ascending) or 'DESC' (descending). Default is 'DESC'.

", + "location":"querystring", + "locationName":"sortDirection" + } + } + }, + "ListSecurityGroupUsersResponse":{ + "type":"structure", + "required":["users"], + "members":{ + "users":{ + "shape":"Users", + "documentation":"

A list of user objects belonging to the security group within the current page.

" + }, + "nextToken":{ + "shape":"GenericString", + "documentation":"

The token to use for retrieving the next page of results. If this is not present, there are no more results.

" + } + } + }, + "ListSecurityGroupsRequest":{ + "type":"structure", + "required":["networkId"], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network from which to list security groups.

", + "location":"uri", + "locationName":"networkId" + }, + "nextToken":{ + "shape":"GenericString", + "documentation":"

The token for retrieving the next page of results. This is returned from a previous request when there are more results available.

", + "location":"querystring", + "locationName":"nextToken" + }, + "maxResults":{ + "shape":"Integer", + "documentation":"

The maximum number of security groups to return in a single page. Valid range is 1-100. Default is 10.

", + "location":"querystring", + "locationName":"maxResults" + }, + "sortFields":{ + "shape":"GenericString", + "documentation":"

The field to sort security groups by. Accepted values include 'id' and 'name'.

", + "location":"querystring", + "locationName":"sortFields" + }, + "sortDirection":{ + "shape":"SortDirection", + "documentation":"

The direction to sort results. Valid values are 'ASC' (ascending) or 'DESC' (descending). Default is 'DESC'.

", + "location":"querystring", + "locationName":"sortDirection" + } + } + }, + "ListSecurityGroupsResponse":{ + "type":"structure", + "members":{ + "securityGroups":{ + "shape":"SecurityGroupList", + "documentation":"

A list of security group objects in the current page.

" + }, + "nextToken":{ + "shape":"GenericString", + "documentation":"

The token to use for retrieving the next page of results. If this is not present, there are no more results.

" + } + } + }, + "ListUsersRequest":{ + "type":"structure", + "required":["networkId"], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network from which to list users.

", + "location":"uri", + "locationName":"networkId" + }, + "nextToken":{ + "shape":"GenericString", + "documentation":"

The token for retrieving the next page of results. This is returned from a previous request when there are more results available.

", + "location":"querystring", + "locationName":"nextToken" + }, + "maxResults":{ + "shape":"Integer", + "documentation":"

The maximum number of users to return in a single page. Valid range is 1-100. Default is 10.

", + "location":"querystring", + "locationName":"maxResults" + }, + "sortFields":{ + "shape":"GenericString", + "documentation":"

The fields to sort users by. Multiple fields can be specified by separating them with '+'. Accepted values include 'username', 'firstName', 'lastName', 'status', and 'groupId'.

", + "location":"querystring", + "locationName":"sortFields" + }, + "sortDirection":{ + "shape":"SortDirection", + "documentation":"

The direction to sort results. Valid values are 'ASC' (ascending) or 'DESC' (descending). Default is 'DESC'.

", + "location":"querystring", + "locationName":"sortDirection" + }, + "firstName":{ + "shape":"SensitiveString", + "documentation":"

Filter results to only include users with first names matching this value.

", + "location":"querystring", + "locationName":"firstName" + }, + "lastName":{ + "shape":"SensitiveString", + "documentation":"

Filter results to only include users with last names matching this value.

", + "location":"querystring", + "locationName":"lastName" + }, + "username":{ + "shape":"GenericString", + "documentation":"

Filter results to only include users with usernames matching this value.

", + "location":"querystring", + "locationName":"username" + }, + "status":{ + "shape":"UserStatus", + "documentation":"

Filter results to only include users with this status (1 for pending, 2 for active).

", + "location":"querystring", + "locationName":"status" + }, + "groupId":{ + "shape":"GenericString", + "documentation":"

Filter results to only include users belonging to this security group.

", + "location":"querystring", + "locationName":"groupId" + } + } + }, + "ListUsersResponse":{ + "type":"structure", + "members":{ + "nextToken":{ + "shape":"GenericString", + "documentation":"

The token to use for retrieving the next page of results. If this is not present, there are no more results.

" + }, + "users":{ + "shape":"Users", + "documentation":"

A list of user objects matching the specified filters and within the current page.

" + } + } + }, + "Long":{ + "type":"long", + "box":true + }, + "Network":{ + "type":"structure", + "required":[ + "networkId", + "networkName", + "accessLevel", + "awsAccountId", + "networkArn" + ], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The unique identifier of the network.

" + }, + "networkName":{ + "shape":"GenericString", + "documentation":"

The name of the network.

" + }, + "accessLevel":{ + "shape":"AccessLevel", + "documentation":"

The access level of the network (STANDARD or PREMIUM), which determines available features and capabilities.

" + }, + "awsAccountId":{ + "shape":"GenericString", + "documentation":"

The Amazon Web Services account ID that owns the network.

" + }, + "networkArn":{ + "shape":"GenericString", + "documentation":"

The Amazon Resource Name (ARN) of the network.

" + }, + "standing":{ + "shape":"Integer", + "documentation":"

The current standing or status of the network.

" + }, + "freeTrialExpiration":{ + "shape":"GenericString", + "documentation":"

The expiration date and time for the network's free trial period, if applicable.

" + }, + "migrationState":{ + "shape":"Integer", + "documentation":"

The SSO redirect URI migration state, managed by the SSO redirect migration wizard. Values: 0 (not started), 1 (in progress), or 2 (completed).

" + }, + "encryptionKeyArn":{ + "shape":"GenericString", + "documentation":"

The ARN of the Amazon Web Services KMS customer managed key used for encrypting sensitive data in the network.

" + } + }, + "documentation":"

Represents a Wickr network with all its configuration and status information.

" + }, + "NetworkId":{ + "type":"string", + "max":8, + "min":8, + "pattern":"[0-9]{8}" + }, + "NetworkList":{ + "type":"list", + "member":{"shape":"Network"} + }, + "NetworkSettings":{ + "type":"structure", + "members":{ + "enableClientMetrics":{ + "shape":"Boolean", + "documentation":"

Allows Wickr clients to send anonymized performance and usage metrics to the Wickr backend server for service improvement and troubleshooting.

" + }, + "readReceiptConfig":{ + "shape":"ReadReceiptConfig", + "documentation":"

Configuration for read receipts at the network level, controlling the default behavior for whether senders can see when their messages have been read.

" + }, + "dataRetention":{ + "shape":"Boolean", + "documentation":"

Indicates whether the data retention feature is enabled for the network. When true, messages are captured by the data retention bot for compliance and archiving purposes.

" + } + }, + "documentation":"

Contains network-level configuration settings that apply to all users and security groups within a Wickr network.

" + }, + "OidcConfigInfo":{ + "type":"structure", + "required":[ + "companyId", + "scopes", + "issuer" + ], + "members":{ + "applicationName":{ + "shape":"GenericString", + "documentation":"

The name of the OIDC application as registered with the identity provider.

" + }, + "clientId":{ + "shape":"GenericString", + "documentation":"

The OAuth client ID assigned by the identity provider for authentication requests.

" + }, + "companyId":{ + "shape":"GenericString", + "documentation":"

Custom identifier your end users will use to sign in with SSO.

" + }, + "scopes":{ + "shape":"GenericString", + "documentation":"

The OAuth scopes requested from the identity provider, which determine what user information is accessible (e.g., 'openid profile email').

" + }, + "issuer":{ + "shape":"GenericString", + "documentation":"

The issuer URL of the identity provider, which serves as the base URL for OIDC endpoints and configuration discovery.

" + }, + "clientSecret":{ + "shape":"SensitiveString", + "documentation":"

The OAuth client secret used to authenticate the application with the identity provider.

" + }, + "secret":{ + "shape":"SensitiveString", + "documentation":"

An additional secret credential used by the identity provider for authentication.

" + }, + "redirectUrl":{ + "shape":"GenericString", + "documentation":"

The callback URL where the identity provider redirects users after successful authentication. This URL must be registered with the identity provider.

" + }, + "userId":{ + "shape":"GenericString", + "documentation":"

The claim field from the OIDC token to use as the unique user identifier (e.g., 'email', 'sub', or a custom claim).

" + }, + "customUsername":{ + "shape":"GenericString", + "documentation":"

A custom field mapping to extract the username from the OIDC token when the standard username claim is insufficient.

" + }, + "caCertificate":{ + "shape":"GenericString", + "documentation":"

The X.509 CA certificate for validating SSL/TLS connections to the identity provider when using self-signed or enterprise certificates.

" + }, + "applicationId":{ + "shape":"OidcConfigInfoApplicationIdInteger", + "documentation":"

The unique identifier for the registered OIDC application. Valid range is 1-10.

" + }, + "ssoTokenBufferMinutes":{ + "shape":"Integer", + "documentation":"

The grace period in minutes before the SSO token expires when the system should proactively refresh the token to maintain seamless user access.

" + }, + "extraAuthParams":{ + "shape":"GenericString", + "documentation":"

Additional authentication parameters to include in the OIDC authorization request as a query string. Useful for provider-specific extensions.

" + } + }, + "documentation":"

Contains the OpenID Connect (OIDC) configuration information for Single Sign-On (SSO) authentication, including identity provider settings and client credentials.

" + }, + "OidcConfigInfoApplicationIdInteger":{ + "type":"integer", + "box":true, + "max":10, + "min":1 + }, + "OidcTokenInfo":{ + "type":"structure", + "members":{ + "codeVerifier":{ + "shape":"GenericString", + "documentation":"

The PKCE (Proof Key for Code Exchange) code verifier, a cryptographically random string used to enhance security in the OAuth flow.

" + }, + "codeChallenge":{ + "shape":"GenericString", + "documentation":"

The PKCE code challenge, a transformed version of the code verifier sent during the authorization request for verification.

" + }, + "accessToken":{ + "shape":"GenericString", + "documentation":"

The OAuth access token that can be used to access protected resources on behalf of the authenticated user.

" + }, + "idToken":{ + "shape":"GenericString", + "documentation":"

The OpenID Connect ID token containing user identity information and authentication context as a signed JWT.

" + }, + "refreshToken":{ + "shape":"GenericString", + "documentation":"

The OAuth refresh token that can be used to obtain new access tokens without requiring the user to re-authenticate.

" + }, + "tokenType":{ + "shape":"GenericString", + "documentation":"

The type of access token issued, typically 'Bearer', which indicates how the token should be used in API requests.

" + }, + "expiresIn":{ + "shape":"Long", + "documentation":"

The lifetime of the access token in seconds, indicating when the token will expire and need to be refreshed.

" + } + }, + "documentation":"

Contains OAuth token information returned from the identity provider, including access tokens, ID tokens, and PKCE parameters used for secure authentication.

" + }, + "PasswordRequirements":{ + "type":"structure", + "members":{ + "lowercase":{ + "shape":"Integer", + "documentation":"

The minimum number of lowercase letters required in passwords.

" + }, + "minLength":{ + "shape":"Integer", + "documentation":"

The minimum password length in characters.

" + }, + "numbers":{ + "shape":"Integer", + "documentation":"

The minimum number of numeric characters required in passwords.

" + }, + "symbols":{ + "shape":"Integer", + "documentation":"

The minimum number of special symbol characters required in passwords.

" + }, + "uppercase":{ + "shape":"Integer", + "documentation":"

The minimum number of uppercase letters required in passwords.

" + } + }, + "documentation":"

Defines password complexity requirements for users in a security group, including minimum length and character type requirements.

" + }, + "PermittedNetworksList":{ + "type":"list", + "member":{"shape":"NetworkId"} + }, + "PermittedWickrEnterpriseNetwork":{ + "type":"structure", + "required":[ + "domain", + "networkId" + ], + "members":{ + "domain":{ + "shape":"GenericString", + "documentation":"

The domain identifier for the permitted Wickr enterprise network.

" + }, + "networkId":{ + "shape":"NetworkId", + "documentation":"

The network ID of the permitted Wickr enterprise network.

" + } + }, + "documentation":"

Identifies a Wickr enterprise network that is permitted for global federation, allowing users to communicate with members of the specified network.

" + }, + "PermittedWickrEnterpriseNetworksList":{ + "type":"list", + "member":{"shape":"PermittedWickrEnterpriseNetwork"} + }, + "RateLimitError":{ + "type":"structure", + "members":{ + "message":{ + "shape":"GenericString", + "documentation":"

A message indicating that the rate limit was exceeded and suggesting when to retry.

" + } + }, + "documentation":"

The request was throttled because too many requests were sent in a short period of time. Wait a moment and retry the request. Consider implementing exponential backoff in your application.

", + "error":{ + "httpStatusCode":429, + "senderFault":true + }, + "exception":true + }, + "ReadReceiptConfig":{ + "type":"structure", + "members":{ + "status":{ + "shape":"Status", + "documentation":"

The read receipt status mode for the network.

" + } + }, + "documentation":"

Configuration for read receipts at the network level, controlling whether senders can see when their messages have been read.

" + }, + "RegisterOidcConfigRequest":{ + "type":"structure", + "required":[ + "networkId", + "companyId", + "issuer", + "scopes" + ], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network for which OIDC will be configured.

", + "location":"uri", + "locationName":"networkId" + }, + "companyId":{ + "shape":"GenericString", + "documentation":"

Custom identifier your end users will use to sign in with SSO.

" + }, + "customUsername":{ + "shape":"GenericString", + "documentation":"

A custom field mapping to extract the username from the OIDC token (optional).

The customUsername is only required if you use something other than email as the username field.

" + }, + "extraAuthParams":{ + "shape":"GenericString", + "documentation":"

Additional authentication parameters to include in the OIDC flow (optional).

" + }, + "issuer":{ + "shape":"GenericString", + "documentation":"

The issuer URL of the OIDC provider (e.g., 'https://login.example.com').

" + }, + "scopes":{ + "shape":"GenericString", + "documentation":"

The OAuth scopes to request from the OIDC provider (e.g., 'openid profile email').

" + }, + "secret":{ + "shape":"SensitiveString", + "documentation":"

The client secret for authenticating with the OIDC provider (optional).

" + }, + "ssoTokenBufferMinutes":{ + "shape":"Integer", + "documentation":"

The buffer time in minutes before the SSO token expires to refresh it (optional).

" + }, + "userId":{ + "shape":"GenericString", + "documentation":"

Unique identifier provided by your identity provider to authenticate the access request. Also referred to as clientID.

" + } + } + }, + "RegisterOidcConfigResponse":{ + "type":"structure", + "required":[ + "companyId", + "scopes", + "issuer" + ], + "members":{ + "applicationName":{ + "shape":"GenericString", + "documentation":"

The name of the registered OIDC application.

" + }, + "clientId":{ + "shape":"GenericString", + "documentation":"

The OAuth client ID assigned to the application.

" + }, + "companyId":{ + "shape":"GenericString", + "documentation":"

Custom identifier your end users will use to sign in with SSO.

" + }, + "scopes":{ + "shape":"GenericString", + "documentation":"

The OAuth scopes configured for the application.

" + }, + "issuer":{ + "shape":"GenericString", + "documentation":"

The issuer URL of the OIDC provider.

" + }, + "clientSecret":{ + "shape":"SensitiveString", + "documentation":"

The OAuth client secret for the application.

" + }, + "secret":{ + "shape":"SensitiveString", + "documentation":"

The client secret for authenticating with the OIDC provider.

" + }, + "redirectUrl":{ + "shape":"GenericString", + "documentation":"

The redirect URL configured for the OAuth flow.

" + }, + "userId":{ + "shape":"GenericString", + "documentation":"

The claim field being used as the user identifier.

" + }, + "customUsername":{ + "shape":"GenericString", + "documentation":"

The custom field mapping used for extracting the username.

" + }, + "caCertificate":{ + "shape":"GenericString", + "documentation":"

The CA certificate used for secure communication with the OIDC provider.

" + }, + "applicationId":{ + "shape":"RegisterOidcConfigResponseApplicationIdInteger", + "documentation":"

The unique identifier for the registered OIDC application.

" + }, + "ssoTokenBufferMinutes":{ + "shape":"Integer", + "documentation":"

The buffer time in minutes before the SSO token expires.

" + }, + "extraAuthParams":{ + "shape":"GenericString", + "documentation":"

The additional authentication parameters configured for the OIDC flow.

" + } + } + }, + "RegisterOidcConfigResponseApplicationIdInteger":{ + "type":"integer", + "box":true, + "max":10, + "min":1 + }, + "RegisterOidcConfigTestRequest":{ + "type":"structure", + "required":[ + "networkId", + "issuer", + "scopes" + ], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network for which the OIDC configuration will be tested.

", + "location":"uri", + "locationName":"networkId" + }, + "extraAuthParams":{ + "shape":"GenericString", + "documentation":"

Additional authentication parameters to include in the test (optional).

" + }, + "issuer":{ + "shape":"GenericString", + "documentation":"

The issuer URL of the OIDC provider to test.

" + }, + "scopes":{ + "shape":"GenericString", + "documentation":"

The OAuth scopes to test with the OIDC provider.

" + }, + "certificate":{ + "shape":"GenericString", + "documentation":"

The CA certificate for secure communication with the OIDC provider (optional).

" + } + } + }, + "RegisterOidcConfigTestResponse":{ + "type":"structure", + "members":{ + "tokenEndpoint":{ + "shape":"GenericString", + "documentation":"

The token endpoint URL discovered from the OIDC provider.

" + }, + "userinfoEndpoint":{ + "shape":"GenericString", + "documentation":"

The user info endpoint URL discovered from the OIDC provider.

" + }, + "responseTypesSupported":{ + "shape":"StringList", + "documentation":"

The OAuth response types supported by the OIDC provider.

" + }, + "scopesSupported":{ + "shape":"StringList", + "documentation":"

The OAuth scopes supported by the OIDC provider.

" + }, + "issuer":{ + "shape":"GenericString", + "documentation":"

The issuer URL confirmed by the OIDC provider.

" + }, + "authorizationEndpoint":{ + "shape":"GenericString", + "documentation":"

The authorization endpoint URL discovered from the OIDC provider.

" + }, + "endSessionEndpoint":{ + "shape":"GenericString", + "documentation":"

The end session endpoint URL for logging out users from the OIDC provider.

" + }, + "logoutEndpoint":{ + "shape":"GenericString", + "documentation":"

The logout endpoint URL for terminating user sessions.

" + }, + "grantTypesSupported":{ + "shape":"StringList", + "documentation":"

The OAuth grant types supported by the OIDC provider.

" + }, + "revocationEndpoint":{ + "shape":"GenericString", + "documentation":"

The token revocation endpoint URL for invalidating tokens.

" + }, + "tokenEndpointAuthMethodsSupported":{ + "shape":"StringList", + "documentation":"

The authentication methods supported by the token endpoint.

" + }, + "microsoftMultiRefreshToken":{ + "shape":"Boolean", + "documentation":"

Indicates whether the provider supports Microsoft multi-refresh tokens.

" + } + } + }, + "ResourceNotFoundError":{ + "type":"structure", + "members":{ + "message":{ + "shape":"GenericString", + "documentation":"

A message identifying which resource was not found.

" + } + }, + "documentation":"

The requested resource could not be found. This error occurs when you try to access or modify a network, user, bot, security group, or other resource that doesn't exist or has been deleted.

", + "error":{ + "httpStatusCode":404, + "senderFault":true + }, + "exception":true + }, + "SecurityGroup":{ + "type":"structure", + "required":[ + "activeMembers", + "botMembers", + "id", + "isDefault", + "name", + "modified", + "securityGroupSettings" + ], + "members":{ + "activeMembers":{ + "shape":"Integer", + "documentation":"

The number of active user members currently in the security group.

" + }, + "botMembers":{ + "shape":"Integer", + "documentation":"

The number of bot members currently in the security group.

" + }, + "activeDirectoryGuid":{ + "shape":"GenericString", + "documentation":"

The GUID of the Active Directory group associated with this security group, if synchronized with LDAP.

" + }, + "id":{ + "shape":"GenericString", + "documentation":"

The unique identifier of the security group.

" + }, + "isDefault":{ + "shape":"Boolean", + "documentation":"

Indicates whether this is the default security group for the network. Each network has only one default group.

" + }, + "name":{ + "shape":"GenericString", + "documentation":"

The human-readable name of the security group.

" + }, + "modified":{ + "shape":"Integer", + "documentation":"

The timestamp when the security group was last modified, specified in epoch seconds.

" + }, + "securityGroupSettings":{ + "shape":"SecurityGroupSettings", + "documentation":"

The comprehensive configuration settings that define capabilities and restrictions for members of this security group.

" + } + }, + "documentation":"

Represents a security group in a Wickr network, containing membership statistics, configuration, and all permission settings that apply to its members.

" + }, + "SecurityGroupId":{ + "type":"string", + "pattern":"[\\S]+" + }, + "SecurityGroupIdList":{ + "type":"list", + "member":{"shape":"SecurityGroupId"} + }, + "SecurityGroupList":{ + "type":"list", + "member":{"shape":"SecurityGroup"} + }, + "SecurityGroupSettings":{ + "type":"structure", + "members":{ + "alwaysReauthenticate":{ + "shape":"Boolean", + "documentation":"

Requires users to reauthenticate every time they return to the application, providing an additional layer of security.

" + }, + "atakPackageValues":{ + "shape":"SecurityGroupStringList", + "documentation":"

Configuration values for ATAK (Android Team Awareness Kit) package integration, when ATAK is enabled.

" + }, + "calling":{ + "shape":"CallingSettings", + "documentation":"

The calling feature permissions and settings that control what types of calls users can initiate and participate in.

" + }, + "checkForUpdates":{ + "shape":"Boolean", + "documentation":"

Enables automatic checking for Wickr client updates to ensure users stay current with the latest version.

" + }, + "enableAtak":{ + "shape":"Boolean", + "documentation":"

Enables ATAK (Android Team Awareness Kit) integration for tactical communication and situational awareness.

" + }, + "enableCrashReports":{ + "shape":"Boolean", + "documentation":"

Allow users to report crashes.

" + }, + "enableFileDownload":{ + "shape":"Boolean", + "documentation":"

Specifies whether users can download files from messages to their devices.

" + }, + "enableGuestFederation":{ + "shape":"Boolean", + "documentation":"

Allows users to communicate with guest users from other Wickr networks and federated external networks.

" + }, + "enableNotificationPreview":{ + "shape":"Boolean", + "documentation":"

Enables message preview text in push notifications, allowing users to see message content before opening the app.

" + }, + "enableOpenAccessOption":{ + "shape":"Boolean", + "documentation":"

Allow users to avoid censorship when they are geo-blocked or have network limitations.

" + }, + "enableRestrictedGlobalFederation":{ + "shape":"Boolean", + "documentation":"

Enables restricted global federation, limiting external communication to only specified permitted networks.

" + }, + "filesEnabled":{ + "shape":"Boolean", + "documentation":"

Enables file sharing capabilities, allowing users to send and receive files in conversations.

" + }, + "forceDeviceLockout":{ + "shape":"Integer", + "documentation":"

Defines the number of failed login attempts before data stored on the device is reset. Should be less than lockoutThreshold.

" + }, + "forceOpenAccess":{ + "shape":"Boolean", + "documentation":"

Automatically enable and enforce Wickr open access on all devices. Valid only if enableOpenAccessOption settings is enabled.

" + }, + "forceReadReceipts":{ + "shape":"Boolean", + "documentation":"

Allow user approved bots to read messages in rooms without using a slash command.

" + }, + "globalFederation":{ + "shape":"Boolean", + "documentation":"

Allows users to communicate with users on other Wickr instances (Wickr Enterprise) outside the current network.

" + }, + "isAtoEnabled":{ + "shape":"Boolean", + "documentation":"

Enforces a two-factor authentication when a user adds a new device to their account.

" + }, + "isLinkPreviewEnabled":{ + "shape":"Boolean", + "documentation":"

Enables automatic preview of links shared in messages, showing webpage thumbnails and descriptions.

" + }, + "locationAllowMaps":{ + "shape":"Boolean", + "documentation":"

Allows map integration in location sharing, enabling users to view shared locations on interactive maps. Only allowed when location setting is enabled.

" + }, + "locationEnabled":{ + "shape":"Boolean", + "documentation":"

Enables location sharing features, allowing users to share their current location with others.

" + }, + "maxAutoDownloadSize":{ + "shape":"Long", + "documentation":"

The maximum file size in bytes that will be automatically downloaded without user confirmation. Only allowed if fileDownload is enabled. Valid Values [512000 (low_quality), 7340032 (high_quality) ]

" + }, + "maxBor":{ + "shape":"Integer", + "documentation":"

The maximum burn-on-read (BOR) time in seconds, which determines how long messages remain visible before auto-deletion after being read.

" + }, + "maxTtl":{ + "shape":"Long", + "documentation":"

The maximum time-to-live (TTL) in seconds for messages, after which they will be automatically deleted from all devices.

" + }, + "messageForwardingEnabled":{ + "shape":"Boolean", + "documentation":"

Enables message forwarding, allowing users to forward messages from one conversation to another.

" + }, + "passwordRequirements":{ + "shape":"PasswordRequirements", + "documentation":"

The password complexity requirements that users must follow when creating or changing passwords.

" + }, + "presenceEnabled":{ + "shape":"Boolean", + "documentation":"

Enables presence indicators that show whether users are online, away, or offline.

" + }, + "quickResponses":{ + "shape":"SecurityGroupStringList", + "documentation":"

A list of pre-defined quick response message templates that users can send with a single tap.

" + }, + "showMasterRecoveryKey":{ + "shape":"Boolean", + "documentation":"

Users will get a master recovery key that can be used to securely sign in to their Wickr account without having access to their primary device for authentication. Available in SSO enabled network.

" + }, + "shredder":{ + "shape":"ShredderSettings", + "documentation":"

The message shredder configuration that controls secure deletion of messages and files from devices.

" + }, + "ssoMaxIdleMinutes":{ + "shape":"Integer", + "documentation":"

The duration for which users SSO session remains inactive before automatically logging them out for security. Available in SSO enabled network.

" + }, + "federationMode":{ + "shape":"Integer", + "documentation":"

The local federation mode controlling how users can communicate with other networks. Values: 0 (none), 1 (federated), 2 (restricted).

" + }, + "lockoutThreshold":{ + "shape":"Integer", + "documentation":"

The number of failed password attempts before a user account is locked out.

" + }, + "permittedNetworks":{ + "shape":"PermittedNetworksList", + "documentation":"

A list of network IDs that are permitted for local federation when federation mode is set to restricted.

" + }, + "permittedWickrAwsNetworks":{ + "shape":"WickrAwsNetworksList", + "documentation":"

A list of permitted Wickr networks for global federation, restricting communication to specific approved networks.

" + }, + "permittedWickrEnterpriseNetworks":{ + "shape":"PermittedWickrEnterpriseNetworksList", + "documentation":"

A list of permitted Wickr Enterprise networks for global federation, restricting communication to specific approved networks.

" + } + }, + "documentation":"

Comprehensive configuration settings that define all user capabilities, restrictions, and features for members of a security group. These settings control everything from calling permissions to federation settings to security policies.

" + }, + "SecurityGroupSettingsRequest":{ + "type":"structure", + "members":{ + "lockoutThreshold":{ + "shape":"Integer", + "documentation":"

The number of failed password attempts before a user account is locked out.

" + }, + "permittedNetworks":{ + "shape":"PermittedNetworksList", + "documentation":"

A list of network IDs that are permitted for local federation when federation mode is set to restricted.

" + }, + "enableGuestFederation":{ + "shape":"Boolean", + "documentation":"

Guest users let you work with people outside your organization that only have limited access to Wickr. Only valid when federationMode is set to Global.

" + }, + "globalFederation":{ + "shape":"Boolean", + "documentation":"

Allow users to securely federate with all Amazon Web Services Wickr networks and Amazon Web Services Enterprise networks.

" + }, + "federationMode":{ + "shape":"Integer", + "documentation":"

The local federation mode. Values: 0 (none), 1 (federated - all networks), 2 (restricted - only permitted networks).

" + }, + "enableRestrictedGlobalFederation":{ + "shape":"Boolean", + "documentation":"

Enables restricted global federation to limit communication to specific permitted networks only. Requires globalFederation to be enabled.

" + }, + "permittedWickrAwsNetworks":{ + "shape":"WickrAwsNetworksList", + "documentation":"

A list of permitted Amazon Web Services Wickr networks for restricted global federation.

" + }, + "permittedWickrEnterpriseNetworks":{ + "shape":"PermittedWickrEnterpriseNetworksList", + "documentation":"

A list of permitted Wickr Enterprise networks for restricted global federation.

" + } + }, + "documentation":"

Contains the security group configuration settings that can be specified when creating or updating a security group. This is a subset of SecurityGroupSettings containing only the modifiable federation and security settings.

" + }, + "SecurityGroupStringList":{ + "type":"list", + "member":{"shape":"GenericString"} + }, + "SensitiveString":{ + "type":"string", + "pattern":"[\\S\\s]*", + "sensitive":true + }, + "Setting":{ + "type":"structure", + "required":[ + "optionName", + "value", + "type" + ], + "members":{ + "optionName":{ + "shape":"GenericString", + "documentation":"

The name of the network setting (e.g., 'enableClientMetrics', 'dataRetention').

" + }, + "value":{ + "shape":"GenericString", + "documentation":"

The current value of the setting as a string. Boolean values are represented as 'true' or 'false'.

" + }, + "type":{ + "shape":"GenericString", + "documentation":"

The data type of the setting value (e.g., 'boolean', 'string', 'number').

" + } + }, + "documentation":"

Represents a single network-level configuration setting with its name, value, and data type. Settings control network-wide behaviors and features.

" + }, + "SettingsList":{ + "type":"list", + "member":{"shape":"Setting"} + }, + "ShredderSettings":{ + "type":"structure", + "members":{ + "canProcessManually":{ + "shape":"Boolean", + "documentation":"

Specifies whether users can manually trigger the shredder to delete content.

" + }, + "intensity":{ + "shape":"Integer", + "documentation":"

Prevents Wickr data from being recovered by overwriting deleted Wickr data. Valid Values: Must be one of [0, 20, 60, 100]

" + } + }, + "documentation":"

Configuration for the message shredder feature, which securely deletes messages and files from devices to prevent data recovery.

" + }, + "SortDirection":{ + "type":"string", + "enum":[ + "ASC", + "DESC" + ] + }, + "Status":{ + "type":"string", + "enum":[ + "DISABLED", + "ENABLED", + "FORCE_ENABLED" + ] + }, + "StringList":{ + "type":"list", + "member":{"shape":"GenericString"} + }, + "SyntheticTimestamp_epoch_seconds":{ + "type":"timestamp", + "timestampFormat":"unixTimestamp" + }, + "Uname":{"type":"string"}, + "Unames":{ + "type":"list", + "member":{"shape":"GenericString"} + }, + "UnauthorizedError":{ + "type":"structure", + "members":{ + "message":{ + "shape":"GenericString", + "documentation":"

A message explaining why the authentication failed.

" + } + }, + "documentation":"

The request was not authenticated or the authentication credentials were invalid. This error occurs when the request lacks valid authentication credentials or the credentials have expired.

", + "error":{ + "httpStatusCode":401, + "senderFault":true + }, + "exception":true + }, + "UpdateBotRequest":{ + "type":"structure", + "required":[ + "networkId", + "botId" + ], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network containing the bot to update.

", + "location":"uri", + "locationName":"networkId" + }, + "botId":{ + "shape":"BotId", + "documentation":"

The unique identifier of the bot to update.

", + "location":"uri", + "locationName":"botId" + }, + "displayName":{ + "shape":"GenericString", + "documentation":"

The new display name for the bot.

" + }, + "groupId":{ + "shape":"GenericString", + "documentation":"

The ID of the new security group to assign the bot to.

" + }, + "challenge":{ + "shape":"SensitiveString", + "documentation":"

The new password for the bot account.

" + }, + "suspend":{ + "shape":"Boolean", + "documentation":"

Set to true to suspend the bot or false to unsuspend it. Omit this field for standard updates that don't affect suspension status.

" + } + } + }, + "UpdateBotResponse":{ + "type":"structure", + "members":{ + "message":{ + "shape":"GenericString", + "documentation":"

A message indicating the result of the bot update operation.

" + } + } + }, + "UpdateDataRetentionRequest":{ + "type":"structure", + "required":[ + "networkId", + "actionType" + ], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network containing the data retention bot.

", + "location":"uri", + "locationName":"networkId" + }, + "actionType":{ + "shape":"DataRetentionActionType", + "documentation":"

The action to perform. Valid values are 'ENABLE' (to enable the data retention service), 'DISABLE' (to disable the service), or 'PUBKEY_MSG_ACK' (to acknowledge the public key message).

" + } + } + }, + "UpdateDataRetentionResponse":{ + "type":"structure", + "members":{ + "message":{ + "shape":"GenericString", + "documentation":"

A message indicating the result of the update operation.

" + } + } + }, + "UpdateGuestUserRequest":{ + "type":"structure", + "required":[ + "networkId", + "usernameHash", + "block" + ], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network where the guest user's status will be updated.

", + "location":"uri", + "locationName":"networkId" + }, + "usernameHash":{ + "shape":"GenericString", + "documentation":"

The username hash (unique identifier) of the guest user to update.

", + "location":"uri", + "locationName":"usernameHash" + }, + "block":{ + "shape":"Boolean", + "documentation":"

Set to true to block the guest user or false to unblock them.

" + } + } + }, + "UpdateGuestUserResponse":{ + "type":"structure", + "members":{ + "message":{ + "shape":"GenericString", + "documentation":"

A message indicating the result of the update operation.

" + } + } + }, + "UpdateNetworkRequest":{ + "type":"structure", + "required":[ + "networkId", + "networkName" + ], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network to update.

", + "location":"uri", + "locationName":"networkId" + }, + "networkName":{ + "shape":"GenericString", + "documentation":"

The new name for the network. Must be between 1 and 20 characters.

" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique identifier for this request to ensure idempotency.

", + "idempotencyToken":true, + "location":"header", + "locationName":"X-Client-Token" + }, + "encryptionKeyArn":{ + "shape":"GenericString", + "documentation":"

The ARN of the Amazon Web Services KMS customer managed key to use for encrypting sensitive data in the network.

" + } + } + }, + "UpdateNetworkResponse":{ + "type":"structure", + "members":{ + "message":{ + "shape":"GenericString", + "documentation":"

A message indicating that the network was updated successfully.

" + } + } + }, + "UpdateNetworkSettingsRequest":{ + "type":"structure", + "required":[ + "networkId", + "settings" + ], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network whose settings will be updated.

", + "location":"uri", + "locationName":"networkId" + }, + "settings":{ + "shape":"NetworkSettings", + "documentation":"

A map of setting names to their new values. Each setting should be provided with its appropriate type (boolean, string, number, etc.).

" + } + } + }, + "UpdateNetworkSettingsResponse":{ + "type":"structure", + "required":["settings"], + "members":{ + "settings":{ + "shape":"SettingsList", + "documentation":"

A list of the updated network settings, showing the new values for each modified setting.

" + } + } + }, + "UpdateSecurityGroupRequest":{ + "type":"structure", + "required":[ + "networkId", + "groupId" + ], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network containing the security group to update.

", + "location":"uri", + "locationName":"networkId" + }, + "groupId":{ + "shape":"GenericString", + "documentation":"

The unique identifier of the security group to update.

", + "location":"uri", + "locationName":"groupId" + }, + "name":{ + "shape":"GenericString", + "documentation":"

The new name for the security group.

" + }, + "securityGroupSettings":{ + "shape":"SecurityGroupSettings", + "documentation":"

The updated configuration settings for the security group.

Federation mode - 0 (Local federation), 1 (Restricted federation), 2 (Global federation)

" + } + } + }, + "UpdateSecurityGroupResponse":{ + "type":"structure", + "required":["securityGroup"], + "members":{ + "securityGroup":{ + "shape":"SecurityGroup", + "documentation":"

The updated security group details, including the new settings.

" + } + } + }, + "UpdateUserDetails":{ + "type":"structure", + "members":{ + "firstName":{ + "shape":"SensitiveString", + "documentation":"

The new first name for the user.

" + }, + "lastName":{ + "shape":"SensitiveString", + "documentation":"

The new last name for the user.

" + }, + "username":{ + "shape":"GenericString", + "documentation":"

The new username or email address for the user.

" + }, + "securityGroupIds":{ + "shape":"SecurityGroupIdList", + "documentation":"

The updated list of security group IDs to which the user should belong.

" + }, + "inviteCode":{ + "shape":"GenericString", + "documentation":"

A new custom invite code for the user.

" + }, + "inviteCodeTtl":{ + "shape":"Integer", + "documentation":"

The new time-to-live for the invite code in days.

" + }, + "codeValidation":{ + "shape":"Boolean", + "documentation":"

Indicates whether the user can be verified through a custom invite code.

" + } + }, + "documentation":"

Contains the modifiable details for updating an existing user, including name, password, security group membership, and invitation settings.

A user can only be assigned to a single security group. Attempting to add a user to multiple security groups is not supported and will result in an error.

" + }, + "UpdateUserRequest":{ + "type":"structure", + "required":[ + "networkId", + "userId" + ], + "members":{ + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the Wickr network containing the user to update.

", + "location":"uri", + "locationName":"networkId" + }, + "userId":{ + "shape":"UserId", + "documentation":"

The unique identifier of the user to update.

" + }, + "userDetails":{ + "shape":"UpdateUserDetails", + "documentation":"

An object containing the user details to be updated, such as name, password, security groups, and invite code settings.

" + } + } + }, + "UpdateUserResponse":{ + "type":"structure", + "required":[ + "userId", + "networkId", + "suspended" + ], + "members":{ + "userId":{ + "shape":"UserId", + "documentation":"

The unique identifier of the updated user.

" + }, + "networkId":{ + "shape":"NetworkId", + "documentation":"

The ID of the network where the user was updated.

" + }, + "securityGroupIds":{ + "shape":"SecurityGroupIdList", + "documentation":"

The list of security group IDs to which the user now belongs after the update.

" + }, + "firstName":{ + "shape":"SensitiveString", + "documentation":"

The updated first name of the user.

" + }, + "lastName":{ + "shape":"SensitiveString", + "documentation":"

The updated last name of the user.

" + }, + "middleName":{ + "shape":"GenericString", + "documentation":"

The middle name of the user (currently not used).

" + }, + "suspended":{ + "shape":"Boolean", + "documentation":"

Indicates whether the user is suspended after the update.

" + }, + "modified":{ + "shape":"Integer", + "documentation":"

The timestamp when the user was last modified, specified in epoch seconds.

" + }, + "status":{ + "shape":"Integer", + "documentation":"

The user's status after the update.

" + }, + "inviteCode":{ + "shape":"GenericString", + "documentation":"

The updated invite code for the user, if applicable.

" + }, + "inviteExpiration":{ + "shape":"Integer", + "documentation":"

The expiration time of the user's invite code, specified in epoch seconds.

" + }, + "codeValidation":{ + "shape":"Boolean", + "documentation":"

Indicates whether the user can be verified through a custom invite code.

" + } + } + }, + "User":{ + "type":"structure", + "members":{ + "userId":{ + "shape":"UserId", + "documentation":"

The unique identifier for the user within the network.

" + }, + "firstName":{ + "shape":"SensitiveString", + "documentation":"

The first name of the user.

" + }, + "lastName":{ + "shape":"SensitiveString", + "documentation":"

The last name of the user.

" + }, + "username":{ + "shape":"GenericString", + "documentation":"

The email address or username of the user. For bots, this must end in 'bot'.

" + }, + "securityGroups":{ + "shape":"SecurityGroupIdList", + "documentation":"

A list of security group IDs to which the user is assigned, determining their permissions and feature access.

" + }, + "isAdmin":{ + "shape":"Boolean", + "documentation":"

Indicates whether the user has administrator privileges in the network.

" + }, + "suspended":{ + "shape":"Boolean", + "documentation":"

Indicates whether the user is currently suspended and unable to access the network.

" + }, + "status":{ + "shape":"Integer", + "documentation":"

The current status of the user (1 for pending invitation, 2 for active).

" + }, + "otpEnabled":{ + "shape":"Boolean", + "documentation":"

Indicates whether one-time password (OTP) authentication is enabled for the user.

" + }, + "scimId":{ + "shape":"GenericString", + "documentation":"

The SCIM (System for Cross-domain Identity Management) identifier for the user, used for identity synchronization. Currently not used.

" + }, + "type":{ + "shape":"GenericString", + "documentation":"

The descriptive type of the user account (e.g., 'user').

" + }, + "cell":{ + "shape":"GenericString", + "documentation":"

The phone number minus country code, used for cloud deployments.

" + }, + "countryCode":{ + "shape":"GenericString", + "documentation":"

The country code for the user's phone number, used for cloud deployments.

" + }, + "challengeFailures":{ + "shape":"Integer", + "documentation":"

The number of failed password attempts for enterprise deployments, used for account lockout policies.

" + }, + "isInviteExpired":{ + "shape":"Boolean", + "documentation":"

Indicates whether the user's email invitation code has expired, applicable to cloud deployments.

" + }, + "isUser":{ + "shape":"Boolean", + "documentation":"

Indicates whether this account is a user (as opposed to a bot or other account type).

" + }, + "inviteCode":{ + "shape":"GenericString", + "documentation":"

The invitation code for this user, used during registration to join the network.

" + }, + "codeValidation":{ + "shape":"Boolean", + "documentation":"

Indicates whether the user can be verified through a custom invite code.

" + }, + "uname":{ + "shape":"GenericString", + "documentation":"

The unique identifier for the user.

" + } + }, + "documentation":"

Represents a user account in a Wickr network with detailed profile information, status, security settings, and authentication details.

codeValidation, inviteCode and inviteCodeTtl are restricted to networks under preview only.

" + }, + "UserId":{ + "type":"string", + "max":10, + "min":1, + "pattern":"[0-9]+" + }, + "UserIds":{ + "type":"list", + "member":{"shape":"UserId"} + }, + "UserStatus":{ + "type":"integer", + "box":true + }, + "Users":{ + "type":"list", + "member":{"shape":"User"} + }, + "ValidationError":{ + "type":"structure", + "members":{ + "reasons":{ + "shape":"ErrorDetailList", + "documentation":"

A list of validation error details, where each item identifies a specific field that failed validation and explains the reason for the failure.

" + } + }, + "documentation":"

One or more fields in the request failed validation. This error provides detailed information about which fields were invalid and why, allowing you to correct the request and retry.

", + "error":{ + "httpStatusCode":422, + "senderFault":true + }, + "exception":true + }, + "WickrAwsNetworks":{ + "type":"structure", + "required":[ + "region", + "networkId" + ], + "members":{ + "region":{ + "shape":"GenericString", + "documentation":"

The Amazon Web Services region identifier where the network is hosted (e.g., 'us-east-1').

" + }, + "networkId":{ + "shape":"NetworkId", + "documentation":"

The network ID of the Wickr Amazon Web Services network.

" + } + }, + "documentation":"

Identifies a Amazon Web Services Wickr network by region and network ID, used for configuring permitted networks for global federation.

" + }, + "WickrAwsNetworksList":{ + "type":"list", + "member":{"shape":"WickrAwsNetworks"} + } + }, + "documentation":"

Welcome to the Amazon Web Services Wickr API Reference.

The Amazon Web Services Wickr application programming interface (API) is designed for administrators to perform key tasks, such as creating and managing Amazon Web Services Wickr, networks, users, security groups, bots and more. This guide provides detailed information about the Amazon Web Services Wickr API, including operations, types, inputs and outputs, and error codes. You can use an Amazon Web Services SDK, the Amazon Web Services Command Line Interface (Amazon Web Services CLI, or the REST API to make API calls for Amazon Web Services Wickr.

Using Amazon Web Services SDK

The SDK clients authenticate your requests by using access keys that you provide. For more information, see Authentication and access using Amazon Web Services SDKs and tools in the Amazon Web Services SDKs and Tools Reference Guide.

Using Amazon Web Services CLI

Use your access keys with the Amazon Web Services CLI to make API calls. For more information about setting up the Amazon Web Services CLI, see Getting started with the Amazon Web Services CLI in the Amazon Web Services Command Line Interface User Guide for Version 2.

Using REST APIs

If you use REST to make API calls, you must authenticate your request by providing a signature. Amazon Web Services Wickr supports Signature Version 4. For more information, see Amazon Web Services Signature Version 4 for API requests in the Amazon Web Services Identity and Access Management User Guide.

Access and permissions to the APIs can be controlled by Amazon Web Services Identity and Access Management. The managed policy Amazon Web ServicesWickrFullAccess grants full administrative permission to the Amazon Web Services Wickr service APIs. For more information on restricting access to specific operations, see Identity and access management for Amazon Web Services Wickr in the Amazon Web Services Wickr Administration Guide.

Types of Errors:

The Amazon Web Services Wickr APIs provide an HTTP interface. HTTP defines ranges of HTTP Status Codes for different types of error responses.

  1. Client errors are indicated by HTTP Status Code class of 4xx

  2. Service errors are indicated by HTTP Status Code class of 5xx

In this reference guide, the documentation for each API has an Errors section that includes a brief discussion about HTTP status codes. We recommend looking there as part of your investigation when you get an error.

" +} diff --git a/awscli/botocore/data/wickr/2024-02-01/waiters-2.json b/awscli/botocore/data/wickr/2024-02-01/waiters-2.json new file mode 100644 index 000000000000..13f60ee66be6 --- /dev/null +++ b/awscli/botocore/data/wickr/2024-02-01/waiters-2.json @@ -0,0 +1,5 @@ +{ + "version": 2, + "waiters": { + } +} diff --git a/awscli/botocore/data/workspaces-web/2020-07-08/service-2.json b/awscli/botocore/data/workspaces-web/2020-07-08/service-2.json index ba7d033d9a7f..6be9fc27749d 100644 --- a/awscli/botocore/data/workspaces-web/2020-07-08/service-2.json +++ b/awscli/botocore/data/workspaces-web/2020-07-08/service-2.json @@ -2618,6 +2618,10 @@ "brandingConfigurationInput":{ "shape":"BrandingConfigurationCreateInput", "documentation":"

The branding configuration input that customizes the appearance of the web portal for end users. This includes a custom logo, favicon, wallpaper, localized strings, color theme, and an optional terms of service.

" + }, + "webAuthnAllowed":{ + "shape":"EnabledType", + "documentation":"

Specifies whether the user can use WebAuthn redirection for passwordless login to websites within the streaming session.

" } } }, @@ -5563,6 +5567,10 @@ "brandingConfigurationInput":{ "shape":"BrandingConfigurationUpdateInput", "documentation":"

The branding configuration that customizes the appearance of the web portal for end users. When updating user settings without an existing branding configuration, all fields (logo, favicon, wallpaper, localized strings, and color theme) are required except for terms of service. When updating user settings with an existing branding configuration, all fields are optional.

" + }, + "webAuthnAllowed":{ + "shape":"EnabledType", + "documentation":"

Specifies whether the user can use WebAuthn redirection for passwordless login to websites within the streaming session.

" } } }, @@ -5688,6 +5696,10 @@ "brandingConfiguration":{ "shape":"BrandingConfiguration", "documentation":"

The branding configuration output that customizes the appearance of the web portal for end users.

" + }, + "webAuthnAllowed":{ + "shape":"EnabledType", + "documentation":"

Specifies whether the user can use WebAuthn redirection for passwordless login to websites within the streaming session.

" } }, "documentation":"

A user settings resource that can be associated with a web portal. Once associated with a web portal, user settings control how users can transfer data between a streaming session and the their local devices.

" @@ -5747,6 +5759,10 @@ "brandingConfiguration":{ "shape":"BrandingConfiguration", "documentation":"

The branding configuration output that customizes the appearance of the web portal for end users.

" + }, + "webAuthnAllowed":{ + "shape":"EnabledType", + "documentation":"

Specifies whether the user can use WebAuthn redirection for passwordless login to websites within the streaming session.

" } }, "documentation":"

The summary of user settings.

" diff --git a/tests/functional/botocore/endpoint-rules/wickr/endpoint-tests-1.json b/tests/functional/botocore/endpoint-rules/wickr/endpoint-tests-1.json new file mode 100644 index 000000000000..29d6df91fcd7 --- /dev/null +++ b/tests/functional/botocore/endpoint-rules/wickr/endpoint-tests-1.json @@ -0,0 +1,270 @@ +{ + "testCases": [ + { + "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://admin.wickr-fips.us-east-1.api.aws" + } + }, + "params": { + "Region": "us-east-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://admin.wickr-fips.us-east-1.amazonaws.com" + } + }, + "params": { + "Region": "us-east-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://admin.wickr.us-east-1.api.aws" + } + }, + "params": { + "Region": "us-east-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://admin.wickr.us-east-1.amazonaws.com" + } + }, + "params": { + "Region": "us-east-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://admin.wickr-fips.cn-north-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "Region": "cn-north-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://admin.wickr-fips.cn-north-1.amazonaws.com.cn" + } + }, + "params": { + "Region": "cn-north-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://admin.wickr.cn-north-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "Region": "cn-north-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://admin.wickr.cn-north-1.amazonaws.com.cn" + } + }, + "params": { + "Region": "cn-north-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://admin.wickr-fips.us-gov-east-1.api.aws" + } + }, + "params": { + "Region": "us-gov-east-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://admin.wickr-fips.us-gov-east-1.amazonaws.com" + } + }, + "params": { + "Region": "us-gov-east-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://admin.wickr.us-gov-east-1.api.aws" + } + }, + "params": { + "Region": "us-gov-east-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://admin.wickr.us-gov-east-1.amazonaws.com" + } + }, + "params": { + "Region": "us-gov-east-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://admin.wickr-fips.us-iso-east-1.c2s.ic.gov" + } + }, + "params": { + "Region": "us-iso-east-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://admin.wickr.us-iso-east-1.c2s.ic.gov" + } + }, + "params": { + "Region": "us-iso-east-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://admin.wickr-fips.us-isob-east-1.sc2s.sgov.gov" + } + }, + "params": { + "Region": "us-isob-east-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://admin.wickr.us-isob-east-1.sc2s.sgov.gov" + } + }, + "params": { + "Region": "us-isob-east-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For custom endpoint with region set and fips disabled and dualstack disabled", + "expect": { + "endpoint": { + "url": "https://example.com" + } + }, + "params": { + "Region": "us-east-1", + "UseFIPS": false, + "UseDualStack": false, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "For custom endpoint with region not set and fips disabled and dualstack disabled", + "expect": { + "endpoint": { + "url": "https://example.com" + } + }, + "params": { + "UseFIPS": false, + "UseDualStack": false, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "For custom endpoint with fips enabled and dualstack disabled", + "expect": { + "error": "Invalid Configuration: FIPS and custom endpoint are not supported" + }, + "params": { + "Region": "us-east-1", + "UseFIPS": true, + "UseDualStack": false, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "For custom endpoint with fips disabled and dualstack enabled", + "expect": { + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported" + }, + "params": { + "Region": "us-east-1", + "UseFIPS": false, + "UseDualStack": true, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "Missing region", + "expect": { + "error": "Invalid Configuration: Missing Region" + } + } + ], + "version": "1.0" +} \ No newline at end of file From dd993394f0f790f2afbfb254648041921e4e4e4d Mon Sep 17 00:00:00 2001 From: aws-sdk-python-automation Date: Fri, 19 Dec 2025 19:07:16 +0000 Subject: [PATCH 33/37] Update endpoints model --- awscli/botocore/data/endpoints.json | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/awscli/botocore/data/endpoints.json b/awscli/botocore/data/endpoints.json index 5b7f70ccd42b..98429039d145 100644 --- a/awscli/botocore/data/endpoints.json +++ b/awscli/botocore/data/endpoints.json @@ -4107,6 +4107,7 @@ }, "cases" : { "endpoints" : { + "af-south-1" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-southeast-1" : { }, @@ -37877,6 +37878,11 @@ } }, "services" : { + "agreement-marketplace" : { + "endpoints" : { + "us-isob-east-1" : { } + } + }, "api.ecr" : { "endpoints" : { "us-isob-east-1" : { @@ -39795,6 +39801,11 @@ "isRegionalized" : false, "partitionEndpoint" : "aws-iso-f-global" }, + "identitystore" : { + "endpoints" : { + "us-isof-east-1" : { } + } + }, "kinesis" : { "endpoints" : { "us-isof-east-1" : { }, From 5aa7f84e68099a33fd31c65f6a21991eff221fda Mon Sep 17 00:00:00 2001 From: aws-sdk-python-automation Date: Fri, 19 Dec 2025 19:08:55 +0000 Subject: [PATCH 34/37] Bump version to 2.32.21 --- .changes/2.32.21.json | 37 +++++++++++++++++++ .../api-change-arcregionswitch-12965.json | 5 --- .../api-change-connect-57971.json | 5 --- .../api-change-emrserverless-10973.json | 5 --- .../next-release/api-change-iot-20461.json | 5 --- .../api-change-qbusiness-81372.json | 5 --- .../next-release/api-change-wickr-45774.json | 5 --- .../api-change-workspacesweb-19372.json | 5 --- CHANGELOG.rst | 12 ++++++ awscli/__init__.py | 2 +- configure | 14 +++---- configure.ac | 2 +- doc/source/conf.py | 2 +- 13 files changed, 59 insertions(+), 45 deletions(-) create mode 100644 .changes/2.32.21.json delete mode 100644 .changes/next-release/api-change-arcregionswitch-12965.json delete mode 100644 .changes/next-release/api-change-connect-57971.json delete mode 100644 .changes/next-release/api-change-emrserverless-10973.json delete mode 100644 .changes/next-release/api-change-iot-20461.json delete mode 100644 .changes/next-release/api-change-qbusiness-81372.json delete mode 100644 .changes/next-release/api-change-wickr-45774.json delete mode 100644 .changes/next-release/api-change-workspacesweb-19372.json diff --git a/.changes/2.32.21.json b/.changes/2.32.21.json new file mode 100644 index 000000000000..13f0474241d9 --- /dev/null +++ b/.changes/2.32.21.json @@ -0,0 +1,37 @@ +[ + { + "category": "``qbusiness``", + "description": "It is a internal bug fix for region expansion", + "type": "api-change" + }, + { + "category": "``iot``", + "description": "This release adds event-based logging feature that enables granular event logging controls for AWS IoT logs.", + "type": "api-change" + }, + { + "category": "``connect``", + "description": "Adding support for Custom Metrics and Pre-Defined Attributes to GetCurrentMetricData API.", + "type": "api-change" + }, + { + "category": "``workspaces-web``", + "description": "Add support for WebAuthn under user settings.", + "type": "api-change" + }, + { + "category": "``wickr``", + "description": "AWS Wickr now provides a suite of admin APIs to allow you to programmatically manage secure communication for Wickr networks at scale. These APIs enable you to automate administrative workflows including user lifecycle management, network configuration, and security group administration.", + "type": "api-change" + }, + { + "category": "``emr-serverless``", + "description": "Added JobLevelCostAllocationConfiguration field to enable cost allocation reporting at the job level, providing more granular visibility into EMR Serverless charges", + "type": "api-change" + }, + { + "category": "``arc-region-switch``", + "description": "Automatic Plan Execution Reports allow customers to maintain a concise record of their Region switch Plan executions. This enables customer SREs and leadership to have a clear view of their recovery posture based on the generated reports for their Plan executions.", + "type": "api-change" + } +] \ No newline at end of file diff --git a/.changes/next-release/api-change-arcregionswitch-12965.json b/.changes/next-release/api-change-arcregionswitch-12965.json deleted file mode 100644 index 49d72d3ede39..000000000000 --- a/.changes/next-release/api-change-arcregionswitch-12965.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``arc-region-switch``", - "description": "Automatic Plan Execution Reports allow customers to maintain a concise record of their Region switch Plan executions. This enables customer SREs and leadership to have a clear view of their recovery posture based on the generated reports for their Plan executions." -} diff --git a/.changes/next-release/api-change-connect-57971.json b/.changes/next-release/api-change-connect-57971.json deleted file mode 100644 index f8399f62e13f..000000000000 --- a/.changes/next-release/api-change-connect-57971.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``connect``", - "description": "Adding support for Custom Metrics and Pre-Defined Attributes to GetCurrentMetricData API." -} diff --git a/.changes/next-release/api-change-emrserverless-10973.json b/.changes/next-release/api-change-emrserverless-10973.json deleted file mode 100644 index f72cae3942ba..000000000000 --- a/.changes/next-release/api-change-emrserverless-10973.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``emr-serverless``", - "description": "Added JobLevelCostAllocationConfiguration field to enable cost allocation reporting at the job level, providing more granular visibility into EMR Serverless charges" -} diff --git a/.changes/next-release/api-change-iot-20461.json b/.changes/next-release/api-change-iot-20461.json deleted file mode 100644 index 8255405e7e88..000000000000 --- a/.changes/next-release/api-change-iot-20461.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``iot``", - "description": "This release adds event-based logging feature that enables granular event logging controls for AWS IoT logs." -} diff --git a/.changes/next-release/api-change-qbusiness-81372.json b/.changes/next-release/api-change-qbusiness-81372.json deleted file mode 100644 index 6fbeba115bad..000000000000 --- a/.changes/next-release/api-change-qbusiness-81372.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``qbusiness``", - "description": "It is a internal bug fix for region expansion" -} diff --git a/.changes/next-release/api-change-wickr-45774.json b/.changes/next-release/api-change-wickr-45774.json deleted file mode 100644 index 986450468a85..000000000000 --- a/.changes/next-release/api-change-wickr-45774.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``wickr``", - "description": "AWS Wickr now provides a suite of admin APIs to allow you to programmatically manage secure communication for Wickr networks at scale. These APIs enable you to automate administrative workflows including user lifecycle management, network configuration, and security group administration." -} diff --git a/.changes/next-release/api-change-workspacesweb-19372.json b/.changes/next-release/api-change-workspacesweb-19372.json deleted file mode 100644 index 409bac5bbe9a..000000000000 --- a/.changes/next-release/api-change-workspacesweb-19372.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``workspaces-web``", - "description": "Add support for WebAuthn under user settings." -} diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 47635d02d672..0bab0723151a 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -2,6 +2,18 @@ CHANGELOG ========= +2.32.21 +======= + +* api-change:``qbusiness``: It is a internal bug fix for region expansion +* api-change:``iot``: This release adds event-based logging feature that enables granular event logging controls for AWS IoT logs. +* api-change:``connect``: Adding support for Custom Metrics and Pre-Defined Attributes to GetCurrentMetricData API. +* api-change:``workspaces-web``: Add support for WebAuthn under user settings. +* api-change:``wickr``: AWS Wickr now provides a suite of admin APIs to allow you to programmatically manage secure communication for Wickr networks at scale. These APIs enable you to automate administrative workflows including user lifecycle management, network configuration, and security group administration. +* api-change:``emr-serverless``: Added JobLevelCostAllocationConfiguration field to enable cost allocation reporting at the job level, providing more granular visibility into EMR Serverless charges +* api-change:``arc-region-switch``: Automatic Plan Execution Reports allow customers to maintain a concise record of their Region switch Plan executions. This enables customer SREs and leadership to have a clear view of their recovery posture based on the generated reports for their Plan executions. + + 2.32.20 ======= diff --git a/awscli/__init__.py b/awscli/__init__.py index 38f7c38f602e..a2e8c2493d0a 100644 --- a/awscli/__init__.py +++ b/awscli/__init__.py @@ -20,7 +20,7 @@ import os import sys -__version__ = '2.32.20' +__version__ = '2.32.21' # # Get our data path to be added to botocore's search path diff --git a/configure b/configure index eeaf6000b36b..260f3a376123 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for awscli 2.32.20. +# Generated by GNU Autoconf 2.71 for awscli 2.32.21. # # # Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation, @@ -607,8 +607,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='awscli' PACKAGE_TARNAME='awscli' -PACKAGE_VERSION='2.32.20' -PACKAGE_STRING='awscli 2.32.20' +PACKAGE_VERSION='2.32.21' +PACKAGE_STRING='awscli 2.32.21' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1255,7 +1255,7 @@ _ACEOF fi if $ac_init_version; then cat <<\_ACEOF -awscli configure 2.32.20 +awscli configure 2.32.21 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. @@ -1292,7 +1292,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by awscli $as_me 2.32.20, which was +It was created by awscli $as_me 2.32.21, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -2668,7 +2668,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by awscli $as_me 2.32.20, which was +This file was extended by awscli $as_me 2.32.21, which was generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -2723,7 +2723,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -awscli config.status 2.32.20 +awscli config.status 2.32.21 configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index bb96b8914099..c5211377e2d1 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ AC_CONFIG_MACRO_DIRS([m4]) -AC_INIT([awscli], [2.32.20]) +AC_INIT([awscli], [2.32.21]) AC_CONFIG_SRCDIR([bin/aws]) AM_PATH_PYTHON([3.8]) diff --git a/doc/source/conf.py b/doc/source/conf.py index d07a59927741..c4dbe18dd6af 100644 --- a/doc/source/conf.py +++ b/doc/source/conf.py @@ -66,7 +66,7 @@ # The short X.Y version. version = '2.0' # The full version, including alpha/beta/rc tags. -release = '2.32.20' +release = '2.32.21' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. From 4ed2eac7fa02b882f2c581988dea99abfed22c45 Mon Sep 17 00:00:00 2001 From: jutyler1 Date: Mon, 22 Dec 2025 13:15:25 -0500 Subject: [PATCH 35/37] Introduce ECS Express Text-Only Mode (#9943) --- .../next-release/enhancement-ecs-81617.json | 5 + .../ecs/expressgateway/color_utils.py | 2 +- .../ecs/expressgateway/display_strategy.py | 238 ++++++ .../ecs/expressgateway/managedresource.py | 80 +- .../expressgateway/managedresourcegroup.py | 92 ++- .../ecs/expressgateway/stream_display.py | 112 +++ .../ecs/monitorexpressgatewayservice.py | 747 +++-------------- .../ecs/monitormutatinggatewayservice.py | 126 ++- .../ecs/serviceviewcollector.py | 541 ++++++++++++ .../ecs/test_monitorexpressgatewayservice.py | 298 +++++++ .../ecs/test_monitormutatinggatewayservice.py | 389 ++++++++- .../expressgateway/test_display_strategy.py | 293 +++++++ .../expressgateway/test_managedresource.py | 197 ++++- .../test_managedresourcegroup.py | 484 +++++++---- .../ecs/expressgateway/test_stream_display.py | 388 +++++++++ .../ecs/test_monitorexpressgatewayservice.py | 746 +++-------------- .../ecs/test_monitormutatinggatewayservice.py | 142 ++-- .../ecs/test_prompt_toolkit_display.py | 2 +- .../ecs/test_serviceviewcollector.py | 772 ++++++++++++++++++ 19 files changed, 4076 insertions(+), 1578 deletions(-) create mode 100644 .changes/next-release/enhancement-ecs-81617.json create mode 100644 awscli/customizations/ecs/expressgateway/display_strategy.py create mode 100644 awscli/customizations/ecs/expressgateway/stream_display.py create mode 100644 awscli/customizations/ecs/serviceviewcollector.py create mode 100644 tests/functional/ecs/test_monitorexpressgatewayservice.py create mode 100644 tests/unit/customizations/ecs/expressgateway/test_display_strategy.py create mode 100644 tests/unit/customizations/ecs/expressgateway/test_stream_display.py create mode 100644 tests/unit/customizations/ecs/test_serviceviewcollector.py diff --git a/.changes/next-release/enhancement-ecs-81617.json b/.changes/next-release/enhancement-ecs-81617.json new file mode 100644 index 000000000000..f82cf000587a --- /dev/null +++ b/.changes/next-release/enhancement-ecs-81617.json @@ -0,0 +1,5 @@ +{ + "type": "enhancement", + "category": "``ecs``", + "description": "Introduces a text-only mode to the existing ECS Express Mode service commands. Text-only mode can be enabled via using the ``--mode TEXT-ONLY`` flag with the ``ecs monitor-express-gateway-service`` command, or via using the ``--monitor-mode TEXT-ONLY`` and ``--monitor-resources`` flags with the ``ecs create-express-gateway-service``, ``ecs update-express-gateway-service``, or ``ecs delete-express-gateway-service`` commands." +} diff --git a/awscli/customizations/ecs/expressgateway/color_utils.py b/awscli/customizations/ecs/expressgateway/color_utils.py index 038120df60ae..7335d22f0877 100644 --- a/awscli/customizations/ecs/expressgateway/color_utils.py +++ b/awscli/customizations/ecs/expressgateway/color_utils.py @@ -24,7 +24,7 @@ class ColorUtils: def __init__(self): # Initialize colorama - init(autoreset=True, strip=False) + init(autoreset=False, strip=False) def make_green(self, text, use_color=True): if not use_color: diff --git a/awscli/customizations/ecs/expressgateway/display_strategy.py b/awscli/customizations/ecs/expressgateway/display_strategy.py new file mode 100644 index 000000000000..a92ac9de6b7e --- /dev/null +++ b/awscli/customizations/ecs/expressgateway/display_strategy.py @@ -0,0 +1,238 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). You +# may not use this file except in compliance with the License. A copy of +# the License is located at +# +# http://aws.amazon.com/apache2.0/ +# +# or in the "license" file accompanying this file. This file is +# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF +# ANY KIND, either express or implied. See the License for the specific +# language governing permissions and limitations under the License. + +"""Display strategy implementations for ECS Express Gateway Service monitoring.""" + +import asyncio +import time + +from botocore.exceptions import ClientError +from colorama import Style + +from awscli.customizations.ecs.exceptions import MonitoringError +from awscli.customizations.ecs.expressgateway.stream_display import ( + StreamDisplay, +) +from awscli.customizations.utils import uni_print + + +class DisplayStrategy: + """Base class for display strategies. + + Each strategy controls its own execution model, timing, and output format. + """ + + def execute_monitoring(self, collector, start_time, timeout_minutes): + """Execute the monitoring loop. + + Args: + collector: ServiceViewCollector instance for data fetching + start_time: Start timestamp for timeout calculation + timeout_minutes: Maximum monitoring duration in minutes + """ + raise NotImplementedError + + +class InteractiveDisplayStrategy(DisplayStrategy): + """Interactive display strategy with async spinner and keyboard navigation. + + Uses dual async tasks: + - Data task: Polls ECS APIs every 5 seconds + - Spinner task: Updates display every 100ms with rotating spinner + """ + + def __init__(self, display, use_color): + """Initialize the interactive display strategy. + + Args: + display: Display instance from prompt_toolkit_display module + providing the interactive terminal interface + use_color: Whether to use colored output + """ + self.display = display + self.use_color = use_color + + def execute_monitoring(self, collector, start_time, timeout_minutes): + """Execute async monitoring with spinner and keyboard controls.""" + try: + final_output, timed_out = asyncio.run( + self._execute_async(collector, start_time, timeout_minutes) + ) + if timed_out: + uni_print(final_output + "\nMonitoring timed out!\n") + else: + uni_print(final_output + "\nMonitoring Complete!\n") + finally: + uni_print(Style.RESET_ALL) + + async def _execute_async(self, collector, start_time, timeout_minutes): + """Async execution with dual tasks for data and spinner.""" + spinner_chars = "⠋⠙⠹⠸⠼⠴⠦⠧⠇⠏" + spinner_index = 0 + current_output = "Waiting for initial data" + timed_out = False + + async def update_data(): + nonlocal current_output, timed_out + while True: + current_time = time.time() + if current_time - start_time > timeout_minutes * 60: + timed_out = True + # Only exit if app is running to avoid "Application is not running" error + if self.display.app.is_running: + self.display.app.exit() + break + + try: + loop = asyncio.get_event_loop() + new_output = await loop.run_in_executor( + None, collector.get_current_view, "{SPINNER}" + ) + current_output = new_output + except ClientError as e: + if ( + e.response.get('Error', {}).get('Code') + == 'InvalidParameterException' + ): + error_message = e.response.get('Error', {}).get( + 'Message', '' + ) + if ( + "Cannot call DescribeServiceRevisions for a service that is INACTIVE" + in error_message + ): + current_output = "Service is inactive" + else: + raise + else: + raise + + await asyncio.sleep(5.0) + + async def update_spinner(): + nonlocal spinner_index + while True: + spinner_char = spinner_chars[spinner_index] + display_output = current_output.replace( + "{SPINNER}", spinner_char + ) + status_text = f"Getting updates... {spinner_char} | up/down to scroll, q to quit" + self.display.display(display_output, status_text) + spinner_index = (spinner_index + 1) % len(spinner_chars) + await asyncio.sleep(0.1) + + data_task = asyncio.create_task(update_data()) + spinner_task = asyncio.create_task(update_spinner()) + display_task = None + + try: + display_task = asyncio.create_task(self.display.run()) + + done, pending = await asyncio.wait( + [display_task, data_task], return_when=asyncio.FIRST_COMPLETED + ) + + if data_task in done: + # Retrieve and re-raise any exception from the task. + # asyncio.wait() doesn't retrieve exceptions itself. + exc = data_task.exception() + if exc: + raise exc + + # Cancel pending tasks + for task in pending: + task.cancel() + # Await cancelled task to ensure proper cleanup and prevent + # warnings about unawaited tasks + try: + await task + except asyncio.CancelledError: + pass + + finally: + # Ensure display app is properly shut down + # Only exit if app is running to avoid "Application is not running" error + if self.display.app.is_running: + self.display.app.exit() + spinner_task.cancel() + if display_task is not None and not display_task.done(): + display_task.cancel() + # Await cancelled task to ensure proper cleanup and prevent + # warnings about unawaited tasks + try: + await display_task + except asyncio.CancelledError: + pass + + return current_output.replace("{SPINNER}", ""), timed_out + + +class TextOnlyDisplayStrategy(DisplayStrategy): + """Text-only display strategy with diff detection and timestamped output. + + Uses synchronous polling loop with change detection to output only + individual resource changes with timestamps. + """ + + def __init__(self, use_color): + self.stream_display = StreamDisplay(use_color) + + def execute_monitoring(self, collector, start_time, timeout_minutes): + """Execute synchronous monitoring with text output.""" + self.stream_display.show_startup_message() + + try: + while True: + current_time = time.time() + if current_time - start_time > timeout_minutes * 60: + self.stream_display.show_timeout_message() + break + + try: + collector.get_current_view("") + + # Extract cached result for diff detection + managed_resources, info = collector.cached_monitor_result + + self.stream_display.show_monitoring_data( + managed_resources, info + ) + + except ClientError as e: + if ( + e.response.get('Error', {}).get('Code') + == 'InvalidParameterException' + ): + error_message = e.response.get('Error', {}).get( + 'Message', '' + ) + if ( + "Cannot call DescribeServiceRevisions for a service that is INACTIVE" + in error_message + ): + self.stream_display.show_service_inactive_message() + break + else: + raise + else: + raise + + time.sleep(5.0) + + except KeyboardInterrupt: + self.stream_display.show_user_stop_message() + except MonitoringError as e: + self.stream_display.show_error_message(e) + finally: + self.stream_display.show_completion_message() + uni_print(Style.RESET_ALL) diff --git a/awscli/customizations/ecs/expressgateway/managedresource.py b/awscli/customizations/ecs/expressgateway/managedresource.py index f4b3303bf678..07bb8070723a 100644 --- a/awscli/customizations/ecs/expressgateway/managedresource.py +++ b/awscli/customizations/ecs/expressgateway/managedresource.py @@ -12,7 +12,7 @@ # language governing permissions and limitations under the License. import sys -from datetime import datetime +from datetime import datetime, timezone import dateutil.parser @@ -113,6 +113,58 @@ def get_status_string(self, spinner_char, depth=0, use_color=True): lines.append("") return '\n'.join(lines) + def get_stream_string(self, timestamp, use_color=True): + """Returns the resource information formatted for stream/text-only display. + + Args: + timestamp (str): Timestamp string to prefix the output + use_color (bool): Whether to use ANSI color codes (default: True) + + Returns: + str: Formatted string with timestamp prefix and bracket-enclosed status + """ + lines = [] + parts = [f"[{timestamp}]"] + + # If both resource_type and identifier are None, show a placeholder + if not self.resource_type and not self.identifier: + parts.append( + self.color_utils.make_cyan("Unknown Resource", use_color) + ) + else: + if self.resource_type: + parts.append( + self.color_utils.make_cyan(self.resource_type, use_color) + ) + + if self.identifier: + colored_id = self.color_utils.color_by_status( + self.identifier, self.status, use_color + ) + parts.append(colored_id) + + if self.status: + status_text = self.color_utils.color_by_status( + self.status, self.status, use_color + ) + parts.append(f"[{status_text}]") + + lines.append(" ".join(parts)) + + if self.reason: + lines.append(f" Reason: {self.reason}") + + if self.updated_at: + updated_time = datetime.fromtimestamp( + self.updated_at, tz=timezone.utc + ).strftime("%Y-%m-%d %H:%M:%SZ") + lines.append(f" Last Updated At: {updated_time}") + + if self.additional_info: + lines.append(f" Info: {self.additional_info}") + + return "\n".join(lines) + def combine(self, other_resource): """Returns the version of the resource which has the most up to date timestamp. @@ -130,22 +182,28 @@ def combine(self, other_resource): else other_resource ) - def diff(self, other_resource): - """Returns a tuple of (self_diff, other_diff) for resources that are different. + def compare_properties(self, other_resource): + """Compares individual resource properties to detect changes. + + This compares properties like status, reason, updated_at, additional_info + to detect if a resource has changed between polls. Args: other_resource (ManagedResource): Resource to compare against Returns: - tuple: (self_diff, other_diff) where: - - self_diff (ManagedResource): This resource if different, None if same - - other_diff (ManagedResource): Other resource if different, None if same + bool: True if properties differ, False if same """ if not other_resource: - return (self, None) - if ( + # No previous resource means it's new/different + return True + + # Resources are different if any field differs + return ( self.resource_type != other_resource.resource_type or self.identifier != other_resource.identifier - ): - return (self, other_resource) - return (None, None) + or self.status != other_resource.status + or self.reason != other_resource.reason + or self.updated_at != other_resource.updated_at + or self.additional_info != other_resource.additional_info + ) diff --git a/awscli/customizations/ecs/expressgateway/managedresourcegroup.py b/awscli/customizations/ecs/expressgateway/managedresourcegroup.py index b5643bc3b355..1bf3080cd6b2 100644 --- a/awscli/customizations/ecs/expressgateway/managedresourcegroup.py +++ b/awscli/customizations/ecs/expressgateway/managedresourcegroup.py @@ -39,7 +39,7 @@ def __init__( ): self.resource_type = resource_type self.identifier = identifier - # maintain input ordering + # Maintain input ordering self.sorted_resource_keys = [ self._create_key(resource) for resource in resources ] @@ -57,6 +57,86 @@ def _create_key(self, resource): identifier = resource.identifier if resource.identifier else "" return resource_type + "/" + identifier + def get_stream_string(self, timestamp, use_color=True): + """Returns flattened stream strings for all resources in the group. + + Args: + timestamp (str): Timestamp string to prefix each resource + use_color (bool): Whether to use ANSI color codes (default: True) + + Returns: + str: All flattened resources formatted for stream display, separated by newlines + """ + flat_resources = [] + + for resource in self.resource_mapping.values(): + if isinstance(resource, ManagedResourceGroup): + # Recursively flatten nested groups + nested = resource.get_stream_string(timestamp, use_color) + if nested: + flat_resources.append(nested) + elif isinstance(resource, ManagedResource): + # Get stream string for individual resource + flat_resources.append( + resource.get_stream_string(timestamp, use_color) + ) + + return "\n".join(flat_resources) + + def get_changed_resources(self, previous_resources_dict): + """Get flattened list of resources that have changed properties. + + Compares individual resource properties (status, reason, updated_at, etc.) + against previous state to detect changes. This is used for change detection + in TEXT-ONLY mode, NOT for DEPLOYMENT diff (use compare_resource_sets for that). + + Args: + previous_resources_dict: Dict of {(resource_type, identifier): ManagedResource} + from previous poll. Can be empty dict for first poll. + + Returns: + tuple: (changed_resources, updated_dict, removed_keys) + - changed_resources: List of ManagedResource that changed or None if no changes + - updated_dict: Updated dict with current resources for next comparison + - removed_keys: Set of keys that were removed since last poll + """ + current_resources = self._flatten_to_list() + changed_resources = [] + updated_dict = {} + + for resource in current_resources: + resource_key = (resource.resource_type, resource.identifier) + previous_resource = previous_resources_dict.get(resource_key) + + if not previous_resource: + changed_resources.append(resource) + else: + if resource.compare_properties(previous_resource): + changed_resources.append(resource) + + updated_dict[resource_key] = resource + + current_keys = { + (r.resource_type, r.identifier) for r in current_resources + } + removed_keys = set(previous_resources_dict.keys()) - current_keys + + return ( + changed_resources if changed_resources else None, + updated_dict, + removed_keys, + ) + + def _flatten_to_list(self): + """Flatten this resource group into a list of individual resources.""" + flat_list = [] + for resource in self.resource_mapping.values(): + if isinstance(resource, ManagedResourceGroup): + flat_list.extend(resource._flatten_to_list()) + elif isinstance(resource, ManagedResource): + flat_list.append(resource) + return flat_list + def is_terminal(self): return not self.resource_mapping or all( [ @@ -188,8 +268,12 @@ def _combine_child_resources(self, resource_a, resource_b): else: return resource_b - def diff(self, other_resource_group): - """Returns two ManagedResourceGroups representing unique resources in each group. + def compare_resource_sets(self, other_resource_group): + """Compares resource SETS between two groups to find additions/removals. + + This is used for DEPLOYMENT view to show which resources were added or removed + between service configurations, NOT for detecting property changes within + individual resources (that's compare_properties() in ManagedResource). Args: other_resource_group (ManagedResourceGroup): Resource group to compare against @@ -218,7 +302,7 @@ def diff(self, other_resource_group): common_keys = self_keys & other_keys common_diff = { - key: self.resource_mapping[key].diff( + key: self.resource_mapping[key].compare_resource_sets( other_resource_group.resource_mapping.get(key) ) for key in common_keys diff --git a/awscli/customizations/ecs/expressgateway/stream_display.py b/awscli/customizations/ecs/expressgateway/stream_display.py new file mode 100644 index 000000000000..821bdc8a7b10 --- /dev/null +++ b/awscli/customizations/ecs/expressgateway/stream_display.py @@ -0,0 +1,112 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). You +# may not use this file except in compliance with the License. A copy of +# the License is located at +# +# http://aws.amazon.com/apache2.0/ +# +# or in the "license" file accompanying this file. This file is +# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF +# ANY KIND, either express or implied. See the License for the specific +# language governing permissions and limitations under the License. + +"""Stream display implementation for ECS Express Gateway Service monitoring.""" + +import time +from datetime import datetime, timezone + +from awscli.customizations.ecs.expressgateway.managedresourcegroup import ( + ManagedResourceGroup, +) +from awscli.customizations.utils import uni_print + + +class StreamDisplay: + """Stream display for monitoring that outputs changes to stdout. + + Provides text-based monitoring output suitable for non-interactive + environments, logging, or piping to other commands. + """ + + def __init__(self, use_color=True): + self.previous_resources_by_key = {} + self.use_color = use_color + + def show_startup_message(self): + """Show startup message.""" + timestamp = self._get_timestamp() + uni_print(f"[{timestamp}] Starting monitoring...\n") + + def show_polling_message(self): + """Show polling message.""" + timestamp = self._get_timestamp() + uni_print(f"[{timestamp}] Polling for updates...\n") + + def show_monitoring_data(self, resource_group, info): + """Show monitoring data for resources with diff detection. + + Args: + resource_group: ManagedResourceGroup or None + info: Additional info text to display + """ + timestamp = self._get_timestamp() + + if resource_group: + ( + changed_resources, + updated_dict, + removed_keys, + ) = resource_group.get_changed_resources( + self.previous_resources_by_key + ) + + self.previous_resources_by_key = updated_dict + + if changed_resources: + self._print_flattened_resources_list( + changed_resources, timestamp + ) + + if info: + uni_print(f"[{timestamp}] {info}\n") + + def _print_flattened_resources_list(self, resources_list, timestamp): + """Print individual resources from a flat list as timestamped lines. + + Args: + resources_list: List of ManagedResource objects to print + timestamp: Timestamp string to prefix each line + """ + for resource in resources_list: + output = resource.get_stream_string(timestamp, self.use_color) + uni_print(output + "\n") + + def show_timeout_message(self): + """Show timeout message.""" + timestamp = self._get_timestamp() + uni_print(f"[{timestamp}] Monitoring timeout reached!\n") + + def show_service_inactive_message(self): + """Show service inactive message.""" + timestamp = self._get_timestamp() + uni_print(f"[{timestamp}] Service is inactive\n") + + def show_completion_message(self): + """Show completion message.""" + timestamp = self._get_timestamp() + uni_print(f"[{timestamp}] Monitoring complete!\n") + + def show_user_stop_message(self): + """Show user stop message.""" + timestamp = self._get_timestamp() + uni_print(f"[{timestamp}] Monitoring stopped by user\n") + + def show_error_message(self, error): + """Show error message.""" + timestamp = self._get_timestamp() + uni_print(f"[{timestamp}] Error: {error}\n") + + def _get_timestamp(self): + """Get formatted timestamp.""" + return datetime.now(timezone.utc).strftime("%Y-%m-%d %H:%M:%SZ") diff --git a/awscli/customizations/ecs/monitorexpressgatewayservice.py b/awscli/customizations/ecs/monitorexpressgatewayservice.py index 3004fe69ecc9..66128f619b5e 100644 --- a/awscli/customizations/ecs/monitorexpressgatewayservice.py +++ b/awscli/customizations/ecs/monitorexpressgatewayservice.py @@ -18,10 +18,17 @@ allowing users to track resource creation progress, deployment status, and service health through an interactive command-line interface with live updates and visual indicators. -The module implements two primary monitoring modes: +The data collection logic is handled by ServiceViewCollector, which parses AWS resources and +formats monitoring output. This module focuses on display and user interaction. + +The module implements two resource view modes: - RESOURCE: Displays all resources associated with the service - DEPLOYMENT: Shows resources that have changed in the most recent deployment +And two display modes: +- INTERACTIVE: Real-time display with spinner and keyboard navigation (requires TTY) +- TEXT-ONLY: Text output with timestamps and change detection (works without TTY) + Key Features: - Real-time progress monitoring with spinner animations - Diff-based resource tracking for deployment changes @@ -33,30 +40,24 @@ ECSExpressGatewayServiceWatcher: Core monitoring logic and resource tracking Usage: - aws ecs monitor-express-gateway-service --service-arn [--resource-view RESOURCE|DEPLOYMENT] + aws ecs monitor-express-gateway-service --service-arn [--resource-view RESOURCE|DEPLOYMENT] [--mode INTERACTIVE|TEXT-ONLY] """ -import asyncio import sys -import threading import time -from functools import reduce from botocore.exceptions import ClientError from awscli.customizations.commands import BasicCommand from awscli.customizations.ecs.exceptions import MonitoringError -from awscli.customizations.ecs.expressgateway.managedresource import ( - ManagedResource, -) -from awscli.customizations.ecs.expressgateway.managedresourcegroup import ( - ManagedResourceGroup, +from awscli.customizations.ecs.expressgateway.display_strategy import ( + InteractiveDisplayStrategy, + TextOnlyDisplayStrategy, ) from awscli.customizations.ecs.prompt_toolkit_display import Display +from awscli.customizations.ecs.serviceviewcollector import ServiceViewCollector from awscli.customizations.utils import uni_print -TIMESTAMP_FORMAT = "%Y-%m-%dT%H:%M:%SZ" - class ECSMonitorExpressGatewayService(BasicCommand): """AWS CLI command for monitoring ECS Express Gateway Service deployments. @@ -69,14 +70,16 @@ class ECSMonitorExpressGatewayService(BasicCommand): DESCRIPTION = ( "Monitors the progress of resource creation for an ECS Express Gateway Service. " - "This command provides real-time monitoring of service deployments with interactive " - "progress display, showing the status of load balancers, security groups, auto-scaling " + "This command provides real-time monitoring of service deployments showing the status " + "of load balancers, security groups, auto-scaling " "configurations, and other AWS resources as they are created or updated. " "Use ``--resource-view RESOURCE`` to view all service resources, or ``--resource-view DEPLOYMENT`` to track only " "resources that have changed in the most recent deployment. " - "The command requires a terminal (TTY) to run and the monitoring session continues " - "until manually stopped by the user or the specified timeout is reached. " - "Use keyboard shortcuts to navigate: up/down to scroll through resources, 'q' to quit monitoring." + "Choose ``--mode INTERACTIVE`` for real-time display with keyboard navigation (requires TTY), " + "or ``--mode TEXT-ONLY`` for text output with timestamps (works without TTY). " + "The monitoring session continues until manually stopped by the user or the specified timeout is reached. " + "In INTERACTIVE mode, use keyboard shortcuts: up/down to scroll through resources, 'q' to quit. " + "In TEXT-ONLY mode, press Ctrl+C to stop monitoring." ) ARG_TABLE = [ @@ -101,6 +104,16 @@ class ECSMonitorExpressGatewayService(BasicCommand): 'default': 'RESOURCE', 'choices': ['RESOURCE', 'DEPLOYMENT'], }, + { + 'name': 'mode', + 'help_text': ( + "Display mode for monitoring output. " + "INTERACTIVE (default if TTY available) - Real-time display with spinner and keyboard navigation. " + "TEXT-ONLY - Text output with timestamps and change detection (works without TTY)." + ), + 'required': False, + 'choices': ['INTERACTIVE', 'TEXT-ONLY'], + }, { 'name': 'timeout', 'help_text': ( @@ -131,15 +144,12 @@ def _run_main(self, parsed_args, parsed_globals): parsed_globals: Global CLI configuration including region and endpoint """ try: - # Check if running in a TTY for interactive display - if not sys.stdout.isatty(): - uni_print( - "Error: This command requires a TTY. " - "Please run this command in a terminal.", - sys.stderr, - ) - return 1 + display_mode = self._determine_display_mode(parsed_args.mode) + except ValueError as e: + uni_print(f"aws: [ERROR]: {str(e)}", sys.stderr) + return 1 + try: self._client = self._session.create_client( 'ecs', region_name=parsed_globals.region, @@ -154,14 +164,52 @@ def _run_main(self, parsed_args, parsed_globals): self._client, parsed_args.service_arn, parsed_args.resource_view, + display_mode, timeout_minutes=parsed_args.timeout, use_color=use_color, ).exec() except MonitoringError as e: uni_print(f"Error monitoring service: {e}", sys.stderr) + return 1 + + def _determine_display_mode(self, requested_mode): + """Determine and validate the display mode. + + Args: + requested_mode: User-requested mode ('interactive', 'text-only', or None) + + Returns: + str: Validated display mode ('interactive' or 'text-only') + + Raises: + ValueError: If interactive mode is requested without TTY + """ + # Determine display mode with auto-detection + if requested_mode is None: + # Auto-detect: interactive if TTY available, else text-only + return 'INTERACTIVE' if sys.stdout.isatty() else 'TEXT-ONLY' + + # Validate requested mode + if requested_mode == 'INTERACTIVE': + if not sys.stdout.isatty(): + raise ValueError( + "Interactive mode requires a TTY (terminal). " + "Use --mode TEXT-ONLY for non-interactive environments." + ) + return 'INTERACTIVE' + + # text-only mode doesn't require TTY + return requested_mode def _should_use_color(self, parsed_globals): - """Determine if color output should be used based on global settings.""" + """Determine if color output should be used based on global settings. + + Args: + parsed_globals: Global CLI configuration + + Returns: + bool: True if color should be used + """ if parsed_globals.color == 'on': return True elif parsed_globals.color == 'off': @@ -180,7 +228,8 @@ class ECSExpressGatewayServiceWatcher: Args: client: ECS client for API calls service_arn (str): ARN of the service to monitor - mode (str): Monitoring mode - 'RESOURCE' or 'DEPLOYMENT' + resource_view (str): Resource view mode - 'RESOURCE' or 'DEPLOYMENT' + display_mode (str): Display mode - 'INTERACTIVE' or 'TEXT-ONLY' timeout_minutes (int): Maximum monitoring time in minutes (default: 30) """ @@ -188,21 +237,24 @@ def __init__( self, client, service_arn, - mode, + resource_view, + display_mode, timeout_minutes=30, - display=None, + display_strategy=None, use_color=True, + collector=None, ): - self._client = client self.service_arn = service_arn - self.mode = mode + self.display_mode = display_mode self.timeout_minutes = timeout_minutes - self.last_described_gateway_service_response = None - self.last_execution_time = 0 - self.cached_monitor_result = None self.start_time = time.time() self.use_color = use_color - self.display = display or Display() + self.display_strategy = ( + display_strategy or self._create_display_strategy() + ) + self.collector = collector or ServiceViewCollector( + client, service_arn, resource_view, use_color + ) @staticmethod def is_monitoring_available(): @@ -210,620 +262,27 @@ def is_monitoring_available(): return sys.stdout.isatty() def exec(self): - """Start monitoring the express gateway service with progress display.""" - - def monitor_service(spinner_char): - return self._monitor_express_gateway_service( - spinner_char, self.service_arn, self.mode - ) - - asyncio.run(self._execute_with_progress_async(monitor_service, 100)) - - async def _execute_with_progress_async( - self, execution, progress_refresh_millis, execution_refresh_millis=5000 - ): - """Execute monitoring loop with animated progress display.""" - spinner_chars = "⠋⠙⠹⠸⠼⠴⠦⠧⠇⠏" - spinner_index = 0 - - # Initialize with basic service resource - service_resource = ManagedResource("Service", self.service_arn) - initial_output = service_resource.get_status_string( - spinner_char="{SPINNER}", use_color=self.use_color - ) - current_output = initial_output - - async def update_data(): - nonlocal current_output - while True: - current_time = time.time() - if current_time - self.start_time > self.timeout_minutes * 60: - break - try: - loop = asyncio.get_event_loop() - new_output = await loop.run_in_executor( - None, execution, "{SPINNER}" - ) - current_output = new_output - except ClientError as e: - if ( - e.response.get('Error', {}).get('Code') - == 'InvalidParameterException' - ): - error_message = e.response.get('Error', {}).get( - 'Message', '' - ) - if ( - "Cannot call DescribeServiceRevisions for a service that is INACTIVE" - in error_message - ): - current_output = "Service is inactive" - else: - raise - else: - raise - await asyncio.sleep(execution_refresh_millis / 1000.0) - - async def update_spinner(): - nonlocal spinner_index - while True: - spinner_char = spinner_chars[spinner_index] - display_output = current_output.replace( - "{SPINNER}", spinner_char - ) - status_text = f"Getting updates... {spinner_char} | up/down to scroll, q to quit" - self.display.display(display_output, status_text) - spinner_index = (spinner_index + 1) % len(spinner_chars) - await asyncio.sleep(progress_refresh_millis / 1000.0) - - # Start both tasks - data_task = asyncio.create_task(update_data()) - spinner_task = asyncio.create_task(update_spinner()) - - try: - await self.display.run() - finally: - data_task.cancel() - spinner_task.cancel() - final_output = current_output.replace("{SPINNER}", "") - uni_print(final_output + "\nMonitoring Complete!\n") - - def _monitor_express_gateway_service( - self, spinner_char, service_arn, mode, execution_refresh_millis=5000 - ): - """Monitor service status and return formatted output. - - Args: - spinner_char (char): Character to print representing progress (unused with single spinner) - execution_refresh_millis (int): Refresh interval in milliseconds - service_arn (str): Service ARN to monitor - mode (str): Monitoring mode ('RESOURCE' or 'DEPLOYMENT') - - Returns: - str: Formatted status output - """ - current_time = time.time() - - if ( - current_time - self.last_execution_time - >= execution_refresh_millis / 1000.0 - ): - try: - describe_gateway_service_response = ( - self._client.describe_express_gateway_service( - serviceArn=service_arn - ) - ) - if not describe_gateway_service_response: - self.cached_monitor_result = ( - None, - "Trying to describe gateway service", - ) - elif ( - not ( - service := describe_gateway_service_response.get( - "service" - ) - ) - or not service.get("serviceArn") - or not service.get("activeConfigurations") - ): - self.cached_monitor_result = ( - None, - "Trying to describe gateway service", - ) - else: - self.last_described_gateway_service_response = ( - describe_gateway_service_response - ) - described_gateway_service = ( - describe_gateway_service_response.get("service") - ) - - if mode == "DEPLOYMENT": - managed_resources, info = self._diff_service_view( - described_gateway_service - ) - else: - managed_resources, info = self._combined_service_view( - described_gateway_service - ) - - service_resources = [ - self._parse_cluster(described_gateway_service), - self._parse_service(described_gateway_service), - ] - if managed_resources: - service_resources.append(managed_resources) - service_resource = ManagedResourceGroup( - resources=service_resources - ) - self._update_cached_monitor_results(service_resource, info) - except ClientError as e: - if ( - e.response.get('Error', {}).get('Code') - == 'InvalidParameterException' - ): - error_message = e.response.get('Error', {}).get( - 'Message', '' - ) - if ( - "Cannot call DescribeServiceRevisions for a service that is INACTIVE" - in error_message - ): - empty_resource_group = ManagedResourceGroup() - self._update_cached_monitor_results( - empty_resource_group, "Service is inactive" - ) - else: - raise - else: - raise - - self.last_execution_time = current_time - - if not self.cached_monitor_result: - return "Waiting for initial data" - else: - # Generate the output every iteration. This allow the underlying resources to utilize spinners - service_resource, info = self.cached_monitor_result - status_string = ( - service_resource.get_status_string( - spinner_char=spinner_char, use_color=self.use_color - ) - if service_resource - else None - ) - - output = "\n".join([x for x in [status_string, info] if x]) - return output - - def _diff_service_view(self, describe_gateway_service_response): - """Generate diff view showing changes in the latest deployment. - - Computes differences between source and target service revisions to show - what resources are being updated or disassociated in the current deployment. - - Args: - describe_gateway_service_response (dict): Service description from API - - Returns: - tuple: (resources, info_output) where: - - resources (ManagedResourceGroup): Diff view of resources - - info_output (str): Informational messages - """ - service_arn = describe_gateway_service_response.get("serviceArn") - list_service_deployments_response = ( - self._client.list_service_deployments( - service=service_arn, maxResults=1 - ) + """Execute monitoring using the appropriate display strategy.""" + self.display_strategy.execute_monitoring( + collector=self.collector, + start_time=self.start_time, + timeout_minutes=self.timeout_minutes, ) - listed_service_deployments = self._validate_and_parse_response( - list_service_deployments_response, - "ListServiceDeployments", - expected_field="serviceDeployments", - ) - if ( - not listed_service_deployments - or "serviceDeploymentArn" not in listed_service_deployments[0] - ): - return ( - None, - "Waiting for a deployment to start", - ) - deployment_arn = listed_service_deployments[0].get( - "serviceDeploymentArn" - ) - - describe_service_deployments_response = ( - self._client.describe_service_deployments( - serviceDeploymentArns=[deployment_arn] - ) - ) - described_service_deployments = self._validate_and_parse_response( - describe_service_deployments_response, - "DescribeServiceDeployments", - expected_field="serviceDeployments", - eventually_consistent=True, - ) - described_service_deployment = described_service_deployments[0] - if ( - not described_service_deployment - or not described_service_deployment.get("targetServiceRevision") - ): - return ( - None, - "Waiting for a deployment to start", - ) - - target_sr = described_service_deployment.get( - "targetServiceRevision" - ).get("arn") - - target_sr_resources_list, described_target_sr_list = ( - self._describe_and_parse_service_revisions([target_sr]) - ) - if len(target_sr_resources_list) != 1: - return (None, "Trying to describe service revisions") - target_sr_resources = target_sr_resources_list[0] - described_target_sr = described_target_sr_list[0] - - task_def_arn = described_target_sr.get("taskDefinition") - if "sourceServiceRevisions" in described_service_deployment: - source_sr_resources, _ = ( - self._describe_and_parse_service_revisions( - [ - sr.get("arn") - for sr in described_service_deployment.get( - "sourceServiceRevisions" - ) - ] - ) - ) - if len(source_sr_resources) != len( - described_service_deployment.get("sourceServiceRevisions") - ): - return (None, "Trying to describe service revisions)") - source_sr_resources_combined = reduce( - lambda x, y: x.combine(y), source_sr_resources - ) - else: - source_sr_resources_combined = ManagedResourceGroup() - - updating_resources, disassociating_resources = ( - target_sr_resources.diff(source_sr_resources_combined) - ) - updating_resources.resource_type = "Updating" - disassociating_resources.resource_type = "Disassociating" - service_resources = ManagedResourceGroup( - resource_type="Deployment", - identifier=deployment_arn, - status=described_service_deployment.get("status"), - reason=described_service_deployment.get("statusReason"), - resources=[ - ManagedResource( - resource_type="TargetServiceRevision", identifier=target_sr - ), - ManagedResource( - resource_type="TaskDefinition", identifier=task_def_arn - ), - updating_resources, - disassociating_resources, - ], - ) - return service_resources, None - - def _combined_service_view(self, describe_gateway_service_response): - """Generate combined view of all active service resources. - - Extracts and combines resources from all active service configurations, - resolving conflicts by taking the version with the latest timestamp. - - Args: - describe_gateway_service_response (dict): Service description from API + def _create_display_strategy(self): + """Create display strategy based on display mode. Returns: - tuple: (resources, info_output) where: - - resources (ManagedResourceGroup): Combined view of all resources - - info_output (str): Informational messages - """ - service_revision_arns = [ - config.get("serviceRevisionArn") - for config in describe_gateway_service_response.get( - "activeConfigurations" - ) - ] - service_revision_resources, _ = ( - self._describe_and_parse_service_revisions(service_revision_arns) - ) - - if len(service_revision_resources) != len(service_revision_arns): - return (None, "Trying to describe service revisions") - - service_resource = reduce( - lambda x, y: x.combine(y), service_revision_resources - ) - - return service_resource, None - - def _update_cached_monitor_results(self, resource, info): - """Update cached monitoring results with new data. - - Args: - resource: New resource data (replaces existing if provided) - info: New info message (always replaces existing) - """ - if not self.cached_monitor_result: - self.cached_monitor_result = (resource, info) - else: - self.cached_monitor_result = ( - resource or self.cached_monitor_result[0], - info, - ) - - def _validate_and_parse_response( - self, - response, - operation_name, - expected_field=None, - eventually_consistent=False, - ): - """Validate API response and extract expected field. - - Args: - response: API response to validate - operation_name: Name of the operation for error messages - expected_field: Field to extract from response (optional) - eventually_consistent: Whether to filter out MISSING failures - - Returns: - Extracted field value or None if no expected_field specified + DisplayStrategy: Appropriate strategy for the selected mode Raises: - MonitoringError: If response is invalid or missing required fields + ValueError: If display mode is not 'INTERACTIVE' or 'TEXT-ONLY' """ - if not response: - raise MonitoringError(f"{operation_name} response is empty") - - self._parse_failures(response, operation_name, eventually_consistent) - - if not expected_field: - return None - - if response.get(expected_field) is None: - raise MonitoringError( - f"{operation_name} response is missing {expected_field}" + if self.display_mode == 'TEXT-ONLY': + return TextOnlyDisplayStrategy(use_color=self.use_color) + elif self.display_mode == 'INTERACTIVE': + return InteractiveDisplayStrategy( + display=Display(), use_color=self.use_color ) - return response.get(expected_field) - - def _parse_failures(self, response, operation_name, eventually_consistent): - """Parse and raise errors for API response failures. - - Args: - response: API response to check for failures - operation_name: Name of the operation for error messages - eventually_consistent: Whether to filter out MISSING failures for eventually consistent operations - - Raises: - MonitoringError: If failures are found in the response - """ - failures = response.get("failures") - - if not failures: - return - - if any(not f.get('arn') or not f.get('reason') for f in failures): - raise MonitoringError( - "Invalid failure response: missing arn or reason" - ) - - if eventually_consistent: - failures = [ - failure - for failure in failures - if failure.get("reason") != "MISSING" - ] - - if not failures: - return - - failure_msgs = [ - f"{f['arn']} failed with {f['reason']}" for f in failures - ] - joined_msgs = '\n'.join(failure_msgs) - raise MonitoringError(f"{operation_name}:\n{joined_msgs}") - - def _describe_and_parse_service_revisions(self, arns): - """Describe and parse service revisions into managed resources. - - Args: - arns (list): List of service revision ARNs to describe - - Returns: - tuple: (parsed_resources, described_revisions) where: - - parsed_resources (list): List of ManagedResourceGroup objects - - described_revisions (list): Raw API response data - """ - # API supports up to 20 arns, DescribeExpressGatewayService should never return more than 5 - describe_service_revisions_response = ( - self._client.describe_service_revisions(serviceRevisionArns=arns) - ) - described_service_revisions = self._validate_and_parse_response( - describe_service_revisions_response, - "DescribeServiceRevisions", - expected_field="serviceRevisions", - eventually_consistent=True, - ) - - return [ - self._parse_ecs_managed_resources(sr) - for sr in described_service_revisions - ], described_service_revisions - - def _parse_cluster(self, service): - return ManagedResource("Cluster", service.get("cluster")) - - def _parse_service(self, service): - service_arn = service.get("serviceArn") - cluster = service.get("cluster") - describe_service_response = self._client.describe_services( - cluster=cluster, services=[service_arn] - ) - described_service = self._validate_and_parse_response( - describe_service_response, "DescribeServices", "services" - )[0] - return ManagedResource( - "Service", - service.get("serviceArn"), - additional_info=described_service - and described_service.get("events")[0].get("message") - if described_service.get("events") - else None, - ) - - def _parse_ecs_managed_resources(self, service_revision): - managed_resources = service_revision.get("ecsManagedResources") - if not managed_resources: - return ManagedResourceGroup() - - parsed_resources = [] - if "ingressPaths" in managed_resources: - parsed_resources.append( - ManagedResourceGroup( - resource_type="IngressPaths", - resources=[ - self._parse_ingress_path_resources(ingress_path) - for ingress_path in managed_resources.get( - "ingressPaths" - ) - ], - ) - ) - if "autoScaling" in managed_resources: - parsed_resources.append( - self._parse_auto_scaling_configuration( - managed_resources.get("autoScaling") - ) - ) - if "metricAlarms" in managed_resources: - parsed_resources.append( - self._parse_metric_alarms( - managed_resources.get("metricAlarms") - ) - ) - if "serviceSecurityGroups" in managed_resources: - parsed_resources.append( - self._parse_service_security_groups( - managed_resources.get("serviceSecurityGroups") - ) - ) - if "logGroups" in managed_resources: - parsed_resources.append( - self._parse_log_groups(managed_resources.get("logGroups")) - ) - return ManagedResourceGroup(resources=parsed_resources) - - def _parse_ingress_path_resources(self, ingress_path): - resources = [] - if ingress_path.get("loadBalancer"): - resources.append( - self._parse_managed_resource( - ingress_path.get("loadBalancer"), "LoadBalancer" - ) - ) - if ingress_path.get("loadBalancerSecurityGroups"): - resources.extend( - self._parse_managed_resource_list( - ingress_path.get("loadBalancerSecurityGroups"), - "LoadBalancerSecurityGroup", - ) - ) - if ingress_path.get("certificate"): - resources.append( - self._parse_managed_resource( - ingress_path.get("certificate"), "Certificate" - ) - ) - if ingress_path.get("listener"): - resources.append( - self._parse_managed_resource( - ingress_path.get("listener"), "Listener" - ) - ) - if ingress_path.get("rule"): - resources.append( - self._parse_managed_resource(ingress_path.get("rule"), "Rule") - ) - if ingress_path.get("targetGroups"): - resources.extend( - self._parse_managed_resource_list( - ingress_path.get("targetGroups"), "TargetGroup" - ) - ) - return ManagedResourceGroup( - resource_type="IngressPath", - identifier=ingress_path.get("endpoint"), - resources=resources, - ) - - def _parse_auto_scaling_configuration(self, auto_scaling_configuration): - resources = [] - if auto_scaling_configuration.get("scalableTarget"): - resources.append( - self._parse_managed_resource( - auto_scaling_configuration.get("scalableTarget"), - "ScalableTarget", - ) - ) - if auto_scaling_configuration.get("applicationAutoScalingPolicies"): - resources.extend( - self._parse_managed_resource_list( - auto_scaling_configuration.get( - "applicationAutoScalingPolicies" - ), - "ApplicationAutoScalingPolicy", - ) - ) - return ManagedResourceGroup( - resource_type="AutoScalingConfiguration", resources=resources - ) - - def _parse_metric_alarms(self, metric_alarms): - return ManagedResourceGroup( - resource_type="MetricAlarms", - resources=self._parse_managed_resource_list( - metric_alarms, "MetricAlarm" - ), - ) - - def _parse_service_security_groups(self, service_security_groups): - return ManagedResourceGroup( - resource_type="ServiceSecurityGroups", - resources=self._parse_managed_resource_list( - service_security_groups, "SecurityGroup" - ), - ) - - def _parse_log_groups(self, logs_groups): - return ManagedResourceGroup( - resource_type="LogGroups", - resources=self._parse_managed_resource_list( - logs_groups, "LogGroup" - ), - ) - - def _parse_managed_resource(self, resource, resource_type): - return ManagedResource( - resource_type, - resource.get("arn"), - status=resource.get("status"), - updated_at=resource.get("updatedAt"), - reason=resource.get("statusReason"), - ) - - def _parse_managed_resource_list(self, data_list, resource_type): - return [ - self._parse_managed_resource(data, resource_type) - for data in data_list - ] + else: + raise ValueError(f"Invalid display mode: {self.display_mode}") diff --git a/awscli/customizations/ecs/monitormutatinggatewayservice.py b/awscli/customizations/ecs/monitormutatinggatewayservice.py index 682eb53e6678..9f055ee5dd94 100644 --- a/awscli/customizations/ecs/monitormutatinggatewayservice.py +++ b/awscli/customizations/ecs/monitormutatinggatewayservice.py @@ -64,7 +64,7 @@ def __call__(self, parser, namespace, values, option_string=None): class MonitoringResourcesArgument(CustomArgument): - """Custom CLI argument for enabling resource monitoring. + """Custom CLI argument for enabling resource monitoring with optional mode. Adds the --monitor-resources flag to gateway service commands, allowing users to opt into real-time monitoring of resource changes. @@ -74,14 +74,13 @@ def __init__(self, name): super().__init__( name, help_text=( - 'Enable live monitoring of service resource status. ' + 'Enable monitoring of service resource status. ' 'Specify ``DEPLOYMENT`` to show only resources that are being added or removed ' 'as part of the latest service deployment, or ``RESOURCE`` to show all resources ' 'from all active configurations of the service. ' 'Defaults based on operation type: create-express-gateway-service and ' 'update-express-gateway-service default to ``DEPLOYMENT`` mode. ' - 'delete-express-gateway-service defaults to ``RESOURCE`` mode. ' - 'Requires a terminal (TTY) to run.' + 'delete-express-gateway-service defaults to ``RESOURCE`` mode.' ), choices=['DEPLOYMENT', 'RESOURCE'], nargs='?', @@ -90,6 +89,23 @@ def __init__(self, name): ) +class MonitoringModeArgument(CustomArgument): + """Custom CLI argument for monitor display mode. Only used when --monitor-resources is specified.""" + + def __init__(self): + super().__init__( + 'monitor-mode', + help_text=( + 'Display mode for monitoring output (requires ``--monitor-resources``). ' + 'INTERACTIVE (default if TTY available) - Real-time display with keyboard navigation. ' + 'TEXT-ONLY - Text output with timestamps, suitable for logging and non-interactive environments.' + ), + choices=['INTERACTIVE', 'TEXT-ONLY'], + nargs='?', + dest='monitor_mode', + ) + + class MonitorMutatingGatewayService: """Event handler for monitoring gateway service mutations. @@ -110,6 +126,7 @@ def __init__(self, api, default_resource_view, watcher_class=None): self.session = None self.parsed_globals = None self.effective_resource_view = None + self.effective_mode = None self._watcher_class = watcher_class or ECSExpressGatewayServiceWatcher def before_building_argument_table_parser(self, session, **kwargs): @@ -131,6 +148,7 @@ def building_argument_table(self, argument_table, session, **kwargs): argument_table['monitor-resources'] = MonitoringResourcesArgument( 'monitor-resources' ) + argument_table['monitor-mode'] = MonitoringModeArgument() def operation_args_parsed(self, parsed_args, parsed_globals, **kwargs): """Store monitoring flag state and globals after argument parsing. @@ -139,21 +157,71 @@ def operation_args_parsed(self, parsed_args, parsed_globals, **kwargs): parsed_args: Parsed command line arguments parsed_globals: Global CLI configuration """ + self._parse_and_validate_monitoring_args(parsed_args, parsed_globals) + + def _parse_and_validate_monitoring_args(self, parsed_args, parsed_globals): + """Parse and validate monitoring-related arguments. + + Extracts monitor_resources and monitor_mode from parsed_args, + validates their combination, and sets effective_resource_view + and effective_mode. + + Args: + parsed_args: Parsed command line arguments + parsed_globals: Global CLI configuration + + Raises: + ValueError: If monitor-mode is used without monitor-resources + """ # Store parsed_globals for later use self.parsed_globals = parsed_globals - # Get monitor_resources value and determine actual monitoring mode + # Parse monitor_resources to determine if monitoring is enabled monitor_value = getattr(parsed_args, 'monitor_resources', None) + self.effective_resource_view = self._parse_monitor_resources( + monitor_value + ) + + # Validate monitor_mode + mode_value = getattr(parsed_args, 'monitor_mode', None) + self.effective_mode = self._validate_mode( + mode_value, self.effective_resource_view + ) + + def _parse_monitor_resources(self, monitor_value): + """Parse monitor_resources value to determine resource view. + Args: + monitor_value: Value from --monitor-resources flag + + Returns: + str or None: Resource view mode (DEPLOYMENT/RESOURCE) or None + """ if monitor_value is None: - # Not specified, no monitoring - self.effective_resource_view = None + return None elif monitor_value == '__DEFAULT__': - # Flag specified without value, use default based on operation - self.effective_resource_view = self.default_resource_view + return self.default_resource_view else: - # Explicit choice provided (DEPLOYMENT or RESOURCE) - self.effective_resource_view = monitor_value + return monitor_value + + def _validate_mode(self, mode_value, resource_view): + """Validate the monitor mode value. + + Args: + mode_value: Value from --monitor-mode flag + resource_view: Effective resource view (None if not monitoring) + + Returns: + str: Display mode ('INTERACTIVE' or 'TEXT-ONLY') + + Raises: + ValueError: If mode is specified without resource monitoring + """ + if mode_value is not None and resource_view is None: + raise ValueError( + "--monitor-mode can only be used with --monitor-resources" + ) + return mode_value if mode_value else 'INTERACTIVE' def after_call(self, parsed, context, http_response, **kwargs): """Start monitoring after successful API call if flag is enabled. @@ -171,13 +239,20 @@ def after_call(self, parsed, context, http_response, **kwargs): ).get('serviceArn'): return - # Check monitoring availability - if not self._watcher_class.is_monitoring_available(): + # Interactive mode requires TTY, text-only does not + # Default to text-only if no TTY available + if self.effective_mode == 'INTERACTIVE' and not sys.stdout.isatty(): uni_print( - "Monitoring is not available (requires TTY). Skipping monitoring.\n", - out_file=sys.stderr, + "aws: [ERROR]: Interactive mode requires a TTY (terminal). " + "Monitoring skipped. Use --monitor-mode TEXT-ONLY for non-interactive environments.", + sys.stderr, ) return + elif self.effective_mode == 'INTERACTIVE' and sys.stdout.isatty(): + pass # Interactive mode with TTY - OK + elif not sys.stdout.isatty(): + # No TTY - force text-only mode + self.effective_mode = 'TEXT-ONLY' if not self.session or not self.parsed_globals: uni_print( @@ -199,20 +274,13 @@ def after_call(self, parsed, context, http_response, **kwargs): # Clear output when monitoring is invoked parsed.clear() - try: - self._watcher_class( - ecs_client, - service_arn, - self.effective_resource_view, - use_color=self._should_use_color(self.parsed_globals), - ).exec() - except Exception as e: - uni_print( - "Encountered an error, terminating monitoring\n" - + str(e) - + "\n", - out_file=sys.stderr, - ) + self._watcher_class( + ecs_client, + service_arn, + self.effective_resource_view, + self.effective_mode, + use_color=self._should_use_color(self.parsed_globals), + ).exec() def _should_use_color(self, parsed_globals): """Determine if color output should be used based on global settings.""" diff --git a/awscli/customizations/ecs/serviceviewcollector.py b/awscli/customizations/ecs/serviceviewcollector.py new file mode 100644 index 000000000000..ea799fff0dbe --- /dev/null +++ b/awscli/customizations/ecs/serviceviewcollector.py @@ -0,0 +1,541 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). You +# may not use this file except in compliance with the License. A copy of +# the License is located at +# +# http://aws.amazon.com/apache2.0/ +# +# or in the "license" file accompanying this file. This file is +# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF +# ANY KIND, either express or implied. See the License for the specific +# language governing permissions and limitations under the License. + +"""Service view collector for ECS Express Gateway Service monitoring. + +This module provides business logic for collecting and formatting +ECS Express Gateway Service monitoring data. +""" + +import time +from functools import reduce + +from botocore.exceptions import ClientError + +from awscli.customizations.ecs.exceptions import MonitoringError +from awscli.customizations.ecs.expressgateway.managedresource import ( + ManagedResource, +) +from awscli.customizations.ecs.expressgateway.managedresourcegroup import ( + ManagedResourceGroup, +) + + +class ServiceViewCollector: + """Collects and formats ECS Express Gateway Service monitoring data. + + Responsible for: + - Making ECS API calls + - Parsing resource data + - Formatting output strings + - Caching responses + + Args: + client: ECS client for API calls + service_arn (str): ARN of the service to monitor + mode (str): Monitoring mode - 'RESOURCE' or 'DEPLOYMENT' + use_color (bool): Whether to use color in output + """ + + def __init__(self, client, service_arn, mode, use_color=True): + self._client = client + self.service_arn = service_arn + self.mode = mode + self.use_color = use_color + self.last_described_gateway_service_response = None + self.last_execution_time = 0 + self.cached_monitor_result = None + + def get_current_view( + self, spinner_char="{SPINNER}", execution_refresh_millis=5000 + ): + """Get current monitoring view as formatted string. + + Args: + spinner_char (str): Character for progress indication + execution_refresh_millis (int): Refresh interval in milliseconds + + Returns: + str: Formatted monitoring output + """ + current_time = time.time() + + if ( + current_time - self.last_execution_time + >= execution_refresh_millis / 1000.0 + ): + try: + describe_gateway_service_response = ( + self._client.describe_express_gateway_service( + serviceArn=self.service_arn + ) + ) + if not describe_gateway_service_response: + self.cached_monitor_result = ( + None, + "Trying to describe gateway service", + ) + elif ( + not ( + service := describe_gateway_service_response.get( + "service" + ) + ) + or not service.get("serviceArn") + or service.get("activeConfigurations") is None + ): + self.cached_monitor_result = ( + None, + "Trying to describe gateway service", + ) + else: + self.last_described_gateway_service_response = ( + describe_gateway_service_response + ) + described_gateway_service = ( + describe_gateway_service_response.get("service") + ) + + if self.mode == "DEPLOYMENT": + managed_resources, info = self._diff_service_view( + described_gateway_service + ) + else: + managed_resources, info = self._combined_service_view( + described_gateway_service + ) + + service_resources = [ + self._parse_cluster(described_gateway_service), + self._parse_service(described_gateway_service), + ] + if managed_resources: + service_resources.append(managed_resources) + service_resource = ManagedResourceGroup( + resources=service_resources + ) + self._update_cached_monitor_results(service_resource, info) + except ClientError as e: + if ( + e.response.get('Error', {}).get('Code') + == 'InvalidParameterException' + ): + error_message = e.response.get('Error', {}).get( + 'Message', '' + ) + if ( + "Cannot call DescribeServiceRevisions for a service that is INACTIVE" + in error_message + ): + empty_resource_group = ManagedResourceGroup() + self._update_cached_monitor_results( + empty_resource_group, "Service is inactive" + ) + else: + raise + else: + raise + + self.last_execution_time = current_time + + if not self.cached_monitor_result: + return "Waiting for initial data" + else: + service_resource, info = self.cached_monitor_result + status_string = ( + service_resource.get_status_string( + spinner_char=spinner_char, use_color=self.use_color + ) + if service_resource + else None + ) + + output = "\n".join([x for x in [status_string, info] if x]) + return output + + def _diff_service_view(self, describe_gateway_service_response): + """Generate diff view showing changes in the latest deployment.""" + service_arn = describe_gateway_service_response.get("serviceArn") + list_service_deployments_response = ( + self._client.list_service_deployments( + service=service_arn, maxResults=1 + ) + ) + listed_service_deployments = self._validate_and_parse_response( + list_service_deployments_response, + "ListServiceDeployments", + expected_field="serviceDeployments", + ) + if ( + not listed_service_deployments + or "serviceDeploymentArn" not in listed_service_deployments[0] + ): + return ( + None, + "Waiting for a deployment to start", + ) + + deployment_arn = listed_service_deployments[0].get( + "serviceDeploymentArn" + ) + + describe_service_deployments_response = ( + self._client.describe_service_deployments( + serviceDeploymentArns=[deployment_arn] + ) + ) + described_service_deployments = self._validate_and_parse_response( + describe_service_deployments_response, + "DescribeServiceDeployments", + expected_field="serviceDeployments", + eventually_consistent=True, + ) + if not described_service_deployments: + return (None, "Waiting for a deployment to start") + + described_service_deployment = described_service_deployments[0] + if ( + not described_service_deployment + or not described_service_deployment.get("targetServiceRevision") + ): + return ( + None, + "Waiting for a deployment to start", + ) + + target_sr = described_service_deployment.get( + "targetServiceRevision" + ).get("arn") + + target_sr_resources_list, described_target_sr_list = ( + self._describe_and_parse_service_revisions([target_sr]) + ) + if len(target_sr_resources_list) != 1: + return (None, "Trying to describe service revisions") + target_sr_resources = target_sr_resources_list[0] + described_target_sr = described_target_sr_list[0] + + task_def_arn = described_target_sr.get("taskDefinition") + if "sourceServiceRevisions" in described_service_deployment: + source_sr_resources, _ = ( + self._describe_and_parse_service_revisions( + [ + sr.get("arn") + for sr in described_service_deployment.get( + "sourceServiceRevisions" + ) + ] + ) + ) + if len(source_sr_resources) != len( + described_service_deployment.get("sourceServiceRevisions") + ): + return (None, "Trying to describe service revisions") + source_sr_resources_combined = reduce( + lambda x, y: x.combine(y), source_sr_resources + ) + else: + source_sr_resources_combined = ManagedResourceGroup() + + updating_resources, disassociating_resources = ( + target_sr_resources.compare_resource_sets( + source_sr_resources_combined + ) + ) + updating_resources.resource_type = "Updating" + disassociating_resources.resource_type = "Disassociating" + service_resources = ManagedResourceGroup( + resource_type="Deployment", + identifier=deployment_arn, + status=described_service_deployment.get("status"), + reason=described_service_deployment.get("statusReason"), + resources=[ + ManagedResource( + resource_type="TargetServiceRevision", identifier=target_sr + ), + ManagedResource( + resource_type="TaskDefinition", identifier=task_def_arn + ), + updating_resources, + disassociating_resources, + ], + ) + return service_resources, None + + def _combined_service_view(self, describe_gateway_service_response): + """Generate combined view of all active service resources.""" + service_revision_arns = [ + config.get("serviceRevisionArn") + for config in describe_gateway_service_response.get( + "activeConfigurations" + ) + ] + service_revision_resources, _ = ( + self._describe_and_parse_service_revisions(service_revision_arns) + ) + + # If empty, we're still waiting for active configurations + if not service_revision_resources or len( + service_revision_resources + ) != len(service_revision_arns): + return (None, "Trying to describe service revisions") + + service_resource = reduce( + lambda x, y: x.combine(y), service_revision_resources + ) + + return service_resource, None + + def _update_cached_monitor_results(self, resource, info): + """Update cached monitoring results with new data.""" + if not self.cached_monitor_result: + self.cached_monitor_result = (resource, info) + else: + self.cached_monitor_result = ( + resource or self.cached_monitor_result[0], + info, + ) + + def _validate_and_parse_response( + self, + response, + operation_name, + expected_field=None, + eventually_consistent=False, + ): + """Validate API response and extract expected field.""" + if not response: + raise MonitoringError(f"{operation_name} response is empty") + + self._parse_failures(response, operation_name, eventually_consistent) + + if not expected_field: + return None + + if response.get(expected_field) is None: + raise MonitoringError( + f"{operation_name} response is missing {expected_field}" + ) + return response.get(expected_field) + + def _parse_failures(self, response, operation_name, eventually_consistent): + """Parse and raise errors for API response failures.""" + failures = response.get("failures") + + if not failures: + return + + if any(not f.get('arn') or not f.get('reason') for f in failures): + raise MonitoringError( + "Invalid failure response: missing arn or reason" + ) + + if eventually_consistent: + failures = [ + failure + for failure in failures + if failure.get("reason") != "MISSING" + ] + + if not failures: + return + + failure_msgs = [ + f"{f['arn']} failed with {f['reason']}" for f in failures + ] + joined_msgs = '\n'.join(failure_msgs) + raise MonitoringError(f"{operation_name}:\n{joined_msgs}") + + def _describe_and_parse_service_revisions(self, arns): + """Describe and parse service revisions into managed resources.""" + describe_service_revisions_response = ( + self._client.describe_service_revisions(serviceRevisionArns=arns) + ) + described_service_revisions = self._validate_and_parse_response( + describe_service_revisions_response, + "DescribeServiceRevisions", + expected_field="serviceRevisions", + eventually_consistent=True, + ) + + return [ + self._parse_ecs_managed_resources(sr) + for sr in described_service_revisions + ], described_service_revisions + + def _parse_cluster(self, service): + return ManagedResource("Cluster", service.get("cluster")) + + def _parse_service(self, service): + service_arn = service.get("serviceArn") + cluster = service.get("cluster") + describe_service_response = self._client.describe_services( + cluster=cluster, services=[service_arn] + ) + described_service = self._validate_and_parse_response( + describe_service_response, "DescribeServices", "services" + )[0] + return ManagedResource( + "Service", + service.get("serviceArn"), + additional_info=described_service + and described_service.get("events")[0].get("message") + if described_service.get("events") + else None, + ) + + def _parse_ecs_managed_resources(self, service_revision): + managed_resources = service_revision.get("ecsManagedResources") + if not managed_resources: + return ManagedResourceGroup() + + parsed_resources = [] + if "ingressPaths" in managed_resources: + parsed_resources.append( + ManagedResourceGroup( + resource_type="IngressPaths", + resources=[ + self._parse_ingress_path_resources(ingress_path) + for ingress_path in managed_resources.get( + "ingressPaths" + ) + ], + ) + ) + if "autoScaling" in managed_resources: + parsed_resources.append( + self._parse_auto_scaling_configuration( + managed_resources.get("autoScaling") + ) + ) + if "metricAlarms" in managed_resources: + parsed_resources.append( + self._parse_metric_alarms( + managed_resources.get("metricAlarms") + ) + ) + if "serviceSecurityGroups" in managed_resources: + parsed_resources.append( + self._parse_service_security_groups( + managed_resources.get("serviceSecurityGroups") + ) + ) + if "logGroups" in managed_resources: + parsed_resources.append( + self._parse_log_groups(managed_resources.get("logGroups")) + ) + return ManagedResourceGroup(resources=parsed_resources) + + def _parse_ingress_path_resources(self, ingress_path): + resources = [] + if ingress_path.get("loadBalancer"): + resources.append( + self._parse_managed_resource( + ingress_path.get("loadBalancer"), "LoadBalancer" + ) + ) + if ingress_path.get("loadBalancerSecurityGroups"): + resources.extend( + self._parse_managed_resource_list( + ingress_path.get("loadBalancerSecurityGroups"), + "LoadBalancerSecurityGroup", + ) + ) + if ingress_path.get("certificate"): + resources.append( + self._parse_managed_resource( + ingress_path.get("certificate"), "Certificate" + ) + ) + if ingress_path.get("listener"): + resources.append( + self._parse_managed_resource( + ingress_path.get("listener"), "Listener" + ) + ) + if ingress_path.get("rule"): + resources.append( + self._parse_managed_resource(ingress_path.get("rule"), "Rule") + ) + if ingress_path.get("targetGroups"): + resources.extend( + self._parse_managed_resource_list( + ingress_path.get("targetGroups"), "TargetGroup" + ) + ) + return ManagedResourceGroup( + resource_type="IngressPath", + identifier=ingress_path.get("endpoint"), + resources=resources, + ) + + def _parse_auto_scaling_configuration(self, auto_scaling_configuration): + resources = [] + if auto_scaling_configuration.get("scalableTarget"): + resources.append( + self._parse_managed_resource( + auto_scaling_configuration.get("scalableTarget"), + "ScalableTarget", + ) + ) + if auto_scaling_configuration.get("applicationAutoScalingPolicies"): + resources.extend( + self._parse_managed_resource_list( + auto_scaling_configuration.get( + "applicationAutoScalingPolicies" + ), + "ApplicationAutoScalingPolicy", + ) + ) + return ManagedResourceGroup( + resource_type="AutoScalingConfiguration", resources=resources + ) + + def _parse_metric_alarms(self, metric_alarms): + return ManagedResourceGroup( + resource_type="MetricAlarms", + resources=self._parse_managed_resource_list( + metric_alarms, "MetricAlarm" + ), + ) + + def _parse_service_security_groups(self, service_security_groups): + return ManagedResourceGroup( + resource_type="ServiceSecurityGroups", + resources=self._parse_managed_resource_list( + service_security_groups, "SecurityGroup" + ), + ) + + def _parse_log_groups(self, logs_groups): + return ManagedResourceGroup( + resource_type="LogGroups", + resources=self._parse_managed_resource_list( + logs_groups, "LogGroup" + ), + ) + + def _parse_managed_resource(self, resource, resource_type): + return ManagedResource( + resource_type, + resource.get("arn"), + status=resource.get("status"), + updated_at=resource.get("updatedAt"), + reason=resource.get("statusReason"), + ) + + def _parse_managed_resource_list(self, data_list, resource_type): + return [ + self._parse_managed_resource(data, resource_type) + for data in data_list + ] diff --git a/tests/functional/ecs/test_monitorexpressgatewayservice.py b/tests/functional/ecs/test_monitorexpressgatewayservice.py new file mode 100644 index 000000000000..0d9eab356aa0 --- /dev/null +++ b/tests/functional/ecs/test_monitorexpressgatewayservice.py @@ -0,0 +1,298 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). You +# may not use this file except in compliance with the License. A copy of +# the License is located at +# +# http://aws.amazon.com/apache2.0/ + +from unittest.mock import ANY, Mock, patch + +import pytest + +from awscli.customizations.ecs import inject_commands +from awscli.customizations.ecs.monitorexpressgatewayservice import ( + ECSMonitorExpressGatewayService, +) + + +@pytest.fixture +def mock_watcher_class(): + """Fixture that provides a mock watcher class.""" + return Mock() + + +@pytest.fixture +def mock_session(): + """Fixture that provides a mock session.""" + return Mock() + + +@pytest.fixture +def command(mock_session, mock_watcher_class): + """Fixture that provides an ECSMonitorExpressGatewayService command.""" + return ECSMonitorExpressGatewayService( + mock_session, watcher_class=mock_watcher_class + ) + + +@pytest.fixture +def command_with_mock_session(mock_session, mock_watcher_class): + """Fixture that provides command with mock session and client configured.""" + client = Mock() + mock_session.create_client.return_value = client + command = ECSMonitorExpressGatewayService( + mock_session, watcher_class=mock_watcher_class + ) + return command + + +class TestECSMonitorExpressGatewayService: + def test_init(self, command): + assert command.name == 'monitor-express-gateway-service' + assert command.DESCRIPTION.startswith('Monitors the progress') + + def test_add_arguments(self, command): + command._build_arg_table() + arg_table = command.arg_table + + assert 'service-arn' in arg_table + assert 'resource-view' in arg_table + assert 'timeout' in arg_table + assert 'mode' in arg_table + + # Verify resource-view argument has correct choices + resource_view_arg = arg_table['resource-view'] + assert resource_view_arg.choices == ['RESOURCE', 'DEPLOYMENT'] + + # Verify mode argument has correct choices + mode_arg = arg_table['mode'] + assert mode_arg.choices == ['INTERACTIVE', 'TEXT-ONLY'] + + @patch('sys.stdout.isatty', return_value=False) + def test_run_main_with_text_only_mode( + self, mock_isatty, command_with_mock_session, mock_watcher_class + ): + command = command_with_mock_session + mock_watcher = Mock() + mock_watcher_class.return_value = mock_watcher + + parsed_args = Mock( + service_arn='arn:aws:ecs:us-west-2:123456789012:service/cluster/service', + resource_view='RESOURCE', + timeout=30, + mode='TEXT-ONLY', + ) + parsed_globals = Mock( + region='us-west-2', + endpoint_url=None, + verify_ssl=True, + color='off', + ) + + command._run_main(parsed_args, parsed_globals) + + # Verify watcher was created with correct parameters (positional) + mock_watcher_class.assert_called_once_with( + ANY, + parsed_args.service_arn, + 'RESOURCE', + 'TEXT-ONLY', + timeout_minutes=30, + use_color=False, + ) + + # Verify watcher was executed + mock_watcher.exec.assert_called_once() + + @patch('sys.stdout.isatty', return_value=True) + def test_run_main_with_interactive_mode( + self, mock_isatty, command_with_mock_session, mock_watcher_class + ): + command = command_with_mock_session + mock_watcher = Mock() + mock_watcher_class.return_value = mock_watcher + + parsed_args = Mock( + service_arn='arn:aws:ecs:us-west-2:123456789012:service/cluster/service', + resource_view='DEPLOYMENT', + timeout=60, + mode='INTERACTIVE', + ) + parsed_globals = Mock( + region='us-west-2', + endpoint_url=None, + verify_ssl=True, + color='auto', + ) + + command._run_main(parsed_args, parsed_globals) + + # Verify watcher was created with correct mode + mock_watcher_class.assert_called_once_with( + ANY, + parsed_args.service_arn, + 'DEPLOYMENT', + 'INTERACTIVE', + timeout_minutes=60, + use_color=True, + ) + + @patch('sys.stdout.isatty', return_value=True) + def test_run_main_auto_mode_with_tty( + self, mock_isatty, command_with_mock_session, mock_watcher_class + ): + command = command_with_mock_session + mock_watcher = Mock() + mock_watcher_class.return_value = mock_watcher + + parsed_args = Mock( + service_arn='arn:aws:ecs:us-west-2:123456789012:service/cluster/service', + resource_view='RESOURCE', + timeout=30, + mode=None, # Auto mode + ) + parsed_globals = Mock( + region='us-west-2', + endpoint_url=None, + verify_ssl=True, + color='auto', + ) + + command._run_main(parsed_args, parsed_globals) + + # When mode is None and TTY is available, should use INTERACTIVE + args = mock_watcher_class.call_args[0] + assert args[3] == 'INTERACTIVE' + + @patch('sys.stdout.isatty', return_value=False) + def test_run_main_auto_mode_without_tty( + self, mock_isatty, command_with_mock_session, mock_watcher_class + ): + command = command_with_mock_session + mock_watcher = Mock() + mock_watcher_class.return_value = mock_watcher + + parsed_args = Mock( + service_arn='arn:aws:ecs:us-west-2:123456789012:service/cluster/service', + resource_view='RESOURCE', + timeout=30, + mode=None, # Auto mode + ) + parsed_globals = Mock( + region='us-west-2', + endpoint_url=None, + verify_ssl=True, + color='auto', + ) + + command._run_main(parsed_args, parsed_globals) + + # When mode is None and TTY is not available, should use TEXT-ONLY + args = mock_watcher_class.call_args[0] + assert args[3] == 'TEXT-ONLY' + + @patch('sys.stdout.isatty', return_value=False) + def test_run_main_with_color_on( + self, mock_isatty, command_with_mock_session, mock_watcher_class + ): + command = command_with_mock_session + mock_watcher = Mock() + mock_watcher_class.return_value = mock_watcher + + parsed_args = Mock( + service_arn='arn:aws:ecs:us-west-2:123456789012:service/cluster/service', + resource_view='RESOURCE', + timeout=30, + mode='TEXT-ONLY', + ) + parsed_globals = Mock( + region='us-west-2', + endpoint_url=None, + verify_ssl=True, + color='on', + ) + + command._run_main(parsed_args, parsed_globals) + + # Verify color setting is True when color='on' + call_kwargs = mock_watcher_class.call_args[1] + assert call_kwargs['use_color'] is True + + @patch('sys.stdout.isatty', return_value=False) + def test_run_main_creates_ecs_client( + self, + mock_isatty, + mock_session, + command_with_mock_session, + mock_watcher_class, + ): + command = command_with_mock_session + mock_watcher = Mock() + mock_watcher_class.return_value = mock_watcher + + parsed_args = Mock( + service_arn='arn:aws:ecs:us-west-2:123456789012:service/cluster/service', + resource_view='RESOURCE', + timeout=30, + mode='TEXT-ONLY', + ) + parsed_globals = Mock( + region='us-west-2', + endpoint_url=None, + verify_ssl=True, + color='off', + ) + + command._run_main(parsed_args, parsed_globals) + + # Verify ECS client was created with correct parameters + mock_session.create_client.assert_called_once_with( + 'ecs', + region_name='us-west-2', + endpoint_url=None, + verify=True, + ) + + # Verify client was passed to watcher + args = mock_watcher_class.call_args[0] + assert args[0] is not None # Client was created and passed + + @patch('sys.stdout.isatty', return_value=False) + def test_run_main_with_default_resource_view( + self, mock_isatty, command_with_mock_session, mock_watcher_class + ): + command = command_with_mock_session + mock_watcher = Mock() + mock_watcher_class.return_value = mock_watcher + + parsed_args = Mock( + service_arn='arn:aws:ecs:us-west-2:123456789012:service/cluster/service', + resource_view=None, # Not specified, should use default + timeout=30, + mode='TEXT-ONLY', + ) + parsed_globals = Mock( + region='us-west-2', + endpoint_url=None, + verify_ssl=True, + color='off', + ) + + command._run_main(parsed_args, parsed_globals) + + # Verify default resource view is passed + args = mock_watcher_class.call_args[0] + assert args[2] is None # Resource view is passed as-is + + +class TestCommandRegistration: + def test_inject_commands_registers_monitor_command(self, mock_session): + command_table = {} + + inject_commands(command_table, mock_session) + + # Verify monitor command is registered + assert 'monitor-express-gateway-service' in command_table + command = command_table['monitor-express-gateway-service'] + assert isinstance(command, ECSMonitorExpressGatewayService) diff --git a/tests/functional/ecs/test_monitormutatinggatewayservice.py b/tests/functional/ecs/test_monitormutatinggatewayservice.py index b4c34281e872..b3e693ab0a9b 100644 --- a/tests/functional/ecs/test_monitormutatinggatewayservice.py +++ b/tests/functional/ecs/test_monitormutatinggatewayservice.py @@ -11,8 +11,11 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -from unittest.mock import Mock +from unittest.mock import Mock, patch +import pytest + +from awscli.customizations.ecs import inject_commands from awscli.customizations.ecs.monitormutatinggatewayservice import ( MUTATION_HANDLERS, MonitoringResourcesArgument, @@ -21,6 +24,30 @@ ) +@pytest.fixture +def mock_watcher_class(): + """Fixture that provides a mock watcher class.""" + watcher_class = Mock() + watcher_class.is_monitoring_available.return_value = True + return watcher_class + + +@pytest.fixture +def mock_session(): + """Fixture that provides a mock session.""" + return Mock() + + +@pytest.fixture +def handler(mock_watcher_class): + """Fixture that provides a MonitorMutatingGatewayService handler.""" + return MonitorMutatingGatewayService( + 'create-gateway-service', + 'DEPLOYMENT', + watcher_class=mock_watcher_class, + ) + + class TestMonitoringResourcesArgument: def test_add_to_parser(self): parser = Mock() @@ -94,16 +121,6 @@ def test_operation_args_parsed_with_monitor_resources_false(self): assert not self.handler.effective_resource_view - def test_operation_args_parsed_no_monitor_resources_attr(self): - parsed_args = Mock() - # Remove the attribute - del parsed_args.monitor_resources - parsed_globals = Mock() - - self.handler.operation_args_parsed(parsed_args, parsed_globals) - - assert not self.handler.effective_resource_view - def test_after_call_with_monitoring_enabled(self): # Setup mock_watcher_class = Mock() @@ -264,3 +281,353 @@ def test_register_monitor_mutating_gateway_service(self): assert ( 'after-call.ecs.CreateExpressGatewayService' in registered_events ) + + +class TestMonitorModeParameter: + """Tests for --monitor-mode parameter functionality.""" + + def test_monitor_mode_argument_added_to_table(self, handler): + """Test that --monitor-mode is added to argument table.""" + argument_table = {} + session = Mock() + + handler.building_argument_table(argument_table, session) + + assert 'monitor-mode' in argument_table + + @patch('sys.stdout.isatty', return_value=True) + def test_operation_args_parsed_with_monitor_mode_and_resources( + self, mock_isatty, handler, mock_session + ): + """Test operation_args_parsed with both --monitor-mode and --monitor-resources.""" + handler.session = mock_session + parsed_args = Mock() + parsed_args.monitor_resources = 'RESOURCE' + parsed_args.monitor_mode = 'TEXT-ONLY' + parsed_globals = Mock() + + # Should not raise + handler.operation_args_parsed(parsed_args, parsed_globals) + + assert handler.effective_resource_view == 'RESOURCE' + assert handler.effective_mode == 'TEXT-ONLY' + + @patch('sys.stdout.isatty', return_value=True) + def test_operation_args_parsed_with_monitor_mode_without_resources_raises( + self, mock_isatty, handler, mock_session + ): + """Test operation_args_parsed with --monitor-mode but no --monitor-resources raises ValueError.""" + handler.session = mock_session + parsed_args = Mock() + parsed_args.monitor_resources = None + parsed_args.monitor_mode = 'TEXT-ONLY' + parsed_globals = Mock() + + with pytest.raises(ValueError) as exc_info: + handler.operation_args_parsed(parsed_args, parsed_globals) + + assert ( + '--monitor-mode can only be used with --monitor-resources' + in str(exc_info.value) + ) + + @patch('sys.stdout.isatty', return_value=True) + def test_operation_args_parsed_defaults_mode_to_interactive( + self, mock_isatty, handler, mock_session + ): + """Test operation_args_parsed defaults mode to INTERACTIVE when not specified.""" + handler.session = mock_session + parsed_args = Mock() + parsed_args.monitor_resources = 'DEPLOYMENT' + parsed_args.monitor_mode = None + parsed_globals = Mock() + + handler.operation_args_parsed(parsed_args, parsed_globals) + + assert handler.effective_mode == 'INTERACTIVE' + + @patch('sys.stdout.isatty', return_value=True) + def test_operation_args_parsed_without_monitor_resources( + self, mock_isatty, handler, mock_session + ): + """Test operation_args_parsed disables monitoring when --monitor-resources not provided.""" + handler.session = mock_session + parsed_args = Mock() + parsed_args.monitor_resources = None + parsed_args.monitor_mode = None + parsed_globals = Mock() + + handler.operation_args_parsed(parsed_args, parsed_globals) + + assert handler.effective_resource_view is None + + @patch('sys.stdout.isatty', return_value=True) + def test_after_call_with_interactive_mode( + self, mock_isatty, mock_session, mock_watcher_class + ): + """Test monitoring starts with interactive mode when specified.""" + handler = MonitorMutatingGatewayService( + 'create-express-gateway-service', + 'DEPLOYMENT', + watcher_class=mock_watcher_class, + ) + + mock_watcher = Mock() + mock_watcher_class.return_value = mock_watcher + + mock_parsed_globals = Mock() + mock_parsed_globals.region = 'us-west-2' + mock_parsed_globals.endpoint_url = None + mock_parsed_globals.verify_ssl = True + mock_parsed_globals.color = 'auto' + + mock_ecs_client = Mock() + mock_session.create_client.return_value = mock_ecs_client + + handler.session = mock_session + handler.parsed_globals = mock_parsed_globals + handler.effective_resource_view = 'DEPLOYMENT' + handler.effective_mode = 'INTERACTIVE' + + parsed = { + 'service': { + 'serviceArn': 'arn:aws:ecs:us-west-2:123456789:service/test-service' + } + } + context = {} + http_response = Mock() + http_response.status_code = 200 + + handler.after_call(parsed, context, http_response) + + # Verify watcher was created with correct parameters + call_args = mock_watcher_class.call_args + assert call_args is not None + + # Check positional arguments + assert ( + call_args[0][1] + == 'arn:aws:ecs:us-west-2:123456789:service/test-service' + ) # service_arn + assert call_args[0][2] == 'DEPLOYMENT' # resource_view + assert call_args[0][3] == 'INTERACTIVE' + + @patch('sys.stdout.isatty', return_value=False) + def test_after_call_with_text_only_mode( + self, mock_isatty, mock_session, mock_watcher_class + ): + """Test monitoring starts with text-only mode when specified.""" + handler = MonitorMutatingGatewayService( + 'create-express-gateway-service', + 'DEPLOYMENT', + watcher_class=mock_watcher_class, + ) + + mock_watcher = Mock() + mock_watcher_class.return_value = mock_watcher + + mock_parsed_globals = Mock() + mock_parsed_globals.region = 'us-west-2' + mock_parsed_globals.endpoint_url = None + mock_parsed_globals.verify_ssl = True + mock_parsed_globals.color = 'off' + + mock_ecs_client = Mock() + mock_session.create_client.return_value = mock_ecs_client + + handler.session = mock_session + handler.parsed_globals = mock_parsed_globals + handler.effective_resource_view = 'RESOURCE' + handler.effective_mode = 'TEXT-ONLY' + + parsed = { + 'service': { + 'serviceArn': 'arn:aws:ecs:us-west-2:123456789:service/test-service' + } + } + context = {} + http_response = Mock() + http_response.status_code = 200 + + handler.after_call(parsed, context, http_response) + + # Verify watcher was created with correct parameters + call_args = mock_watcher_class.call_args + assert call_args is not None + + # Check positional arguments + assert ( + call_args[0][1] + == 'arn:aws:ecs:us-west-2:123456789:service/test-service' + ) # service_arn + assert call_args[0][2] == 'RESOURCE' # resource_view + assert call_args[0][3] == 'TEXT-ONLY' + + @patch('sys.stdout.isatty', return_value=True) + def test_after_call_with_color_on( + self, mock_isatty, mock_session, mock_watcher_class + ): + """Test use_color=True when color='on'.""" + handler = MonitorMutatingGatewayService( + 'create-express-gateway-service', + 'DEPLOYMENT', + watcher_class=mock_watcher_class, + ) + + mock_watcher = Mock() + mock_watcher_class.return_value = mock_watcher + + mock_parsed_globals = Mock() + mock_parsed_globals.region = 'us-west-2' + mock_parsed_globals.endpoint_url = None + mock_parsed_globals.verify_ssl = True + mock_parsed_globals.color = 'on' + + mock_ecs_client = Mock() + mock_session.create_client.return_value = mock_ecs_client + + handler.session = mock_session + handler.parsed_globals = mock_parsed_globals + handler.effective_resource_view = 'DEPLOYMENT' + handler.effective_mode = 'INTERACTIVE' + + parsed = { + 'service': { + 'serviceArn': 'arn:aws:ecs:us-west-2:123456789:service/test-service' + } + } + context = {} + http_response = Mock() + http_response.status_code = 200 + + handler.after_call(parsed, context, http_response) + + # Check keyword arguments + call_args = mock_watcher_class.call_args + assert call_args[1]['use_color'] is True + + @patch('sys.stdout.isatty', return_value=False) + def test_after_call_with_color_off( + self, mock_isatty, mock_session, mock_watcher_class + ): + """Test use_color=False when color='off'.""" + handler = MonitorMutatingGatewayService( + 'create-express-gateway-service', + 'DEPLOYMENT', + watcher_class=mock_watcher_class, + ) + + mock_watcher = Mock() + mock_watcher_class.return_value = mock_watcher + + mock_parsed_globals = Mock() + mock_parsed_globals.region = 'us-west-2' + mock_parsed_globals.endpoint_url = None + mock_parsed_globals.verify_ssl = True + mock_parsed_globals.color = 'off' + + mock_ecs_client = Mock() + mock_session.create_client.return_value = mock_ecs_client + + handler.session = mock_session + handler.parsed_globals = mock_parsed_globals + handler.effective_resource_view = 'DEPLOYMENT' + handler.effective_mode = 'TEXT-ONLY' + + parsed = { + 'service': { + 'serviceArn': 'arn:aws:ecs:us-west-2:123456789:service/test-service' + } + } + context = {} + http_response = Mock() + http_response.status_code = 200 + + handler.after_call(parsed, context, http_response) + + call_args = mock_watcher_class.call_args + assert call_args[1]['use_color'] is False + + @patch('sys.stdout.isatty', return_value=True) + def test_after_call_with_color_auto_with_tty( + self, mock_isatty, mock_session, mock_watcher_class + ): + """Test use_color=True when color='auto' with TTY.""" + handler = MonitorMutatingGatewayService( + 'create-express-gateway-service', + 'DEPLOYMENT', + watcher_class=mock_watcher_class, + ) + + mock_watcher = Mock() + mock_watcher_class.return_value = mock_watcher + + mock_parsed_globals = Mock() + mock_parsed_globals.region = 'us-west-2' + mock_parsed_globals.endpoint_url = None + mock_parsed_globals.verify_ssl = True + mock_parsed_globals.color = 'auto' + + mock_ecs_client = Mock() + mock_session.create_client.return_value = mock_ecs_client + + handler.session = mock_session + handler.parsed_globals = mock_parsed_globals + handler.effective_resource_view = 'DEPLOYMENT' + handler.effective_mode = 'INTERACTIVE' + + parsed = { + 'service': { + 'serviceArn': 'arn:aws:ecs:us-west-2:123456789:service/test-service' + } + } + context = {} + http_response = Mock() + http_response.status_code = 200 + + handler.after_call(parsed, context, http_response) + + call_args = mock_watcher_class.call_args + assert call_args[1]['use_color'] is True + + @patch('sys.stdout.isatty', return_value=False) + def test_after_call_with_color_auto_without_tty( + self, mock_isatty, mock_session, mock_watcher_class + ): + """Test use_color=False when color='auto' without TTY.""" + handler = MonitorMutatingGatewayService( + 'create-express-gateway-service', + 'DEPLOYMENT', + watcher_class=mock_watcher_class, + ) + + mock_watcher = Mock() + mock_watcher_class.return_value = mock_watcher + + mock_parsed_globals = Mock() + mock_parsed_globals.region = 'us-west-2' + mock_parsed_globals.endpoint_url = None + mock_parsed_globals.verify_ssl = True + mock_parsed_globals.color = 'auto' + + mock_ecs_client = Mock() + mock_session.create_client.return_value = mock_ecs_client + + handler.session = mock_session + handler.parsed_globals = mock_parsed_globals + handler.effective_resource_view = 'DEPLOYMENT' + handler.effective_mode = 'TEXT-ONLY' + + parsed = { + 'service': { + 'serviceArn': 'arn:aws:ecs:us-west-2:123456789:service/test-service' + } + } + context = {} + http_response = Mock() + http_response.status_code = 200 + + handler.after_call(parsed, context, http_response) + + call_args = mock_watcher_class.call_args + assert call_args[1]['use_color'] is False diff --git a/tests/unit/customizations/ecs/expressgateway/test_display_strategy.py b/tests/unit/customizations/ecs/expressgateway/test_display_strategy.py new file mode 100644 index 000000000000..9aa97cbb410c --- /dev/null +++ b/tests/unit/customizations/ecs/expressgateway/test_display_strategy.py @@ -0,0 +1,293 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). You +# may not use this file except in compliance with the License. A copy of +# the License is located at +# +# http://aws.amazon.com/apache2.0/ + +import asyncio +import time +from unittest.mock import Mock, patch + +import pytest +from botocore.exceptions import ClientError +from prompt_toolkit.application import create_app_session +from prompt_toolkit.output import DummyOutput + +from awscli.customizations.ecs.expressgateway.display_strategy import ( + DisplayStrategy, + InteractiveDisplayStrategy, + TextOnlyDisplayStrategy, +) + + +class TestDisplayStrategy: + """Test base DisplayStrategy class.""" + + def test_base_strategy_not_implemented(self): + """Test base class raises NotImplementedError.""" + strategy = DisplayStrategy() + with pytest.raises(NotImplementedError): + strategy.execute_monitoring(None, None, None) + + +@pytest.fixture +def app_session(): + """Fixture that creates and manages an app session for prompt_toolkit.""" + with create_app_session(output=DummyOutput()) as session: + yield session + + +@pytest.fixture +def mock_display(): + """Fixture that creates a mock display for testing.""" + + async def mock_run_async(): + await asyncio.sleep(0.01) + + display = Mock() + display.display = Mock() + display.run = Mock(return_value=mock_run_async()) + return display + + +class TestInteractiveDisplayStrategy: + """Test InteractiveDisplayStrategy.""" + + @patch('time.sleep') + def test_execute_with_mock_display( + self, mock_sleep, app_session, mock_display + ): + """Test strategy executes with mocked display.""" + mock_collector = Mock() + mock_collector.get_current_view = Mock( + return_value="Test output {SPINNER}" + ) + + strategy = InteractiveDisplayStrategy( + display=mock_display, use_color=True + ) + + mock_sleep.side_effect = KeyboardInterrupt() + + start_time = time.time() + strategy.execute_monitoring( + mock_collector, start_time, timeout_minutes=1 + ) + + # Verify display was called + assert mock_display.display.called + assert mock_display.run.called + + def test_strategy_uses_provided_color_setting(self): + """Test strategy respects use_color parameter.""" + mock_display = Mock() + + strategy_with_color = InteractiveDisplayStrategy( + display=mock_display, use_color=True + ) + assert strategy_with_color.use_color is True + + strategy_no_color = InteractiveDisplayStrategy( + display=mock_display, use_color=False + ) + assert strategy_no_color.use_color is False + + @patch('time.sleep') + def test_completion_message_on_normal_exit( + self, mock_sleep, app_session, mock_display, capsys + ): + """Test displays completion message when monitoring completes normally.""" + mock_collector = Mock() + mock_collector.get_current_view = Mock(return_value="Resources ready") + + strategy = InteractiveDisplayStrategy( + display=mock_display, use_color=True + ) + + mock_sleep.side_effect = KeyboardInterrupt() + + start_time = time.time() + strategy.execute_monitoring( + mock_collector, start_time, timeout_minutes=1 + ) + + captured = capsys.readouterr() + assert "Monitoring Complete!" in captured.out + assert "Monitoring timed out!" not in captured.out + + @patch('time.sleep') + def test_collector_output_is_displayed( + self, mock_sleep, app_session, mock_display, capsys + ): + """Test that collector output appears in final output.""" + mock_collector = Mock() + unique_output = "LoadBalancer lb-12345 ACTIVE" + mock_collector.get_current_view = Mock(return_value=unique_output) + + strategy = InteractiveDisplayStrategy( + display=mock_display, use_color=True + ) + + mock_sleep.side_effect = KeyboardInterrupt() + + start_time = time.time() + strategy.execute_monitoring( + mock_collector, start_time, timeout_minutes=1 + ) + + captured = capsys.readouterr() + assert unique_output in captured.out + + @patch('time.sleep') + def test_execute_handles_service_inactive( + self, mock_sleep, app_session, mock_display, capsys + ): + """Test strategy handles service inactive error.""" + mock_collector = Mock() + error = ClientError( + error_response={ + 'Error': { + 'Code': 'InvalidParameterException', + 'Message': 'Cannot call DescribeServiceRevisions for a service that is INACTIVE', + } + }, + operation_name='DescribeServiceRevisions', + ) + mock_collector.get_current_view = Mock(side_effect=error) + + strategy = InteractiveDisplayStrategy( + display=mock_display, use_color=True + ) + + mock_sleep.side_effect = KeyboardInterrupt() + + start_time = time.time() + strategy.execute_monitoring( + mock_collector, start_time, timeout_minutes=1 + ) + + # Strategy should handle the error and set output to "Service is inactive" + captured = capsys.readouterr() + assert "Service is inactive" in captured.out + + @patch('time.sleep') + def test_execute_other_client_errors_propagate( + self, mock_sleep, app_session, mock_display + ): + """Test strategy propagates non-service-inactive ClientErrors.""" + mock_collector = Mock() + error = ClientError( + error_response={ + 'Error': { + 'Code': 'AccessDeniedException', + 'Message': 'Access denied', + } + }, + operation_name='DescribeServiceRevisions', + ) + mock_collector.get_current_view = Mock(side_effect=error) + + strategy = InteractiveDisplayStrategy( + display=mock_display, use_color=True + ) + + mock_sleep.side_effect = KeyboardInterrupt() + + start_time = time.time() + + # Other client errors should propagate + with pytest.raises(ClientError) as exc_info: + strategy.execute_monitoring( + mock_collector, start_time, timeout_minutes=1 + ) + + assert ( + exc_info.value.response['Error']['Code'] == 'AccessDeniedException' + ) + + @patch('time.sleep') + def test_display_cleanup_on_exception( + self, mock_sleep, app_session, mock_display + ): + """Test display app is properly shut down when exception occurs.""" + mock_collector = Mock() + error = ClientError( + error_response={'Error': {'Code': 'ThrottlingException'}}, + operation_name='DescribeServiceRevisions', + ) + mock_collector.get_current_view = Mock(side_effect=error) + + strategy = InteractiveDisplayStrategy( + display=mock_display, use_color=True + ) + mock_sleep.side_effect = KeyboardInterrupt() + + with pytest.raises(ClientError): + strategy.execute_monitoring( + mock_collector, time.time(), timeout_minutes=1 + ) + + # Verify app.exit() was called in finally block despite exception + mock_display.app.exit.assert_called() + + +class TestTextOnlyDisplayStrategy: + """Test TextOnlyDisplayStrategy.""" + + @patch('time.sleep') + def test_execute_with_mock_collector(self, mock_sleep, capsys): + """Test strategy executes sync loop with text output.""" + mock_collector = Mock() + mock_collector.get_current_view = Mock(return_value="Test output") + mock_collector.cached_monitor_result = (None, "Test info") + + strategy = TextOnlyDisplayStrategy(use_color=True) + + # Make sleep raise to exit loop after first iteration + mock_sleep.side_effect = KeyboardInterrupt() + + start_time = time.time() + strategy.execute_monitoring( + mock_collector, start_time, timeout_minutes=1 + ) + + output = capsys.readouterr().out + printed_output = output + assert "Starting monitoring" in printed_output + assert "stopped by user" in printed_output + assert "complete" in printed_output + + @patch('time.sleep') + @patch('time.time') + def test_execute_handles_timeout(self, mock_time, mock_sleep, capsys): + """Test strategy handles timeout correctly.""" + mock_collector = Mock() + mock_collector.get_current_view = Mock(return_value="Test output") + mock_collector.cached_monitor_result = (None, None) + + strategy = TextOnlyDisplayStrategy(use_color=True) + + # Simulate timeout after first poll + start_time = 1000.0 + mock_time.side_effect = [ + 1000.0, # First check - within timeout + 2000.0, # Second check - exceeded timeout + ] + + strategy.execute_monitoring( + mock_collector, start_time, timeout_minutes=1 + ) + + output = capsys.readouterr().out + printed_output = output + assert "timeout reached" in printed_output.lower() + + def test_strategy_uses_provided_color_setting(self): + """Test strategy respects use_color parameter.""" + strategy_with_color = TextOnlyDisplayStrategy(use_color=True) + assert strategy_with_color.stream_display.use_color is True + + strategy_no_color = TextOnlyDisplayStrategy(use_color=False) + assert strategy_no_color.stream_display.use_color is False diff --git a/tests/unit/customizations/ecs/expressgateway/test_managedresource.py b/tests/unit/customizations/ecs/expressgateway/test_managedresource.py index db8157e066a2..2b253d4e7317 100644 --- a/tests/unit/customizations/ecs/expressgateway/test_managedresource.py +++ b/tests/unit/customizations/ecs/expressgateway/test_managedresource.py @@ -1,4 +1,6 @@ -import unittest +import re + +import pytest from awscli.customizations.ecs.expressgateway.managedresource import ( TERMINAL_RESOURCE_STATUSES, @@ -6,33 +8,33 @@ ) -class TestManagedResource(unittest.TestCase): +class TestManagedResource: def test_is_terminal_active(self): resource = ManagedResource( "LoadBalancer", "lb-123", "ACTIVE", 1761230543.151 ) - self.assertTrue(resource.is_terminal()) + assert resource.is_terminal() def test_is_terminal_failed(self): resource = ManagedResource( "LoadBalancer", "lb-123", "FAILED", 1761230543.151 ) - self.assertTrue(resource.is_terminal()) + assert resource.is_terminal() def test_is_terminal_provisioning(self): resource = ManagedResource( "LoadBalancer", "lb-123", "PROVISIONING", 1761230543.151 ) - self.assertFalse(resource.is_terminal()) + assert not resource.is_terminal() def test_get_status_string_active(self): resource = ManagedResource( "LoadBalancer", "lb-123", "ACTIVE", 1761230543.151 ) status_string = resource.get_status_string("⠋") - self.assertIn("LoadBalancer", status_string) - self.assertIn("lb-123", status_string) - self.assertIn("ACTIVE", status_string) + assert "LoadBalancer" in status_string + assert "lb-123" in status_string + assert "ACTIVE" in status_string def test_get_status_string_failed_with_reason(self): resource = ManagedResource( @@ -43,8 +45,8 @@ def test_get_status_string_failed_with_reason(self): "Connection timeout", ) status_string = resource.get_status_string("⠋") - self.assertIn("FAILED", status_string) - self.assertIn("Connection timeout", status_string) + assert "FAILED" in status_string + assert "Connection timeout" in status_string def test_get_status_string_active_with_reason(self): resource = ManagedResource( @@ -55,8 +57,8 @@ def test_get_status_string_active_with_reason(self): "Load balancer ready", ) status_string = resource.get_status_string("⠋") - self.assertIn("ACTIVE", status_string) - self.assertIn("Load balancer ready", status_string) + assert "ACTIVE" in status_string + assert "Load balancer ready" in status_string def test_combine_newer_resource(self): older = ManagedResource( @@ -66,7 +68,7 @@ def test_combine_newer_resource(self): "LoadBalancer", "lb-123", "ACTIVE", 1761230600.151 ) result = older.combine(newer) - self.assertEqual(result, newer) + assert result == newer def test_combine_older_resource(self): older = ManagedResource( @@ -76,33 +78,33 @@ def test_combine_older_resource(self): "LoadBalancer", "lb-123", "ACTIVE", 1761230600.151 ) result = newer.combine(older) - self.assertEqual(result, newer) + assert result == newer def test_combine_with_none(self): resource = ManagedResource( "LoadBalancer", "lb-123", "ACTIVE", 1761230543.151 ) result = resource.combine(None) - self.assertEqual(result, resource) + assert result == resource def test_is_terminal_deleted_status(self): resource = ManagedResource("LoadBalancer", "lb-123", "DELETED") - self.assertTrue(resource.is_terminal()) + assert resource.is_terminal() def test_is_terminal_no_status(self): resource = ManagedResource("LoadBalancer", "lb-123", None) - self.assertFalse(resource.is_terminal()) + assert not resource.is_terminal() def test_init_with_string_timestamp(self): resource = ManagedResource( "LoadBalancer", "lb-123", "ACTIVE", "2025-11-05T18:00:00Z" ) - self.assertIsInstance(resource.updated_at, float) - self.assertGreater(resource.updated_at, 0) + assert isinstance(resource.updated_at, float) + assert resource.updated_at > 0 def test_init_with_none_timestamp(self): resource = ManagedResource("LoadBalancer", "lb-123", "ACTIVE", None) - self.assertIsNone(resource.updated_at) + assert resource.updated_at is None def test_combine_with_no_timestamp(self): resource1 = ManagedResource( @@ -112,7 +114,7 @@ def test_combine_with_no_timestamp(self): "LoadBalancer", "lb-123", "PROVISIONING", None ) result = resource1.combine(resource2) - self.assertEqual(result, resource1) + assert result == resource1 def test_combine_equal_timestamps(self): timestamp = 1761230543.151 @@ -123,7 +125,7 @@ def test_combine_equal_timestamps(self): "LoadBalancer", "lb-123", "PROVISIONING", timestamp ) result = resource1.combine(resource2) - self.assertEqual(result, resource1) + assert result == resource1 def test_get_status_string_with_depth(self): resource = ManagedResource( @@ -132,7 +134,7 @@ def test_get_status_string_with_depth(self): status_string = resource.get_status_string("⠋", depth=2) # Should have proper indentation lines = status_string.split('\n') - self.assertTrue(lines[0].startswith(" ")) # 2 spaces for depth=2 + assert lines[0].startswith(" ") # 2 spaces for depth=2 def test_get_status_string_with_additional_info(self): resource = ManagedResource( @@ -143,44 +145,159 @@ def test_get_status_string_with_additional_info(self): additional_info="Load balancer is healthy", ) status_string = resource.get_status_string("⠋") - self.assertIn("Load balancer is healthy", status_string) + assert "Load balancer is healthy" in status_string def test_get_status_string_no_identifier(self): resource = ManagedResource( "LoadBalancer", None, "ACTIVE", 1761230543.151 ) status_string = resource.get_status_string("⠋") - self.assertIn("LoadBalancer", status_string) - self.assertIn("ACTIVE", status_string) + assert "LoadBalancer" in status_string + assert "ACTIVE" in status_string def test_get_status_string_no_color(self): resource = ManagedResource( "LoadBalancer", "lb-123", "ACTIVE", 1761230543.151 ) status_string = resource.get_status_string("⠋", use_color=False) - self.assertIn("LoadBalancer", status_string) - self.assertIn("lb-123", status_string) - self.assertIn("ACTIVE", status_string) + assert "LoadBalancer" in status_string + assert "lb-123" in status_string + assert "ACTIVE" in status_string # Should not contain ANSI color codes - self.assertNotIn("\x1b[", status_string) + assert "\x1b[" not in status_string def test_get_status_string_with_color(self): resource = ManagedResource( "LoadBalancer", "lb-123", "ACTIVE", 1761230543.151 ) status_string = resource.get_status_string("⠋", use_color=True) - self.assertIn("LoadBalancer", status_string) - self.assertIn("lb-123", status_string) - self.assertIn("ACTIVE", status_string) + assert "LoadBalancer" in status_string + assert "lb-123" in status_string + assert "ACTIVE" in status_string # Should contain ANSI color codes - self.assertIn("\x1b[", status_string) + assert "\x1b[" in status_string + def test_get_stream_string_basic(self): + resource = ManagedResource( + "LoadBalancer", "lb-123", "ACTIVE", 1761230543.151 + ) + stream_string = resource.get_stream_string("2025-12-15 10:00:00") + assert "[2025-12-15 10:00:00]" in stream_string + assert "LoadBalancer" in stream_string + assert "lb-123" in stream_string + assert "ACTIVE" in stream_string -class TestConstants(unittest.TestCase): - def test_terminal_resource_statuses(self): - expected_statuses = ["ACTIVE", "DELETED", "FAILED"] - self.assertEqual(TERMINAL_RESOURCE_STATUSES, expected_statuses) + def test_get_stream_string_with_reason(self): + resource = ManagedResource( + "LoadBalancer", + "lb-123", + "PROVISIONING", + 1761230543.151, + "Waiting for DNS propagation", + ) + stream_string = resource.get_stream_string("2025-12-15 10:00:00") + assert "Reason: Waiting for DNS propagation" in stream_string + + def test_get_stream_string_with_additional_info(self): + resource = ManagedResource( + "LoadBalancer", + "lb-123", + "ACTIVE", + 1761230543.151, + additional_info="DNS: example.elb.amazonaws.com", + ) + stream_string = resource.get_stream_string("2025-12-15 10:00:00") + assert "Info: DNS: example.elb.amazonaws.com" in stream_string + + def test_get_stream_string_with_updated_at(self): + resource = ManagedResource( + "LoadBalancer", "lb-123", "ACTIVE", 1761230543.151 + ) + stream_string = resource.get_stream_string("2025-12-15 10:00:00") + assert "Last Updated At:" in stream_string + # Check timestamp format YYYY-MM-DD HH:MM:SS + assert re.search(r"\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}", stream_string) + def test_get_stream_string_all_fields(self): + resource = ManagedResource( + "TargetGroup", + "tg-456", + "PROVISIONING", + 1761230543.151, + "Registering targets", + "Health check interval: 30s", + ) + stream_string = resource.get_stream_string("2025-12-15 10:00:00") + assert "[2025-12-15 10:00:00]" in stream_string + assert "TargetGroup" in stream_string + assert "tg-456" in stream_string + assert "PROVISIONING" in stream_string + assert "Reason: Registering targets" in stream_string + assert "Last Updated At:" in stream_string + assert "Info: Health check interval: 30s" in stream_string -if __name__ == '__main__': - unittest.main() + def test_get_stream_string_no_identifier(self): + resource = ManagedResource( + "LoadBalancer", None, "ACTIVE", 1761230543.151 + ) + stream_string = resource.get_stream_string("2025-12-15 10:00:00") + assert "[2025-12-15 10:00:00]" in stream_string + assert "LoadBalancer" in stream_string + assert "ACTIVE" in stream_string + assert "None" not in stream_string + + def test_get_stream_string_no_status(self): + resource = ManagedResource( + "LoadBalancer", "lb-123", None, 1761230543.151 + ) + stream_string = resource.get_stream_string("2025-12-15 10:00:00") + assert "LoadBalancer" in stream_string + assert "lb-123" in stream_string + # Should not have status brackets when status is None + assert "[None]" not in stream_string + + def test_get_stream_string_no_color(self): + resource = ManagedResource( + "LoadBalancer", "lb-123", "ACTIVE", 1761230543.151 + ) + stream_string = resource.get_stream_string( + "2025-12-15 10:00:00", use_color=False + ) + assert "LoadBalancer" in stream_string + assert "lb-123" in stream_string + assert "ACTIVE" in stream_string + # Should not contain ANSI color codes + assert "\x1b[" not in stream_string + + def test_get_stream_string_with_color(self): + resource = ManagedResource( + "LoadBalancer", "lb-123", "ACTIVE", 1761230543.151 + ) + stream_string = resource.get_stream_string( + "2025-12-15 10:00:00", use_color=True + ) + assert "LoadBalancer" in stream_string + assert "lb-123" in stream_string + assert "ACTIVE" in stream_string + # Should contain ANSI color codes + assert "\x1b[" in stream_string + + def test_get_stream_string_failed_status(self): + resource = ManagedResource( + "LoadBalancer", + "lb-123", + "FAILED", + 1761230543.151, + "Connection timeout", + ) + stream_string = resource.get_stream_string("2025-12-15 10:00:00") + assert "FAILED" in stream_string + assert "Reason: Connection timeout" in stream_string + # Failed status should use color coding + assert "\x1b[" in stream_string + + +class TestConstants: + def test_terminal_resource_statuses(self): + expected_statuses = ["ACTIVE", "DELETED", "FAILED"] + assert TERMINAL_RESOURCE_STATUSES == expected_statuses diff --git a/tests/unit/customizations/ecs/expressgateway/test_managedresourcegroup.py b/tests/unit/customizations/ecs/expressgateway/test_managedresourcegroup.py index f6d99e6bf6f8..d32300e4c5a3 100644 --- a/tests/unit/customizations/ecs/expressgateway/test_managedresourcegroup.py +++ b/tests/unit/customizations/ecs/expressgateway/test_managedresourcegroup.py @@ -1,4 +1,4 @@ -import unittest +import pytest from awscli.customizations.ecs.expressgateway.managedresource import ( ManagedResource, @@ -8,172 +8,112 @@ ) -class TestManagedResourceGroup(unittest.TestCase): - def setUp(self): - self.resource1 = ManagedResource( - "LoadBalancer", "lb-123", "ACTIVE", 1761230543.151 - ) - self.resource2 = ManagedResource( - "Certificate", "cert-456", "PROVISIONING", 1761230543.151 - ) +@pytest.fixture +def resource1(): + return ManagedResource("LoadBalancer", "lb-123", "ACTIVE", 1761230543.151) + +@pytest.fixture +def resource2(): + return ManagedResource( + "Certificate", "cert-456", "PROVISIONING", 1761230543.151 + ) + + +class TestManagedResourceGroup: def test_is_terminal_all_terminal(self): terminal_resource = ManagedResource( "LoadBalancer", "lb-123", "ACTIVE", 1761230543.151 ) group = ManagedResourceGroup(resources=[terminal_resource]) - self.assertTrue(group.is_terminal()) + assert group.is_terminal() - def test_is_terminal_mixed(self): - group = ManagedResourceGroup( - resources=[self.resource1, self.resource2] - ) - self.assertFalse(group.is_terminal()) + def test_is_terminal_mixed(self, resource1, resource2): + group = ManagedResourceGroup(resources=[resource1, resource2]) + assert not group.is_terminal() def test_is_terminal_empty(self): group = ManagedResourceGroup() - self.assertTrue(group.is_terminal()) + assert group.is_terminal() - def test_get_status_string_with_header(self): + def test_get_status_string_with_header(self, resource1): group = ManagedResourceGroup( resource_type="IngressPaths", identifier="endpoint-1", - resources=[self.resource1], + resources=[resource1], ) status_string = group.get_status_string("⠋") - self.assertIn("IngressPaths", status_string) - self.assertIn("endpoint-1", status_string) - - def test_create_key(self): - group = ManagedResourceGroup() - key = group._create_key(self.resource1) - self.assertEqual(key, "LoadBalancer/lb-123") - - def test_get_status_string_empty_group(self): - group = ManagedResourceGroup(resource_type="EmptyGroup", resources=[]) - status_string = group.get_status_string("⠋") - self.assertIn("EmptyGroup", status_string) - self.assertIn("", status_string) + assert "IngressPaths" in status_string + assert "endpoint-1" in status_string - def test_combine_resource_groups(self): - group1 = ManagedResourceGroup(resources=[self.resource1]) - group2 = ManagedResourceGroup(resources=[self.resource2]) - combined = group1.combine(group2) - self.assertEqual(len(combined.resource_mapping), 2) + def test_compare_resource_sets_unique_resources( + self, resource1, resource2 + ): + # Test compare_resource_sets with completely different resources + group1 = ManagedResourceGroup(resources=[resource1]) # LoadBalancer + group2 = ManagedResourceGroup(resources=[resource2]) # Certificate - def test_combine_child_resources_both_none(self): - group = ManagedResourceGroup() - result = group._combine_child_resources(None, None) - self.assertIsNone(result) - - def test_combine_child_resources_first_none(self): - group = ManagedResourceGroup() - resource = ManagedResource("LoadBalancer", "lb-123", "ACTIVE") - result = group._combine_child_resources(None, resource) - self.assertEqual(result, resource) - - def test_combine_overlapping_resources(self): - older_resource = ManagedResource( - "LoadBalancer", "lb-123", "PROVISIONING", 1761230543.151 - ) - newer_resource = ManagedResource( - "LoadBalancer", "lb-123", "ACTIVE", 1761230600.151 - ) - - group1 = ManagedResourceGroup(resources=[older_resource]) - group2 = ManagedResourceGroup(resources=[newer_resource]) - - combined = group1.combine(group2) - - key = "LoadBalancer/lb-123" - self.assertIn(key, combined.resource_mapping) - self.assertEqual(combined.resource_mapping[key].status, "ACTIVE") - - def test_create_key_with_none_values(self): - group = ManagedResourceGroup() - resource = ManagedResource(None, None) - key = group._create_key(resource) - self.assertEqual(key, "/") - - def test_create_key_partial_none(self): - group = ManagedResourceGroup() - - resource1 = ManagedResource(None, "identifier") - key1 = group._create_key(resource1) - self.assertEqual(key1, "/identifier") - - resource2 = ManagedResource("ResourceType", None) - key2 = group._create_key(resource2) - self.assertEqual(key2, "ResourceType/") - - def test_diff_unique_resources(self): - # Test diff with completely different resources - group1 = ManagedResourceGroup( - resources=[self.resource1] - ) # LoadBalancer - group2 = ManagedResourceGroup( - resources=[self.resource2] - ) # Certificate - - diff1, diff2 = group1.diff(group2) + diff1, diff2 = group1.compare_resource_sets(group2) # Each group should contain its unique resource - self.assertEqual(len(diff1.resource_mapping), 1) - self.assertEqual(len(diff2.resource_mapping), 1) - self.assertIn("LoadBalancer/lb-123", diff1.resource_mapping) - self.assertIn("Certificate/cert-456", diff2.resource_mapping) - - def test_diff_overlapping_resources(self): - # Test diff with same resource type but different identifiers + assert len(diff1.resource_mapping) == 1 + assert len(diff2.resource_mapping) == 1 + assert "LoadBalancer/lb-123" in diff1.resource_mapping + assert "Certificate/cert-456" in diff2.resource_mapping + + def test_compare_resource_sets_overlapping_resources( + self, resource1, resource2 + ): + # Test compare_resource_sets with same resource type but different identifiers resource3 = ManagedResource( "LoadBalancer", "lb-456", "FAILED", 1761230600.151 ) group1 = ManagedResourceGroup( - resources=[self.resource1, self.resource2] + resources=[resource1, resource2] ) # lb-123, cert-456 group2 = ManagedResourceGroup( - resources=[self.resource2, resource3] + resources=[resource2, resource3] ) # cert-456, lb-456 - diff1, diff2 = group1.diff(group2) + diff1, diff2 = group1.compare_resource_sets(group2) # group1 unique: lb-123, group2 unique: lb-456, common: cert-456 (should not appear in diff) - self.assertEqual(len(diff1.resource_mapping), 1) - self.assertEqual(len(diff2.resource_mapping), 1) - self.assertIn("LoadBalancer/lb-123", diff1.resource_mapping) - self.assertIn("LoadBalancer/lb-456", diff2.resource_mapping) + assert len(diff1.resource_mapping) == 1 + assert len(diff2.resource_mapping) == 1 + assert "LoadBalancer/lb-123" in diff1.resource_mapping + assert "LoadBalancer/lb-456" in diff2.resource_mapping # Common resource should not be in either diff - self.assertNotIn("Certificate/cert-456", diff1.resource_mapping) - self.assertNotIn("Certificate/cert-456", diff2.resource_mapping) + assert "Certificate/cert-456" not in diff1.resource_mapping + assert "Certificate/cert-456" not in diff2.resource_mapping - def test_diff_identical_groups(self): - # Test diff with identical resource groups - group1 = ManagedResourceGroup( - resources=[self.resource1, self.resource2] - ) - group2 = ManagedResourceGroup( - resources=[self.resource1, self.resource2] - ) + def test_compare_resource_sets_identical_groups( + self, resource1, resource2 + ): + # Test compare_resource_sets with identical resource groups + group1 = ManagedResourceGroup(resources=[resource1, resource2]) + group2 = ManagedResourceGroup(resources=[resource1, resource2]) - diff1, diff2 = group1.diff(group2) + diff1, diff2 = group1.compare_resource_sets(group2) # No differences should be found - self.assertEqual(len(diff1.resource_mapping), 0) - self.assertEqual(len(diff2.resource_mapping), 0) + assert len(diff1.resource_mapping) == 0 + assert len(diff2.resource_mapping) == 0 - def test_diff_empty_groups(self): - # Test diff with empty groups - group1 = ManagedResourceGroup(resources=[self.resource1]) + def test_compare_resource_sets_empty_groups(self, resource1): + # Test compare_resource_sets with empty groups + group1 = ManagedResourceGroup(resources=[resource1]) group2 = ManagedResourceGroup(resources=[]) - diff1, diff2 = group1.diff(group2) + diff1, diff2 = group1.compare_resource_sets(group2) # group1 should contain its resource, group2 should be empty - self.assertEqual(len(diff1.resource_mapping), 1) - self.assertEqual(len(diff2.resource_mapping), 0) - self.assertIn("LoadBalancer/lb-123", diff1.resource_mapping) + assert len(diff1.resource_mapping) == 1 + assert len(diff2.resource_mapping) == 0 + assert "LoadBalancer/lb-123" in diff1.resource_mapping - def test_diff_excludes_matching_types_without_identifier(self): + def test_compare_resource_sets_excludes_matching_types_without_identifier( + self, + ): # Test that resources in other are excluded if self has same type without identifier resource_without_id = ManagedResource("LoadBalancer", None) resource_with_id = ManagedResource("LoadBalancer", "lb-456") @@ -185,79 +125,75 @@ def test_diff_excludes_matching_types_without_identifier(self): resources=[resource_with_id] ) # LoadBalancer/lb-456 - diff1, diff2 = group1.diff(group2) + diff1, diff2 = group1.compare_resource_sets(group2) # group1 should contain its resource without identifier - self.assertEqual(len(diff1.resource_mapping), 1) - self.assertIn("LoadBalancer/", diff1.resource_mapping) + assert len(diff1.resource_mapping) == 1 + assert "LoadBalancer/" in diff1.resource_mapping # group2 should be empty because LoadBalancer/lb-456 is excluded by LoadBalancer/ - self.assertEqual(len(diff2.resource_mapping), 0) + assert len(diff2.resource_mapping) == 0 def test_get_status_string_with_status(self): group = ManagedResourceGroup( resource_type="IngressPaths", identifier="test-id", status="ACTIVE" ) result = group.get_status_string("⠋") - self.assertIn("IngressPaths", result) - self.assertIn("test-id", result) - self.assertIn("✓", result) # Green checkmark for ACTIVE - self.assertIn("ACTIVE", result) + assert "IngressPaths" in result + assert "test-id" in result + assert "✓" in result # Green checkmark for ACTIVE + assert "ACTIVE" in result def test_get_status_string_without_status(self): group = ManagedResourceGroup( resource_type="IngressPaths", identifier="test-id" ) result = group.get_status_string("⠋") - self.assertIn("IngressPaths", result) - self.assertIn("test-id", result) - self.assertNotIn("✓", result) # No symbol when no status - self.assertNotIn("ACTIVE", result) + assert "IngressPaths" in result + assert "test-id" in result + assert "✓" not in result # No symbol when no status + assert "ACTIVE" not in result def test_get_status_string_status_without_identifier(self): group = ManagedResourceGroup( resource_type="IngressPaths", status="FAILED" ) result = group.get_status_string("⠋") - self.assertIn("IngressPaths", result) - self.assertIn("X", result) # Red X for FAILED - self.assertIn("FAILED", result) + assert "IngressPaths" in result + assert "X" in result # Red X for FAILED + assert "FAILED" in result - def test_get_status_string_no_color(self): + def test_get_status_string_no_color(self, resource1): group = ManagedResourceGroup( resource_type="IngressPaths", identifier="test-id", status="ACTIVE", - resources=[self.resource1], + resources=[resource1], ) result = group.get_status_string("⠋", use_color=False) - self.assertIn("IngressPaths", result) - self.assertIn("test-id", result) - self.assertIn("✓", result) # Checkmark should still be there - self.assertIn("ACTIVE", result) + assert "IngressPaths" in result + assert "test-id" in result + assert "✓" in result # Checkmark should still be there + assert "ACTIVE" in result # Should not contain ANSI color codes - self.assertNotIn("\x1b[", result) + assert "\x1b[" not in result - def test_get_status_string_with_color(self): + def test_get_status_string_with_color(self, resource1): group = ManagedResourceGroup( resource_type="IngressPaths", identifier="test-id", status="ACTIVE", - resources=[self.resource1], + resources=[resource1], ) result = group.get_status_string("⠋", use_color=True) - self.assertIn("IngressPaths", result) - self.assertIn("test-id", result) - self.assertIn("✓", result) # Checkmark should be there - self.assertIn("ACTIVE", result) + assert "IngressPaths" in result + assert "test-id" in result + assert "✓" in result # Checkmark should be there + assert "ACTIVE" in result # Should contain ANSI color codes - self.assertIn("\x1b[", result) + assert "\x1b[" in result def test_combine_prioritizes_resources_with_identifier(self): - from awscli.customizations.ecs.expressgateway.managedresource import ( - ManagedResource, - ) - resource_with_id = ManagedResource( "LoadBalancer", "lb-123", "ACTIVE", 1761230543.151 ) @@ -279,10 +215,232 @@ def test_combine_prioritizes_resources_with_identifier(self): result = group1.combine(group2) # Should only have the resource with identifier - self.assertEqual(len(result.resource_mapping), 1) + assert len(result.resource_mapping) == 1 combined_resource = list(result.resource_mapping.values())[0] - self.assertEqual(combined_resource.identifier, "lb-123") + assert combined_resource.identifier == "lb-123" + + def test_get_stream_string_empty_group(self): + """Test empty resource group returns empty string""" + group = ManagedResourceGroup() + result = group.get_stream_string("2025-12-15 10:00:00") + assert result == "" + + def test_get_stream_string_single_resource(self): + """Test resource group with single resource""" + resource = ManagedResource( + "LoadBalancer", "lb-123", "ACTIVE", 1761230543.151 + ) + group = ManagedResourceGroup(resources=[resource]) + result = group.get_stream_string("2025-12-15 10:00:00") + assert "[2025-12-15 10:00:00]" in result + assert "LoadBalancer" in result + assert "lb-123" in result + assert "ACTIVE" in result + + def test_get_stream_string_multiple_resources(self): + """Test resource group with multiple resources""" + resource1 = ManagedResource( + "LoadBalancer", "lb-123", "ACTIVE", 1761230543.151 + ) + resource2 = ManagedResource( + "TargetGroup", "tg-456", "PROVISIONING", 1761230543.151 + ) + group = ManagedResourceGroup(resources=[resource1, resource2]) + result = group.get_stream_string("2025-12-15 10:00:00") + + # Should have both resources + assert "LoadBalancer" in result + assert "lb-123" in result + assert "TargetGroup" in result + assert "tg-456" in result + + # Should have newline between resources + lines = result.split("\n") + assert len(lines) > 1 + + def test_get_stream_string_nested_groups(self): + """Test resource group with nested groups""" + resource1 = ManagedResource( + "LoadBalancer", "lb-123", "ACTIVE", 1761230543.151 + ) + resource2 = ManagedResource( + "TargetGroup", "tg-456", "ACTIVE", 1761230543.151 + ) + nested_group = ManagedResourceGroup(resources=[resource2]) + + group = ManagedResourceGroup(resources=[resource1, nested_group]) + result = group.get_stream_string("2025-12-15 10:00:00") + + # Should have flattened both resources + assert "LoadBalancer" in result + assert "lb-123" in result + assert "TargetGroup" in result + assert "tg-456" in result + + def test_get_stream_string_deeply_nested_groups(self): + """Test resource group with multiple levels of nesting""" + resource1 = ManagedResource( + "Cluster", "cluster-1", "ACTIVE", 1761230543.151 + ) + resource2 = ManagedResource( + "Service", "service-1", "ACTIVE", 1761230543.151 + ) + resource3 = ManagedResource( + "LoadBalancer", "lb-123", "ACTIVE", 1761230543.151 + ) + + nested_level2 = ManagedResourceGroup(resources=[resource3]) + nested_level1 = ManagedResourceGroup( + resources=[resource2, nested_level2] + ) + group = ManagedResourceGroup(resources=[resource1, nested_level1]) + + result = group.get_stream_string("2025-12-15 10:00:00") + + # Should have all resources flattened + assert "Cluster" in result + assert "Service" in result + assert "LoadBalancer" in result + + def test_get_stream_string_with_resource_details(self): + """Test that resource details are preserved in stream output""" + resource = ManagedResource( + "LoadBalancer", + "lb-123", + "PROVISIONING", + 1761230543.151, + "Waiting for DNS propagation", + "DNS: example.elb.amazonaws.com", + ) + group = ManagedResourceGroup(resources=[resource]) + result = group.get_stream_string("2025-12-15 10:00:00") + + assert "Reason: Waiting for DNS propagation" in result + assert "Info: DNS: example.elb.amazonaws.com" in result + assert "Last Updated At:" in result + + def test_get_stream_string_preserves_order(self): + """Test that resource order is preserved in output""" + resource1 = ManagedResource( + "Cluster", "cluster-1", "ACTIVE", 1761230543.151 + ) + resource2 = ManagedResource( + "Service", "service-1", "ACTIVE", 1761230543.151 + ) + resource3 = ManagedResource( + "LoadBalancer", "lb-123", "ACTIVE", 1761230543.151 + ) + + group = ManagedResourceGroup( + resources=[resource1, resource2, resource3] + ) + result = group.get_stream_string("2025-12-15 10:00:00") + + # Find positions of each resource type in output + cluster_pos = result.find("Cluster") + service_pos = result.find("Service") + lb_pos = result.find("LoadBalancer") + + # Order should be preserved + assert cluster_pos < service_pos + assert service_pos < lb_pos + + def test_get_stream_string_no_color(self): + """Test stream string without color codes""" + resource = ManagedResource( + "LoadBalancer", "lb-123", "ACTIVE", 1761230543.151 + ) + group = ManagedResourceGroup(resources=[resource]) + result = group.get_stream_string( + "2025-12-15 10:00:00", use_color=False + ) + + assert "LoadBalancer" in result + assert "lb-123" in result + # Should not contain ANSI color codes + assert "\x1b[" not in result + + def test_get_stream_string_with_color(self): + """Test stream string with color codes""" + resource = ManagedResource( + "LoadBalancer", "lb-123", "ACTIVE", 1761230543.151 + ) + group = ManagedResourceGroup(resources=[resource]) + result = group.get_stream_string("2025-12-15 10:00:00", use_color=True) + + assert "LoadBalancer" in result + assert "lb-123" in result + # Should contain ANSI color codes + assert "\x1b[" in result + + def test_get_stream_string_mixed_resource_types(self): + """Test group with various resource types and statuses""" + resources = [ + ManagedResource("Cluster", "cluster-1", "ACTIVE", 1761230543.151), + ManagedResource( + "Service", "service-1", "UPDATING", 1761230543.151 + ), + ManagedResource( + "LoadBalancer", + "lb-123", + "PROVISIONING", + 1761230543.151, + "Creating", + ), + ManagedResource( + "TargetGroup", "tg-456", "FAILED", 1761230543.151, "Error" + ), + ] + group = ManagedResourceGroup(resources=resources) + result = group.get_stream_string("2025-12-15 10:00:00") + + # All resources should be present + assert "Cluster" in result + assert "Service" in result + assert "LoadBalancer" in result + assert "TargetGroup" in result + + # All statuses should be present + assert "ACTIVE" in result + assert "UPDATING" in result + assert "PROVISIONING" in result + assert "FAILED" in result + + def test_get_stream_string_with_group_metadata(self): + """Test that group-level metadata doesn't affect stream output""" + resource = ManagedResource( + "LoadBalancer", "lb-123", "ACTIVE", 1761230543.151 + ) + group = ManagedResourceGroup( + resource_type="ManagedResources", + identifier="group-1", + resources=[resource], + status="ACTIVE", + reason="All resources healthy", + ) + result = group.get_stream_string("2025-12-15 10:00:00") + + # Should still show the actual resource, not group metadata + assert "LoadBalancer" in result + assert "lb-123" in result + + # Group metadata should not appear in stream output + # (stream output is for individual resources only) + assert "group-1" not in result + + def test_get_stream_string_empty_nested_group(self): + """Test nested group that is empty is handled correctly""" + resource = ManagedResource( + "LoadBalancer", "lb-123", "ACTIVE", 1761230543.151 + ) + empty_nested = ManagedResourceGroup() + group = ManagedResourceGroup(resources=[resource, empty_nested]) + result = group.get_stream_string("2025-12-15 10:00:00") -if __name__ == '__main__': - unittest.main() + # Should show the resource from non-empty group + assert "LoadBalancer" in result + # Empty nested group shouldn't add extra content + lines = [line for line in result.split("\n") if line.strip()] + # LoadBalancer resource produces multiple lines (timestamp line + optional detail lines) + assert len(lines) > 0 diff --git a/tests/unit/customizations/ecs/expressgateway/test_stream_display.py b/tests/unit/customizations/ecs/expressgateway/test_stream_display.py new file mode 100644 index 000000000000..4a86d3661ef7 --- /dev/null +++ b/tests/unit/customizations/ecs/expressgateway/test_stream_display.py @@ -0,0 +1,388 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). You +# may not use this file except in compliance with the License. A copy of +# the License is located at +# +# http://aws.amazon.com/apache2.0/ + +import time + +import pytest + +from awscli.customizations.ecs.expressgateway.managedresource import ( + ManagedResource, +) +from awscli.customizations.ecs.expressgateway.managedresourcegroup import ( + ManagedResourceGroup, +) +from awscli.customizations.ecs.expressgateway.stream_display import ( + StreamDisplay, +) + + +@pytest.fixture +def display(): + """Fixture that returns a StreamDisplay with color enabled.""" + return StreamDisplay(use_color=True) + + +class TestStreamDisplay: + """Test StreamDisplay for text-based monitoring output.""" + + def test_show_startup_message(self, display, capsys): + """Test startup message includes timestamp""" + display.show_startup_message() + + output = capsys.readouterr().out + assert "Starting monitoring..." in output + assert "[" in output + + def test_show_polling_message(self, display, capsys): + """Test polling message includes timestamp""" + display.show_polling_message() + + output = capsys.readouterr().out + assert "Polling for updates..." in output + + def test_show_monitoring_data_with_info(self, display, capsys): + """Test showing info message""" + display.show_monitoring_data(None, "Info message") + + output = capsys.readouterr().out + assert "Info message" in output and output.endswith("\n") + + def test_show_monitoring_data_first_poll_shows_all(self, display, capsys): + """Test first poll shows all resources""" + resource = ManagedResource( + "LoadBalancer", "lb-123", "ACTIVE", None, None + ) + resource_group = ManagedResourceGroup(resources=[resource]) + + display.show_monitoring_data(resource_group, None) + + output = capsys.readouterr().out + assert "LoadBalancer" in output + assert "lb-123" in output + + def test_show_monitoring_data_no_changes(self, display, capsys): + """Test no output when resources haven't changed""" + resource = ManagedResource( + "LoadBalancer", "lb-123", "ACTIVE", None, None + ) + resource_group = ManagedResourceGroup(resources=[resource]) + + # First poll - show all + display.show_monitoring_data(resource_group, None) + capsys.readouterr() # Clear output to test second call + + # Second poll - same resources, no changes + display.show_monitoring_data(resource_group, None) + + output = capsys.readouterr().out + assert output == "" + + def test_show_monitoring_data_with_new_resource(self, display, capsys): + """Test output when new resources are added""" + resource1 = ManagedResource( + "LoadBalancer", "lb-123", "ACTIVE", None, None + ) + resource_group1 = ManagedResourceGroup(resources=[resource1]) + + display.show_monitoring_data(resource_group1, None) + capsys.readouterr() # Clear initial output to verify new resource shows + + # Second resource group with additional resource + resource2 = ManagedResource( + "TargetGroup", "tg-456", "ACTIVE", None, None + ) + resource_group2 = ManagedResourceGroup( + resources=[resource1, resource2] + ) + + display.show_monitoring_data(resource_group2, None) + + output = capsys.readouterr().out + assert "TargetGroup" in output + + def test_show_timeout_message(self, display, capsys): + """Test timeout message""" + display.show_timeout_message() + + output = capsys.readouterr().out + assert "timeout reached" in output.lower() + + def test_show_service_inactive_message(self, display, capsys): + """Test service inactive message""" + display.show_service_inactive_message() + + output = capsys.readouterr().out + assert "inactive" in output.lower() + + def test_show_completion_message(self, display, capsys): + """Test completion message""" + display.show_completion_message() + + output = capsys.readouterr().out + assert "complete" in output.lower() + + def test_show_user_stop_message(self, display, capsys): + """Test user stop message""" + display.show_user_stop_message() + + output = capsys.readouterr().out + assert "stopped by user" in output.lower() + + def test_show_error_message(self, display, capsys): + """Test error message""" + display.show_error_message("Test error") + + output = capsys.readouterr().out + assert "Error" in output + assert "Test error" in output + + def test_use_color_parameter(self): + """Test use_color parameter is stored""" + display_with_color = StreamDisplay(use_color=True) + assert display_with_color.use_color is True + + display_no_color = StreamDisplay(use_color=False) + assert display_no_color.use_color is False + + def test_print_flattened_resources_with_reason(self, display, capsys): + """Test resource with reason prints on separate line""" + resource = ManagedResource( + "LoadBalancer", + "lb-123", + "CREATING", + None, + "Waiting for DNS propagation", + ) + resource_group = ManagedResourceGroup(resources=[resource]) + + display.show_monitoring_data(resource_group, None) + + output = capsys.readouterr().out + lines = output.splitlines() + + # Find the line with LoadBalancer + lb_line_idx = next( + i for i, line in enumerate(lines) if "LoadBalancer" in line + ) + reason_line_idx = next( + i + for i, line in enumerate(lines) + if "Reason: Waiting for DNS propagation" in line + ) + + # Reason should be on a different line than LoadBalancer + assert lb_line_idx != reason_line_idx + # Reason should come after the LoadBalancer line + assert reason_line_idx > lb_line_idx + + def test_print_flattened_resources_with_updated_at(self, display, capsys): + """Test resource with updated_at timestamp prints on separate line""" + current_time = time.time() + resource = ManagedResource( + "LoadBalancer", "lb-123", "ACTIVE", current_time, None + ) + resource_group = ManagedResourceGroup(resources=[resource]) + + display.show_monitoring_data(resource_group, None) + + output = capsys.readouterr().out + lines = output.splitlines() + + # Find the line with LoadBalancer + lb_line_idx = next( + i for i, line in enumerate(lines) if "LoadBalancer" in line + ) + updated_line_idx = next( + i for i, line in enumerate(lines) if "Last Updated At:" in line + ) + + # Updated timestamp should be on a different line than LoadBalancer + assert lb_line_idx != updated_line_idx + # Updated timestamp should come after the LoadBalancer line + assert updated_line_idx > lb_line_idx + + def test_print_flattened_resources_with_additional_info( + self, display, capsys + ): + """Test resource with additional_info prints on separate line""" + resource = ManagedResource( + "LoadBalancer", "lb-123", "ACTIVE", None, None + ) + resource.additional_info = "DNS: example.elb.amazonaws.com" + resource_group = ManagedResourceGroup(resources=[resource]) + + display.show_monitoring_data(resource_group, None) + + output = capsys.readouterr().out + lines = output.splitlines() + + # Find the line with LoadBalancer + lb_line_idx = next( + i for i, line in enumerate(lines) if "LoadBalancer" in line + ) + info_line_idx = next( + i + for i, line in enumerate(lines) + if "Info: DNS: example.elb.amazonaws.com" in line + ) + + # Info should be on a different line than LoadBalancer + assert lb_line_idx != info_line_idx + # Info should come after the LoadBalancer line + assert info_line_idx > lb_line_idx + + def test_print_flattened_resources_complete_multi_line( + self, display, capsys + ): + """Test resource with all fields prints on multiple lines""" + resource = ManagedResource( + "LoadBalancer", + "lb-123", + "CREATING", + time.time(), + "Provisioning load balancer", + ) + resource.additional_info = "Type: application" + resource_group = ManagedResourceGroup(resources=[resource]) + + display.show_monitoring_data(resource_group, None) + + output = capsys.readouterr().out + lines = output.splitlines() + + # Find all the relevant lines + lb_line_idx = next( + i + for i, line in enumerate(lines) + if "LoadBalancer" in line and "lb-123" in line + ) + reason_line_idx = next( + i + for i, line in enumerate(lines) + if "Reason: Provisioning load balancer" in line + ) + updated_line_idx = next( + i for i, line in enumerate(lines) if "Last Updated At:" in line + ) + info_line_idx = next( + i + for i, line in enumerate(lines) + if "Info: Type: application" in line + ) + + # All detail lines should be different from the main line + assert reason_line_idx != lb_line_idx + assert updated_line_idx != lb_line_idx + assert info_line_idx != lb_line_idx + + # All detail lines should come after the main line + assert reason_line_idx > lb_line_idx + assert updated_line_idx > lb_line_idx + assert info_line_idx > lb_line_idx + + def test_diff_detects_status_change(self, display, capsys): + """Test diff detects when status changes""" + resource1 = ManagedResource( + "LoadBalancer", "lb-123", "CREATING", None, None + ) + resource_group1 = ManagedResourceGroup(resources=[resource1]) + + # First poll + display.show_monitoring_data(resource_group1, None) + capsys.readouterr() # Clear initial output to test status change detection + + # Second poll - same resource but status changed + resource2 = ManagedResource( + "LoadBalancer", "lb-123", "ACTIVE", None, None + ) + resource_group2 = ManagedResourceGroup(resources=[resource2]) + + display.show_monitoring_data(resource_group2, None) + + output = capsys.readouterr().out + assert "LoadBalancer" in output + assert "ACTIVE" in output + + def test_diff_detects_reason_change(self, display, capsys): + """Test diff detects when reason changes""" + resource1 = ManagedResource( + "LoadBalancer", "lb-123", "CREATING", None, "Creating resources" + ) + resource_group1 = ManagedResourceGroup(resources=[resource1]) + + # First poll + display.show_monitoring_data(resource_group1, None) + capsys.readouterr() # Clear initial output to test reason change detection + + # Second poll - same resource but reason changed + resource2 = ManagedResource( + "LoadBalancer", "lb-123", "CREATING", None, "Waiting for DNS" + ) + resource_group2 = ManagedResourceGroup(resources=[resource2]) + + display.show_monitoring_data(resource_group2, None) + + output = capsys.readouterr().out + assert "Waiting for DNS" in output + + def test_diff_detects_additional_info_change(self, display, capsys): + """Test diff detects when additional_info changes""" + resource1 = ManagedResource( + "LoadBalancer", "lb-123", "ACTIVE", None, None + ) + resource1.additional_info = "DNS: old.example.com" + resource_group1 = ManagedResourceGroup(resources=[resource1]) + + # First poll + display.show_monitoring_data(resource_group1, None) + capsys.readouterr() # Clear initial output to test additional_info change detection + + # Second poll - same resource but additional_info changed + resource2 = ManagedResource( + "LoadBalancer", "lb-123", "ACTIVE", None, None + ) + resource2.additional_info = "DNS: new.example.com" + resource_group2 = ManagedResourceGroup(resources=[resource2]) + + display.show_monitoring_data(resource_group2, None) + + output = capsys.readouterr().out + assert "new.example.com" in output + + def test_resource_with_none_type_shows_identifier(self, display, capsys): + """Test resources with resource_type=None show identifier without type""" + resource = ManagedResource( + None, + "mystery-resource-123", + "FAILED", + reason="Something went wrong", + ) + resource_group = ManagedResourceGroup( + resource_type="TestGroup", resources=[resource] + ) + + display.show_monitoring_data(resource_group, None) + + output = capsys.readouterr().out + assert "mystery-resource-123" in output + assert "FAILED" in output + + def test_resource_with_none_type_and_none_identifier( + self, display, capsys + ): + """Test resources with both resource_type=None and identifier=None show 'Unknown Resource' placeholder""" + resource = ManagedResource(None, None, "ACTIVE") + resource_group = ManagedResourceGroup( + resource_type="TestGroup", resources=[resource] + ) + + display.show_monitoring_data(resource_group, None) + + output = capsys.readouterr().out + assert "Unknown Resource" in output + assert "ACTIVE" in output diff --git a/tests/unit/customizations/ecs/test_monitorexpressgatewayservice.py b/tests/unit/customizations/ecs/test_monitorexpressgatewayservice.py index 37d9fa0a63e1..f6900905ad0e 100644 --- a/tests/unit/customizations/ecs/test_monitorexpressgatewayservice.py +++ b/tests/unit/customizations/ecs/test_monitorexpressgatewayservice.py @@ -19,12 +19,6 @@ ECSMonitorExpressGatewayService, ) -# Suppress thread exception warnings - tests use KeyboardInterrupt to exit monitoring loops, -# which causes expected exceptions in background threads -pytestmark = pytest.mark.filterwarnings( - "ignore::pytest.PytestUnhandledThreadExceptionWarning" -) - class TestECSMonitorExpressGatewayServiceCommand: """Test the command class through public interface""" @@ -83,315 +77,153 @@ def test_non_monitoring_error_bubbles_up(self, mock_isatty): @patch('sys.stdout.isatty') def test_interactive_mode_requires_tty(self, mock_isatty, capsys): - """Test command fails when not in TTY""" + """Test interactive mode fails without TTY""" # Not in TTY mock_isatty.return_value = False mock_session = Mock() + mock_client = Mock() + mock_session.create_client.return_value = mock_client + command = ECSMonitorExpressGatewayService(mock_session) parsed_args = Mock( - service_arn="test-arn", resource_view="RESOURCE", timeout=30 + service_arn="test-arn", + resource_view="RESOURCE", + timeout=30, + mode='INTERACTIVE', ) parsed_globals = Mock( - region="us-west-2", endpoint_url=None, verify_ssl=True + region="us-west-2", + endpoint_url=None, + verify_ssl=True, + color='auto', ) result = command._run_main(parsed_args, parsed_globals) captured = capsys.readouterr() + assert "Interactive mode requires a TTY" in captured.err + assert "aws: [ERROR]:" in captured.err assert result == 1 - assert "This command requires a TTY" in captured.err + @patch('sys.stdout.isatty') + def test_text_only_mode_without_tty(self, mock_isatty, capsys): + """Test command uses text-only mode when not in TTY""" + # Not in TTY + mock_isatty.return_value = False -class TestECSExpressGatewayServiceWatcher: - """Test the watcher class through public interface""" + mock_session = Mock() + mock_client = Mock() + mock_session.create_client.return_value = mock_client - @patch('sys.stdout.isatty') - def test_is_monitoring_available_with_tty(self, mock_isatty): - """Test is_monitoring_available returns True when TTY is available""" - mock_isatty.return_value = True - assert ( - ECSExpressGatewayServiceWatcher.is_monitoring_available() is True - ) + mock_watcher_class = Mock() + mock_watcher = Mock() + mock_watcher_class.return_value = mock_watcher - @patch('sys.stdout.isatty') - def test_is_monitoring_available_without_tty(self, mock_isatty): - """Test is_monitoring_available returns False when TTY is not available""" - mock_isatty.return_value = False - assert ( - ECSExpressGatewayServiceWatcher.is_monitoring_available() is False + command = ECSMonitorExpressGatewayService( + mock_session, watcher_class=mock_watcher_class ) - def setup_method(self): - self.app_session = create_app_session(output=DummyOutput()) - self.app_session.__enter__() - self.mock_client = Mock() - self.service_arn = ( - "arn:aws:ecs:us-west-2:123456789012:service/my-cluster/my-service" + parsed_args = Mock( + service_arn="test-arn", + resource_view="RESOURCE", + timeout=30, + mode=None, ) + parsed_globals = Mock( + region="us-west-2", endpoint_url=None, verify_ssl=True + ) + + command._run_main(parsed_args, parsed_globals) + + +@pytest.fixture +def watcher_app_session(): + """Fixture that creates and manages an app session for watcher tests.""" + with create_app_session(output=DummyOutput()) as session: + yield session - def teardown_method(self): - if hasattr(self, 'app_session'): - self.app_session.__exit__(None, None, None) - def _create_watcher_with_mocks(self, resource_view="RESOURCE", timeout=1): - """Helper to create watcher with mocked display""" - mock_display = Mock() - mock_display.has_terminal.return_value = True - mock_display._check_keypress.return_value = None - mock_display._restore_terminal.return_value = None - mock_display.display.return_value = None +@pytest.fixture +def service_arn(): + """Fixture that provides a test service ARN.""" + return "arn:aws:ecs:us-west-2:123456789012:service/my-cluster/my-service" + + +class TestECSExpressGatewayServiceWatcher: + """Test the watcher class through public interface""" + + def test_init_creates_collector_with_correct_parameters(self): + """Test watcher creates collector with correct client, service_arn, resource_view, use_color""" + mock_client = Mock() + service_arn = "arn:aws:ecs:us-west-2:123456789012:service/test-service" watcher = ECSExpressGatewayServiceWatcher( - self.mock_client, - self.service_arn, - resource_view, - timeout_minutes=timeout, - display=mock_display, + mock_client, + service_arn, + resource_view="DEPLOYMENT", + display_mode="TEXT-ONLY", + use_color=False, ) - # Mock exec to call the monitoring method once and print output - original_monitor = watcher._monitor_express_gateway_service - - def mock_exec(): - try: - output = original_monitor("⠋", self.service_arn, resource_view) - print(output) - print("Monitoring Complete!") - except Exception as e: - # Re-raise expected exceptions - if isinstance(e, (ClientError, MonitoringError)): - raise - # For other exceptions, just print and complete - print("Monitoring Complete!") - - watcher.exec = mock_exec - return watcher - - @patch('time.sleep') - def test_exec_successful_all_mode_monitoring(self, mock_sleep, capsys): - """Test successful monitoring in RESOURCE mode with resource parsing""" - watcher = self._create_watcher_with_mocks() - mock_sleep.side_effect = KeyboardInterrupt() - - self.mock_client.describe_express_gateway_service.return_value = { - "service": { - "serviceArn": self.service_arn, - "cluster": "my-cluster", - "activeConfigurations": [{"serviceRevisionArn": "rev-arn"}], - } - } - self.mock_client.describe_service_revisions.return_value = { - "serviceRevisions": [ - { - "arn": "rev-arn", - "ecsManagedResources": { - "ingressPaths": [ - { - "endpoint": "https://api.example.com", - "loadBalancer": { - "arn": "arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/my-lb/1234567890abcdef", - "status": "ACTIVE", - }, - "targetGroups": [ - { - "arn": "arn:aws:elasticloadbalancing:us-west-2:123456789012:targetgroup/my-tg/1234567890abcdef", - "status": "HEALTHY", - } - ], - } - ], - "serviceSecurityGroups": [ - { - "arn": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-1234567890abcdef0", - "status": "ACTIVE", - } - ], - "logGroups": [ - { - "arn": "arn:aws:logs:us-west-2:123456789012:log-group:/aws/ecs/my-service", - "status": "ACTIVE", - } - ], - }, - } - ] - } - self.mock_client.describe_services.return_value = { - "services": [{"events": [{"message": "Running"}]}] - } + # Verify collector was created with correct parameters + assert watcher.collector is not None + assert watcher.collector._client == mock_client + assert watcher.collector.service_arn == service_arn + assert watcher.collector.mode == "DEPLOYMENT" + assert watcher.collector.use_color is False - watcher.exec() - captured = capsys.readouterr() - output_text = captured.out - - # Verify parsed resources appear in output - assert "Cluster" in output_text - assert "Service" in output_text - assert "IngressPath" in output_text - assert "LoadBalancer" in output_text - assert "TargetGroup" in output_text - assert "SecurityGroup" in output_text - assert "LogGroup" in output_text - - # Specific identifiers - assert "https://api.example.com" in output_text # IngressPath endpoint - assert "my-lb" in output_text # LoadBalancer identifier - assert "my-tg" in output_text # TargetGroup identifier - assert ( - "sg-1234567890abcdef0" in output_text - ) # SecurityGroup identifier - assert "/aws/ecs/my-service" in output_text # LogGroup identifier - - # Status values - assert "ACTIVE" in output_text # LoadBalancer and SecurityGroup status - assert "HEALTHY" in output_text # TargetGroup status + def test_init_uses_injected_collector(self): + """Test watcher uses injected collector instead of creating one""" + mock_collector = Mock() + mock_display_strategy = Mock() - @patch('time.sleep') - def test_exec_successful_delta_mode_with_deployment( - self, mock_sleep, capsys - ): - """Test DEPLOYMENT mode executes successfully""" - watcher = self._create_watcher_with_mocks() - mock_sleep.side_effect = KeyboardInterrupt() - - self.mock_client.describe_express_gateway_service.return_value = { - "service": { - "serviceArn": self.service_arn, - "cluster": "my-cluster", - "activeConfigurations": [], - } - } - self.mock_client.describe_services.return_value = { - "services": [{"events": [{"message": "Service running"}]}] - } + watcher = ECSExpressGatewayServiceWatcher( + Mock(), + "arn:aws:ecs:us-west-2:123456789012:service/test-service", + "RESOURCE", + "INTERACTIVE", + collector=mock_collector, + display_strategy=mock_display_strategy, + ) - watcher.exec() - captured = capsys.readouterr() + assert watcher.collector == mock_collector - # Verify DEPLOYMENT mode executes successfully - assert captured.out - - @patch('time.sleep') - def test_exec_combined_view_multiple_revisions(self, mock_sleep, capsys): - """Test RESOURCE mode combines multiple service revisions correctly""" - watcher = self._create_watcher_with_mocks() - mock_sleep.side_effect = KeyboardInterrupt() - - # Multiple active configurations (combined view) - self.mock_client.describe_express_gateway_service.return_value = { - "service": { - "serviceArn": self.service_arn, - "cluster": "my-cluster", - "activeConfigurations": [ - {"serviceRevisionArn": "rev-1"}, - {"serviceRevisionArn": "rev-2"}, - ], - } - } - - # Mock multiple revisions with different resources - self.mock_client.describe_service_revisions.return_value = { - "serviceRevisions": [ - { - "arn": "rev-1", - "ecsManagedResources": { - "ingressPaths": [ - { - "endpoint": "https://api.example.com", - "loadBalancer": { - "arn": "arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/api-lb/1234", - "status": "ACTIVE", - }, - } - ], - "serviceSecurityGroups": [ - { - "arn": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-api123", - "status": "ACTIVE", - } - ], - }, - }, - { - "arn": "rev-2", - "ecsManagedResources": { - "ingressPaths": [ - { - "endpoint": "https://web.example.com", - "loadBalancer": { - "arn": "arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/web-lb/5678", - "status": "CREATING", - }, - } - ], - "logGroups": [ - { - "arn": "arn:aws:logs:us-west-2:123456789012:log-group:/aws/ecs/web-logs", - "status": "ACTIVE", - } - ], - }, - }, - ] - } - - self.mock_client.describe_services.return_value = { - "services": [ - {"events": [{"message": "Multiple revisions active"}]} - ] - } + def test_exec_calls_display_strategy_with_correct_parameters( + self, watcher_app_session + ): + """Test exec() calls display strategy with collector, start_time, and timeout""" + mock_collector = Mock() + mock_display_strategy = Mock() - watcher.exec() - captured = capsys.readouterr() - output_text = captured.out - - # Verify combined view shows resources from both revisions - # Resource types from both revisions - assert "IngressPath" in output_text - assert "LoadBalancer" in output_text - assert "SecurityGroup" in output_text # From rev-1 - assert "LogGroup" in output_text # From rev-2 - - # Specific identifiers from both revisions - assert "https://api.example.com" in output_text # From rev-1 - assert "https://web.example.com" in output_text # From rev-2 - assert "api-lb" in output_text # From rev-1 - assert "web-lb" in output_text # From rev-2 - assert "sg-api123" in output_text # From rev-1 - assert "/aws/ecs/web-logs" in output_text # From rev-2 - - # Status values from both revisions - assert "ACTIVE" in output_text # From both revisions - assert "CREATING" in output_text # From rev-2 - - @patch('time.sleep') - def test_exec_keyboard_interrupt_handling(self, mock_sleep, capsys): - watcher = self._create_watcher_with_mocks() - mock_sleep.side_effect = KeyboardInterrupt() - - self.mock_client.describe_express_gateway_service.return_value = { - "service": { - "serviceArn": self.service_arn, - "cluster": "my-cluster", - "activeConfigurations": [], - } - } + watcher = ECSExpressGatewayServiceWatcher( + Mock(), + "arn:aws:ecs:us-west-2:123456789012:service/test-service", + "RESOURCE", + "INTERACTIVE", + timeout_minutes=15, + display_strategy=mock_display_strategy, + collector=mock_collector, + ) watcher.exec() - captured = capsys.readouterr() - # Verify completion message is printed - assert "Monitoring Complete!" in captured.out + # Verify display strategy was called once + mock_display_strategy.execute_monitoring.assert_called_once() - @patch('time.sleep') - def test_exec_with_service_not_found_error(self, mock_sleep): - """Test exec() with service not found error bubbles up""" - watcher = self._create_watcher_with_mocks() - mock_sleep.side_effect = KeyboardInterrupt() + # Verify correct parameters were passed + call_args = mock_display_strategy.execute_monitoring.call_args + assert call_args.kwargs['collector'] == mock_collector + assert call_args.kwargs['start_time'] == watcher.start_time + assert call_args.kwargs['timeout_minutes'] == 15 - error = ClientError( + def test_exec_propagates_exceptions_from_display_strategy( + self, watcher_app_session + ): + """Test exec() propagates exceptions from display strategy""" + mock_display_strategy = Mock() + mock_display_strategy.execute_monitoring.side_effect = ClientError( error_response={ 'Error': { 'Code': 'ServiceNotFoundException', @@ -400,12 +232,19 @@ def test_exec_with_service_not_found_error(self, mock_sleep): }, operation_name='DescribeExpressGatewayService', ) - self.mock_client.describe_express_gateway_service.side_effect = error + + watcher = ECSExpressGatewayServiceWatcher( + Mock(), + "arn:aws:ecs:us-west-2:123456789012:service/test-service", + "RESOURCE", + "INTERACTIVE", + display_strategy=mock_display_strategy, + collector=Mock(), + ) with pytest.raises(ClientError) as exc_info: watcher.exec() - # Verify the specific error is raised assert ( exc_info.value.response['Error']['Code'] == 'ServiceNotFoundException' @@ -414,326 +253,6 @@ def test_exec_with_service_not_found_error(self, mock_sleep): exc_info.value.response['Error']['Message'] == 'Service not found' ) - @patch('time.sleep') - def test_exec_with_inactive_service_handled_gracefully( - self, mock_sleep, capsys - ): - """Test exec() handles inactive service gracefully""" - watcher = self._create_watcher_with_mocks() - mock_sleep.side_effect = KeyboardInterrupt() - - self.mock_client.describe_express_gateway_service.side_effect = ClientError( - error_response={ - 'Error': { - 'Code': 'InvalidParameterException', - 'Message': 'Cannot call DescribeServiceRevisions for a service that is INACTIVE', - } - }, - operation_name='DescribeExpressGatewayService', - ) - self.mock_client.describe_services.return_value = { - "services": [{"events": [{"message": "Service is inactive"}]}] - } - - watcher.exec() - captured = capsys.readouterr() - - # Verify inactive service is handled and appropriate message shown - assert "inactive" in captured.out.lower() - - @patch('time.sleep') - def test_exec_with_empty_resources(self, mock_sleep, capsys): - """Test parsing edge case: empty/null resources""" - watcher = self._create_watcher_with_mocks() - mock_sleep.side_effect = KeyboardInterrupt() - - self.mock_client.describe_express_gateway_service.return_value = { - "service": { - "serviceArn": self.service_arn, - "cluster": "my-cluster", - "activeConfigurations": [{"serviceRevisionArn": "rev-arn"}], - } - } - # Empty ecsManagedResources - self.mock_client.describe_service_revisions.return_value = { - "serviceRevisions": [{"arn": "rev-arn", "ecsManagedResources": {}}] - } - self.mock_client.describe_services.return_value = { - "services": [{"events": [{"message": "No resources"}]}] - } - - watcher.exec() - captured = capsys.readouterr() - output_text = captured.out - - # Should handle empty resources gracefully but still show basic structure - assert "Cluster" in output_text - assert "Service" in output_text - # Should NOT contain resource types since ecsManagedResources is empty - assert "IngressPath" not in output_text - assert "LoadBalancer" not in output_text - - @patch('time.sleep') - def test_exec_with_autoscaling_resources(self, mock_sleep, capsys): - """Test autoscaling resource parsing with scalableTarget and policies""" - watcher = self._create_watcher_with_mocks() - mock_sleep.side_effect = KeyboardInterrupt() - - self.mock_client.describe_express_gateway_service.return_value = { - "service": { - "serviceArn": self.service_arn, - "cluster": "my-cluster", - "activeConfigurations": [{"serviceRevisionArn": "rev-arn"}], - } - } - self.mock_client.describe_service_revisions.return_value = { - "serviceRevisions": [ - { - "arn": "rev-arn", - "ecsManagedResources": { - "autoScaling": { - "scalableTarget": { - "arn": "arn:aws:application-autoscaling:us-west-2:123456789012:scalable-target/1234567890abcdef", - "status": "ACTIVE", - }, - "applicationAutoScalingPolicies": [ - { - "arn": "arn:aws:application-autoscaling:us-west-2:123456789012:scaling-policy/cpu-policy", - "status": "ACTIVE", - }, - { - "arn": "arn:aws:application-autoscaling:us-west-2:123456789012:scaling-policy/memory-policy", - "status": "ACTIVE", - }, - ], - } - }, - } - ] - } - self.mock_client.describe_services.return_value = { - "services": [{"events": [{"message": "Autoscaling active"}]}] - } - - watcher.exec() - captured = capsys.readouterr() - output_text = captured.out - - assert "AutoScaling" in output_text - assert "ScalableTarget" in output_text - assert "AutoScalingPolicy" in output_text - # ScalableTarget identifier - assert "1234567890abcdef" in output_text - # Policy identifiers - assert "cpu-policy" in output_text - assert "memory-policy" in output_text - - @patch('time.sleep') - def test_exec_with_malformed_resource_data(self, mock_sleep, capsys): - """Test parsing edge case: malformed resource data""" - watcher = self._create_watcher_with_mocks() - mock_sleep.side_effect = KeyboardInterrupt() - - self.mock_client.describe_express_gateway_service.return_value = { - "service": { - "serviceArn": self.service_arn, - "cluster": "my-cluster", - "activeConfigurations": [{"serviceRevisionArn": "rev-arn"}], - } - } - # Malformed resources - missing required fields - self.mock_client.describe_service_revisions.return_value = { - "serviceRevisions": [ - { - "arn": "rev-arn", - "ecsManagedResources": { - "ingressPaths": [ - {"endpoint": "https://example.com"} - ], # Missing loadBalancer - "serviceSecurityGroups": [ - {"status": "ACTIVE"} - ], # Missing arn - }, - } - ] - } - self.mock_client.describe_services.return_value = { - "services": [{"events": [{"message": "Malformed data"}]}] - } - - watcher.exec() - captured = capsys.readouterr() - output_text = captured.out - - # Should handle malformed data gracefully and show what it can parse - assert "IngressPath" in output_text - assert "https://example.com" in output_text - # Should show SecurityGroup type even with missing arn - assert "SecurityGroup" in output_text - # Should NOT show LoadBalancer since it's missing from IngressPath - assert "LoadBalancer" not in output_text - - @patch('time.sleep') - def test_exec_eventually_consistent_missing_deployment( - self, mock_sleep, capsys - ): - """Test eventually consistent behavior: deployment missing after list""" - watcher = self._create_watcher_with_mocks() - mock_sleep.side_effect = KeyboardInterrupt() - - self.mock_client.describe_express_gateway_service.return_value = { - "service": { - "serviceArn": self.service_arn, - "cluster": "my-cluster", - "activeConfigurations": [], - } - } - # List shows deployment exists - self.mock_client.list_service_deployments.return_value = { - "serviceDeployments": [{"serviceDeploymentArn": "deploy-arn"}] - } - # But describe fails (eventually consistent) - self.mock_client.describe_service_deployments.return_value = { - "serviceDeployments": [], - "failures": [{"arn": "deploy-arn", "reason": "MISSING"}], - } - self.mock_client.describe_services.return_value = { - "services": [{"events": [{"message": "Eventually consistent"}]}] - } - - watcher.exec() - captured = capsys.readouterr() - output_text = captured.out - - # Should handle eventually consistent missing deployment gracefully - # Should show waiting state when deployment is missing - assert "Trying to describe gateway service" in output_text - assert "Monitoring Complete" in output_text - - @patch('time.sleep') - def test_exec_eventually_consistent_missing_revision( - self, mock_sleep, capsys - ): - """Test eventually consistent behavior: service revision missing after deployment describe""" - watcher = self._create_watcher_with_mocks() - mock_sleep.side_effect = KeyboardInterrupt() - - self.mock_client.describe_express_gateway_service.return_value = { - "service": { - "serviceArn": self.service_arn, - "cluster": "my-cluster", - "activeConfigurations": [], - } - } - self.mock_client.list_service_deployments.return_value = { - "serviceDeployments": [{"serviceDeploymentArn": "deploy-arn"}] - } - self.mock_client.describe_service_deployments.return_value = { - "serviceDeployments": [ - { - "serviceDeploymentArn": "deploy-arn", - "status": "IN_PROGRESS", - "targetServiceRevision": {"arn": "target-rev"}, - } - ] - } - # Service revision missing (eventually consistent) - self.mock_client.describe_service_revisions.return_value = { - "serviceRevisions": [], - "failures": [{"arn": "target-rev", "reason": "MISSING"}], - } - self.mock_client.describe_services.return_value = { - "services": [{"events": [{"message": "Revision missing"}]}] - } - - watcher.exec() - captured = capsys.readouterr() - output_text = captured.out - - # Should handle eventually consistent missing revision gracefully - # Should show waiting state when revision is missing - assert "Trying to describe gateway service" in output_text - assert "Monitoring Complete" in output_text - - @patch('time.sleep') - def test_exec_with_api_failures(self, mock_sleep): - """Test failure parsing: API returns failures""" - watcher = self._create_watcher_with_mocks() - mock_sleep.side_effect = KeyboardInterrupt() - - self.mock_client.describe_express_gateway_service.return_value = { - "service": { - "serviceArn": self.service_arn, - "cluster": "my-cluster", - "activeConfigurations": [{"serviceRevisionArn": "rev-arn"}], - } - } - # API returns failures - self.mock_client.describe_service_revisions.return_value = { - "serviceRevisions": [], - "failures": [{"arn": "rev-arn", "reason": "ServiceNotFound"}], - } - - with pytest.raises(MonitoringError) as exc_info: - watcher.exec() - - # Should raise MonitoringError with failure details - error_message = str(exc_info.value) - assert "DescribeServiceRevisions" in error_message - assert "rev-arn" in error_message - assert "ServiceNotFound" in error_message - - @patch('time.sleep') - def test_exec_with_malformed_api_failures(self, mock_sleep): - """Test failure parsing: malformed failure responses""" - watcher = self._create_watcher_with_mocks() - mock_sleep.side_effect = KeyboardInterrupt() - - self.mock_client.describe_express_gateway_service.return_value = { - "service": { - "serviceArn": self.service_arn, - "cluster": "my-cluster", - "activeConfigurations": [{"serviceRevisionArn": "rev-arn"}], - } - } - # Malformed failures - missing arn or reason - self.mock_client.describe_service_revisions.return_value = { - "serviceRevisions": [], - "failures": [{"reason": "ServiceNotFound"}], # Missing arn - } - - with pytest.raises(MonitoringError) as exc_info: - watcher.exec() - - # Should raise MonitoringError about invalid failure response - error_message = str(exc_info.value) - assert "Invalid failure response" in error_message - assert "missing arn or reason" in error_message - - @patch('time.sleep') - def test_exec_with_missing_response_fields(self, mock_sleep): - """Test response validation: missing required fields""" - watcher = self._create_watcher_with_mocks() - mock_sleep.side_effect = KeyboardInterrupt() - - self.mock_client.describe_express_gateway_service.return_value = { - "service": { - "serviceArn": self.service_arn, - "cluster": "my-cluster", - "activeConfigurations": [{"serviceRevisionArn": "rev-arn"}], - } - } - # Missing serviceRevisions field - self.mock_client.describe_service_revisions.return_value = {} - - with pytest.raises(MonitoringError) as exc_info: - watcher.exec() - - # Should raise MonitoringError about empty response - error_message = str(exc_info.value) - assert "DescribeServiceRevisions" in error_message - assert "empty" in error_message - class TestMonitoringError: """Test MonitoringError exception class""" @@ -748,14 +267,6 @@ def test_monitoring_error_creation(self): class TestColorSupport: """Test color support functionality""" - def setup_method(self): - self.app_session = create_app_session(output=DummyOutput()) - self.app_session.__enter__() - - def teardown_method(self): - if hasattr(self, 'app_session'): - self.app_session.__exit__(None, None, None) - def test_should_use_color_on(self): """Test _should_use_color returns True when color is 'on'""" command = ECSMonitorExpressGatewayService(Mock()) @@ -792,7 +303,7 @@ def test_should_use_color_auto_no_tty(self, mock_isatty): assert command._should_use_color(parsed_globals) is False - def test_watcher_accepts_use_color_parameter(self): + def test_watcher_accepts_use_color_parameter(self, watcher_app_session): """Test ECSExpressGatewayServiceWatcher accepts use_color parameter""" mock_client = Mock() @@ -801,15 +312,30 @@ def test_watcher_accepts_use_color_parameter(self): mock_client, "arn:aws:ecs:us-east-1:123456789012:service/test-service", "ALL", + "INTERACTIVE", use_color=True, ) - assert watcher.use_color is True + assert watcher.collector.use_color is True # Test with use_color=False watcher = ECSExpressGatewayServiceWatcher( mock_client, "arn:aws:ecs:us-east-1:123456789012:service/test-service", "ALL", + "INTERACTIVE", use_color=False, ) - assert watcher.use_color is False + assert watcher.collector.use_color is False + + def test_invalid_display_mode_raises_error(self): + """Test that invalid display mode raises ValueError""" + mock_client = Mock() + + with pytest.raises(ValueError) as exc_info: + ECSExpressGatewayServiceWatcher( + mock_client, + "arn:aws:ecs:us-east-1:123456789012:service/test-service", + "RESOURCE", + "INVALID_MODE", + ) + assert "Invalid display mode: INVALID_MODE" in str(exc_info.value) diff --git a/tests/unit/customizations/ecs/test_monitormutatinggatewayservice.py b/tests/unit/customizations/ecs/test_monitormutatinggatewayservice.py index 37afe0a78324..f65c5617eeb7 100644 --- a/tests/unit/customizations/ecs/test_monitormutatinggatewayservice.py +++ b/tests/unit/customizations/ecs/test_monitormutatinggatewayservice.py @@ -68,25 +68,34 @@ def test_call_with_explicit_value(self): assert namespace.monitor_resources == 'RESOURCE' +@pytest.fixture +def mock_watcher_class(): + """Fixture that provides a mock watcher class.""" + watcher_class = Mock() + watcher_class.is_monitoring_available.return_value = True + return watcher_class + + +@pytest.fixture +def handler(mock_watcher_class): + """Fixture that provides a MonitorMutatingGatewayService handler.""" + return MonitorMutatingGatewayService( + 'create-gateway-service', + 'DEPLOYMENT', + watcher_class=mock_watcher_class, + ) + + class TestMonitorMutatingGatewayService: """Test the event handler for monitoring gateway service mutations.""" - def setup_method(self): - self.mock_watcher_class = Mock() - self.mock_watcher_class.is_monitoring_available.return_value = True - self.handler = MonitorMutatingGatewayService( - 'create-gateway-service', - 'DEPLOYMENT', - watcher_class=self.mock_watcher_class, - ) - - def test_init(self): + def test_init(self, handler): """Test proper initialization of the handler.""" - assert self.handler.api == 'create-gateway-service' - assert self.handler.default_resource_view == 'DEPLOYMENT' - assert self.handler.api_pascal_case == 'CreateGatewayService' - assert self.handler.session is None - assert self.handler.parsed_globals is None + assert handler.api == 'create-gateway-service' + assert handler.default_resource_view == 'DEPLOYMENT' + assert handler.api_pascal_case == 'CreateGatewayService' + assert handler.session is None + assert handler.parsed_globals is None def test_pascal_case_conversion(self): """Test API name conversion to PascalCase.""" @@ -102,82 +111,83 @@ def test_pascal_case_conversion(self): handler = MonitorMutatingGatewayService(api_name, 'RESOURCE') assert handler.api_pascal_case == expected_pascal - def test_before_building_argument_table_parser(self): + def test_before_building_argument_table_parser(self, handler): """Test storing session for later use.""" session = Mock() - self.handler.before_building_argument_table_parser(session) + handler.before_building_argument_table_parser(session) - assert self.handler.session == session + assert handler.session == session - def test_building_argument_table(self): + def test_building_argument_table(self, handler): """Test adding monitoring argument to the command's argument table.""" argument_table = {} session = Mock() - self.handler.building_argument_table(argument_table, session) + handler.building_argument_table(argument_table, session) assert 'monitor-resources' in argument_table assert isinstance( argument_table['monitor-resources'], MonitoringResourcesArgument ) - def test_operation_args_parsed_with_flag(self): + def test_operation_args_parsed_with_flag(self, handler): """Test storing monitoring flag when enabled with default.""" parsed_args = Mock() parsed_args.monitor_resources = '__DEFAULT__' parsed_globals = Mock() - self.handler.operation_args_parsed(parsed_args, parsed_globals) + handler.operation_args_parsed(parsed_args, parsed_globals) - assert self.handler.effective_resource_view == 'DEPLOYMENT' + assert handler.effective_resource_view == 'DEPLOYMENT' - def test_operation_args_parsed_with_explicit_choice(self): + def test_operation_args_parsed_with_explicit_choice(self, handler): """Test storing monitoring flag with explicit choice.""" parsed_args = Mock() parsed_args.monitor_resources = 'RESOURCE' parsed_globals = Mock() - self.handler.operation_args_parsed(parsed_args, parsed_globals) + handler.operation_args_parsed(parsed_args, parsed_globals) - assert self.handler.effective_resource_view == 'RESOURCE' + assert handler.effective_resource_view == 'RESOURCE' - def test_operation_args_parsed_without_flag(self): + def test_operation_args_parsed_without_flag(self, handler): """Test storing monitoring flag when disabled.""" parsed_args = Mock() parsed_args.monitor_resources = None + parsed_args.monitor_mode = None parsed_globals = Mock() - self.handler.operation_args_parsed(parsed_args, parsed_globals) + handler.operation_args_parsed(parsed_args, parsed_globals) - assert self.handler.effective_resource_view is None + assert handler.effective_resource_view is None - def test_operation_args_parsed_missing_attribute(self): + def test_operation_args_parsed_missing_attribute(self, handler): """Test handling missing monitor_resources attribute.""" # Mock without monitor_resources attribute parsed_args = Mock(spec=[]) parsed_globals = Mock() - self.handler.operation_args_parsed(parsed_args, parsed_globals) + handler.operation_args_parsed(parsed_args, parsed_globals) - assert self.handler.effective_resource_view is None + assert handler.effective_resource_view is None - def test_after_call_monitoring_disabled(self): + def test_after_call_monitoring_disabled(self, handler): """Test that monitoring is skipped when flag is disabled.""" - self.handler.effective_resource_view = None + handler.effective_resource_view = None parsed = {} context = Mock() http_response = Mock() http_response.status_code = 200 # Should return early without doing anything - self.handler.after_call(parsed, context, http_response) + handler.after_call(parsed, context, http_response) # No assertions needed - just verify no exceptions - def test_after_call_http_error(self): + def test_after_call_http_error(self, handler): """Test that monitoring is skipped on HTTP errors.""" - self.handler.effective_resource_view = 'DEPLOYMENT' + handler.effective_resource_view = 'DEPLOYMENT' parsed = { 'service': {'serviceArn': 'arn:aws:ecs:us-west-2:123:service/test'} } @@ -186,13 +196,13 @@ def test_after_call_http_error(self): http_response.status_code = 400 # Should return early without doing anything - self.handler.after_call(parsed, context, http_response) + handler.after_call(parsed, context, http_response) # No assertions needed - just verify no exceptions - def test_after_call_missing_service_arn(self): + def test_after_call_missing_service_arn(self, handler): """Test that monitoring is skipped when service ARN is missing.""" - self.handler.effective_resource_view = 'DEPLOYMENT' + handler.effective_resource_view = 'DEPLOYMENT' # Missing serviceArn parsed = {'service': {}} context = Mock() @@ -200,15 +210,15 @@ def test_after_call_missing_service_arn(self): http_response.status_code = 200 # Should return early without doing anything - self.handler.after_call(parsed, context, http_response) + handler.after_call(parsed, context, http_response) # No assertions needed - just verify no exceptions - def test_after_call_missing_session(self, capsys): + def test_after_call_missing_session(self, handler, capsys): """Test handling when session is not available.""" - self.handler.effective_resource_view = 'DEPLOYMENT' - self.handler.session = None - self.handler.parsed_globals = None + handler.effective_resource_view = 'DEPLOYMENT' + handler.session = None + handler.parsed_globals = None parsed = { 'service': {'serviceArn': 'arn:aws:ecs:us-west-2:123:service/test'} @@ -217,7 +227,7 @@ def test_after_call_missing_session(self, capsys): http_response = Mock() http_response.status_code = 200 - self.handler.after_call(parsed, context, http_response) + handler.after_call(parsed, context, http_response) captured = capsys.readouterr() assert ( @@ -238,6 +248,7 @@ def test_after_call_successful_monitoring(self): ) handler.monitor_resources = '__DEFAULT__' handler.effective_resource_view = 'DEPLOYMENT' + handler.effective_mode = 'TEXT-ONLY' mock_session = Mock() mock_parsed_globals = Mock() @@ -277,17 +288,20 @@ def test_after_call_successful_monitoring(self): mock_client, service_arn, 'DEPLOYMENT', + 'TEXT-ONLY', use_color=False, ) mock_watcher.exec.assert_called_once() # Verify parsed response was cleared assert parsed == {} - def test_after_call_monitoring_not_available(self, capsys): - """Test that monitoring is skipped when not available (no TTY).""" + @patch('sys.stdout.isatty', return_value=False) + def test_after_call_interactive_mode_without_tty( + self, mock_isatty, capsys + ): + """Test that interactive mode is skipped when TTY is not available.""" # Setup handler state mock_watcher_class = Mock() - mock_watcher_class.is_monitoring_available.return_value = False handler = MonitorMutatingGatewayService( 'create-gateway-service', @@ -295,6 +309,7 @@ def test_after_call_monitoring_not_available(self, capsys): watcher_class=mock_watcher_class, ) handler.effective_resource_view = 'DEPLOYMENT' + handler.effective_mode = 'INTERACTIVE' mock_session = Mock() mock_parsed_globals = Mock() @@ -314,7 +329,6 @@ def test_after_call_monitoring_not_available(self, capsys): # Setup call parameters service_arn = 'arn:aws:ecs:us-west-2:123456789012:service/test-service' parsed = {'service': {'serviceArn': service_arn}} - original_parsed = dict(parsed) context = Mock() http_response = Mock() http_response.status_code = 200 @@ -322,17 +336,19 @@ def test_after_call_monitoring_not_available(self, capsys): # Execute handler.after_call(parsed, context, http_response) - # Verify parsed response was not cleared - assert parsed == original_parsed - - # Verify warning message was printed + # Verify error message was printed captured = capsys.readouterr() assert ( - "Monitoring is not available (requires TTY). Skipping monitoring.\n" + "aws: [ERROR]: Interactive mode requires a TTY (terminal)." in captured.err ) + assert "Use --monitor-mode TEXT-ONLY" in captured.err - def test_after_call_exception_handling(self, capsys): + # Verify watcher was not called + mock_watcher_class.assert_not_called() + + @patch('sys.stdout.isatty', return_value=True) + def test_after_call_exception_handling(self, mock_isatty, capsys): """Test exception handling in after_call method.""" # Setup handler state mock_watcher_class = Mock() @@ -346,6 +362,7 @@ def test_after_call_exception_handling(self, capsys): watcher_class=mock_watcher_class, ) handler.effective_resource_view = 'DEPLOYMENT' + handler.effective_mode = 'INTERACTIVE' mock_session = Mock() mock_parsed_globals = Mock() @@ -369,16 +386,13 @@ def test_after_call_exception_handling(self, capsys): http_response = Mock() http_response.status_code = 200 - # Execute - should not raise exception - handler.after_call(parsed, context, http_response) - - captured = capsys.readouterr() - assert "Encountered an error, terminating monitoring" in captured.err - assert "Test exception" in captured.err + # Execute - exception should propagate + with pytest.raises(Exception, match="Test exception"): + handler.after_call(parsed, context, http_response) - def test_events(self): + def test_events(self, handler): """Test that correct events are returned for CLI integration.""" - events = self.handler.events() + events = handler.events() expected_events = [ "before-building-argument-table-parser.ecs.create-gateway-service", diff --git a/tests/unit/customizations/ecs/test_prompt_toolkit_display.py b/tests/unit/customizations/ecs/test_prompt_toolkit_display.py index 85517dafebb7..3c47a5cd86eb 100644 --- a/tests/unit/customizations/ecs/test_prompt_toolkit_display.py +++ b/tests/unit/customizations/ecs/test_prompt_toolkit_display.py @@ -13,7 +13,7 @@ class TestPromptToolkitDisplay: @pytest.fixture def display(self): with create_app_session(output=DummyOutput()): - return Display() + yield Display() def test_init(self, display): """Test Display initialization.""" diff --git a/tests/unit/customizations/ecs/test_serviceviewcollector.py b/tests/unit/customizations/ecs/test_serviceviewcollector.py new file mode 100644 index 000000000000..ebab9fefab83 --- /dev/null +++ b/tests/unit/customizations/ecs/test_serviceviewcollector.py @@ -0,0 +1,772 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). You +# may not use this file except in compliance with the License. A copy of +# the License is located at +# +# http://aws.amazon.com/apache2.0/ + +from unittest.mock import Mock + +import pytest +from botocore.exceptions import ClientError + +from awscli.customizations.ecs.exceptions import MonitoringError +from awscli.customizations.ecs.serviceviewcollector import ( + ServiceViewCollector, +) + + +class TestServiceViewCollector: + """Test ServiceViewCollector business logic""" + + def setup_method(self): + self.mock_client = Mock() + self.service_arn = ( + "arn:aws:ecs:us-west-2:123456789012:service/my-cluster/my-service" + ) + + def test_get_current_view_resource_mode(self): + """Test get_current_view in RESOURCE mode parses resources""" + collector = ServiceViewCollector( + self.mock_client, self.service_arn, "RESOURCE" + ) + + self.mock_client.describe_express_gateway_service.return_value = { + "service": { + "serviceArn": self.service_arn, + "cluster": "my-cluster", + "activeConfigurations": [{"serviceRevisionArn": "rev-arn"}], + } + } + self.mock_client.describe_service_revisions.return_value = { + "serviceRevisions": [ + { + "arn": "rev-arn", + "ecsManagedResources": { + "ingressPaths": [ + { + "endpoint": "https://api.example.com", + "loadBalancer": { + "arn": "arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/my-lb/1234567890abcdef", + "status": "ACTIVE", + }, + } + ], + }, + } + ] + } + self.mock_client.describe_services.return_value = { + "services": [{"events": [{"message": "Running"}]}] + } + + output = collector.get_current_view("⠋") + + assert "Cluster" in output + assert "Service" in output + assert "IngressPath" in output + assert "LoadBalancer" in output + assert "https://api.example.com" in output + assert "ACTIVE" in output + + def test_get_current_view_handles_inactive_service(self): + """Test get_current_view handles inactive service gracefully""" + collector = ServiceViewCollector( + self.mock_client, self.service_arn, "RESOURCE" + ) + + self.mock_client.describe_express_gateway_service.side_effect = ClientError( + error_response={ + 'Error': { + 'Code': 'InvalidParameterException', + 'Message': 'Cannot call DescribeServiceRevisions for a service that is INACTIVE', + } + }, + operation_name='DescribeExpressGatewayService', + ) + self.mock_client.describe_services.return_value = { + "services": [{"events": [{"message": "Service is inactive"}]}] + } + + output = collector.get_current_view("⠋") + + assert "inactive" in output.lower() + + def test_get_current_view_with_api_failures(self): + """Test get_current_view raises MonitoringError on API failures""" + collector = ServiceViewCollector( + self.mock_client, self.service_arn, "RESOURCE" + ) + + self.mock_client.describe_express_gateway_service.return_value = { + "service": { + "serviceArn": self.service_arn, + "cluster": "my-cluster", + "activeConfigurations": [{"serviceRevisionArn": "rev-arn"}], + } + } + self.mock_client.describe_service_revisions.return_value = { + "serviceRevisions": [], + "failures": [{"arn": "rev-arn", "reason": "ServiceNotFound"}], + } + + with pytest.raises(MonitoringError) as exc_info: + collector.get_current_view("⠋") + + error_message = str(exc_info.value) + assert "DescribeServiceRevisions" in error_message + assert "rev-arn" in error_message + assert "ServiceNotFound" in error_message + + def test_get_current_view_caches_results(self): + """Test get_current_view caches results within refresh interval""" + collector = ServiceViewCollector( + self.mock_client, self.service_arn, "RESOURCE" + ) + + self.mock_client.describe_express_gateway_service.return_value = { + "service": { + "serviceArn": self.service_arn, + "cluster": "my-cluster", + "activeConfigurations": [{"serviceRevisionArn": "rev-arn"}], + } + } + self.mock_client.describe_service_revisions.return_value = { + "serviceRevisions": [{"arn": "rev-arn", "ecsManagedResources": {}}] + } + self.mock_client.describe_services.return_value = { + "services": [{"events": [{"message": "Running"}]}] + } + + # First call + collector.get_current_view("⠋") + call_count_first = ( + self.mock_client.describe_express_gateway_service.call_count + ) + + # Second call within refresh interval (default 5000ms) + collector.get_current_view("⠙") + # Should use cached result, not call API again + call_count_second = ( + self.mock_client.describe_express_gateway_service.call_count + ) + assert call_count_first == call_count_second # Cached, no new API call + + def test_combined_view_multiple_revisions(self): + """Test RESOURCE mode combines multiple service revisions correctly""" + collector = ServiceViewCollector( + self.mock_client, self.service_arn, "RESOURCE" + ) + + # Multiple active configurations (combined view) + self.mock_client.describe_express_gateway_service.return_value = { + "service": { + "serviceArn": self.service_arn, + "cluster": "my-cluster", + "activeConfigurations": [ + {"serviceRevisionArn": "rev-1"}, + {"serviceRevisionArn": "rev-2"}, + ], + } + } + + # Mock multiple revisions with different resources + self.mock_client.describe_service_revisions.return_value = { + "serviceRevisions": [ + { + "arn": "rev-1", + "ecsManagedResources": { + "ingressPaths": [ + { + "endpoint": "https://api.example.com", + "loadBalancer": { + "arn": "arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/api-lb/1234", + "status": "ACTIVE", + }, + } + ], + "serviceSecurityGroups": [ + { + "arn": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-api123", + "status": "ACTIVE", + } + ], + }, + }, + { + "arn": "rev-2", + "ecsManagedResources": { + "ingressPaths": [ + { + "endpoint": "https://web.example.com", + "loadBalancer": { + "arn": "arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/web-lb/5678", + "status": "CREATING", + }, + } + ], + "logGroups": [ + { + "arn": "arn:aws:logs:us-west-2:123456789012:log-group:/aws/ecs/web-logs", + "status": "ACTIVE", + } + ], + }, + }, + ] + } + + self.mock_client.describe_services.return_value = { + "services": [ + {"events": [{"message": "Multiple revisions active"}]} + ] + } + + output = collector.get_current_view("⠋") + + # Verify combined view shows resources from both revisions + assert "IngressPath" in output + assert "LoadBalancer" in output + assert "SecurityGroup" in output # From rev-1 + assert "LogGroup" in output # From rev-2 + assert "https://api.example.com" in output # From rev-1 + assert "https://web.example.com" in output # From rev-2 + assert "api-lb" in output # From rev-1 + assert "web-lb" in output # From rev-2 + assert "sg-api123" in output # From rev-1 + assert "/aws/ecs/web-logs" in output # From rev-2 + assert "ACTIVE" in output # From both revisions + assert "CREATING" in output # From rev-2 + + def test_get_current_view_with_empty_resources(self): + """Test parsing edge case: empty/null resources""" + collector = ServiceViewCollector( + self.mock_client, self.service_arn, "RESOURCE" + ) + + self.mock_client.describe_express_gateway_service.return_value = { + "service": { + "serviceArn": self.service_arn, + "cluster": "my-cluster", + "activeConfigurations": [{"serviceRevisionArn": "rev-arn"}], + } + } + # Empty ecsManagedResources + self.mock_client.describe_service_revisions.return_value = { + "serviceRevisions": [{"arn": "rev-arn", "ecsManagedResources": {}}] + } + self.mock_client.describe_services.return_value = { + "services": [{"events": [{"message": "No resources"}]}] + } + + output = collector.get_current_view("⠋") + + # Should handle empty resources gracefully but still show basic structure + assert "Cluster" in output + assert "Service" in output + # Should NOT contain resource types since ecsManagedResources is empty + assert "IngressPath" not in output + assert "LoadBalancer" not in output + + def test_get_current_view_with_autoscaling_resources(self): + """Test autoscaling resource parsing with scalableTarget and policies""" + collector = ServiceViewCollector( + self.mock_client, self.service_arn, "RESOURCE" + ) + + self.mock_client.describe_express_gateway_service.return_value = { + "service": { + "serviceArn": self.service_arn, + "cluster": "my-cluster", + "activeConfigurations": [{"serviceRevisionArn": "rev-arn"}], + } + } + self.mock_client.describe_service_revisions.return_value = { + "serviceRevisions": [ + { + "arn": "rev-arn", + "ecsManagedResources": { + "autoScaling": { + "scalableTarget": { + "arn": "arn:aws:application-autoscaling:us-west-2:123456789012:scalable-target/1234567890abcdef", + "status": "ACTIVE", + }, + "applicationAutoScalingPolicies": [ + { + "arn": "arn:aws:application-autoscaling:us-west-2:123456789012:scaling-policy/cpu-policy", + "status": "ACTIVE", + }, + { + "arn": "arn:aws:application-autoscaling:us-west-2:123456789012:scaling-policy/memory-policy", + "status": "ACTIVE", + }, + ], + } + }, + } + ] + } + self.mock_client.describe_services.return_value = { + "services": [{"events": [{"message": "Autoscaling active"}]}] + } + + output = collector.get_current_view("⠋") + + assert "AutoScaling" in output + assert "ScalableTarget" in output + assert "AutoScalingPolicy" in output + assert "1234567890abcdef" in output + assert "cpu-policy" in output + assert "memory-policy" in output + + def test_get_current_view_with_malformed_resource_data(self): + """Test parsing edge case: malformed resource data""" + collector = ServiceViewCollector( + self.mock_client, self.service_arn, "RESOURCE" + ) + + self.mock_client.describe_express_gateway_service.return_value = { + "service": { + "serviceArn": self.service_arn, + "cluster": "my-cluster", + "activeConfigurations": [{"serviceRevisionArn": "rev-arn"}], + } + } + # Malformed resources - missing required fields + self.mock_client.describe_service_revisions.return_value = { + "serviceRevisions": [ + { + "arn": "rev-arn", + "ecsManagedResources": { + "ingressPaths": [ + {"endpoint": "https://example.com"} + ], # Missing loadBalancer + "serviceSecurityGroups": [ + {"status": "ACTIVE"} + ], # Missing arn + }, + } + ] + } + self.mock_client.describe_services.return_value = { + "services": [{"events": [{"message": "Malformed data"}]}] + } + + output = collector.get_current_view("⠋") + + # Should handle malformed data gracefully and show what it can parse + assert "IngressPath" in output + assert "https://example.com" in output + # Should show SecurityGroup type even with missing arn + assert "SecurityGroup" in output + # Should NOT show LoadBalancer since it's missing from IngressPath + assert "LoadBalancer" not in output + + def test_eventually_consistent_missing_deployment(self): + """Test eventually consistent behavior: deployment missing after list""" + collector = ServiceViewCollector( + self.mock_client, self.service_arn, "DEPLOYMENT" + ) + + self.mock_client.describe_express_gateway_service.return_value = { + "service": { + "serviceArn": self.service_arn, + "cluster": "my-cluster", + "activeConfigurations": [], + } + } + # List shows deployment exists + self.mock_client.list_service_deployments.return_value = { + "serviceDeployments": [{"serviceDeploymentArn": "deploy-arn"}] + } + # But describe fails (eventually consistent) + self.mock_client.describe_service_deployments.return_value = { + "serviceDeployments": [], + "failures": [{"arn": "deploy-arn", "reason": "MISSING"}], + } + self.mock_client.describe_services.return_value = { + "services": [{"events": [{"message": "Eventually consistent"}]}] + } + + output = collector.get_current_view("⠋") + + # Should handle eventually consistent missing deployment gracefully + assert "Waiting for a deployment to start" in output + + def test_eventually_consistent_missing_revision(self): + """Test eventually consistent behavior: service revision missing""" + collector = ServiceViewCollector( + self.mock_client, self.service_arn, "DEPLOYMENT" + ) + + self.mock_client.describe_express_gateway_service.return_value = { + "service": { + "serviceArn": self.service_arn, + "cluster": "my-cluster", + "activeConfigurations": [], + } + } + self.mock_client.list_service_deployments.return_value = { + "serviceDeployments": [{"serviceDeploymentArn": "deploy-arn"}] + } + self.mock_client.describe_service_deployments.return_value = { + "serviceDeployments": [ + { + "serviceDeploymentArn": "deploy-arn", + "status": "IN_PROGRESS", + "targetServiceRevision": {"arn": "target-rev"}, + } + ] + } + # Service revision missing (eventually consistent) + self.mock_client.describe_service_revisions.return_value = { + "serviceRevisions": [], + "failures": [{"arn": "target-rev", "reason": "MISSING"}], + } + self.mock_client.describe_services.return_value = { + "services": [{"events": [{"message": "Revision missing"}]}] + } + + output = collector.get_current_view("⠋") + + # Should handle eventually consistent missing revision gracefully + assert "Trying to describe service revisions" in output + + def test_eventually_consistent_mixed_failures(self): + """Test eventually consistent behavior: filters MISSING but raises for other failures""" + collector = ServiceViewCollector( + self.mock_client, self.service_arn, "DEPLOYMENT" + ) + self.mock_client.describe_express_gateway_service.return_value = { + "service": { + "serviceArn": self.service_arn, + "cluster": "my-cluster", + "activeConfigurations": [], + } + } + self.mock_client.list_service_deployments.return_value = { + "serviceDeployments": [{"serviceDeploymentArn": "deploy-arn"}] + } + self.mock_client.describe_service_deployments.return_value = { + "serviceDeployments": [ + { + "serviceDeploymentArn": "deploy-arn", + "status": "IN_PROGRESS", + "targetServiceRevision": {"arn": "target-rev"}, + } + ] + } + # Mixed failures: MISSING (should be filtered) and ServiceNotFound (should raise) + self.mock_client.describe_service_revisions.return_value = { + "serviceRevisions": [], + "failures": [ + {"arn": "target-rev", "reason": "MISSING"}, + {"arn": "other-rev", "reason": "ServiceNotFound"}, + ], + } + + # Should raise error for non-MISSING failure + with pytest.raises(MonitoringError) as exc_info: + collector.get_current_view("⠋") + + error_message = str(exc_info.value) + # Should include non-MISSING failure + assert "other-rev" in error_message + assert "ServiceNotFound" in error_message + # Should NOT include MISSING failure + assert "target-rev" not in error_message + + def test_with_malformed_api_failures(self): + """Test failure parsing: malformed failure responses""" + collector = ServiceViewCollector( + self.mock_client, self.service_arn, "RESOURCE" + ) + + self.mock_client.describe_express_gateway_service.return_value = { + "service": { + "serviceArn": self.service_arn, + "cluster": "my-cluster", + "activeConfigurations": [{"serviceRevisionArn": "rev-arn"}], + } + } + # Malformed failures - missing arn or reason + self.mock_client.describe_service_revisions.return_value = { + "serviceRevisions": [], + "failures": [{"reason": "ServiceNotFound"}], # Missing arn + } + + with pytest.raises(MonitoringError) as exc_info: + collector.get_current_view("⠋") + + # Should raise MonitoringError about invalid failure response + error_message = str(exc_info.value) + assert "Invalid failure response" in error_message + assert "missing arn or reason" in error_message + + def test_with_missing_response_fields(self): + """Test response validation: missing required fields""" + collector = ServiceViewCollector( + self.mock_client, self.service_arn, "RESOURCE" + ) + + self.mock_client.describe_express_gateway_service.return_value = { + "service": { + "serviceArn": self.service_arn, + "cluster": "my-cluster", + "activeConfigurations": [{"serviceRevisionArn": "rev-arn"}], + } + } + # Missing serviceRevisions field + self.mock_client.describe_service_revisions.return_value = {} + + with pytest.raises(MonitoringError) as exc_info: + collector.get_current_view("⠋") + + # Should raise MonitoringError about missing field + error_message = str(exc_info.value) + assert "DescribeServiceRevisions" in error_message + assert ( + "response is" in error_message + ) # "response is missing" or "response is empty" + + def test_deployment_mode_diff_view(self): + """Test DEPLOYMENT mode shows diff of target vs source revisions""" + collector = ServiceViewCollector( + self.mock_client, self.service_arn, "DEPLOYMENT" + ) + + self.mock_client.describe_express_gateway_service.return_value = { + "service": { + "serviceArn": self.service_arn, + "cluster": "my-cluster", + "activeConfigurations": [], + } + } + self.mock_client.list_service_deployments.return_value = { + "serviceDeployments": [{"serviceDeploymentArn": "deploy-arn"}] + } + self.mock_client.describe_service_deployments.return_value = { + "serviceDeployments": [ + { + "serviceDeploymentArn": "deploy-arn", + "status": "IN_PROGRESS", + "targetServiceRevision": {"arn": "target-rev"}, + "sourceServiceRevisions": [{"arn": "source-rev"}], + } + ] + } + self.mock_client.describe_service_revisions.return_value = { + "serviceRevisions": [ + { + "arn": "target-rev", + "taskDefinition": "task-def-arn", + "ecsManagedResources": { + "ingressPaths": [ + { + "endpoint": "https://new-api.example.com", + "loadBalancer": { + "arn": "arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/new-lb/1234", + "status": "CREATING", + }, + } + ], + }, + }, + { + "arn": "source-rev", + "ecsManagedResources": { + "ingressPaths": [ + { + "endpoint": "https://old-api.example.com", + "loadBalancer": { + "arn": "arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/old-lb/5678", + "status": "ACTIVE", + }, + } + ], + }, + }, + ] + } + self.mock_client.describe_services.return_value = { + "services": [{"events": [{"message": "Deployment in progress"}]}] + } + + output = collector.get_current_view("⠋") + + # Should show deployment diff + # Initially will show "Trying to describe service revisions" due to mismatch + # But implementation still shows Cluster/Service + assert "Trying to describe service revisions" in output + + def test_waiting_for_deployment_to_start(self): + """Test DEPLOYMENT mode when no deployment exists yet""" + collector = ServiceViewCollector( + self.mock_client, self.service_arn, "DEPLOYMENT" + ) + + self.mock_client.describe_express_gateway_service.return_value = { + "service": { + "serviceArn": self.service_arn, + "cluster": "my-cluster", + "activeConfigurations": [], + } + } + # No deployments + self.mock_client.list_service_deployments.return_value = { + "serviceDeployments": [] + } + self.mock_client.describe_services.return_value = { + "services": [{"events": [{"message": "No deployment"}]}] + } + + output = collector.get_current_view("⠋") + + assert "Waiting for a deployment to start" in output + + def test_deployment_missing_target_revision(self): + """Test DEPLOYMENT mode when deployment is missing target revision""" + collector = ServiceViewCollector( + self.mock_client, self.service_arn, "DEPLOYMENT" + ) + + self.mock_client.describe_express_gateway_service.return_value = { + "service": { + "serviceArn": self.service_arn, + "cluster": "my-cluster", + "activeConfigurations": [], + } + } + self.mock_client.list_service_deployments.return_value = { + "serviceDeployments": [{"serviceDeploymentArn": "deploy-arn"}] + } + self.mock_client.describe_service_deployments.return_value = { + "serviceDeployments": [ + { + "serviceDeploymentArn": "deploy-arn", + "status": "IN_PROGRESS", + # Missing targetServiceRevision + } + ] + } + self.mock_client.describe_services.return_value = { + "services": [{"events": [{"message": "Deployment starting"}]}] + } + + output = collector.get_current_view("⠋") + + assert "Waiting for a deployment to start" in output + + def test_missing_service_in_response(self): + """Test handling when service field is missing""" + collector = ServiceViewCollector( + self.mock_client, self.service_arn, "RESOURCE" + ) + + self.mock_client.describe_express_gateway_service.return_value = {} + + output = collector.get_current_view("⠋") + + assert "Trying to describe gateway service" in output + + def test_service_missing_required_fields(self): + """Test handling when service is missing required fields""" + collector = ServiceViewCollector( + self.mock_client, self.service_arn, "RESOURCE" + ) + + # Missing activeConfigurations + self.mock_client.describe_express_gateway_service.return_value = { + "service": {"serviceArn": self.service_arn} + } + + output = collector.get_current_view("⠋") + + assert "Trying to describe gateway service" in output + + def test_parse_all_resource_types(self): + """Test parsing all supported resource types""" + collector = ServiceViewCollector( + self.mock_client, self.service_arn, "RESOURCE" + ) + + self.mock_client.describe_express_gateway_service.return_value = { + "service": { + "serviceArn": self.service_arn, + "cluster": "my-cluster", + "activeConfigurations": [{"serviceRevisionArn": "rev-arn"}], + } + } + self.mock_client.describe_service_revisions.return_value = { + "serviceRevisions": [ + { + "arn": "rev-arn", + "ecsManagedResources": { + "ingressPaths": [ + { + "endpoint": "https://api.example.com", + "loadBalancer": { + "arn": "lb-arn", + "status": "ACTIVE", + }, + "loadBalancerSecurityGroups": [ + {"arn": "lb-sg-arn", "status": "ACTIVE"} + ], + "certificate": { + "arn": "cert-arn", + "status": "ACTIVE", + }, + "listener": { + "arn": "listener-arn", + "status": "ACTIVE", + }, + "rule": { + "arn": "rule-arn", + "status": "ACTIVE", + }, + "targetGroups": [ + {"arn": "tg-arn", "status": "ACTIVE"} + ], + } + ], + "autoScaling": { + "scalableTarget": { + "arn": "st-arn", + "status": "ACTIVE", + }, + "applicationAutoScalingPolicies": [ + {"arn": "policy-arn", "status": "ACTIVE"} + ], + }, + "metricAlarms": [ + {"arn": "alarm-arn", "status": "ACTIVE"} + ], + "serviceSecurityGroups": [ + {"arn": "sg-arn", "status": "ACTIVE"} + ], + "logGroups": [{"arn": "log-arn", "status": "ACTIVE"}], + }, + } + ] + } + self.mock_client.describe_services.return_value = { + "services": [{"events": [{"message": "All resources"}]}] + } + + output = collector.get_current_view("⠋") + + # Verify all resource types are parsed + assert "IngressPath" in output + assert "LoadBalancer" in output + assert "LoadBalancerSecurityGroup" in output + assert "Certificate" in output + assert "Listener" in output + assert "Rule" in output + assert "TargetGroup" in output + assert "AutoScalingConfiguration" in output + assert "ScalableTarget" in output + assert "ApplicationAutoScalingPolicy" in output + assert "MetricAlarms" in output + assert "ServiceSecurityGroups" in output + assert "LogGroups" in output From 0c7a1d0f826678dc8871a6e8b8733e9620092a22 Mon Sep 17 00:00:00 2001 From: aws-sdk-python-automation Date: Mon, 22 Dec 2025 19:08:14 +0000 Subject: [PATCH 36/37] Update to latest models --- .../next-release/api-change-config-24214.json | 5 + .../next-release/api-change-ec2-39383.json | 5 + .../api-change-guardduty-74995.json | 5 + .../next-release/api-change-pcs-86455.json | 5 + .../data/config/2014-11-12/service-2.json | 95 ++++++++++++++++++- .../data/ec2/2016-11-15/service-2.json | 9 ++ .../data/guardduty/2017-11-28/service-2.json | 5 +- .../data/pcs/2023-02-10/service-2.json | 18 ++-- 8 files changed, 135 insertions(+), 12 deletions(-) create mode 100644 .changes/next-release/api-change-config-24214.json create mode 100644 .changes/next-release/api-change-ec2-39383.json create mode 100644 .changes/next-release/api-change-guardduty-74995.json create mode 100644 .changes/next-release/api-change-pcs-86455.json diff --git a/.changes/next-release/api-change-config-24214.json b/.changes/next-release/api-change-config-24214.json new file mode 100644 index 000000000000..333e4ce2245d --- /dev/null +++ b/.changes/next-release/api-change-config-24214.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``config``", + "description": "Added supported resourceTypes for Config from July to November 2025" +} diff --git a/.changes/next-release/api-change-ec2-39383.json b/.changes/next-release/api-change-ec2-39383.json new file mode 100644 index 000000000000..b82cfd0dfb89 --- /dev/null +++ b/.changes/next-release/api-change-ec2-39383.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``ec2``", + "description": "Adds support for linkedGroupId on the CreatePlacementGroup and DescribePlacementGroups APIs. The linkedGroupId parameter is reserved for future use." +} diff --git a/.changes/next-release/api-change-guardduty-74995.json b/.changes/next-release/api-change-guardduty-74995.json new file mode 100644 index 000000000000..c99cc8f8c89a --- /dev/null +++ b/.changes/next-release/api-change-guardduty-74995.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``guardduty``", + "description": "Make accountIds a required field in GetRemainingFreeTrialDays API to reflect service behavior." +} diff --git a/.changes/next-release/api-change-pcs-86455.json b/.changes/next-release/api-change-pcs-86455.json new file mode 100644 index 000000000000..87c2be0e6139 --- /dev/null +++ b/.changes/next-release/api-change-pcs-86455.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``pcs``", + "description": "Change API Reference Documentation for default Mode in Accounting and SlurmRest" +} diff --git a/awscli/botocore/data/config/2014-11-12/service-2.json b/awscli/botocore/data/config/2014-11-12/service-2.json index 14fcde570b11..faec2eb8c6e2 100644 --- a/awscli/botocore/data/config/2014-11-12/service-2.json +++ b/awscli/botocore/data/config/2014-11-12/service-2.json @@ -2612,7 +2612,7 @@ }, "roleARN":{ "shape":"String", - "documentation":"

The Amazon Resource Name (ARN) of the IAM role assumed by Config and used by the specified configuration recorder.

The server will reject a request without a defined roleARN for the configuration recorder

While the API model does not require this field, the server will reject a request without a defined roleARN for the configuration recorder.

Policies and compliance results

IAM policies and other policies managed in Organizations can impact whether Config has permissions to record configuration changes for your resources. Additionally, rules directly evaluate the configuration of a resource and rules don't take into account these policies when running evaluations. Make sure that the policies in effect align with how you intend to use Config.

Keep Minimum Permisions When Reusing an IAM role

If you use an Amazon Web Services service that uses Config, such as Security Hub or Control Tower, and an IAM role has already been created, make sure that the IAM role that you use when setting up Config keeps the same minimum permissions as the pre-existing IAM role. You must do this to ensure that the other Amazon Web Services service continues to run as expected.

For example, if Control Tower has an IAM role that allows Config to read S3 objects, make sure that the same permissions are granted to the IAM role you use when setting up Config. Otherwise, it may interfere with how Control Tower operates.

The service-linked IAM role for Config must be used for service-linked configuration recorders

For service-linked configuration recorders, you must use the service-linked IAM role for Config: AWSServiceRoleForConfig.

" + "documentation":"

The Amazon Resource Name (ARN) of the IAM role assumed by Config and used by the specified configuration recorder.

The server will reject a request without a defined roleARN for the configuration recorder

While the API model does not require this field, the server will reject a request without a defined roleARN for the configuration recorder.

Policies and compliance results

IAM policies and other policies managed in Organizations can impact whether Config has permissions to record configuration changes for your resources. Additionally, rules directly evaluate the configuration of a resource and rules don't take into account these policies when running evaluations. Make sure that the policies in effect align with how you intend to use Config.

Keep Minimum Permisions When Reusing an IAM role

If you use an Amazon Web Services service that uses Config, such as Security Hub CSPM or Control Tower, and an IAM role has already been created, make sure that the IAM role that you use when setting up Config keeps the same minimum permissions as the pre-existing IAM role. You must do this to ensure that the other Amazon Web Services service continues to run as expected.

For example, if Control Tower has an IAM role that allows Config to read S3 objects, make sure that the same permissions are granted to the IAM role you use when setting up Config. Otherwise, it may interfere with how Control Tower operates.

The service-linked IAM role for Config must be used for service-linked configuration recorders

For service-linked configuration recorders, you must use the service-linked IAM role for Config: AWSServiceRoleForConfig.

" }, "recordingGroup":{ "shape":"RecordingGroup", @@ -8022,7 +8022,98 @@ "AWS::S3Express::DirectoryBucket", "AWS::SageMaker::InferenceExperiment", "AWS::SecurityHub::Standard", - "AWS::Transfer::Profile" + "AWS::Transfer::Profile", + "AWS::CloudFormation::StackSet", + "AWS::MediaPackageV2::Channel", + "AWS::S3::AccessGrantsLocation", + "AWS::S3::AccessGrant", + "AWS::S3::AccessGrantsInstance", + "AWS::EMRServerless::Application", + "AWS::Config::AggregationAuthorization", + "AWS::Bedrock::ApplicationInferenceProfile", + "AWS::ApiGatewayV2::Integration", + "AWS::SageMaker::MlflowTrackingServer", + "AWS::SageMaker::ModelBiasJobDefinition", + "AWS::SecretsManager::RotationSchedule", + "AWS::Deadline::QueueFleetAssociation", + "AWS::ECR::RepositoryCreationTemplate", + "AWS::CloudFormation::LambdaHook", + "AWS::EC2::SubnetNetworkAclAssociation", + "AWS::ApiGateway::UsagePlan", + "AWS::AppConfig::Extension", + "AWS::Deadline::Fleet", + "AWS::EMR::Studio", + "AWS::S3Tables::TableBucket", + "AWS::CloudFront::RealtimeLogConfig", + "AWS::BackupGateway::Hypervisor", + "AWS::BCMDataExports::Export", + "AWS::CloudFormation::GuardHook", + "AWS::CloudFront::PublicKey", + "AWS::CloudTrail::EventDataStore", + "AWS::EntityResolution::IdMappingWorkflow", + "AWS::EntityResolution::SchemaMapping", + "AWS::IoT::DomainConfiguration", + "AWS::PCAConnectorAD::DirectoryRegistration", + "AWS::RDS::Integration", + "AWS::Config::ConformancePack", + "AWS::RolesAnywhere::Profile", + "AWS::CodeArtifact::Domain", + "AWS::Backup::RestoreTestingPlan", + "AWS::Config::StoredQuery", + "AWS::SageMaker::DataQualityJobDefinition", + "AWS::SageMaker::ModelExplainabilityJobDefinition", + "AWS::SageMaker::ModelQualityJobDefinition", + "AWS::SageMaker::StudioLifecycleConfig", + "AWS::SES::DedicatedIpPool", + "AWS::SES::MailManagerTrafficPolicy", + "AWS::SSM::ResourceDataSync", + "AWS::BedrockAgentCore::Runtime", + "AWS::BedrockAgentCore::BrowserCustom", + "AWS::ElasticLoadBalancingV2::TargetGroup", + "AWS::EMRContainers::VirtualCluster", + "AWS::EntityResolution::MatchingWorkflow", + "AWS::IoTCoreDeviceAdvisor::SuiteDefinition", + "AWS::EC2::SecurityGroupVpcAssociation", + "AWS::EC2::VerifiedAccessInstance", + "AWS::KafkaConnect::CustomPlugin", + "AWS::NetworkManager::TransitGatewayPeering", + "AWS::OpenSearchServerless::SecurityConfig", + "AWS::Redshift::Integration", + "AWS::RolesAnywhere::TrustAnchor", + "AWS::Route53Profiles::ProfileAssociation", + "AWS::SSMIncidents::ResponsePlan", + "AWS::Transfer::Server", + "AWS::Glue::Database", + "AWS::Organizations::OrganizationalUnit", + "AWS::EC2::IPAMPoolCidr", + "AWS::EC2::VPCGatewayAttachment", + "AWS::Bedrock::Prompt", + "AWS::Comprehend::Flywheel", + "AWS::DataSync::Agent", + "AWS::MediaTailor::LiveSource", + "AWS::MSK::ServerlessCluster", + "AWS::IoTSiteWise::Asset", + "AWS::B2BI::Capability", + "AWS::CloudFront::KeyValueStore", + "AWS::Deadline::Monitor", + "AWS::GuardDuty::MalwareProtectionPlan", + "AWS::Location::APIKey", + "AWS::MediaPackageV2::OriginEndpoint", + "AWS::PCAConnectorAD::Connector", + "AWS::S3Tables::TableBucketPolicy", + "AWS::SecretsManager::ResourcePolicy", + "AWS::SSMContacts::Contact", + "AWS::IoT::ThingGroup", + "AWS::ImageBuilder::LifecyclePolicy", + "AWS::GameLift::Build", + "AWS::ECR::ReplicationConfiguration", + "AWS::EC2::SubnetCidrBlock", + "AWS::Connect::SecurityProfile", + "AWS::CleanRoomsML::TrainingDataset", + "AWS::AppStream::AppBlockBuilder", + "AWS::Route53::DNSSEC", + "AWS::SageMaker::UserProfile", + "AWS::ApiGateway::Method" ] }, "ResourceTypeList":{ diff --git a/awscli/botocore/data/ec2/2016-11-15/service-2.json b/awscli/botocore/data/ec2/2016-11-15/service-2.json index 463c27ea7cc4..59f2dee5fd72 100644 --- a/awscli/botocore/data/ec2/2016-11-15/service-2.json +++ b/awscli/botocore/data/ec2/2016-11-15/service-2.json @@ -17542,6 +17542,10 @@ "shape":"SpreadLevel", "documentation":"

Determines how placement groups spread instances.

  • Host – You can use host only with Outpost placement groups.

  • Rack – No usage restrictions.

" }, + "LinkedGroupId":{ + "shape":"PlacementGroupId", + "documentation":"

Reserved for future use.

" + }, "DryRun":{ "shape":"Boolean", "documentation":"

Checks whether you have the required permissions for the operation, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", @@ -58338,6 +58342,11 @@ "shape":"SpreadLevel", "documentation":"

The spread level for the placement group. Only Outpost placement groups can be spread across hosts.

", "locationName":"spreadLevel" + }, + "LinkedGroupId":{ + "shape":"PlacementGroupId", + "documentation":"

Reserved for future use.

", + "locationName":"linkedGroupId" } }, "documentation":"

Describes a placement group.

" diff --git a/awscli/botocore/data/guardduty/2017-11-28/service-2.json b/awscli/botocore/data/guardduty/2017-11-28/service-2.json index fcd1daa79bfc..fe31e8f22d3e 100644 --- a/awscli/botocore/data/guardduty/2017-11-28/service-2.json +++ b/awscli/botocore/data/guardduty/2017-11-28/service-2.json @@ -5839,7 +5839,10 @@ }, "GetRemainingFreeTrialDaysRequest":{ "type":"structure", - "required":["DetectorId"], + "required":[ + "AccountIds", + "DetectorId" + ], "members":{ "DetectorId":{ "shape":"DetectorId", diff --git a/awscli/botocore/data/pcs/2023-02-10/service-2.json b/awscli/botocore/data/pcs/2023-02-10/service-2.json index 4d8976cb1fe7..30ab02146bc8 100644 --- a/awscli/botocore/data/pcs/2023-02-10/service-2.json +++ b/awscli/botocore/data/pcs/2023-02-10/service-2.json @@ -382,7 +382,7 @@ }, "mode":{ "shape":"AccountingMode", - "documentation":"

The default value for mode is STANDARD. A value of STANDARD means Slurm accounting is enabled.

" + "documentation":"

The default value for mode is NONE. A value of STANDARD means Slurm accounting is enabled.

" } }, "documentation":"

The accounting configuration includes configurable settings for Slurm accounting. It's a property of the ClusterSlurmConfiguration object.

" @@ -410,7 +410,7 @@ }, "mode":{ "shape":"AccountingMode", - "documentation":"

The default value for mode is STANDARD. A value of STANDARD means Slurm accounting is enabled.

" + "documentation":"

The default value for mode is NONE. A value of STANDARD means Slurm accounting is enabled.

" } }, "documentation":"

The accounting configuration includes configurable settings for Slurm accounting. It's a property of the ClusterSlurmConfiguration object.

" @@ -1252,14 +1252,14 @@ "members":{ "secretArn":{ "shape":"String", - "documentation":"

The Amazon Resource Name (ARN) of the AWS Secrets Manager secret containing the JWT key.

" + "documentation":"

The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret containing the JWT key.

" }, "secretVersion":{ "shape":"String", - "documentation":"

The version of the AWS Secrets Manager secret containing the JWT key.

" + "documentation":"

The version of the Amazon Web Services Secrets Manager secret containing the JWT key.

" } }, - "documentation":"

The JWT key stored in AWS Secrets Manager for Slurm REST API authentication.

" + "documentation":"

The JWT key stored in Amazon Web Services Secrets Manager for Slurm REST API authentication.

" }, "ListClustersRequest":{ "type":"structure", @@ -1842,7 +1842,7 @@ "members":{ "mode":{ "shape":"SlurmRestMode", - "documentation":"

The default value for mode is STANDARD. A value of STANDARD means the Slurm REST API is enabled.

" + "documentation":"

The default value for mode is NONE. A value of STANDARD means the Slurm REST API is enabled.

" } }, "documentation":"

The Slurm REST API configuration includes settings for enabling and configuring the Slurm REST API. It's a property of the ClusterSlurmConfiguration object.

" @@ -1860,7 +1860,7 @@ "members":{ "mode":{ "shape":"SlurmRestMode", - "documentation":"

The default value for mode is STANDARD. A value of STANDARD means the Slurm REST API is enabled.

" + "documentation":"

The default value for mode is NONE. A value of STANDARD means the Slurm REST API is enabled.

" } }, "documentation":"

The Slurm REST API configuration includes settings for enabling and configuring the Slurm REST API. It's a property of the ClusterSlurmConfiguration object.

" @@ -1982,7 +1982,7 @@ }, "mode":{ "shape":"AccountingMode", - "documentation":"

The default value for mode is STANDARD. A value of STANDARD means Slurm accounting is enabled.

" + "documentation":"

The default value for mode is NONE. A value of STANDARD means Slurm accounting is enabled.

" } }, "documentation":"

The accounting configuration includes configurable settings for Slurm accounting.

" @@ -2161,7 +2161,7 @@ "members":{ "mode":{ "shape":"SlurmRestMode", - "documentation":"

The default value for mode is STANDARD. A value of STANDARD means the Slurm REST API is enabled.

" + "documentation":"

The default value for mode is NONE. A value of STANDARD means the Slurm REST API is enabled.

" } }, "documentation":"

The Slurm REST API configuration includes settings for enabling and configuring the Slurm REST API.

" From b7ccb2355ed1a2453adfec3e5ef3a526cf151a58 Mon Sep 17 00:00:00 2001 From: aws-sdk-python-automation Date: Mon, 22 Dec 2025 19:09:54 +0000 Subject: [PATCH 37/37] Bump version to 2.32.22 --- .changes/2.32.22.json | 27 +++++++++++++++++++ .../next-release/api-change-config-24214.json | 5 ---- .../next-release/api-change-ec2-39383.json | 5 ---- .../api-change-guardduty-74995.json | 5 ---- .../next-release/api-change-pcs-86455.json | 5 ---- .../next-release/enhancement-ecs-81617.json | 5 ---- CHANGELOG.rst | 10 +++++++ awscli/__init__.py | 2 +- configure | 14 +++++----- configure.ac | 2 +- doc/source/conf.py | 2 +- 11 files changed, 47 insertions(+), 35 deletions(-) create mode 100644 .changes/2.32.22.json delete mode 100644 .changes/next-release/api-change-config-24214.json delete mode 100644 .changes/next-release/api-change-ec2-39383.json delete mode 100644 .changes/next-release/api-change-guardduty-74995.json delete mode 100644 .changes/next-release/api-change-pcs-86455.json delete mode 100644 .changes/next-release/enhancement-ecs-81617.json diff --git a/.changes/2.32.22.json b/.changes/2.32.22.json new file mode 100644 index 000000000000..bf5dd341e60a --- /dev/null +++ b/.changes/2.32.22.json @@ -0,0 +1,27 @@ +[ + { + "category": "``ecs``", + "description": "Introduces a text-only mode to the existing ECS Express Mode service commands. Text-only mode can be enabled via using the ``--mode TEXT-ONLY`` flag with the ``ecs monitor-express-gateway-service`` command, or via using the ``--monitor-mode TEXT-ONLY`` and ``--monitor-resources`` flags with the ``ecs create-express-gateway-service``, ``ecs update-express-gateway-service``, or ``ecs delete-express-gateway-service`` commands.", + "type": "enhancement" + }, + { + "category": "``guardduty``", + "description": "Make accountIds a required field in GetRemainingFreeTrialDays API to reflect service behavior.", + "type": "api-change" + }, + { + "category": "``config``", + "description": "Added supported resourceTypes for Config from July to November 2025", + "type": "api-change" + }, + { + "category": "``pcs``", + "description": "Change API Reference Documentation for default Mode in Accounting and SlurmRest", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "Adds support for linkedGroupId on the CreatePlacementGroup and DescribePlacementGroups APIs. The linkedGroupId parameter is reserved for future use.", + "type": "api-change" + } +] \ No newline at end of file diff --git a/.changes/next-release/api-change-config-24214.json b/.changes/next-release/api-change-config-24214.json deleted file mode 100644 index 333e4ce2245d..000000000000 --- a/.changes/next-release/api-change-config-24214.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``config``", - "description": "Added supported resourceTypes for Config from July to November 2025" -} diff --git a/.changes/next-release/api-change-ec2-39383.json b/.changes/next-release/api-change-ec2-39383.json deleted file mode 100644 index b82cfd0dfb89..000000000000 --- a/.changes/next-release/api-change-ec2-39383.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``ec2``", - "description": "Adds support for linkedGroupId on the CreatePlacementGroup and DescribePlacementGroups APIs. The linkedGroupId parameter is reserved for future use." -} diff --git a/.changes/next-release/api-change-guardduty-74995.json b/.changes/next-release/api-change-guardduty-74995.json deleted file mode 100644 index c99cc8f8c89a..000000000000 --- a/.changes/next-release/api-change-guardduty-74995.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``guardduty``", - "description": "Make accountIds a required field in GetRemainingFreeTrialDays API to reflect service behavior." -} diff --git a/.changes/next-release/api-change-pcs-86455.json b/.changes/next-release/api-change-pcs-86455.json deleted file mode 100644 index 87c2be0e6139..000000000000 --- a/.changes/next-release/api-change-pcs-86455.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``pcs``", - "description": "Change API Reference Documentation for default Mode in Accounting and SlurmRest" -} diff --git a/.changes/next-release/enhancement-ecs-81617.json b/.changes/next-release/enhancement-ecs-81617.json deleted file mode 100644 index f82cf000587a..000000000000 --- a/.changes/next-release/enhancement-ecs-81617.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "enhancement", - "category": "``ecs``", - "description": "Introduces a text-only mode to the existing ECS Express Mode service commands. Text-only mode can be enabled via using the ``--mode TEXT-ONLY`` flag with the ``ecs monitor-express-gateway-service`` command, or via using the ``--monitor-mode TEXT-ONLY`` and ``--monitor-resources`` flags with the ``ecs create-express-gateway-service``, ``ecs update-express-gateway-service``, or ``ecs delete-express-gateway-service`` commands." -} diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 0bab0723151a..5fc6d6648e23 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -2,6 +2,16 @@ CHANGELOG ========= +2.32.22 +======= + +* enhancement:``ecs``: Introduces a text-only mode to the existing ECS Express Mode service commands. Text-only mode can be enabled via using the ``--mode TEXT-ONLY`` flag with the ``ecs monitor-express-gateway-service`` command, or via using the ``--monitor-mode TEXT-ONLY`` and ``--monitor-resources`` flags with the ``ecs create-express-gateway-service``, ``ecs update-express-gateway-service``, or ``ecs delete-express-gateway-service`` commands. +* api-change:``guardduty``: Make accountIds a required field in GetRemainingFreeTrialDays API to reflect service behavior. +* api-change:``config``: Added supported resourceTypes for Config from July to November 2025 +* api-change:``pcs``: Change API Reference Documentation for default Mode in Accounting and SlurmRest +* api-change:``ec2``: Adds support for linkedGroupId on the CreatePlacementGroup and DescribePlacementGroups APIs. The linkedGroupId parameter is reserved for future use. + + 2.32.21 ======= diff --git a/awscli/__init__.py b/awscli/__init__.py index a2e8c2493d0a..368d577f9b9e 100644 --- a/awscli/__init__.py +++ b/awscli/__init__.py @@ -20,7 +20,7 @@ import os import sys -__version__ = '2.32.21' +__version__ = '2.32.22' # # Get our data path to be added to botocore's search path diff --git a/configure b/configure index 260f3a376123..c1c13a3ff4e4 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for awscli 2.32.21. +# Generated by GNU Autoconf 2.71 for awscli 2.32.22. # # # Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation, @@ -607,8 +607,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='awscli' PACKAGE_TARNAME='awscli' -PACKAGE_VERSION='2.32.21' -PACKAGE_STRING='awscli 2.32.21' +PACKAGE_VERSION='2.32.22' +PACKAGE_STRING='awscli 2.32.22' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1255,7 +1255,7 @@ _ACEOF fi if $ac_init_version; then cat <<\_ACEOF -awscli configure 2.32.21 +awscli configure 2.32.22 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. @@ -1292,7 +1292,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by awscli $as_me 2.32.21, which was +It was created by awscli $as_me 2.32.22, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -2668,7 +2668,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by awscli $as_me 2.32.21, which was +This file was extended by awscli $as_me 2.32.22, which was generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -2723,7 +2723,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -awscli config.status 2.32.21 +awscli config.status 2.32.22 configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index c5211377e2d1..595afc6faa93 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ AC_CONFIG_MACRO_DIRS([m4]) -AC_INIT([awscli], [2.32.21]) +AC_INIT([awscli], [2.32.22]) AC_CONFIG_SRCDIR([bin/aws]) AM_PATH_PYTHON([3.8]) diff --git a/doc/source/conf.py b/doc/source/conf.py index c4dbe18dd6af..1187b2681ee7 100644 --- a/doc/source/conf.py +++ b/doc/source/conf.py @@ -66,7 +66,7 @@ # The short X.Y version. version = '2.0' # The full version, including alpha/beta/rc tags. -release = '2.32.21' +release = '2.32.22' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages.