Specifies if there is a guardrail intervention in the response.
" } }, + "GuardrailAction": { + "base": null, + "refs": { + "GuardrailTrace$action": "The trace action details used with the Guardrail.
" + } + }, + "GuardrailAssessment": { + "base": "Assessment details of the content analyzed by Guardrails.
", + "refs": { + "GuardrailAssessmentList$member": null + } + }, + "GuardrailAssessmentList": { + "base": null, + "refs": { + "GuardrailTrace$inputAssessments": "The details of the input assessments used in the Guardrail Trace.
", + "GuardrailTrace$outputAssessments": "The details of the output assessments used in the Guardrail Trace.
" + } + }, "GuardrailConfiguration": { "base": "The configuration details for the guardrail.
", "refs": { @@ -364,6 +383,164 @@ "GuardrailConfiguration$guardrailVersion": "The version of the guardrail.
" } }, + "GuardrailContentFilter": { + "base": "Details of the content filter used in the Guardrail.
", + "refs": { + "GuardrailContentFilterList$member": null + } + }, + "GuardrailContentFilterConfidence": { + "base": null, + "refs": { + "GuardrailContentFilter$confidence": "The confidence level regarding the content detected in the filter by the Guardrail.
" + } + }, + "GuardrailContentFilterList": { + "base": null, + "refs": { + "GuardrailContentPolicyAssessment$filters": "The filter details of the policy assessment used in the Guardrails filter.
" + } + }, + "GuardrailContentFilterType": { + "base": null, + "refs": { + "GuardrailContentFilter$type": "The type of content detected in the filter by the Guardrail.
" + } + }, + "GuardrailContentPolicyAction": { + "base": null, + "refs": { + "GuardrailContentFilter$action": "The action placed on the content by the Guardrail filter.
" + } + }, + "GuardrailContentPolicyAssessment": { + "base": "The details of the policy assessment in the Guardrails filter.
", + "refs": { + "GuardrailAssessment$contentPolicy": "Content policy details of the Guardrail.
" + } + }, + "GuardrailCustomWord": { + "base": "The custom word details for the filter in the Guardrail.
", + "refs": { + "GuardrailCustomWordList$member": null + } + }, + "GuardrailCustomWordList": { + "base": null, + "refs": { + "GuardrailWordPolicyAssessment$customWords": "The custom word details for words defined in the Guardrail filter.
" + } + }, + "GuardrailManagedWord": { + "base": "The managed word details for the filter in the Guardrail.
", + "refs": { + "GuardrailManagedWordList$member": null + } + }, + "GuardrailManagedWordList": { + "base": null, + "refs": { + "GuardrailWordPolicyAssessment$managedWordLists": "The managed word lists for words defined in the Guardrail filter.
" + } + }, + "GuardrailManagedWordType": { + "base": null, + "refs": { + "GuardrailManagedWord$type": "The type details for the managed word filter in the Guardrail.
" + } + }, + "GuardrailPiiEntityFilter": { + "base": "The Guardrail filter to identify and remove personally identifiable information (PII).
", + "refs": { + "GuardrailPiiEntityFilterList$member": null + } + }, + "GuardrailPiiEntityFilterList": { + "base": null, + "refs": { + "GuardrailSensitiveInformationPolicyAssessment$piiEntities": "The details of the PII entities used in the sensitive policy assessment for the Guardrail.
" + } + }, + "GuardrailPiiEntityType": { + "base": null, + "refs": { + "GuardrailPiiEntityFilter$type": "The type of PII the Guardrail filter has identified and removed.
" + } + }, + "GuardrailRegexFilter": { + "base": "The details for the regex filter used in the Guardrail.
", + "refs": { + "GuardrailRegexFilterList$member": null + } + }, + "GuardrailRegexFilterList": { + "base": null, + "refs": { + "GuardrailSensitiveInformationPolicyAssessment$regexes": "The details of the regexes used in the sensitive policy assessment for the Guardrail.
" + } + }, + "GuardrailSensitiveInformationPolicyAction": { + "base": null, + "refs": { + "GuardrailPiiEntityFilter$action": "The action of the Guardrail filter to identify and remove PII.
", + "GuardrailRegexFilter$action": "The action details for the regex filter used in the Guardrail.
" + } + }, + "GuardrailSensitiveInformationPolicyAssessment": { + "base": "The details of the sensitive policy assessment used in the Guardrail.
", + "refs": { + "GuardrailAssessment$sensitiveInformationPolicy": "Sensitive Information policy details of Guardrail.
" + } + }, + "GuardrailTopic": { + "base": "The details for a specific topic defined in the Guardrail.
", + "refs": { + "GuardrailTopicList$member": null + } + }, + "GuardrailTopicList": { + "base": null, + "refs": { + "GuardrailTopicPolicyAssessment$topics": "The topic details of the policy assessment used in the Guardrail.
" + } + }, + "GuardrailTopicPolicyAction": { + "base": null, + "refs": { + "GuardrailTopic$action": "The action details on a specific topic in the Guardrail.
" + } + }, + "GuardrailTopicPolicyAssessment": { + "base": "The details of the policy assessment used in the Guardrail.
", + "refs": { + "GuardrailAssessment$topicPolicy": "Topic policy details of the Guardrail.
" + } + }, + "GuardrailTopicType": { + "base": null, + "refs": { + "GuardrailTopic$type": "The type details on a specific topic in the Guardrail.
" + } + }, + "GuardrailTrace": { + "base": "The trace details used in the Guardrail.
", + "refs": { + "Trace$guardrailTrace": "The trace details for a trace defined in the Guardrail filter.
" + } + }, + "GuardrailWordPolicyAction": { + "base": null, + "refs": { + "GuardrailCustomWord$action": "The action details for the custom word filter in the Guardrail.
", + "GuardrailManagedWord$action": "The action details for the managed word filter in the Guardrail.
" + } + }, + "GuardrailWordPolicyAssessment": { + "base": "The assessment details for words defined in the Guardrail filter.
", + "refs": { + "GuardrailAssessment$wordPolicy": "Word policy details of the Guardrail.
" + } + }, "Identifier": { "base": null, "refs": { @@ -992,6 +1169,13 @@ "FunctionParameter$value": "The value of the parameter.
", "FunctionResult$actionGroup": "The action group that the function belongs to.
", "FunctionResult$function": "The name of the function that was called.
", + "GuardrailCustomWord$match": "The match details for the custom word filter in the Guardrail.
", + "GuardrailManagedWord$match": "The match details for the managed word filter in the Guardrail.
", + "GuardrailPiiEntityFilter$match": "The match to settings in the Guardrail filter to identify and remove PII.
", + "GuardrailRegexFilter$match": "The match details for the regex filter used in the Guardrail.
", + "GuardrailRegexFilter$name": "The name details for the regex filter used in the Guardrail.
", + "GuardrailRegexFilter$regex": "The regex details for the regex filter used in the Guardrail.
", + "GuardrailTopic$name": "The name details on a specific topic in the Guardrail.
", "Parameter$name": "The name of the parameter.
", "Parameter$type": "The type of the parameter.
", "Parameter$value": "The value of the parameter.
", @@ -1064,6 +1248,7 @@ "base": null, "refs": { "FailureTrace$traceId": "The unique identifier of the trace.
", + "GuardrailTrace$traceId": "The details of the trace Id used in the Guardrail Trace.
", "InvocationInput$traceId": "The unique identifier of the trace.
", "ModelInvocationInput$traceId": "The unique identifier of the trace.
", "Observation$traceId": "The unique identifier of the trace.
", diff --git a/models/apis/bedrock-agent/2023-06-05/api-2.json b/models/apis/bedrock-agent/2023-06-05/api-2.json index 584409003e2..2a2de7c8243 100644 --- a/models/apis/bedrock-agent/2023-06-05/api-2.json +++ b/models/apis/bedrock-agent/2023-06-05/api-2.json @@ -829,6 +829,7 @@ "description":{"shape":"Description"}, "failureReasons":{"shape":"FailureReasons"}, "foundationModel":{"shape":"ModelIdentifier"}, + "guardrailConfiguration":{"shape":"GuardrailConfiguration"}, "idleSessionTTLInSeconds":{"shape":"SessionTTL"}, "instruction":{"shape":"Instruction"}, "preparedAt":{"shape":"DateTimestamp"}, @@ -1016,7 +1017,7 @@ "type":"string", "max":2048, "min":0, - "pattern":"^arn:aws(-[^:]+)?:iam::([0-9]{12})?:role/(service-role/)?AmazonBedrockExecutionRoleForAgents_.+$" + "pattern":"^arn:aws(-[^:]+)?:iam::([0-9]{12})?:role/.+$" }, "AgentStatus":{ "type":"string", @@ -1050,6 +1051,7 @@ "agentName":{"shape":"Name"}, "agentStatus":{"shape":"AgentStatus"}, "description":{"shape":"Description"}, + "guardrailConfiguration":{"shape":"GuardrailConfiguration"}, "latestAgentVersion":{"shape":"Version"}, "updatedAt":{"shape":"DateTimestamp"} } @@ -1078,6 +1080,7 @@ "description":{"shape":"Description"}, "failureReasons":{"shape":"FailureReasons"}, "foundationModel":{"shape":"ModelIdentifier"}, + "guardrailConfiguration":{"shape":"GuardrailConfiguration"}, "idleSessionTTLInSeconds":{"shape":"SessionTTL"}, "instruction":{"shape":"Instruction"}, "promptOverrideConfiguration":{"shape":"PromptOverrideConfiguration"}, @@ -1107,6 +1110,7 @@ "agentVersion":{"shape":"Version"}, "createdAt":{"shape":"DateTimestamp"}, "description":{"shape":"Description"}, + "guardrailConfiguration":{"shape":"GuardrailConfiguration"}, "updatedAt":{"shape":"DateTimestamp"} } }, @@ -1148,9 +1152,9 @@ }, "BedrockEmbeddingModelArn":{ "type":"string", - "max":1011, + "max":2048, "min":20, - "pattern":"^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}/[a-z0-9]{12})|(:foundation-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}))$" + "pattern":"^(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}/[a-z0-9]{12})|(:foundation-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63}))|([0-9]{12}:provisioned-model/[a-z0-9]{12})))|([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63}))|(([0-9a-zA-Z][_-]?)+)$" }, "Boolean":{ "type":"boolean", @@ -1280,6 +1284,7 @@ "customerEncryptionKeyArn":{"shape":"KmsKeyArn"}, "description":{"shape":"Description"}, "foundationModel":{"shape":"ModelIdentifier"}, + "guardrailConfiguration":{"shape":"GuardrailConfiguration"}, "idleSessionTTLInSeconds":{"shape":"SessionTTL"}, "instruction":{"shape":"Instruction"}, "promptOverrideConfiguration":{"shape":"PromptOverrideConfiguration"}, @@ -1943,6 +1948,23 @@ "knowledgeBase":{"shape":"KnowledgeBase"} } }, + "GuardrailConfiguration":{ + "type":"structure", + "members":{ + "guardrailIdentifier":{"shape":"GuardrailIdentifier"}, + "guardrailVersion":{"shape":"GuardrailVersion"} + } + }, + "GuardrailIdentifier":{ + "type":"string", + "max":2048, + "min":0, + "pattern":"^(([a-z0-9]+)|(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:guardrail/[a-z0-9]+))$" + }, + "GuardrailVersion":{ + "type":"string", + "pattern":"^(([0-9]{1,8})|(DRAFT))$" + }, "Id":{ "type":"string", "pattern":"^[0-9a-zA-Z]{10}$" @@ -2084,7 +2106,7 @@ }, "Instruction":{ "type":"string", - "max":1200, + "max":4000, "min":40, "sensitive":true }, @@ -3153,6 +3175,7 @@ "customerEncryptionKeyArn":{"shape":"KmsKeyArn"}, "description":{"shape":"Description"}, "foundationModel":{"shape":"ModelIdentifier"}, + "guardrailConfiguration":{"shape":"GuardrailConfiguration"}, "idleSessionTTLInSeconds":{"shape":"SessionTTL"}, "instruction":{"shape":"Instruction"}, "promptOverrideConfiguration":{"shape":"PromptOverrideConfiguration"} diff --git a/models/apis/bedrock-agent/2023-06-05/docs-2.json b/models/apis/bedrock-agent/2023-06-05/docs-2.json index f4255000803..3db0377b575 100644 --- a/models/apis/bedrock-agent/2023-06-05/docs-2.json +++ b/models/apis/bedrock-agent/2023-06-05/docs-2.json @@ -274,7 +274,7 @@ "BasePromptTemplate": { "base": null, "refs": { - "PromptConfiguration$basePromptTemplate": "Defines the prompt template with which to replace the default prompt template. You can use placeholder variables in the base prompt template to customize the prompt. For more information, see Prompt template placeholder variables.
" + "PromptConfiguration$basePromptTemplate": "Defines the prompt template with which to replace the default prompt template. You can use placeholder variables in the base prompt template to customize the prompt. For more information, see Prompt template placeholder variables. For more information, see Configure the prompt templates.
" } }, "BedrockEmbeddingModelArn": { @@ -760,6 +760,29 @@ "refs": { } }, + "GuardrailConfiguration": { + "base": "The details of the guardrails configuration.
", + "refs": { + "Agent$guardrailConfiguration": "The guardrails configuration assigned to the agent.
", + "AgentSummary$guardrailConfiguration": "The details of the guardrails configuration in the agent summary.
", + "AgentVersion$guardrailConfiguration": "The guardrails configuration assigned to the agent version.
", + "AgentVersionSummary$guardrailConfiguration": "The details of the guardrails configuration in the agent version summary.
", + "CreateAgentRequest$guardrailConfiguration": "The unique Guardrail configuration assigned to the agent when it is created.
", + "UpdateAgentRequest$guardrailConfiguration": "The unique Guardrail configuration assigned to the agent when it is updated.
" + } + }, + "GuardrailIdentifier": { + "base": null, + "refs": { + "GuardrailConfiguration$guardrailIdentifier": "The guardrails identifier assigned to the guardrails configuration.
" + } + }, + "GuardrailVersion": { + "base": null, + "refs": { + "GuardrailConfiguration$guardrailVersion": "The guardrails version assigned to the guardrails configuration.
" + } + }, "Id": { "base": null, "refs": { @@ -1027,7 +1050,7 @@ "base": null, "refs": { "ActionGroupExecutor$lambda": "The Amazon Resource Name (ARN) of the Lambda function containing the business logic that is carried out upon invoking the action.
", - "PromptOverrideConfiguration$overrideLambda": "The ARN of the Lambda function to use when parsing the raw foundation model output in parts of the agent sequence. If you specify this field, at least one of the promptConfigurations must contain a parserMode value that is set to OVERRIDDEN.
The ARN of the Lambda function to use when parsing the raw foundation model output in parts of the agent sequence. If you specify this field, at least one of the promptConfigurations must contain a parserMode value that is set to OVERRIDDEN. For more information, see Parser Lambda function in Agents for Amazon Bedrock.
These interfaces allow you to apply the Amazon Web Services library of pre-defined controls to your organizational units, programmatically. In Amazon Web Services Control Tower, the terms \"control\" and \"guardrail\" are synonyms.
To call these APIs, you'll need to know:
the controlIdentifier for the control--or guardrail--you are targeting.
the ARN associated with the target organizational unit (OU), which we call the targetIdentifier.
the ARN associated with a resource that you wish to tag or untag.
To get the controlIdentifier for your Amazon Web Services Control Tower control:
The controlIdentifier is an ARN that is specified for each control. You can view the controlIdentifier in the console on the Control details page, as well as in the documentation.
The controlIdentifier is unique in each Amazon Web Services Region for each control. You can find the controlIdentifier for each Region and control in the Tables of control metadata in the Amazon Web Services Control Tower User Guide.
A quick-reference list of control identifers for the Amazon Web Services Control Tower legacy Strongly recommended and Elective controls is given in Resource identifiers for APIs and controls in the Controls reference guide section of the Amazon Web Services Control Tower User Guide. Remember that Mandatory controls cannot be added or removed.
ARN format: arn:aws:controltower:{REGION}::control/{CONTROL_NAME}
Example:
arn:aws:controltower:us-west-2::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED
To get the targetIdentifier:
The targetIdentifier is the ARN for an OU.
In the Amazon Web Services Organizations console, you can find the ARN for the OU on the Organizational unit details page associated with that OU.
OU ARN format:
arn:${Partition}:organizations::${MasterAccountId}:ou/o-${OrganizationId}/ou-${OrganizationalUnitId}
Details and examples
To view the open source resource repository on GitHub, see aws-cloudformation/aws-cloudformation-resource-providers-controltower
Recording API Requests
Amazon Web Services Control Tower supports Amazon Web Services CloudTrail, a service that records Amazon Web Services API calls for your Amazon Web Services account and delivers log files to an Amazon S3 bucket. By using information collected by CloudTrail, you can determine which requests the Amazon Web Services Control Tower service received, who made the request and when, and so on. For more about Amazon Web Services Control Tower and its support for CloudTrail, see Logging Amazon Web Services Control Tower Actions with Amazon Web Services CloudTrail in the Amazon Web Services Control Tower User Guide. To learn more about CloudTrail, including how to turn it on and find your log files, see the Amazon Web Services CloudTrail User Guide.
", + "service": "Amazon Web Services Control Tower offers application programming interface (API) operations that support programmatic interaction with these types of resources:
For more information about these types of resources, see the Amazon Web Services Control Tower User Guide .
About control APIs
These interfaces allow you to apply the Amazon Web Services library of pre-defined controls to your organizational units, programmatically. In Amazon Web Services Control Tower, the terms \"control\" and \"guardrail\" are synonyms.
To call these APIs, you'll need to know:
the controlIdentifier for the control--or guardrail--you are targeting.
the ARN associated with the target organizational unit (OU), which we call the targetIdentifier.
the ARN associated with a resource that you wish to tag or untag.
To get the controlIdentifier for your Amazon Web Services Control Tower control:
The controlIdentifier is an ARN that is specified for each control. You can view the controlIdentifier in the console on the Control details page, as well as in the documentation.
The controlIdentifier is unique in each Amazon Web Services Region for each control. You can find the controlIdentifier for each Region and control in the Tables of control metadata or the Control availability by Region tables in the Amazon Web Services Control Tower User Guide.
A quick-reference list of control identifers for the Amazon Web Services Control Tower legacy Strongly recommended and Elective controls is given in Resource identifiers for APIs and controls in the Controls reference guide section of the Amazon Web Services Control Tower User Guide. Remember that Mandatory controls cannot be added or removed.
ARN format: arn:aws:controltower:{REGION}::control/{CONTROL_NAME}
Example:
arn:aws:controltower:us-west-2::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED
To get the targetIdentifier:
The targetIdentifier is the ARN for an OU.
In the Amazon Web Services Organizations console, you can find the ARN for the OU on the Organizational unit details page associated with that OU.
OU ARN format:
arn:${Partition}:organizations::${MasterAccountId}:ou/o-${OrganizationId}/ou-${OrganizationalUnitId}
About landing zone APIs
You can configure and launch an Amazon Web Services Control Tower landing zone with APIs. For an introduction and steps, see Getting started with Amazon Web Services Control Tower using APIs.
For an overview of landing zone API operations, see Amazon Web Services Control Tower supports landing zone APIs. The individual API operations for landing zones are detailed in this document, the API reference manual, in the \"Actions\" section.
About baseline APIs
You can apply the AWSControlTowerBaseline baseline to an organizational unit (OU) as a way to register the OU with Amazon Web Services Control Tower, programmatically. For a general overview of this capability, see Amazon Web Services Control Tower supports APIs for OU registration and configuration with baselines.
You can call the baseline API operations to view the baselines that Amazon Web Services Control Tower enables for your landing zone, on your behalf, when setting up the landing zone. These baselines are read-only baselines.
The individual API operations for baselines are detailed in this document, the API reference manual, in the \"Actions\" section. For usage examples, see Baseline API input and output examples with CLI.
Details and examples
To view the open source resource repository on GitHub, see aws-cloudformation/aws-cloudformation-resource-providers-controltower
Recording API Requests
Amazon Web Services Control Tower supports Amazon Web Services CloudTrail, a service that records Amazon Web Services API calls for your Amazon Web Services account and delivers log files to an Amazon S3 bucket. By using information collected by CloudTrail, you can determine which requests the Amazon Web Services Control Tower service received, who made the request and when, and so on. For more about Amazon Web Services Control Tower and its support for CloudTrail, see Logging Amazon Web Services Control Tower Actions with Amazon Web Services CloudTrail in the Amazon Web Services Control Tower User Guide. To learn more about CloudTrail, including how to turn it on and find your log files, see the Amazon Web Services CloudTrail User Guide.
", "operations": { "CreateLandingZone": "Creates a new landing zone. This API call starts an asynchronous operation that creates and configures a landing zone, based on the parameters specified in the manifest JSON file.
", "DeleteLandingZone": "Decommissions a landing zone. This API call starts an asynchronous operation that deletes Amazon Web Services Control Tower resources deployed in accounts managed by Amazon Web Services Control Tower.
", - "DisableBaseline": "Disable an EnabledBaseline resource on the specified Target. This API starts an asynchronous operation to remove all resources deployed as part of the baseline enablement. The resource will vary depending on the enabled baseline.
Disable an EnabledBaseline resource on the specified Target. This API starts an asynchronous operation to remove all resources deployed as part of the baseline enablement. The resource will vary depending on the enabled baseline. For usage examples, see the Amazon Web Services Control Tower User Guide .
This API call turns off a control. It starts an asynchronous operation that deletes AWS resources on the specified organizational unit and the accounts it contains. The resources will vary according to the control that you specify. For usage examples, see the Amazon Web Services Control Tower User Guide .
", - "EnableBaseline": "Enable (apply) a Baseline to a Target. This API starts an asynchronous operation to deploy resources specified by the Baseline to the specified Target.
Enable (apply) a Baseline to a Target. This API starts an asynchronous operation to deploy resources specified by the Baseline to the specified Target. For usage examples, see the Amazon Web Services Control Tower User Guide .
This API call activates a control. It starts an asynchronous operation that creates Amazon Web Services resources on the specified organizational unit and the accounts it contains. The resources created will vary according to the control that you specify. For usage examples, see the Amazon Web Services Control Tower User Guide .
", - "GetBaseline": "Retrieve details about an existing Baseline resource by specifying its identifier.
Returns the details of an asynchronous baseline operation, as initiated by any of these APIs: EnableBaseline, DisableBaseline, UpdateEnabledBaseline, ResetEnabledBaseline. A status message is displayed in case of operation failure.
Retrieve details about an existing Baseline resource by specifying its identifier. For usage examples, see the Amazon Web Services Control Tower User Guide .
Returns the details of an asynchronous baseline operation, as initiated by any of these APIs: EnableBaseline, DisableBaseline, UpdateEnabledBaseline, ResetEnabledBaseline. A status message is displayed in case of operation failure. For usage examples, see the Amazon Web Services Control Tower User Guide .
Returns the status of a particular EnableControl or DisableControl operation. Displays a message in case of error. Details for an operation are available for 90 days. For usage examples, see the Amazon Web Services Control Tower User Guide .
Retrieve details of an EnabledBaseline resource by specifying its identifier.
Retrieves details about an enabled control. For usage examples, see the Amazon Web Services Control Tower User Guide .
", "GetLandingZone": "Returns details about the landing zone. Displays a message in case of error.
", - "GetLandingZoneOperation": "Returns the status of the specified landing zone operation. Details for an operation are available for 60 days.
", - "ListBaselines": "Returns a summary list of all available baselines.
", - "ListEnabledBaselines": "Returns a list of summaries describing EnabledBaseline resources. You can filter the list by the corresponding Baseline or Target of the EnabledBaseline resources.
Returns the status of the specified landing zone operation. Details for an operation are available for 90 days.
", + "ListBaselines": "Returns a summary list of all available baselines. For usage examples, see the Amazon Web Services Control Tower User Guide .
", + "ListControlOperations": "Provides a list of operations in progress or queued.
", + "ListEnabledBaselines": "Returns a list of summaries describing EnabledBaseline resources. You can filter the list by the corresponding Baseline or Target of the EnabledBaseline resources. For usage examples, see the Amazon Web Services Control Tower User Guide .
Lists the controls enabled by Amazon Web Services Control Tower on the specified organizational unit and the accounts it contains. For usage examples, see the Amazon Web Services Control Tower User Guide .
", "ListLandingZones": "Returns the landing zone ARN for the landing zone deployed in your managed account. This API also creates an ARN for existing accounts that do not yet have a landing zone ARN.
Returns one landing zone ARN.
", "ListTagsForResource": "Returns a list of tags associated with the resource. For usage examples, see the Amazon Web Services Control Tower User Guide .
", - "ResetEnabledBaseline": "Re-enables an EnabledBaseline resource. For example, this API can re-apply the existing Baseline after a new member account is moved to the target OU.
Re-enables an EnabledBaseline resource. For example, this API can re-apply the existing Baseline after a new member account is moved to the target OU. For usage examples, see the Amazon Web Services Control Tower User Guide .
This API call resets a landing zone. It starts an asynchronous operation that resets the landing zone to the parameters specified in its original configuration.
", "TagResource": "Applies tags to a resource. For usage examples, see the Amazon Web Services Control Tower User Guide .
", "UntagResource": "Removes tags from a resource. For usage examples, see the Amazon Web Services Control Tower User Guide .
", - "UpdateEnabledBaseline": "Updates an EnabledBaseline resource's applied parameters or version.
Updates an EnabledBaseline resource's applied parameters or version. For usage examples, see the Amazon Web Services Control Tower User Guide .
Updates the configuration of an already enabled control.
If the enabled control shows an EnablementStatus of SUCCEEDED, supply parameters that are different from the currently configured parameters. Otherwise, Amazon Web Services Control Tower will not accept the request.
If the enabled control shows an EnablementStatus of FAILED, Amazon Web Services Control Tower will update the control to match any valid parameters that you supply.
If the DriftSummary status for the control shows as DRIFTED, you cannot call this API. Instead, you can update the control by calling DisableControl and again calling EnableControl, or you can run an extending governance operation. For usage examples, see the Amazon Web Services Control Tower User Guide
This API call updates the landing zone. It starts an asynchronous operation that updates the landing zone based on the new landing zone version, or on the changed parameters specified in the updated manifest file.
" }, @@ -37,6 +38,8 @@ "Arn": { "base": null, "refs": { + "ControlOperation$enabledControlIdentifier": "The controlIdentifier of the enabled control.
The controlIdentifier of an enabled control.
The ARN of the landing zone resource.
", "DisableBaselineInput$enabledBaselineIdentifier": "Identifier of the EnabledBaseline resource to be deactivated, in ARN format.
The ARN of the baseline to be enabled.
", @@ -48,6 +51,7 @@ "EnabledBaselineSummary$arn": "The ARN of the EnabledBaseline resource
The ARN of the enabled control.
", + "EnabledControlIdentifiers$member": null, "EnabledControlSummary$arn": "The ARN of the enabled control.
", "GetEnabledBaselineInput$enabledBaselineIdentifier": "Identifier of the EnabledBaseline resource to be retrieved, in ARN format.
The controlIdentifier of the enabled control.
The controlIdentifier of the control for the operation.
The controlIdentifier of a control.
The ARN of the control. Only Strongly recommended and Elective controls are permitted, with the exception of the Region deny control. For information on how to find the controlIdentifier, see the overview page.
The ARN of the control. Only Strongly recommended and Elective controls are permitted, with the exception of the Region deny control. For information on how to find the controlIdentifier, see the overview page.
The control identifier of the enabled control. For information on how to find the controlIdentifier, see the overview page.
The controlIdentifier of the enabled control.
The set of controlIdentifier returned by the filter.
The set of controlIdentifier returned by the filter.
An operation performed by the control.
", "refs": { "GetControlOperationOutput$controlOperation": "An operation performed by the control.
" } }, + "ControlOperationFilter": { + "base": "A filter object that lets you call ListCOntrolOperations with a specific filter.
An input filter for the ListControlOperations API that lets you select the types of control operations to view.
One of IN_PROGRESS, SUCEEDED, or FAILED.
One of IN_PROGRESS, SUCEEDED, or FAILED.
The status of the specified control operation.
" + } + }, + "ControlOperationStatuses": { + "base": null, + "refs": { + "ControlOperationFilter$statuses": "Lists the status of control operations.
" + } + }, + "ControlOperationSummary": { + "base": "A summary of information about the specified control operation.
", + "refs": { + "ControlOperations$member": null } }, "ControlOperationType": { "base": null, "refs": { - "ControlOperation$operationType": "One of ENABLE_CONTROL or DISABLE_CONTROL.
One of ENABLE_CONTROL or DISABLE_CONTROL.
The type of operation.
", + "ControlOperationTypes$member": null + } + }, + "ControlOperationTypes": { + "base": null, + "refs": { + "ControlOperationFilter$controlOperationTypes": "The set of ControlOperation objects returned by the filter.
Returns a list of output from control operations. PLACEHOLDER
" } }, "CreateLandingZoneInput": { @@ -187,7 +235,8 @@ "DriftStatus": { "base": null, "refs": { - "DriftStatusSummary$driftStatus": "The drift status of the enabled control.
Valid values:
DRIFTED: The enabledControl deployed in this configuration doesn’t match the configuration that Amazon Web Services Control Tower expected.
IN_SYNC: The enabledControl deployed in this configuration matches the configuration that Amazon Web Services Control Tower expected.
NOT_CHECKING: Amazon Web Services Control Tower does not check drift for this enabled control. Drift is not supported for the control type.
UNKNOWN: Amazon Web Services Control Tower is not able to check the drift status for the enabled control.
The drift status of the enabled control.
Valid values:
DRIFTED: The enabledControl deployed in this configuration doesn’t match the configuration that Amazon Web Services Control Tower expected.
IN_SYNC: The enabledControl deployed in this configuration matches the configuration that Amazon Web Services Control Tower expected.
NOT_CHECKING: Amazon Web Services Control Tower does not check drift for this enabled control. Drift is not supported for the control type.
UNKNOWN: Amazon Web Services Control Tower is not able to check the drift status for the enabled control.
The drift status of the enabled control.
" } }, + "DriftStatuses": { + "base": null, + "refs": { + "EnabledControlFilter$driftStatuses": "A list of DriftStatus items.
Information about the enabled control.
" } }, + "EnabledControlFilter": { + "base": "A structure that returns a set of control identifiers, the control status for each control in the set, and the drift status for each control in the set.
", + "refs": { + "ListEnabledControlsInput$filter": "An input filter for the ListCEnabledControls API that lets you select the types of control operations to view.
The set controlIdentifier of enabled controls selected by the filter.
A key/value pair, where Key is of type String and Value is of type Document.
The deployment status of the enabled control.
Valid values:
SUCCEEDED: The enabledControl configuration was deployed successfully.
UNDER_CHANGE: The enabledControl configuration is changing.
FAILED: The enabledControl configuration failed to deploy.
The deployment status of the enabled control.
Valid values:
SUCCEEDED: The enabledControl configuration was deployed successfully.
UNDER_CHANGE: The enabledControl configuration is changing.
FAILED: The enabledControl configuration failed to deploy.
A short description of the status of the enabled control.
" } }, + "EnablementStatuses": { + "base": null, + "refs": { + "EnabledControlFilter$statuses": "A list of EnablementStatus items.
The maximum number of results to be shown.
" + } + }, + "ListControlOperationsNextToken": { + "base": null, + "refs": { + "ListControlOperationsInput$nextToken": "A pagination token.
", + "ListControlOperationsOutput$nextToken": "A pagination token.
" + } + }, + "ListControlOperationsOutput": { + "base": null, + "refs": { + } + }, "ListEnabledBaselinesInput": { "base": null, "refs": { @@ -565,9 +662,9 @@ "Manifest": { "base": null, "refs": { - "CreateLandingZoneInput$manifest": "The manifest.yaml file is a text file that describes your Amazon Web Services resources. For examples, review The manifest file.
", - "LandingZoneDetail$manifest": "The landing zone manifest.yaml text file that specifies the landing zone configurations.
The manifest.yaml file is a text file that describes your Amazon Web Services resources. For examples, review The manifest file.
The manifest JSON file is a text file that describes your Amazon Web Services resources. For examples, review Launch your landing zone.
", + "LandingZoneDetail$manifest": "The landing zone manifest JSON text file that specifies the landing zone configurations.
", + "UpdateLandingZoneInput$manifest": "The manifest JSON file is a text file that describes your Amazon Web Services resources. For examples, review Launch your landing zone.
" } }, "MaxResults": { @@ -580,6 +677,8 @@ "base": null, "refs": { "BaselineOperation$operationIdentifier": "The identifier of the specified operation.
", + "ControlOperation$operationIdentifier": "The identifier of the specified operation.
", + "ControlOperationSummary$operationIdentifier": "The unique identifier of a control operation.
", "CreateLandingZoneOutput$operationIdentifier": "A unique identifier assigned to a CreateLandingZone operation. You can use this identifier as an input of GetLandingZoneOperation to check the operation's status.
>A unique identifier assigned to a DeleteLandingZone operation. You can use this identifier as an input parameter of GetLandingZoneOperation to check the operation's status.
The ID (in UUID format) of the asynchronous DisableBaseline operation. This operationIdentifier is used to track status through calls to the GetBaselineOperation API.
The human-readable name of a Baseline.
", "ConflictException$message": null, "ControlOperation$statusMessage": "If the operation result is FAILED, this string contains a message explaining why the operation failed.
A speficic message displayed as part of the control status.
", "DeleteLandingZoneInput$landingZoneIdentifier": "The unique identifier of the landing zone.
", "EnabledBaselineDetails$baselineIdentifier": "The specific Baseline enabled as part of the EnabledBaseline resource.
The enabled version of the Baseline.
The time that the operation finished.
", - "ControlOperation$startTime": "The time that the operation began.
" + "ControlOperation$startTime": "The time that the operation began.
", + "ControlOperationSummary$endTime": "The time at which the control operation was completed.
", + "ControlOperationSummary$startTime": "The time at which a control operation began.
" } }, "TagKey": { @@ -730,11 +832,20 @@ "TargetIdentifier": { "base": null, "refs": { + "ControlOperation$targetIdentifier": "The target upon which the control operation is working.
", + "ControlOperationSummary$targetIdentifier": "The unique identifier of the target of a control operation.
", "DisableControlInput$targetIdentifier": "The ARN of the organizational unit. For information on how to find the targetIdentifier, see the overview page.
The ARN of the organizational unit. For information on how to find the targetIdentifier, see the overview page.
The ARN of the organizational unit. For information on how to find the targetIdentifier, see the overview page.
The ARN of the organizational unit.
", - "ListEnabledControlsInput$targetIdentifier": "The ARN of the organizational unit. For information on how to find the targetIdentifier, see the overview page.
The ARN of the organizational unit. For information on how to find the targetIdentifier, see the overview page.
The set of targetIdentifier objects returned by the filter.
The format format of the blueprint to retrieve.
" + } + }, "Boolean": { "base": null, "refs": { "BufferOptions$PersistentBufferEnabled": "Whether persistent buffering should be enabled.
", "LogPublishingOptions$IsLoggingEnabled": "Whether logs should be published.
", - "ValidatePipelineResponse$isValid": "A boolean indicating whether or not the pipeline configuration is valid.
" + "ValidatePipelineResponse$isValid": "A boolean indicating whether or not the pipeline configuration is valid.
", + "VpcAttachmentOptions$AttachToVpc": "Whether a VPC is attached to the pipeline.
" } }, "BufferOptions": { - "base": "Options that specify the configuration of a persistent buffer. To configure how OpenSearch Ingestion encrypts this data, set the EncryptionAtRestOptions.
", + "base": "Options that specify the configuration of a persistent buffer. To configure how OpenSearch Ingestion encrypts this data, set the EncryptionAtRestOptions. For more information, see Persistent buffering.
Key-value pairs to configure persistent buffering for the pipeline.
", "Pipeline$BufferOptions": null, @@ -75,6 +82,12 @@ "ChangeProgressStatus$Status": "The overall status of the pipeline configuration change.
" } }, + "CidrBlock": { + "base": null, + "refs": { + "VpcAttachmentOptions$CidrBlock": "The CIDR block to be reserved for OpenSearch Ingestion to create elastic network interfaces (ENIs).
" + } + }, "CloudWatchLogDestination": { "base": "The destination for OpenSearch Ingestion logs sent to Amazon CloudWatch.
", "refs": { @@ -106,8 +119,13 @@ "refs": { } }, + "DisabledOperationException": { + "base": "Exception is thrown when an operation has been disabled.
", + "refs": { + } + }, "EncryptionAtRestOptions": { - "base": "Options to control how OpenSearch encrypts all data-at-rest.
", + "base": "Options to control how OpenSearch encrypts buffer data.
", "refs": { "CreatePipelineRequest$EncryptionAtRestOptions": "Key-value pairs to configure encryption for data that is written to a persistent buffer.
", "Pipeline$EncryptionAtRestOptions": null, @@ -171,7 +189,7 @@ "KmsKeyArn": { "base": null, "refs": { - "EncryptionAtRestOptions$KmsKeyArn": "The ARN of the KMS key used to encrypt data-at-rest in OpenSearch Ingestion. By default, data is encrypted using an AWS owned key.
" + "EncryptionAtRestOptions$KmsKeyArn": "The ARN of the KMS key used to encrypt buffer data. By default, data is encrypted using an Amazon Web Services owned key.
" } }, "LimitExceededException": { @@ -212,7 +230,7 @@ "LogGroup": { "base": null, "refs": { - "CloudWatchLogDestination$LogGroup": "The name of the CloudWatch Logs group to send pipeline logs to. You can specify an existing log group or create a new one. For example, /aws/OpenSearchService/IngestionService/my-pipeline.
The name of the CloudWatch Logs group to send pipeline logs to. You can specify an existing log group or create a new one. For example, /aws/vendedlogs/OpenSearchService/pipelines.
The pipeline configuration in YAML format. The command accepts the pipeline configuration as a string or within a .yaml file. If you provide the configuration as a string, each new line must be escaped with \\n.
An object representing the destination of a pipeline.
", + "refs": { + "PipelineDestinationList$member": null + } + }, + "PipelineDestinationList": { + "base": null, + "refs": { + "Pipeline$Destinations": "Destinations to which the pipeline writes data.
", + "PipelineSummary$Destinations": "A list of destinations to which the pipeline writes data.
" + } + }, "PipelineName": { "base": null, "refs": { "CreatePipelineRequest$PipelineName": "The name of the OpenSearch Ingestion pipeline to create. Pipeline names are unique across the pipelines owned by an account within an Amazon Web Services Region.
", "DeletePipelineRequest$PipelineName": "The name of the pipeline to delete.
", "GetPipelineChangeProgressRequest$PipelineName": "The name of the pipeline.
", - "GetPipelineRequest$PipelineName": "The name of the pipeline to get information about.
", + "GetPipelineRequest$PipelineName": "The name of the pipeline.
", "PipelineSummary$PipelineName": "The name of the pipeline.
", "StartPipelineRequest$PipelineName": "The name of the pipeline to start.
", "StopPipelineRequest$PipelineName": "The name of the pipeline to stop.
", @@ -362,7 +393,7 @@ "ServiceVpcEndpointsList": { "base": null, "refs": { - "Pipeline$ServiceVpcEndpoints": "A list of VPC endpoints that OpenSearch Ingestion has created to other AWS services.
" + "Pipeline$ServiceVpcEndpoints": "A list of VPC endpoints that OpenSearch Ingestion has created to other Amazon Web Services services.
" } }, "StartPipelineRequest": { @@ -391,15 +422,26 @@ "ChangeProgressStage$Name": "The name of the stage.
", "ChangeProgressStage$Description": "A description of the stage.
", "GetPipelineBlueprintRequest$BlueprintName": "The name of the blueprint to retrieve.
", + "GetPipelineBlueprintResponse$Format": "The format of the blueprint.
", "IngestEndpointUrlsList$member": null, "Pipeline$PipelineName": "The name of the pipeline.
", "Pipeline$PipelineArn": "The Amazon Resource Name (ARN) of the pipeline.
", "Pipeline$PipelineConfigurationBody": "The Data Prepper pipeline configuration in YAML format.
", "PipelineBlueprint$BlueprintName": "The name of the blueprint.
", "PipelineBlueprint$PipelineConfigurationBody": "The YAML configuration of the blueprint.
", + "PipelineBlueprint$DisplayName": "The display name of the blueprint.
", + "PipelineBlueprint$DisplayDescription": "A description of the blueprint.
", + "PipelineBlueprint$Service": "The name of the service that the blueprint is associated with.
", + "PipelineBlueprint$UseCase": "The use case that the blueprint relates to.
", "PipelineBlueprintSummary$BlueprintName": "The name of the blueprint.
", + "PipelineBlueprintSummary$DisplayName": "The display name of the blueprint.
", + "PipelineBlueprintSummary$DisplayDescription": "A description of the blueprint.
", + "PipelineBlueprintSummary$Service": "The name of the service that the blueprint is associated with.
", + "PipelineBlueprintSummary$UseCase": "The use case that the blueprint relates to.
", + "PipelineDestination$ServiceName": "The name of the service receiving data from the pipeline.
", + "PipelineDestination$Endpoint": "The endpoint receiving data from the pipeline.
", "PipelineStatusReason$Description": "A description of why a pipeline has a certain status.
", - "ServiceVpcEndpoint$VpcEndpointId": "The ID of the VPC endpoint that was created.
", + "ServiceVpcEndpoint$VpcEndpointId": "The unique identifier of the VPC endpoint that was created.
", "StringList$member": null, "ValidationMessage$Message": "The validation message.
", "VpcEndpoint$VpcEndpointId": "The unique identifier of the endpoint.
", @@ -520,6 +562,12 @@ "ValidatePipelineResponse$Errors": "A list of errors if the configuration is invalid.
" } }, + "VpcAttachmentOptions": { + "base": "Options for attaching a VPC to pipeline.
", + "refs": { + "VpcOptions$VpcAttachmentOptions": "Options for attaching a VPC to a pipeline.
" + } + }, "VpcEndpoint": { "base": "An OpenSearch Ingestion-managed VPC endpoint that will access one or more pipelines.
", "refs": { diff --git a/models/apis/rds/2014-10-31/api-2.json b/models/apis/rds/2014-10-31/api-2.json index 78ffd8fc2f9..f208bb4ba37 100644 --- a/models/apis/rds/2014-10-31/api-2.json +++ b/models/apis/rds/2014-10-31/api-2.json @@ -3591,7 +3591,8 @@ "ManageMasterUserPassword":{"shape":"BooleanOptional"}, "MasterUserSecretKmsKeyId":{"shape":"String"}, "EnableLocalWriteForwarding":{"shape":"BooleanOptional"}, - "CACertificateIdentifier":{"shape":"String"} + "CACertificateIdentifier":{"shape":"String"}, + "EngineLifecycleSupport":{"shape":"String"} } }, "CreateDBClusterParameterGroupMessage":{ @@ -3707,7 +3708,8 @@ "CACertificateIdentifier":{"shape":"String"}, "DBSystemId":{"shape":"String"}, "DedicatedLogVolume":{"shape":"BooleanOptional"}, - "MultiTenant":{"shape":"BooleanOptional"} + "MultiTenant":{"shape":"BooleanOptional"}, + "EngineLifecycleSupport":{"shape":"String"} } }, "CreateDBInstanceReadReplicaMessage":{ @@ -3943,6 +3945,7 @@ "SourceDBClusterIdentifier":{"shape":"String"}, "Engine":{"shape":"String"}, "EngineVersion":{"shape":"String"}, + "EngineLifecycleSupport":{"shape":"String"}, "DeletionProtection":{"shape":"BooleanOptional"}, "DatabaseName":{"shape":"String"}, "StorageEncrypted":{"shape":"BooleanOptional"} @@ -4176,7 +4179,8 @@ "AwsBackupRecoveryPointArn":{"shape":"String"}, "LimitlessDatabase":{"shape":"LimitlessDatabase"}, "StorageThroughput":{"shape":"IntegerOptional"}, - "CertificateDetails":{"shape":"CertificateDetails"} + "CertificateDetails":{"shape":"CertificateDetails"}, + "EngineLifecycleSupport":{"shape":"String"} }, "wrapper":true }, @@ -4781,7 +4785,8 @@ "PercentProgress":{"shape":"String"}, "DedicatedLogVolume":{"shape":"Boolean"}, "IsStorageConfigUpgradeAvailable":{"shape":"BooleanOptional"}, - "MultiTenant":{"shape":"BooleanOptional"} + "MultiTenant":{"shape":"BooleanOptional"}, + "EngineLifecycleSupport":{"shape":"String"} }, "wrapper":true }, @@ -6960,6 +6965,7 @@ "Status":{"shape":"String"}, "Engine":{"shape":"String"}, "EngineVersion":{"shape":"String"}, + "EngineLifecycleSupport":{"shape":"String"}, "DatabaseName":{"shape":"String"}, "StorageEncrypted":{"shape":"BooleanOptional"}, "DeletionProtection":{"shape":"BooleanOptional"}, @@ -9117,7 +9123,8 @@ "NetworkType":{"shape":"String"}, "ManageMasterUserPassword":{"shape":"BooleanOptional"}, "MasterUserSecretKmsKeyId":{"shape":"String"}, - "StorageType":{"shape":"String"} + "StorageType":{"shape":"String"}, + "EngineLifecycleSupport":{"shape":"String"} } }, "RestoreDBClusterFromS3Result":{ @@ -9162,7 +9169,8 @@ "PubliclyAccessible":{"shape":"BooleanOptional"}, "ServerlessV2ScalingConfiguration":{"shape":"ServerlessV2ScalingConfiguration"}, "NetworkType":{"shape":"String"}, - "RdsCustomClusterConfiguration":{"shape":"RdsCustomClusterConfiguration"} + "RdsCustomClusterConfiguration":{"shape":"RdsCustomClusterConfiguration"}, + "EngineLifecycleSupport":{"shape":"String"} } }, "RestoreDBClusterFromSnapshotResult":{ @@ -9203,7 +9211,8 @@ "ServerlessV2ScalingConfiguration":{"shape":"ServerlessV2ScalingConfiguration"}, "NetworkType":{"shape":"String"}, "SourceDbClusterResourceId":{"shape":"String"}, - "RdsCustomClusterConfiguration":{"shape":"RdsCustomClusterConfiguration"} + "RdsCustomClusterConfiguration":{"shape":"RdsCustomClusterConfiguration"}, + "EngineLifecycleSupport":{"shape":"String"} } }, "RestoreDBClusterToPointInTimeResult":{ @@ -9256,7 +9265,8 @@ "DBClusterSnapshotIdentifier":{"shape":"String"}, "AllocatedStorage":{"shape":"IntegerOptional"}, "DedicatedLogVolume":{"shape":"BooleanOptional"}, - "CACertificateIdentifier":{"shape":"String"} + "CACertificateIdentifier":{"shape":"String"}, + "EngineLifecycleSupport":{"shape":"String"} } }, "RestoreDBInstanceFromDBSnapshotResult":{ @@ -9326,7 +9336,8 @@ "ManageMasterUserPassword":{"shape":"BooleanOptional"}, "MasterUserSecretKmsKeyId":{"shape":"String"}, "DedicatedLogVolume":{"shape":"BooleanOptional"}, - "CACertificateIdentifier":{"shape":"String"} + "CACertificateIdentifier":{"shape":"String"}, + "EngineLifecycleSupport":{"shape":"String"} } }, "RestoreDBInstanceFromS3Result":{ @@ -9383,7 +9394,8 @@ "StorageThroughput":{"shape":"IntegerOptional"}, "AllocatedStorage":{"shape":"IntegerOptional"}, "DedicatedLogVolume":{"shape":"BooleanOptional"}, - "CACertificateIdentifier":{"shape":"String"} + "CACertificateIdentifier":{"shape":"String"}, + "EngineLifecycleSupport":{"shape":"String"} } }, "RestoreDBInstanceToPointInTimeResult":{ diff --git a/models/apis/rds/2014-10-31/docs-2.json b/models/apis/rds/2014-10-31/docs-2.json index e982f293625..269758b8405 100644 --- a/models/apis/rds/2014-10-31/docs-2.json +++ b/models/apis/rds/2014-10-31/docs-2.json @@ -337,7 +337,7 @@ "AvailabilityZones": { "base": null, "refs": { - "CreateDBClusterMessage$AvailabilityZones": "A list of Availability Zones (AZs) where DB instances in the DB cluster can be created.
For information on Amazon Web Services Regions and Availability Zones, see Choosing the Regions and Availability Zones in the Amazon Aurora User Guide.
Valid for Cluster Type: Aurora DB clusters only
", + "CreateDBClusterMessage$AvailabilityZones": "A list of Availability Zones (AZs) where you specifically want to create DB instances in the DB cluster.
For information on AZs, see Availability Zones in the Amazon Aurora User Guide.
Valid for Cluster Type: Aurora DB clusters only
Constraints:
Can't specify more than three AZs.
The list of Availability Zones (AZs) where instances in the DB cluster can be created.
", "DBClusterAutomatedBackup$AvailabilityZones": "The Availability Zones where instances in the DB cluster can be created. For information on Amazon Web Services Regions and Availability Zones, see Regions and Availability Zones.
", "DBClusterSnapshot$AvailabilityZones": "The list of Availability Zones (AZs) where instances in the DB cluster snapshot can be restored.
", @@ -547,7 +547,7 @@ "SourceRegion$SupportsDBInstanceAutomatedBackupsReplication": "Indicates whether the source Amazon Web Services Region supports replicating automated backups to the current Amazon Web Services Region.
", "StartActivityStreamResponse$ApplyImmediately": "Indicates whether or not the database activity stream will start as soon as possible, regardless of the maintenance window for the database.
", "TenantDatabase$DeletionProtection": "Specifies whether deletion protection is enabled for the DB instance.
", - "UpgradeTarget$AutoUpgrade": "Indicates whether the target version is applied to any source DB instances that have AutoMinorVersionUpgrade set to true.
Indicates whether the target version is applied to any source DB instances that have AutoMinorVersionUpgrade set to true.
This parameter is dynamic, and is set by RDS.
", "UpgradeTarget$IsMajorVersionUpgrade": "Indicates whether upgrading to the target version requires upgrading the major version of the database engine.
", "ValidDBInstanceModificationsMessage$SupportsDedicatedLogVolume": "Indicates whether a DB instance supports using a dedicated log volume (DLV).
", "ValidStorageOptions$SupportsStorageAutoscaling": "Indicates whether or not Amazon RDS can automatically scale storage for DB instances that use the new instance class.
" @@ -4682,7 +4682,7 @@ "CreateDBClusterMessage$DBClusterIdentifier": "The identifier for this DB cluster. This parameter is stored as a lowercase string.
Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters
Constraints:
Must contain from 1 to 63 (for Aurora DB clusters) or 1 to 52 (for Multi-AZ DB clusters) letters, numbers, or hyphens.
First character must be a letter.
Can't end with a hyphen or contain two consecutive hyphens.
Example: my-cluster1
The name of the DB cluster parameter group to associate with this DB cluster. If you don't specify a value, then the default DB cluster parameter group for the specified DB engine and version is used.
Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters
Constraints:
If supplied, must match the name of an existing DB cluster parameter group.
A DB subnet group to associate with this DB cluster.
This setting is required to create a Multi-AZ DB cluster.
Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters
Constraints:
Must match the name of an existing DB subnet group.
Must not be default.
Example: mydbsubnetgroup
The database engine to use for this DB cluster.
Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters
Valid Values: aurora-mysql | aurora-postgresql | mysql | postgres
The database engine to use for this DB cluster.
Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters
Valid Values:
aurora-mysql
aurora-postgresql
mysql
postgres
neptune - For information about using Amazon Neptune, see the Amazon Neptune User Guide .
The version number of the database engine to use.
To list all of the available engine versions for Aurora MySQL version 2 (5.7-compatible) and version 3 (MySQL 8.0-compatible), use the following command:
aws rds describe-db-engine-versions --engine aurora-mysql --query \"DBEngineVersions[].EngineVersion\"
You can supply either 5.7 or 8.0 to use the default engine version for Aurora MySQL version 2 or version 3, respectively.
To list all of the available engine versions for Aurora PostgreSQL, use the following command:
aws rds describe-db-engine-versions --engine aurora-postgresql --query \"DBEngineVersions[].EngineVersion\"
To list all of the available engine versions for RDS for MySQL, use the following command:
aws rds describe-db-engine-versions --engine mysql --query \"DBEngineVersions[].EngineVersion\"
To list all of the available engine versions for RDS for PostgreSQL, use the following command:
aws rds describe-db-engine-versions --engine postgres --query \"DBEngineVersions[].EngineVersion\"
For information about a specific engine, see the following topics:
Aurora MySQL - see Database engine updates for Amazon Aurora MySQL in the Amazon Aurora User Guide.
Aurora PostgreSQL - see Amazon Aurora PostgreSQL releases and engine versions in the Amazon Aurora User Guide.
RDS for MySQL - see Amazon RDS for MySQL in the Amazon RDS User Guide.
RDS for PostgreSQL - see Amazon RDS for PostgreSQL in the Amazon RDS User Guide.
Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters
", "CreateDBClusterMessage$MasterUsername": "The name of the master user for the DB cluster.
Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters
Constraints:
Must be 1 to 16 letters or numbers.
First character must be a letter.
Can't be a reserved word for the chosen database engine.
The password for the master database user.
Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters
Constraints:
Must contain from 8 to 41 characters.
Can contain any printable ASCII character except \"/\", \"\"\", or \"@\".
Can't be specified if ManageMasterUserPassword is turned on.
Reserved for future use.
", "CreateDBClusterMessage$MasterUserSecretKmsKeyId": "The Amazon Web Services KMS key identifier to encrypt a secret that is automatically generated and managed in Amazon Web Services Secrets Manager.
This setting is valid only if the master user password is managed by RDS in Amazon Web Services Secrets Manager for the DB cluster.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.
If you don't specify MasterUserSecretKmsKeyId, then the aws/secretsmanager KMS key is used to encrypt the secret. If the secret is in a different Amazon Web Services account, then you can't use the aws/secretsmanager KMS key to encrypt the secret, and you must use a customer managed KMS key.
There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.
Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters
", "CreateDBClusterMessage$CACertificateIdentifier": "The CA certificate identifier to use for the DB cluster's server certificate.
For more information, see Using SSL/TLS to encrypt a connection to a DB instance in the Amazon RDS User Guide.
Valid for Cluster Type: Multi-AZ DB clusters
", + "CreateDBClusterMessage$EngineLifecycleSupport": "The life cycle type for this DB cluster.
By default, this value is set to open-source-rds-extended-support, which enrolls your DB cluster into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to open-source-rds-extended-support-disabled. In this case, creating the DB cluster will fail if the DB major version is past its end of standard support date.
You can use this setting to enroll your DB cluster into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your DB cluster past the end of standard support for that engine version. For more information, see the following sections:
Amazon Aurora (PostgreSQL only) - Using Amazon RDS Extended Support in the Amazon Aurora User Guide
Amazon RDS - Using Amazon RDS Extended Support in the Amazon RDS User Guide
Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters
Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled
Default: open-source-rds-extended-support
The name of the DB cluster parameter group.
Constraints:
Must not match the name of an existing DB cluster parameter group.
This value is stored as a lowercase string.
The DB cluster parameter group family name. A DB cluster parameter group can be associated with one and only one DB cluster parameter group family, and can be applied only to a DB cluster running a database engine and engine version compatible with that DB cluster parameter group family.
Aurora MySQL
Example: aurora-mysql5.7, aurora-mysql8.0
Aurora PostgreSQL
Example: aurora-postgresql14
RDS for MySQL
Example: mysql8.0
RDS for PostgreSQL
Example: postgres13
To list all of the available parameter group families for a DB engine, use the following command:
aws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\" --engine <engine>
For example, to list all of the available parameter group families for the Aurora PostgreSQL DB engine, use the following command:
aws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\" --engine aurora-postgresql
The output contains duplicates.
The following are the valid DB engine values:
aurora-mysql
aurora-postgresql
mysql
postgres
The description for the DB cluster parameter group.
", @@ -4744,6 +4745,7 @@ "CreateDBInstanceMessage$MasterUserSecretKmsKeyId": "The Amazon Web Services KMS key identifier to encrypt a secret that is automatically generated and managed in Amazon Web Services Secrets Manager.
This setting is valid only if the master user password is managed by RDS in Amazon Web Services Secrets Manager for the DB instance.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.
If you don't specify MasterUserSecretKmsKeyId, then the aws/secretsmanager KMS key is used to encrypt the secret. If the secret is in a different Amazon Web Services account, then you can't use the aws/secretsmanager KMS key to encrypt the secret, and you must use a customer managed KMS key.
There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.
", "CreateDBInstanceMessage$CACertificateIdentifier": "The CA certificate identifier to use for the DB instance's server certificate.
This setting doesn't apply to RDS Custom DB instances.
For more information, see Using SSL/TLS to encrypt a connection to a DB instance in the Amazon RDS User Guide and Using SSL/TLS to encrypt a connection to a DB cluster in the Amazon Aurora User Guide.
", "CreateDBInstanceMessage$DBSystemId": "The Oracle system identifier (SID), which is the name of the Oracle database instance that manages your database files. In this context, the term \"Oracle database instance\" refers exclusively to the system global area (SGA) and Oracle background processes. If you don't specify a SID, the value defaults to RDSCDB. The Oracle SID is also the name of your CDB.
The life cycle type for this DB instance.
By default, this value is set to open-source-rds-extended-support, which enrolls your DB instance into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to open-source-rds-extended-support-disabled. In this case, creating the DB instance will fail if the DB major version is past its end of standard support date.
This setting applies only to RDS for MySQL and RDS for PostgreSQL. For Amazon Aurora DB instances, the life cycle type is managed by the DB cluster.
You can use this setting to enroll your DB instance into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your DB instance past the end of standard support for that engine version. For more information, see Using Amazon RDS Extended Support in the Amazon RDS User Guide.
Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled
Default: open-source-rds-extended-support
The DB instance identifier of the read replica. This identifier is the unique key that identifies a DB instance. This parameter is stored as a lowercase string.
", "CreateDBInstanceReadReplicaMessage$SourceDBInstanceIdentifier": "The identifier of the DB instance that will act as the source for the read replica. Each DB instance can have up to 15 read replicas, with the exception of Oracle and SQL Server, which can have up to five.
Constraints:
Must be the identifier of an existing Db2, MariaDB, MySQL, Oracle, PostgreSQL, or SQL Server DB instance.
Can't be specified if the SourceDBClusterIdentifier parameter is also specified.
For the limitations of Oracle read replicas, see Version and licensing considerations for RDS for Oracle replicas in the Amazon RDS User Guide.
For the limitations of SQL Server read replicas, see Read replica limitations with SQL Server in the Amazon RDS User Guide.
The specified DB instance must have automatic backups enabled, that is, its backup retention period must be greater than 0.
If the source DB instance is in the same Amazon Web Services Region as the read replica, specify a valid DB instance identifier.
If the source DB instance is in a different Amazon Web Services Region from the read replica, specify a valid DB instance ARN. For more information, see Constructing an ARN for Amazon RDS in the Amazon RDS User Guide. This doesn't apply to SQL Server or RDS Custom, which don't support cross-Region replicas.
The compute and memory capacity of the read replica, for example db.m4.large. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see DB Instance Class in the Amazon RDS User Guide.
Default: Inherits the value from the source DB instance.
", @@ -4780,11 +4782,12 @@ "CreateDBSubnetGroupMessage$DBSubnetGroupDescription": "The description for the DB subnet group.
", "CreateEventSubscriptionMessage$SubscriptionName": "The name of the subscription.
Constraints: The name must be less than 255 characters.
", "CreateEventSubscriptionMessage$SnsTopicArn": "The Amazon Resource Name (ARN) of the SNS topic created for event notification. SNS automatically creates the ARN when you create a topic and subscribe to it.
RDS doesn't support FIFO (first in, first out) topics. For more information, see Message ordering and deduplication (FIFO topics) in the Amazon Simple Notification Service Developer Guide.
The type of source that is generating the events. For example, if you want to be notified of events generated by a DB instance, you set this parameter to db-instance. For RDS Proxy events, specify db-proxy. If this value isn't specified, all events are returned.
Valid Values: db-instance | db-cluster | db-parameter-group | db-security-group | db-snapshot | db-cluster-snapshot | db-proxy
The type of source that is generating the events. For example, if you want to be notified of events generated by a DB instance, you set this parameter to db-instance. For RDS Proxy events, specify db-proxy. If this value isn't specified, all events are returned.
Valid Values: db-instance | db-cluster | db-parameter-group | db-security-group | db-snapshot | db-cluster-snapshot | db-proxy | zero-etl | custom-engine-version | blue-green-deployment
The cluster identifier for this global database cluster. This parameter is stored as a lowercase string.
", "CreateGlobalClusterMessage$SourceDBClusterIdentifier": "The Amazon Resource Name (ARN) to use as the primary cluster of the global database.
If you provide a value for this parameter, don't specify values for the following settings because Amazon Aurora uses the values from the specified source DB cluster:
DatabaseName
Engine
EngineVersion
StorageEncrypted
The database engine to use for this global database cluster.
Valid Values: aurora-mysql | aurora-postgresql
Constraints:
Can't be specified if SourceDBClusterIdentifier is specified. In this case, Amazon Aurora uses the engine of the source DB cluster.
The engine version to use for this global database cluster.
Constraints:
Can't be specified if SourceDBClusterIdentifier is specified. In this case, Amazon Aurora uses the engine version of the source DB cluster.
The life cycle type for this global database cluster.
By default, this value is set to open-source-rds-extended-support, which enrolls your global cluster into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to open-source-rds-extended-support-disabled. In this case, creating the global cluster will fail if the DB major version is past its end of standard support date.
This setting only applies to Aurora PostgreSQL-based global databases.
You can use this setting to enroll your global cluster into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your global cluster past the end of standard support for that engine version. For more information, see Using Amazon RDS Extended Support in the Amazon Aurora User Guide.
Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled
Default: open-source-rds-extended-support
The name for your database of up to 64 alphanumeric characters. If you don't specify a name, Amazon Aurora doesn't create a database in the global database cluster.
Constraints:
Can't be specified if SourceDBClusterIdentifier is specified. In this case, Amazon Aurora uses the database name from the source DB cluster.
The Amazon Web Services Key Management System (Amazon Web Services KMS) key identifier for the key to use to encrypt the integration. If you don't specify an encryption key, RDS uses a default Amazon Web Services owned key.
", "CreateOptionGroupMessage$OptionGroupName": "Specifies the name of the option group to be created.
Constraints:
Must be 1 to 255 letters, numbers, or hyphens
First character must be a letter
Can't end with a hyphen or contain two consecutive hyphens
Example: myoptiongroup
The network type of the DB instance.
The network type is determined by the DBSubnetGroup specified for the DB cluster. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).
For more information, see Working with a DB instance in a VPC in the Amazon Aurora User Guide.
This setting is only for Aurora DB clusters.
Valid Values: IPV4 | DUAL
Reserved for future use.
", "DBCluster$AwsBackupRecoveryPointArn": "The Amazon Resource Name (ARN) of the recovery point in Amazon Web Services Backup.
", + "DBCluster$EngineLifecycleSupport": "The life cycle type for the DB cluster.
For more information, see CreateDBCluster.
", "DBClusterAutomatedBackup$Engine": "The name of the database engine for this automated backup.
", "DBClusterAutomatedBackup$VpcId": "The VPC ID associated with the DB cluster.
", "DBClusterAutomatedBackup$DBClusterAutomatedBackupsArn": "The Amazon Resource Name (ARN) for the automated backups.
", @@ -4944,6 +4948,7 @@ "DBInstance$DBSystemId": "The Oracle system ID (Oracle SID) for a container database (CDB). The Oracle SID is also the name of the CDB. This setting is only valid for RDS Custom DB instances.
", "DBInstance$ReadReplicaSourceDBClusterIdentifier": "The identifier of the source DB cluster if this DB instance is a read replica.
", "DBInstance$PercentProgress": "The progress of the storage optimization operation as a percentage.
", + "DBInstance$EngineLifecycleSupport": "The life cycle type for the DB instance.
For more information, see CreateDBInstance.
", "DBInstanceAutomatedBackup$DBInstanceArn": "The Amazon Resource Name (ARN) for the automated backups.
", "DBInstanceAutomatedBackup$DbiResourceId": "The resource ID for the source DB instance, which can't be changed and which is unique to an Amazon Web Services Region.
", "DBInstanceAutomatedBackup$Region": "The Amazon Web Services Region associated with the automated backup.
", @@ -5286,6 +5291,7 @@ "GlobalCluster$Status": "Specifies the current state of this global database cluster.
", "GlobalCluster$Engine": "The Aurora database engine used by the global database cluster.
", "GlobalCluster$EngineVersion": "Indicates the database engine version.
", + "GlobalCluster$EngineLifecycleSupport": "The life cycle type for the global cluster.
For more information, see CreateGlobalCluster.
", "GlobalCluster$DatabaseName": "The default database name within the new global database cluster.
", "GlobalClusterMember$DBClusterArn": "The Amazon Resource Name (ARN) for each Aurora DB cluster in the global cluster.
", "GlobalClustersMessage$Marker": "An optional pagination token provided by a previous DescribeGlobalClusters request. If this parameter is specified, the response includes only records beyond the marker, up to the value specified by MaxRecords.
The description for the DB subnet group.
", "ModifyEventSubscriptionMessage$SubscriptionName": "The name of the RDS event notification subscription.
", "ModifyEventSubscriptionMessage$SnsTopicArn": "The Amazon Resource Name (ARN) of the SNS topic created for event notification. The ARN is created by Amazon SNS when you create a topic and subscribe to it.
", - "ModifyEventSubscriptionMessage$SourceType": "The type of source that is generating the events. For example, if you want to be notified of events generated by a DB instance, you would set this parameter to db-instance. For RDS Proxy events, specify db-proxy. If this value isn't specified, all events are returned.
Valid Values: db-instance | db-cluster | db-parameter-group | db-security-group | db-snapshot | db-cluster-snapshot | db-proxy
The type of source that is generating the events. For example, if you want to be notified of events generated by a DB instance, you would set this parameter to db-instance. For RDS Proxy events, specify db-proxy. If this value isn't specified, all events are returned.
Valid Values: db-instance | db-cluster | db-parameter-group | db-security-group | db-snapshot | db-cluster-snapshot | db-proxy | zero-etl | custom-engine-version | blue-green-deployment
The cluster identifier for the global cluster to modify. This parameter isn't case-sensitive.
Constraints:
Must match the identifier of an existing global database cluster.
The new cluster identifier for the global database cluster. This value is stored as a lowercase string.
Constraints:
Must contain from 1 to 63 letters, numbers, or hyphens.
The first character must be a letter.
Can't end with a hyphen or contain two consecutive hyphens.
Example: my-cluster2
The version number of the database engine to which you want to upgrade.
To list all of the available engine versions for aurora-mysql (for MySQL-based Aurora global databases), use the following command:
aws rds describe-db-engine-versions --engine aurora-mysql --query '*[]|[?SupportsGlobalDatabases == `true`].[EngineVersion]'
To list all of the available engine versions for aurora-postgresql (for PostgreSQL-based Aurora global databases), use the following command:
aws rds describe-db-engine-versions --engine aurora-postgresql --query '*[]|[?SupportsGlobalDatabases == `true`].[EngineVersion]'
Specifies the valid data type for the parameter.
", "Parameter$AllowedValues": "Specifies the valid range of values for the parameter.
", "Parameter$MinimumEngineVersion": "The earliest engine version to which the parameter can apply.
", - "PendingMaintenanceAction$Action": "The type of pending maintenance action that is available for the resource. Valid actions are system-update, db-upgrade, hardware-maintenance, and ca-certificate-rotation.
The type of pending maintenance action that is available for the resource.
For more information about maintenance actions, see Maintaining a DB instance.
Valid Values: system-update | db-upgrade | hardware-maintenance | ca-certificate-rotation
Indicates the type of opt-in request that has been received for the resource.
", "PendingMaintenanceAction$Description": "A description providing more detail about the maintenance action.
", "PendingMaintenanceActionsMessage$Marker": "An optional pagination token provided by a previous DescribePendingMaintenanceActions request. If this parameter is specified, the response includes only records beyond the marker, up to a number of records specified by MaxRecords.
The network type of the DB cluster.
Valid Values:
IPV4
DUAL
The network type is determined by the DBSubnetGroup specified for the DB cluster. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).
For more information, see Working with a DB instance in a VPC in the Amazon Aurora User Guide.
", "RestoreDBClusterFromS3Message$MasterUserSecretKmsKeyId": "The Amazon Web Services KMS key identifier to encrypt a secret that is automatically generated and managed in Amazon Web Services Secrets Manager.
This setting is valid only if the master user password is managed by RDS in Amazon Web Services Secrets Manager for the DB cluster.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.
If you don't specify MasterUserSecretKmsKeyId, then the aws/secretsmanager KMS key is used to encrypt the secret. If the secret is in a different Amazon Web Services account, then you can't use the aws/secretsmanager KMS key to encrypt the secret, and you must use a customer managed KMS key.
There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.
", "RestoreDBClusterFromS3Message$StorageType": "Specifies the storage type to be associated with the DB cluster.
Valid Values: aurora, aurora-iopt1
Default: aurora
Valid for: Aurora DB clusters only
", + "RestoreDBClusterFromS3Message$EngineLifecycleSupport": "The life cycle type for this DB cluster.
By default, this value is set to open-source-rds-extended-support, which enrolls your DB cluster into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to open-source-rds-extended-support-disabled. In this case, RDS automatically upgrades your restored DB cluster to a higher engine version, if the major engine version is past its end of standard support date.
You can use this setting to enroll your DB cluster into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your DB cluster past the end of standard support for that engine version. For more information, see the following sections:
Amazon Aurora (PostgreSQL only) - Using Amazon RDS Extended Support in the Amazon Aurora User Guide
Amazon RDS - Using Amazon RDS Extended Support in the Amazon RDS User Guide
Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters
Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled
Default: open-source-rds-extended-support
The name of the DB cluster to create from the DB snapshot or DB cluster snapshot. This parameter isn't case-sensitive.
Constraints:
Must contain from 1 to 63 letters, numbers, or hyphens
First character must be a letter
Can't end with a hyphen or contain two consecutive hyphens
Example: my-snapshot-id
Valid for: Aurora DB clusters and Multi-AZ DB clusters
", "RestoreDBClusterFromSnapshotMessage$SnapshotIdentifier": "The identifier for the DB snapshot or DB cluster snapshot to restore from.
You can use either the name or the Amazon Resource Name (ARN) to specify a DB cluster snapshot. However, you can use only the ARN to specify a DB snapshot.
Constraints:
Must match the identifier of an existing Snapshot.
Valid for: Aurora DB clusters and Multi-AZ DB clusters
", "RestoreDBClusterFromSnapshotMessage$Engine": "The database engine to use for the new DB cluster.
Default: The same as source
Constraint: Must be compatible with the engine of the source
Valid for: Aurora DB clusters and Multi-AZ DB clusters
", @@ -5552,6 +5559,7 @@ "RestoreDBClusterFromSnapshotMessage$DBClusterInstanceClass": "The compute and memory capacity of the each DB instance in the Multi-AZ DB cluster, for example db.m6gd.xlarge. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines.
For the full list of DB instance classes, and availability for your engine, see DB Instance Class in the Amazon RDS User Guide.
Valid for: Multi-AZ DB clusters only
", "RestoreDBClusterFromSnapshotMessage$StorageType": "Specifies the storage type to be associated with the DB cluster.
When specified for a Multi-AZ DB cluster, a value for the Iops parameter is required.
Valid Values: aurora, aurora-iopt1 (Aurora DB clusters); io1 (Multi-AZ DB clusters)
Default: aurora (Aurora DB clusters); io1 (Multi-AZ DB clusters)
Valid for: Aurora DB clusters and Multi-AZ DB clusters
", "RestoreDBClusterFromSnapshotMessage$NetworkType": "The network type of the DB cluster.
Valid Values:
IPV4
DUAL
The network type is determined by the DBSubnetGroup specified for the DB cluster. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).
For more information, see Working with a DB instance in a VPC in the Amazon Aurora User Guide.
Valid for: Aurora DB clusters only
", + "RestoreDBClusterFromSnapshotMessage$EngineLifecycleSupport": "The life cycle type for this DB cluster.
By default, this value is set to open-source-rds-extended-support, which enrolls your DB cluster into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to open-source-rds-extended-support-disabled. In this case, RDS automatically upgrades your restored DB cluster to a higher engine version, if the major engine version is past its end of standard support date.
You can use this setting to enroll your DB cluster into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your DB cluster past the end of standard support for that engine version. For more information, see the following sections:
Amazon Aurora (PostgreSQL only) - Using Amazon RDS Extended Support in the Amazon Aurora User Guide
Amazon RDS - Using Amazon RDS Extended Support in the Amazon RDS User Guide
Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters
Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled
Default: open-source-rds-extended-support
The name of the new DB cluster to be created.
Constraints:
Must contain from 1 to 63 letters, numbers, or hyphens
First character must be a letter
Can't end with a hyphen or contain two consecutive hyphens
Valid for: Aurora DB clusters and Multi-AZ DB clusters
", "RestoreDBClusterToPointInTimeMessage$RestoreType": "The type of restore to be performed. You can specify one of the following values:
full-copy - The new DB cluster is restored as a full copy of the source DB cluster.
copy-on-write - The new DB cluster is restored as a clone of the source DB cluster.
If you don't specify a RestoreType value, then the new DB cluster is restored as a full copy of the source DB cluster.
Valid for: Aurora DB clusters and Multi-AZ DB clusters
", "RestoreDBClusterToPointInTimeMessage$SourceDBClusterIdentifier": "The identifier of the source DB cluster from which to restore.
Constraints:
Must match the identifier of an existing DBCluster.
Valid for: Aurora DB clusters and Multi-AZ DB clusters
", @@ -5566,6 +5574,7 @@ "RestoreDBClusterToPointInTimeMessage$StorageType": "Specifies the storage type to be associated with the DB cluster.
When specified for a Multi-AZ DB cluster, a value for the Iops parameter is required.
Valid Values: aurora, aurora-iopt1 (Aurora DB clusters); io1 (Multi-AZ DB clusters)
Default: aurora (Aurora DB clusters); io1 (Multi-AZ DB clusters)
Valid for: Aurora DB clusters and Multi-AZ DB clusters
", "RestoreDBClusterToPointInTimeMessage$NetworkType": "The network type of the DB cluster.
Valid Values:
IPV4
DUAL
The network type is determined by the DBSubnetGroup specified for the DB cluster. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).
For more information, see Working with a DB instance in a VPC in the Amazon Aurora User Guide.
Valid for: Aurora DB clusters only
", "RestoreDBClusterToPointInTimeMessage$SourceDbClusterResourceId": "The resource ID of the source DB cluster from which to restore.
", + "RestoreDBClusterToPointInTimeMessage$EngineLifecycleSupport": "The life cycle type for this DB cluster.
By default, this value is set to open-source-rds-extended-support, which enrolls your DB cluster into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to open-source-rds-extended-support-disabled. In this case, RDS automatically upgrades your restored DB cluster to a higher engine version, if the major engine version is past its end of standard support date.
You can use this setting to enroll your DB cluster into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your DB cluster past the end of standard support for that engine version. For more information, see the following sections:
Amazon Aurora (PostgreSQL only) - Using Amazon RDS Extended Support in the Amazon Aurora User Guide
Amazon RDS - Using Amazon RDS Extended Support in the Amazon RDS User Guide
Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters
Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled
Default: open-source-rds-extended-support
The name of the DB instance to create from the DB snapshot. This parameter isn't case-sensitive.
Constraints:
Must contain from 1 to 63 numbers, letters, or hyphens.
First character must be a letter.
Can't end with a hyphen or contain two consecutive hyphens.
Example: my-snapshot-id
The identifier for the DB snapshot to restore from.
Constraints:
Must match the identifier of an existing DB snapshot.
Can't be specified when DBClusterSnapshotIdentifier is specified.
Must be specified when DBClusterSnapshotIdentifier isn't specified.
If you are restoring from a shared manual DB snapshot, the DBSnapshotIdentifier must be the ARN of the shared DB snapshot.
The compute and memory capacity of the Amazon RDS DB instance, for example db.m4.large. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see DB Instance Class in the Amazon RDS User Guide.
Default: The same DBInstanceClass as the original DB instance.
", @@ -5589,6 +5598,7 @@ "RestoreDBInstanceFromDBSnapshotMessage$NetworkType": "The network type of the DB instance.
Valid Values:
IPV4
DUAL
The network type is determined by the DBSubnetGroup specified for the DB instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).
For more information, see Working with a DB instance in a VPC in the Amazon RDS User Guide.
", "RestoreDBInstanceFromDBSnapshotMessage$DBClusterSnapshotIdentifier": "The identifier for the Multi-AZ DB cluster snapshot to restore from.
For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments in the Amazon RDS User Guide.
Constraints:
Must match the identifier of an existing Multi-AZ DB cluster snapshot.
Can't be specified when DBSnapshotIdentifier is specified.
Must be specified when DBSnapshotIdentifier isn't specified.
If you are restoring from a shared manual Multi-AZ DB cluster snapshot, the DBClusterSnapshotIdentifier must be the ARN of the shared snapshot.
Can't be the identifier of an Aurora DB cluster snapshot.
The CA certificate identifier to use for the DB instance's server certificate.
This setting doesn't apply to RDS Custom DB instances.
For more information, see Using SSL/TLS to encrypt a connection to a DB instance in the Amazon RDS User Guide and Using SSL/TLS to encrypt a connection to a DB cluster in the Amazon Aurora User Guide.
", + "RestoreDBInstanceFromDBSnapshotMessage$EngineLifecycleSupport": "The life cycle type for this DB instance.
By default, this value is set to open-source-rds-extended-support, which enrolls your DB instance into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to open-source-rds-extended-support-disabled. In this case, RDS automatically upgrades your restored DB instance to a higher engine version, if the major engine version is past its end of standard support date.
You can use this setting to enroll your DB instance into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your DB instance past the end of standard support for that engine version. For more information, see Using Amazon RDS Extended Support in the Amazon RDS User Guide.
This setting applies only to RDS for MySQL and RDS for PostgreSQL. For Amazon Aurora DB instances, the life cycle type is managed by the DB cluster.
Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled
Default: open-source-rds-extended-support
The name of the database to create when the DB instance is created. Follow the naming rules specified in CreateDBInstance.
The DB instance identifier. This parameter is stored as a lowercase string.
Constraints:
Must contain from 1 to 63 letters, numbers, or hyphens.
First character must be a letter.
Can't end with a hyphen or contain two consecutive hyphens.
Example: mydbinstance
The compute and memory capacity of the DB instance, for example db.m4.large. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see DB Instance Class in the Amazon RDS User Guide.
Importing from Amazon S3 isn't supported on the db.t2.micro DB instance class.
", @@ -5615,6 +5625,7 @@ "RestoreDBInstanceFromS3Message$NetworkType": "The network type of the DB instance.
Valid Values:
IPV4
DUAL
The network type is determined by the DBSubnetGroup specified for the DB instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).
For more information, see Working with a DB instance in a VPC in the Amazon RDS User Guide.
", "RestoreDBInstanceFromS3Message$MasterUserSecretKmsKeyId": "The Amazon Web Services KMS key identifier to encrypt a secret that is automatically generated and managed in Amazon Web Services Secrets Manager.
This setting is valid only if the master user password is managed by RDS in Amazon Web Services Secrets Manager for the DB instance.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.
If you don't specify MasterUserSecretKmsKeyId, then the aws/secretsmanager KMS key is used to encrypt the secret. If the secret is in a different Amazon Web Services account, then you can't use the aws/secretsmanager KMS key to encrypt the secret, and you must use a customer managed KMS key.
There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.
", "RestoreDBInstanceFromS3Message$CACertificateIdentifier": "The CA certificate identifier to use for the DB instance's server certificate.
This setting doesn't apply to RDS Custom DB instances.
For more information, see Using SSL/TLS to encrypt a connection to a DB instance in the Amazon RDS User Guide and Using SSL/TLS to encrypt a connection to a DB cluster in the Amazon Aurora User Guide.
", + "RestoreDBInstanceFromS3Message$EngineLifecycleSupport": "The life cycle type for this DB instance.
By default, this value is set to open-source-rds-extended-support, which enrolls your DB instance into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to open-source-rds-extended-support-disabled. In this case, RDS automatically upgrades your restored DB instance to a higher engine version, if the major engine version is past its end of standard support date.
You can use this setting to enroll your DB instance into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your DB instance past the end of standard support for that engine version. For more information, see Using Amazon RDS Extended Support in the Amazon RDS User Guide.
This setting applies only to RDS for MySQL and RDS for PostgreSQL. For Amazon Aurora DB instances, the life cycle type is managed by the DB cluster.
Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled
Default: open-source-rds-extended-support
The identifier of the source DB instance from which to restore.
Constraints:
Must match the identifier of an existing DB instance.
The name of the new DB instance to create.
Constraints:
Must contain from 1 to 63 letters, numbers, or hyphens.
First character must be a letter.
Can't end with a hyphen or contain two consecutive hyphens.
The compute and memory capacity of the Amazon RDS DB instance, for example db.m4.large. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see DB Instance Class in the Amazon RDS User Guide.
Default: The same DB instance class as the original DB instance.
", @@ -5639,6 +5650,7 @@ "RestoreDBInstanceToPointInTimeMessage$BackupTarget": "The location for storing automated backups and manual snapshots for the restored DB instance.
Valid Values:
outposts (Amazon Web Services Outposts)
region (Amazon Web Services Region)
Default: region
For more information, see Working with Amazon RDS on Amazon Web Services Outposts in the Amazon RDS User Guide.
", "RestoreDBInstanceToPointInTimeMessage$NetworkType": "The network type of the DB instance.
The network type is determined by the DBSubnetGroup specified for the DB instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).
For more information, see Working with a DB instance in a VPC in the Amazon RDS User Guide.
Valid Values:
IPV4
DUAL
The CA certificate identifier to use for the DB instance's server certificate.
This setting doesn't apply to RDS Custom DB instances.
For more information, see Using SSL/TLS to encrypt a connection to a DB instance in the Amazon RDS User Guide and Using SSL/TLS to encrypt a connection to a DB cluster in the Amazon Aurora User Guide.
", + "RestoreDBInstanceToPointInTimeMessage$EngineLifecycleSupport": "The life cycle type for this DB instance.
By default, this value is set to open-source-rds-extended-support, which enrolls your DB instance into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to open-source-rds-extended-support-disabled. In this case, RDS automatically upgrades your restored DB instance to a higher engine version, if the major engine version is past its end of standard support date.
You can use this setting to enroll your DB instance into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your DB instance past the end of standard support for that engine version. For more information, see Using Amazon RDS Extended Support in the Amazon RDS User Guide.
This setting applies only to RDS for MySQL and RDS for PostgreSQL. For Amazon Aurora DB instances, the life cycle type is managed by the DB cluster.
Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled
Default: open-source-rds-extended-support
The name of the DB security group to revoke ingress from.
", "RevokeDBSecurityGroupIngressMessage$CIDRIP": "The IP range to revoke access from. Must be a valid CIDR range. If CIDRIP is specified, EC2SecurityGroupName, EC2SecurityGroupId and EC2SecurityGroupOwnerId can't be provided.
The name of the EC2 security group to revoke access from. For VPC DB security groups, EC2SecurityGroupId must be provided. Otherwise, EC2SecurityGroupOwnerId and either EC2SecurityGroupName or EC2SecurityGroupId must be provided.
Specifies whether to include secrets scheduled for deletion. By default, secrets scheduled for deletion aren't included.
", "PutResourcePolicyRequest$BlockPublicPolicy": "Specifies whether to block resource-based policies that allow broad access to the secret, for example those that use a wildcard for the principal. By default, public policies aren't blocked.
Resource policy validation and the BlockPublicPolicy parameter help protect your resources by preventing public access from being granted through the resource policies that are directly attached to your secrets. In addition to using these features, carefully inspect the following policies to confirm that they do not grant public access:
Identity-based policies attached to associated Amazon Web Services principals (for example, IAM roles)
Resource-based policies attached to associated Amazon Web Services resources (for example, Key Management Service (KMS) keys)
To review permissions to your secrets, see Determine who has permissions to your secrets.
Specifies whether to overwrite a secret with the same name in the destination Region. By default, secrets aren't overwritten.
", - "RotateSecretRequest$RotateImmediately": "Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window. The rotation schedule is defined in RotateSecretRequest$RotationRules.
For secrets that use a Lambda rotation function to rotate, if you don't immediately rotate the secret, Secrets Manager tests the rotation configuration by running the testSecret step of the Lambda rotation function. The test creates an AWSPENDING version of the secret and then removes it.
By default, Secrets Manager rotates the secret immediately.
", + "RotateSecretRequest$RotateImmediately": "Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window. The rotation schedule is defined in RotateSecretRequest$RotationRules.
For secrets that use a Lambda rotation function to rotate, if you don't immediately rotate the secret, Secrets Manager tests the rotation configuration by running the testSecret step of the Lambda rotation function. The test creates an AWSPENDING version of the secret and then removes it.
By default, Secrets Manager rotates the secret immediately.
", "ValidateResourcePolicyResponse$PolicyValidationPassed": "True if your policy passes validation, otherwise false.
" } }, @@ -593,7 +593,7 @@ "RotationEnabledType": { "base": null, "refs": { - "DescribeSecretResponse$RotationEnabled": "Specifies whether automatic rotation is turned on for this secret. If the secret has never been configured for rotation, Secrets Manager returns null.
To turn on rotation, use RotateSecret. To turn off rotation, use CancelRotateSecret.
", + "DescribeSecretResponse$RotationEnabled": "Specifies whether automatic rotation is turned on for this secret.
To turn on rotation, use RotateSecret. To turn off rotation, use CancelRotateSecret.
", "SecretListEntry$RotationEnabled": "Indicates whether automatic, scheduled rotation is enabled for this secret.
" } }, @@ -668,7 +668,7 @@ "DeleteSecretRequest$SecretId": "The ARN or name of the secret to delete.
For an ARN, we recommend that you specify a complete ARN rather than a partial ARN. See Finding a secret from a partial ARN.
", "DescribeSecretRequest$SecretId": "The ARN or name of the secret.
For an ARN, we recommend that you specify a complete ARN rather than a partial ARN. See Finding a secret from a partial ARN.
", "GetResourcePolicyRequest$SecretId": "The ARN or name of the secret to retrieve the attached resource-based policy for.
For an ARN, we recommend that you specify a complete ARN rather than a partial ARN. See Finding a secret from a partial ARN.
", - "GetSecretValueRequest$SecretId": "The ARN or name of the secret to retrieve. To retrieve a secret from another account, you must use an ARN.
For an ARN, we recommend that you specify a complete ARN rather than a partial ARN. See Finding a secret from a partial ARN.
", + "GetSecretValueRequest$SecretId": "The ARN or name of the secret to retrieve.
For an ARN, we recommend that you specify a complete ARN rather than a partial ARN. See Finding a secret from a partial ARN.
", "ListSecretVersionIdsRequest$SecretId": "The ARN or name of the secret whose versions you want to list.
For an ARN, we recommend that you specify a complete ARN rather than a partial ARN. See Finding a secret from a partial ARN.
", "PutResourcePolicyRequest$SecretId": "The ARN or name of the secret to attach the resource-based policy.
For an ARN, we recommend that you specify a complete ARN rather than a partial ARN. See Finding a secret from a partial ARN.
", "PutSecretValueRequest$SecretId": "The ARN or name of the secret to add a new version to.
For an ARN, we recommend that you specify a complete ARN rather than a partial ARN. See Finding a secret from a partial ARN.
If the secret doesn't already exist, use CreateSecret instead.
The ARN or name of the secret.
For an ARN, we recommend that you specify a complete ARN rather than a partial ARN. See Finding a secret from a partial ARN.
", "UpdateSecretRequest$SecretId": "The ARN or name of the secret.
For an ARN, we recommend that you specify a complete ARN rather than a partial ARN. See Finding a secret from a partial ARN.
", "UpdateSecretVersionStageRequest$SecretId": "The ARN or the name of the secret with the version and staging labelsto modify.
For an ARN, we recommend that you specify a complete ARN rather than a partial ARN. See Finding a secret from a partial ARN.
", - "ValidateResourcePolicyRequest$SecretId": "The ARN or name of the secret with the resource-based policy you want to validate.
" + "ValidateResourcePolicyRequest$SecretId": "This field is reserved for internal use.
" } }, "SecretListEntry": { diff --git a/models/apis/secretsmanager/2017-10-17/smoke-2.json b/models/apis/secretsmanager/2017-10-17/smoke-2.json new file mode 100644 index 00000000000..d1d6d4ffd9e --- /dev/null +++ b/models/apis/secretsmanager/2017-10-17/smoke-2.json @@ -0,0 +1,29 @@ +{ + "version": 2, + "testCases": [ + { + "id": "ListSecretsSuccess", + "operationName": "ListSecrets", + "input": {}, + "expectation": { + "success": {} + }, + "config": { + "region": "us-west-2" + } + }, + { + "id": "DescribeSecretFailure", + "operationName": "DescribeSecret", + "input": { + "SecretId": "fake-secret-id" + }, + "expectation": { + "failure": {} + }, + "config": { + "region": "us-west-2" + } + } + ] +} diff --git a/service/bedrockagent/api.go b/service/bedrockagent/api.go index 2fee7ad96ac..95bfa0cdd7b 100644 --- a/service/bedrockagent/api.go +++ b/service/bedrockagent/api.go @@ -4644,6 +4644,9 @@ type Agent struct { // The foundation model used for orchestration by the agent. FoundationModel *string `locationName:"foundationModel" min:"1" type:"string"` + // The guardrails configuration assigned to the agent. + GuardrailConfiguration *GuardrailConfiguration `locationName:"guardrailConfiguration" type:"structure"` + // The number of seconds for which Amazon Bedrock keeps information about a // user's conversation with the agent. // @@ -4773,6 +4776,12 @@ func (s *Agent) SetFoundationModel(v string) *Agent { return s } +// SetGuardrailConfiguration sets the GuardrailConfiguration field's value. +func (s *Agent) SetGuardrailConfiguration(v *GuardrailConfiguration) *Agent { + s.GuardrailConfiguration = v + return s +} + // SetIdleSessionTTLInSeconds sets the IdleSessionTTLInSeconds field's value. func (s *Agent) SetIdleSessionTTLInSeconds(v int64) *Agent { s.IdleSessionTTLInSeconds = &v @@ -5543,6 +5552,9 @@ type AgentSummary struct { // The description of the agent. Description *string `locationName:"description" min:"1" type:"string"` + // The details of the guardrails configuration in the agent summary. + GuardrailConfiguration *GuardrailConfiguration `locationName:"guardrailConfiguration" type:"structure"` + // The latest version of the agent. LatestAgentVersion *string `locationName:"latestAgentVersion" min:"1" type:"string"` @@ -5594,6 +5606,12 @@ func (s *AgentSummary) SetDescription(v string) *AgentSummary { return s } +// SetGuardrailConfiguration sets the GuardrailConfiguration field's value. +func (s *AgentSummary) SetGuardrailConfiguration(v *GuardrailConfiguration) *AgentSummary { + s.GuardrailConfiguration = v + return s +} + // SetLatestAgentVersion sets the LatestAgentVersion field's value. func (s *AgentSummary) SetLatestAgentVersion(v string) *AgentSummary { s.LatestAgentVersion = &v @@ -5653,6 +5671,9 @@ type AgentVersion struct { // The foundation model that the version invokes. FoundationModel *string `locationName:"foundationModel" min:"1" type:"string"` + // The guardrails configuration assigned to the agent version. + GuardrailConfiguration *GuardrailConfiguration `locationName:"guardrailConfiguration" type:"structure"` + // The number of seconds for which Amazon Bedrock keeps information about a // user's conversation with the agent. // @@ -5771,6 +5792,12 @@ func (s *AgentVersion) SetFoundationModel(v string) *AgentVersion { return s } +// SetGuardrailConfiguration sets the GuardrailConfiguration field's value. +func (s *AgentVersion) SetGuardrailConfiguration(v *GuardrailConfiguration) *AgentVersion { + s.GuardrailConfiguration = v + return s +} + // SetIdleSessionTTLInSeconds sets the IdleSessionTTLInSeconds field's value. func (s *AgentVersion) SetIdleSessionTTLInSeconds(v int64) *AgentVersion { s.IdleSessionTTLInSeconds = &v @@ -5834,6 +5861,9 @@ type AgentVersionSummary struct { // The description of the version of the agent. Description *string `locationName:"description" min:"1" type:"string"` + // The details of the guardrails configuration in the agent version summary. + GuardrailConfiguration *GuardrailConfiguration `locationName:"guardrailConfiguration" type:"structure"` + // The time at which the version was last updated. // // UpdatedAt is a required field @@ -5888,6 +5918,12 @@ func (s *AgentVersionSummary) SetDescription(v string) *AgentVersionSummary { return s } +// SetGuardrailConfiguration sets the GuardrailConfiguration field's value. +func (s *AgentVersionSummary) SetGuardrailConfiguration(v *GuardrailConfiguration) *AgentVersionSummary { + s.GuardrailConfiguration = v + return s +} + // SetUpdatedAt sets the UpdatedAt field's value. func (s *AgentVersionSummary) SetUpdatedAt(v time.Time) *AgentVersionSummary { s.UpdatedAt = &v @@ -6565,6 +6601,9 @@ type CreateAgentInput struct { // The foundation model to be used for orchestration by the agent you create. FoundationModel *string `locationName:"foundationModel" min:"1" type:"string"` + // The unique Guardrail configuration assigned to the agent when it is created. + GuardrailConfiguration *GuardrailConfiguration `locationName:"guardrailConfiguration" type:"structure"` + // The number of seconds for which Amazon Bedrock keeps information about a // user's conversation with the agent. // @@ -6683,6 +6722,12 @@ func (s *CreateAgentInput) SetFoundationModel(v string) *CreateAgentInput { return s } +// SetGuardrailConfiguration sets the GuardrailConfiguration field's value. +func (s *CreateAgentInput) SetGuardrailConfiguration(v *GuardrailConfiguration) *CreateAgentInput { + s.GuardrailConfiguration = v + return s +} + // SetIdleSessionTTLInSeconds sets the IdleSessionTTLInSeconds field's value. func (s *CreateAgentInput) SetIdleSessionTTLInSeconds(v int64) *CreateAgentInput { s.IdleSessionTTLInSeconds = &v @@ -9218,6 +9263,47 @@ func (s *GetKnowledgeBaseOutput) SetKnowledgeBase(v *KnowledgeBase) *GetKnowledg return s } +// The details of the guardrails configuration. +type GuardrailConfiguration struct { + _ struct{} `type:"structure"` + + // The guardrails identifier assigned to the guardrails configuration. + GuardrailIdentifier *string `locationName:"guardrailIdentifier" type:"string"` + + // The guardrails version assigned to the guardrails configuration. + GuardrailVersion *string `locationName:"guardrailVersion" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GuardrailConfiguration) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GuardrailConfiguration) GoString() string { + return s.String() +} + +// SetGuardrailIdentifier sets the GuardrailIdentifier field's value. +func (s *GuardrailConfiguration) SetGuardrailIdentifier(v string) *GuardrailConfiguration { + s.GuardrailIdentifier = &v + return s +} + +// SetGuardrailVersion sets the GuardrailVersion field's value. +func (s *GuardrailConfiguration) SetGuardrailVersion(v string) *GuardrailConfiguration { + s.GuardrailVersion = &v + return s +} + // Contains inference parameters to use when the agent invokes a foundation // model in the part of the agent sequence defined by the promptType. For more // information, see Inference parameters for foundation models (https://docs.aws.amazon.com/bedrock/latest/userguide/model-parameters.html). @@ -11972,6 +12058,7 @@ type PromptConfiguration struct { // You can use placeholder variables in the base prompt template to customize // the prompt. For more information, see Prompt template placeholder variables // (https://docs.aws.amazon.com/bedrock/latest/userguide/prompt-placeholders.html). + // For more information, see Configure the prompt templates (https://docs.aws.amazon.com/bedrock/latest/userguide/advanced-prompts-configure.html). BasePromptTemplate *string `locationName:"basePromptTemplate" min:"1" type:"string"` // Contains inference parameters to use when the agent invokes a foundation @@ -12083,7 +12170,8 @@ type PromptOverrideConfiguration struct { // The ARN of the Lambda function to use when parsing the raw foundation model // output in parts of the agent sequence. If you specify this field, at least // one of the promptConfigurations must contain a parserMode value that is set - // to OVERRIDDEN. + // to OVERRIDDEN. For more information, see Parser Lambda function in Agents + // for Amazon Bedrock (https://docs.aws.amazon.com/bedrock/latest/userguide/lambda-parser.html). OverrideLambda *string `locationName:"overrideLambda" type:"string"` // Contains configurations to override a prompt template in one part of an agent @@ -13703,6 +13791,9 @@ type UpdateAgentInput struct { // FoundationModel is a required field FoundationModel *string `locationName:"foundationModel" min:"1" type:"string" required:"true"` + // The unique Guardrail configuration assigned to the agent when it is updated. + GuardrailConfiguration *GuardrailConfiguration `locationName:"guardrailConfiguration" type:"structure"` + // The number of seconds for which Amazon Bedrock keeps information about a // user's conversation with the agent. // @@ -13827,6 +13918,12 @@ func (s *UpdateAgentInput) SetFoundationModel(v string) *UpdateAgentInput { return s } +// SetGuardrailConfiguration sets the GuardrailConfiguration field's value. +func (s *UpdateAgentInput) SetGuardrailConfiguration(v *GuardrailConfiguration) *UpdateAgentInput { + s.GuardrailConfiguration = v + return s +} + // SetIdleSessionTTLInSeconds sets the IdleSessionTTLInSeconds field's value. func (s *UpdateAgentInput) SetIdleSessionTTLInSeconds(v int64) *UpdateAgentInput { s.IdleSessionTTLInSeconds = &v diff --git a/service/bedrockagentruntime/api.go b/service/bedrockagentruntime/api.go index 4e271702323..6118e76043a 100644 --- a/service/bedrockagentruntime/api.go +++ b/service/bedrockagentruntime/api.go @@ -2233,6 +2233,81 @@ func (s *GenerationConfiguration) SetPromptTemplate(v *PromptTemplate) *Generati return s } +// Assessment details of the content analyzed by Guardrails. +type GuardrailAssessment struct { + _ struct{} `type:"structure" sensitive:"true"` + + // Content policy details of the Guardrail. + // + // ContentPolicy is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GuardrailAssessment's + // String and GoString methods. + ContentPolicy *GuardrailContentPolicyAssessment `locationName:"contentPolicy" type:"structure" sensitive:"true"` + + // Sensitive Information policy details of Guardrail. + // + // SensitiveInformationPolicy is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GuardrailAssessment's + // String and GoString methods. + SensitiveInformationPolicy *GuardrailSensitiveInformationPolicyAssessment `locationName:"sensitiveInformationPolicy" type:"structure" sensitive:"true"` + + // Topic policy details of the Guardrail. + // + // TopicPolicy is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GuardrailAssessment's + // String and GoString methods. + TopicPolicy *GuardrailTopicPolicyAssessment `locationName:"topicPolicy" type:"structure" sensitive:"true"` + + // Word policy details of the Guardrail. + // + // WordPolicy is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GuardrailAssessment's + // String and GoString methods. + WordPolicy *GuardrailWordPolicyAssessment `locationName:"wordPolicy" type:"structure" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GuardrailAssessment) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GuardrailAssessment) GoString() string { + return s.String() +} + +// SetContentPolicy sets the ContentPolicy field's value. +func (s *GuardrailAssessment) SetContentPolicy(v *GuardrailContentPolicyAssessment) *GuardrailAssessment { + s.ContentPolicy = v + return s +} + +// SetSensitiveInformationPolicy sets the SensitiveInformationPolicy field's value. +func (s *GuardrailAssessment) SetSensitiveInformationPolicy(v *GuardrailSensitiveInformationPolicyAssessment) *GuardrailAssessment { + s.SensitiveInformationPolicy = v + return s +} + +// SetTopicPolicy sets the TopicPolicy field's value. +func (s *GuardrailAssessment) SetTopicPolicy(v *GuardrailTopicPolicyAssessment) *GuardrailAssessment { + s.TopicPolicy = v + return s +} + +// SetWordPolicy sets the WordPolicy field's value. +func (s *GuardrailAssessment) SetWordPolicy(v *GuardrailWordPolicyAssessment) *GuardrailAssessment { + s.WordPolicy = v + return s +} + // The configuration details for the guardrail. type GuardrailConfiguration struct { _ struct{} `type:"structure"` @@ -2297,6 +2372,539 @@ func (s *GuardrailConfiguration) SetGuardrailVersion(v string) *GuardrailConfigu return s } +// Details of the content filter used in the Guardrail. +type GuardrailContentFilter struct { + _ struct{} `type:"structure" sensitive:"true"` + + // The action placed on the content by the Guardrail filter. + Action *string `locationName:"action" type:"string" enum:"GuardrailContentPolicyAction"` + + // The confidence level regarding the content detected in the filter by the + // Guardrail. + Confidence *string `locationName:"confidence" type:"string" enum:"GuardrailContentFilterConfidence"` + + // The type of content detected in the filter by the Guardrail. + Type *string `locationName:"type" type:"string" enum:"GuardrailContentFilterType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GuardrailContentFilter) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GuardrailContentFilter) GoString() string { + return s.String() +} + +// SetAction sets the Action field's value. +func (s *GuardrailContentFilter) SetAction(v string) *GuardrailContentFilter { + s.Action = &v + return s +} + +// SetConfidence sets the Confidence field's value. +func (s *GuardrailContentFilter) SetConfidence(v string) *GuardrailContentFilter { + s.Confidence = &v + return s +} + +// SetType sets the Type field's value. +func (s *GuardrailContentFilter) SetType(v string) *GuardrailContentFilter { + s.Type = &v + return s +} + +// The details of the policy assessment in the Guardrails filter. +type GuardrailContentPolicyAssessment struct { + _ struct{} `type:"structure" sensitive:"true"` + + // The filter details of the policy assessment used in the Guardrails filter. + // + // Filters is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GuardrailContentPolicyAssessment's + // String and GoString methods. + Filters []*GuardrailContentFilter `locationName:"filters" type:"list" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GuardrailContentPolicyAssessment) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GuardrailContentPolicyAssessment) GoString() string { + return s.String() +} + +// SetFilters sets the Filters field's value. +func (s *GuardrailContentPolicyAssessment) SetFilters(v []*GuardrailContentFilter) *GuardrailContentPolicyAssessment { + s.Filters = v + return s +} + +// The custom word details for the filter in the Guardrail. +type GuardrailCustomWord struct { + _ struct{} `type:"structure" sensitive:"true"` + + // The action details for the custom word filter in the Guardrail. + Action *string `locationName:"action" type:"string" enum:"GuardrailWordPolicyAction"` + + // The match details for the custom word filter in the Guardrail. + Match *string `locationName:"match" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GuardrailCustomWord) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GuardrailCustomWord) GoString() string { + return s.String() +} + +// SetAction sets the Action field's value. +func (s *GuardrailCustomWord) SetAction(v string) *GuardrailCustomWord { + s.Action = &v + return s +} + +// SetMatch sets the Match field's value. +func (s *GuardrailCustomWord) SetMatch(v string) *GuardrailCustomWord { + s.Match = &v + return s +} + +// The managed word details for the filter in the Guardrail. +type GuardrailManagedWord struct { + _ struct{} `type:"structure" sensitive:"true"` + + // The action details for the managed word filter in the Guardrail. + Action *string `locationName:"action" type:"string" enum:"GuardrailWordPolicyAction"` + + // The match details for the managed word filter in the Guardrail. + Match *string `locationName:"match" type:"string"` + + // The type details for the managed word filter in the Guardrail. + Type *string `locationName:"type" type:"string" enum:"GuardrailManagedWordType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GuardrailManagedWord) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GuardrailManagedWord) GoString() string { + return s.String() +} + +// SetAction sets the Action field's value. +func (s *GuardrailManagedWord) SetAction(v string) *GuardrailManagedWord { + s.Action = &v + return s +} + +// SetMatch sets the Match field's value. +func (s *GuardrailManagedWord) SetMatch(v string) *GuardrailManagedWord { + s.Match = &v + return s +} + +// SetType sets the Type field's value. +func (s *GuardrailManagedWord) SetType(v string) *GuardrailManagedWord { + s.Type = &v + return s +} + +// The Guardrail filter to identify and remove personally identifiable information +// (PII). +type GuardrailPiiEntityFilter struct { + _ struct{} `type:"structure" sensitive:"true"` + + // The action of the Guardrail filter to identify and remove PII. + Action *string `locationName:"action" type:"string" enum:"GuardrailSensitiveInformationPolicyAction"` + + // The match to settings in the Guardrail filter to identify and remove PII. + Match *string `locationName:"match" type:"string"` + + // The type of PII the Guardrail filter has identified and removed. + Type *string `locationName:"type" type:"string" enum:"GuardrailPiiEntityType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GuardrailPiiEntityFilter) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GuardrailPiiEntityFilter) GoString() string { + return s.String() +} + +// SetAction sets the Action field's value. +func (s *GuardrailPiiEntityFilter) SetAction(v string) *GuardrailPiiEntityFilter { + s.Action = &v + return s +} + +// SetMatch sets the Match field's value. +func (s *GuardrailPiiEntityFilter) SetMatch(v string) *GuardrailPiiEntityFilter { + s.Match = &v + return s +} + +// SetType sets the Type field's value. +func (s *GuardrailPiiEntityFilter) SetType(v string) *GuardrailPiiEntityFilter { + s.Type = &v + return s +} + +// The details for the regex filter used in the Guardrail. +type GuardrailRegexFilter struct { + _ struct{} `type:"structure" sensitive:"true"` + + // The action details for the regex filter used in the Guardrail. + Action *string `locationName:"action" type:"string" enum:"GuardrailSensitiveInformationPolicyAction"` + + // The match details for the regex filter used in the Guardrail. + Match *string `locationName:"match" type:"string"` + + // The name details for the regex filter used in the Guardrail. + Name *string `locationName:"name" type:"string"` + + // The regex details for the regex filter used in the Guardrail. + Regex *string `locationName:"regex" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GuardrailRegexFilter) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GuardrailRegexFilter) GoString() string { + return s.String() +} + +// SetAction sets the Action field's value. +func (s *GuardrailRegexFilter) SetAction(v string) *GuardrailRegexFilter { + s.Action = &v + return s +} + +// SetMatch sets the Match field's value. +func (s *GuardrailRegexFilter) SetMatch(v string) *GuardrailRegexFilter { + s.Match = &v + return s +} + +// SetName sets the Name field's value. +func (s *GuardrailRegexFilter) SetName(v string) *GuardrailRegexFilter { + s.Name = &v + return s +} + +// SetRegex sets the Regex field's value. +func (s *GuardrailRegexFilter) SetRegex(v string) *GuardrailRegexFilter { + s.Regex = &v + return s +} + +// The details of the sensitive policy assessment used in the Guardrail. +type GuardrailSensitiveInformationPolicyAssessment struct { + _ struct{} `type:"structure" sensitive:"true"` + + // The details of the PII entities used in the sensitive policy assessment for + // the Guardrail. + // + // PiiEntities is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GuardrailSensitiveInformationPolicyAssessment's + // String and GoString methods. + PiiEntities []*GuardrailPiiEntityFilter `locationName:"piiEntities" type:"list" sensitive:"true"` + + // The details of the regexes used in the sensitive policy assessment for the + // Guardrail. + // + // Regexes is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GuardrailSensitiveInformationPolicyAssessment's + // String and GoString methods. + Regexes []*GuardrailRegexFilter `locationName:"regexes" type:"list" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GuardrailSensitiveInformationPolicyAssessment) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GuardrailSensitiveInformationPolicyAssessment) GoString() string { + return s.String() +} + +// SetPiiEntities sets the PiiEntities field's value. +func (s *GuardrailSensitiveInformationPolicyAssessment) SetPiiEntities(v []*GuardrailPiiEntityFilter) *GuardrailSensitiveInformationPolicyAssessment { + s.PiiEntities = v + return s +} + +// SetRegexes sets the Regexes field's value. +func (s *GuardrailSensitiveInformationPolicyAssessment) SetRegexes(v []*GuardrailRegexFilter) *GuardrailSensitiveInformationPolicyAssessment { + s.Regexes = v + return s +} + +// The details for a specific topic defined in the Guardrail. +type GuardrailTopic struct { + _ struct{} `type:"structure" sensitive:"true"` + + // The action details on a specific topic in the Guardrail. + Action *string `locationName:"action" type:"string" enum:"GuardrailTopicPolicyAction"` + + // The name details on a specific topic in the Guardrail. + Name *string `locationName:"name" type:"string"` + + // The type details on a specific topic in the Guardrail. + Type *string `locationName:"type" type:"string" enum:"GuardrailTopicType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GuardrailTopic) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GuardrailTopic) GoString() string { + return s.String() +} + +// SetAction sets the Action field's value. +func (s *GuardrailTopic) SetAction(v string) *GuardrailTopic { + s.Action = &v + return s +} + +// SetName sets the Name field's value. +func (s *GuardrailTopic) SetName(v string) *GuardrailTopic { + s.Name = &v + return s +} + +// SetType sets the Type field's value. +func (s *GuardrailTopic) SetType(v string) *GuardrailTopic { + s.Type = &v + return s +} + +// The details of the policy assessment used in the Guardrail. +type GuardrailTopicPolicyAssessment struct { + _ struct{} `type:"structure" sensitive:"true"` + + // The topic details of the policy assessment used in the Guardrail. + // + // Topics is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GuardrailTopicPolicyAssessment's + // String and GoString methods. + Topics []*GuardrailTopic `locationName:"topics" type:"list" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GuardrailTopicPolicyAssessment) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GuardrailTopicPolicyAssessment) GoString() string { + return s.String() +} + +// SetTopics sets the Topics field's value. +func (s *GuardrailTopicPolicyAssessment) SetTopics(v []*GuardrailTopic) *GuardrailTopicPolicyAssessment { + s.Topics = v + return s +} + +// The trace details used in the Guardrail. +type GuardrailTrace struct { + _ struct{} `type:"structure" sensitive:"true"` + + // The trace action details used with the Guardrail. + Action *string `locationName:"action" type:"string" enum:"GuardrailAction"` + + // The details of the input assessments used in the Guardrail Trace. + InputAssessments []*GuardrailAssessment `locationName:"inputAssessments" type:"list"` + + // The details of the output assessments used in the Guardrail Trace. + OutputAssessments []*GuardrailAssessment `locationName:"outputAssessments" type:"list"` + + // The details of the trace Id used in the Guardrail Trace. + TraceId *string `locationName:"traceId" min:"2" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GuardrailTrace) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GuardrailTrace) GoString() string { + return s.String() +} + +// SetAction sets the Action field's value. +func (s *GuardrailTrace) SetAction(v string) *GuardrailTrace { + s.Action = &v + return s +} + +// SetInputAssessments sets the InputAssessments field's value. +func (s *GuardrailTrace) SetInputAssessments(v []*GuardrailAssessment) *GuardrailTrace { + s.InputAssessments = v + return s +} + +// SetOutputAssessments sets the OutputAssessments field's value. +func (s *GuardrailTrace) SetOutputAssessments(v []*GuardrailAssessment) *GuardrailTrace { + s.OutputAssessments = v + return s +} + +// SetTraceId sets the TraceId field's value. +func (s *GuardrailTrace) SetTraceId(v string) *GuardrailTrace { + s.TraceId = &v + return s +} + +// The assessment details for words defined in the Guardrail filter. +type GuardrailWordPolicyAssessment struct { + _ struct{} `type:"structure" sensitive:"true"` + + // The custom word details for words defined in the Guardrail filter. + // + // CustomWords is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GuardrailWordPolicyAssessment's + // String and GoString methods. + CustomWords []*GuardrailCustomWord `locationName:"customWords" type:"list" sensitive:"true"` + + // The managed word lists for words defined in the Guardrail filter. + // + // ManagedWordLists is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GuardrailWordPolicyAssessment's + // String and GoString methods. + ManagedWordLists []*GuardrailManagedWord `locationName:"managedWordLists" type:"list" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GuardrailWordPolicyAssessment) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GuardrailWordPolicyAssessment) GoString() string { + return s.String() +} + +// SetCustomWords sets the CustomWords field's value. +func (s *GuardrailWordPolicyAssessment) SetCustomWords(v []*GuardrailCustomWord) *GuardrailWordPolicyAssessment { + s.CustomWords = v + return s +} + +// SetManagedWordLists sets the ManagedWordLists field's value. +func (s *GuardrailWordPolicyAssessment) SetManagedWordLists(v []*GuardrailManagedWord) *GuardrailWordPolicyAssessment { + s.ManagedWordLists = v + return s +} + // The configuration for inference settings when generating responses using // RetrieveAndGenerate. type InferenceConfig struct { @@ -5957,6 +6565,13 @@ type Trace struct { // String and GoString methods. FailureTrace *FailureTrace `locationName:"failureTrace" type:"structure" sensitive:"true"` + // The trace details for a trace defined in the Guardrail filter. + // + // GuardrailTrace is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by Trace's + // String and GoString methods. + GuardrailTrace *GuardrailTrace `locationName:"guardrailTrace" type:"structure" sensitive:"true"` + // Details about the orchestration step, in which the agent determines the order // in which actions are executed and which knowledge bases are retrieved. // @@ -6005,6 +6620,12 @@ func (s *Trace) SetFailureTrace(v *FailureTrace) *Trace { return s } +// SetGuardrailTrace sets the GuardrailTrace field's value. +func (s *Trace) SetGuardrailTrace(v *GuardrailTrace) *Trace { + s.GuardrailTrace = v + return s +} + // SetOrchestrationTrace sets the OrchestrationTrace field's value. func (s *Trace) SetOrchestrationTrace(v *OrchestrationTrace) *Trace { s.OrchestrationTrace = v @@ -6272,6 +6893,286 @@ func GuadrailAction_Values() []string { } } +const ( + // GuardrailActionIntervened is a GuardrailAction enum value + GuardrailActionIntervened = "INTERVENED" + + // GuardrailActionNone is a GuardrailAction enum value + GuardrailActionNone = "NONE" +) + +// GuardrailAction_Values returns all elements of the GuardrailAction enum +func GuardrailAction_Values() []string { + return []string{ + GuardrailActionIntervened, + GuardrailActionNone, + } +} + +const ( + // GuardrailContentFilterConfidenceNone is a GuardrailContentFilterConfidence enum value + GuardrailContentFilterConfidenceNone = "NONE" + + // GuardrailContentFilterConfidenceLow is a GuardrailContentFilterConfidence enum value + GuardrailContentFilterConfidenceLow = "LOW" + + // GuardrailContentFilterConfidenceMedium is a GuardrailContentFilterConfidence enum value + GuardrailContentFilterConfidenceMedium = "MEDIUM" + + // GuardrailContentFilterConfidenceHigh is a GuardrailContentFilterConfidence enum value + GuardrailContentFilterConfidenceHigh = "HIGH" +) + +// GuardrailContentFilterConfidence_Values returns all elements of the GuardrailContentFilterConfidence enum +func GuardrailContentFilterConfidence_Values() []string { + return []string{ + GuardrailContentFilterConfidenceNone, + GuardrailContentFilterConfidenceLow, + GuardrailContentFilterConfidenceMedium, + GuardrailContentFilterConfidenceHigh, + } +} + +const ( + // GuardrailContentFilterTypeInsults is a GuardrailContentFilterType enum value + GuardrailContentFilterTypeInsults = "INSULTS" + + // GuardrailContentFilterTypeHate is a GuardrailContentFilterType enum value + GuardrailContentFilterTypeHate = "HATE" + + // GuardrailContentFilterTypeSexual is a GuardrailContentFilterType enum value + GuardrailContentFilterTypeSexual = "SEXUAL" + + // GuardrailContentFilterTypeViolence is a GuardrailContentFilterType enum value + GuardrailContentFilterTypeViolence = "VIOLENCE" + + // GuardrailContentFilterTypeMisconduct is a GuardrailContentFilterType enum value + GuardrailContentFilterTypeMisconduct = "MISCONDUCT" + + // GuardrailContentFilterTypePromptAttack is a GuardrailContentFilterType enum value + GuardrailContentFilterTypePromptAttack = "PROMPT_ATTACK" +) + +// GuardrailContentFilterType_Values returns all elements of the GuardrailContentFilterType enum +func GuardrailContentFilterType_Values() []string { + return []string{ + GuardrailContentFilterTypeInsults, + GuardrailContentFilterTypeHate, + GuardrailContentFilterTypeSexual, + GuardrailContentFilterTypeViolence, + GuardrailContentFilterTypeMisconduct, + GuardrailContentFilterTypePromptAttack, + } +} + +const ( + // GuardrailContentPolicyActionBlocked is a GuardrailContentPolicyAction enum value + GuardrailContentPolicyActionBlocked = "BLOCKED" +) + +// GuardrailContentPolicyAction_Values returns all elements of the GuardrailContentPolicyAction enum +func GuardrailContentPolicyAction_Values() []string { + return []string{ + GuardrailContentPolicyActionBlocked, + } +} + +const ( + // GuardrailManagedWordTypeProfanity is a GuardrailManagedWordType enum value + GuardrailManagedWordTypeProfanity = "PROFANITY" +) + +// GuardrailManagedWordType_Values returns all elements of the GuardrailManagedWordType enum +func GuardrailManagedWordType_Values() []string { + return []string{ + GuardrailManagedWordTypeProfanity, + } +} + +const ( + // GuardrailPiiEntityTypeAddress is a GuardrailPiiEntityType enum value + GuardrailPiiEntityTypeAddress = "ADDRESS" + + // GuardrailPiiEntityTypeAge is a GuardrailPiiEntityType enum value + GuardrailPiiEntityTypeAge = "AGE" + + // GuardrailPiiEntityTypeAwsAccessKey is a GuardrailPiiEntityType enum value + GuardrailPiiEntityTypeAwsAccessKey = "AWS_ACCESS_KEY" + + // GuardrailPiiEntityTypeAwsSecretKey is a GuardrailPiiEntityType enum value + GuardrailPiiEntityTypeAwsSecretKey = "AWS_SECRET_KEY" + + // GuardrailPiiEntityTypeCaHealthNumber is a GuardrailPiiEntityType enum value + GuardrailPiiEntityTypeCaHealthNumber = "CA_HEALTH_NUMBER" + + // GuardrailPiiEntityTypeCaSocialInsuranceNumber is a GuardrailPiiEntityType enum value + GuardrailPiiEntityTypeCaSocialInsuranceNumber = "CA_SOCIAL_INSURANCE_NUMBER" + + // GuardrailPiiEntityTypeCreditDebitCardCvv is a GuardrailPiiEntityType enum value + GuardrailPiiEntityTypeCreditDebitCardCvv = "CREDIT_DEBIT_CARD_CVV" + + // GuardrailPiiEntityTypeCreditDebitCardExpiry is a GuardrailPiiEntityType enum value + GuardrailPiiEntityTypeCreditDebitCardExpiry = "CREDIT_DEBIT_CARD_EXPIRY" + + // GuardrailPiiEntityTypeCreditDebitCardNumber is a GuardrailPiiEntityType enum value + GuardrailPiiEntityTypeCreditDebitCardNumber = "CREDIT_DEBIT_CARD_NUMBER" + + // GuardrailPiiEntityTypeDriverId is a GuardrailPiiEntityType enum value + GuardrailPiiEntityTypeDriverId = "DRIVER_ID" + + // GuardrailPiiEntityTypeEmail is a GuardrailPiiEntityType enum value + GuardrailPiiEntityTypeEmail = "EMAIL" + + // GuardrailPiiEntityTypeInternationalBankAccountNumber is a GuardrailPiiEntityType enum value + GuardrailPiiEntityTypeInternationalBankAccountNumber = "INTERNATIONAL_BANK_ACCOUNT_NUMBER" + + // GuardrailPiiEntityTypeIpAddress is a GuardrailPiiEntityType enum value + GuardrailPiiEntityTypeIpAddress = "IP_ADDRESS" + + // GuardrailPiiEntityTypeLicensePlate is a GuardrailPiiEntityType enum value + GuardrailPiiEntityTypeLicensePlate = "LICENSE_PLATE" + + // GuardrailPiiEntityTypeMacAddress is a GuardrailPiiEntityType enum value + GuardrailPiiEntityTypeMacAddress = "MAC_ADDRESS" + + // GuardrailPiiEntityTypeName is a GuardrailPiiEntityType enum value + GuardrailPiiEntityTypeName = "NAME" + + // GuardrailPiiEntityTypePassword is a GuardrailPiiEntityType enum value + GuardrailPiiEntityTypePassword = "PASSWORD" + + // GuardrailPiiEntityTypePhone is a GuardrailPiiEntityType enum value + GuardrailPiiEntityTypePhone = "PHONE" + + // GuardrailPiiEntityTypePin is a GuardrailPiiEntityType enum value + GuardrailPiiEntityTypePin = "PIN" + + // GuardrailPiiEntityTypeSwiftCode is a GuardrailPiiEntityType enum value + GuardrailPiiEntityTypeSwiftCode = "SWIFT_CODE" + + // GuardrailPiiEntityTypeUkNationalHealthServiceNumber is a GuardrailPiiEntityType enum value + GuardrailPiiEntityTypeUkNationalHealthServiceNumber = "UK_NATIONAL_HEALTH_SERVICE_NUMBER" + + // GuardrailPiiEntityTypeUkNationalInsuranceNumber is a GuardrailPiiEntityType enum value + GuardrailPiiEntityTypeUkNationalInsuranceNumber = "UK_NATIONAL_INSURANCE_NUMBER" + + // GuardrailPiiEntityTypeUkUniqueTaxpayerReferenceNumber is a GuardrailPiiEntityType enum value + GuardrailPiiEntityTypeUkUniqueTaxpayerReferenceNumber = "UK_UNIQUE_TAXPAYER_REFERENCE_NUMBER" + + // GuardrailPiiEntityTypeUrl is a GuardrailPiiEntityType enum value + GuardrailPiiEntityTypeUrl = "URL" + + // GuardrailPiiEntityTypeUsername is a GuardrailPiiEntityType enum value + GuardrailPiiEntityTypeUsername = "USERNAME" + + // GuardrailPiiEntityTypeUsBankAccountNumber is a GuardrailPiiEntityType enum value + GuardrailPiiEntityTypeUsBankAccountNumber = "US_BANK_ACCOUNT_NUMBER" + + // GuardrailPiiEntityTypeUsBankRoutingNumber is a GuardrailPiiEntityType enum value + GuardrailPiiEntityTypeUsBankRoutingNumber = "US_BANK_ROUTING_NUMBER" + + // GuardrailPiiEntityTypeUsIndividualTaxIdentificationNumber is a GuardrailPiiEntityType enum value + GuardrailPiiEntityTypeUsIndividualTaxIdentificationNumber = "US_INDIVIDUAL_TAX_IDENTIFICATION_NUMBER" + + // GuardrailPiiEntityTypeUsPassportNumber is a GuardrailPiiEntityType enum value + GuardrailPiiEntityTypeUsPassportNumber = "US_PASSPORT_NUMBER" + + // GuardrailPiiEntityTypeUsSocialSecurityNumber is a GuardrailPiiEntityType enum value + GuardrailPiiEntityTypeUsSocialSecurityNumber = "US_SOCIAL_SECURITY_NUMBER" + + // GuardrailPiiEntityTypeVehicleIdentificationNumber is a GuardrailPiiEntityType enum value + GuardrailPiiEntityTypeVehicleIdentificationNumber = "VEHICLE_IDENTIFICATION_NUMBER" +) + +// GuardrailPiiEntityType_Values returns all elements of the GuardrailPiiEntityType enum +func GuardrailPiiEntityType_Values() []string { + return []string{ + GuardrailPiiEntityTypeAddress, + GuardrailPiiEntityTypeAge, + GuardrailPiiEntityTypeAwsAccessKey, + GuardrailPiiEntityTypeAwsSecretKey, + GuardrailPiiEntityTypeCaHealthNumber, + GuardrailPiiEntityTypeCaSocialInsuranceNumber, + GuardrailPiiEntityTypeCreditDebitCardCvv, + GuardrailPiiEntityTypeCreditDebitCardExpiry, + GuardrailPiiEntityTypeCreditDebitCardNumber, + GuardrailPiiEntityTypeDriverId, + GuardrailPiiEntityTypeEmail, + GuardrailPiiEntityTypeInternationalBankAccountNumber, + GuardrailPiiEntityTypeIpAddress, + GuardrailPiiEntityTypeLicensePlate, + GuardrailPiiEntityTypeMacAddress, + GuardrailPiiEntityTypeName, + GuardrailPiiEntityTypePassword, + GuardrailPiiEntityTypePhone, + GuardrailPiiEntityTypePin, + GuardrailPiiEntityTypeSwiftCode, + GuardrailPiiEntityTypeUkNationalHealthServiceNumber, + GuardrailPiiEntityTypeUkNationalInsuranceNumber, + GuardrailPiiEntityTypeUkUniqueTaxpayerReferenceNumber, + GuardrailPiiEntityTypeUrl, + GuardrailPiiEntityTypeUsername, + GuardrailPiiEntityTypeUsBankAccountNumber, + GuardrailPiiEntityTypeUsBankRoutingNumber, + GuardrailPiiEntityTypeUsIndividualTaxIdentificationNumber, + GuardrailPiiEntityTypeUsPassportNumber, + GuardrailPiiEntityTypeUsSocialSecurityNumber, + GuardrailPiiEntityTypeVehicleIdentificationNumber, + } +} + +const ( + // GuardrailSensitiveInformationPolicyActionBlocked is a GuardrailSensitiveInformationPolicyAction enum value + GuardrailSensitiveInformationPolicyActionBlocked = "BLOCKED" + + // GuardrailSensitiveInformationPolicyActionAnonymized is a GuardrailSensitiveInformationPolicyAction enum value + GuardrailSensitiveInformationPolicyActionAnonymized = "ANONYMIZED" +) + +// GuardrailSensitiveInformationPolicyAction_Values returns all elements of the GuardrailSensitiveInformationPolicyAction enum +func GuardrailSensitiveInformationPolicyAction_Values() []string { + return []string{ + GuardrailSensitiveInformationPolicyActionBlocked, + GuardrailSensitiveInformationPolicyActionAnonymized, + } +} + +const ( + // GuardrailTopicPolicyActionBlocked is a GuardrailTopicPolicyAction enum value + GuardrailTopicPolicyActionBlocked = "BLOCKED" +) + +// GuardrailTopicPolicyAction_Values returns all elements of the GuardrailTopicPolicyAction enum +func GuardrailTopicPolicyAction_Values() []string { + return []string{ + GuardrailTopicPolicyActionBlocked, + } +} + +const ( + // GuardrailTopicTypeDeny is a GuardrailTopicType enum value + GuardrailTopicTypeDeny = "DENY" +) + +// GuardrailTopicType_Values returns all elements of the GuardrailTopicType enum +func GuardrailTopicType_Values() []string { + return []string{ + GuardrailTopicTypeDeny, + } +} + +const ( + // GuardrailWordPolicyActionBlocked is a GuardrailWordPolicyAction enum value + GuardrailWordPolicyActionBlocked = "BLOCKED" +) + +// GuardrailWordPolicyAction_Values returns all elements of the GuardrailWordPolicyAction enum +func GuardrailWordPolicyAction_Values() []string { + return []string{ + GuardrailWordPolicyActionBlocked, + } +} + const ( // InvocationTypeActionGroup is a InvocationType enum value InvocationTypeActionGroup = "ACTION_GROUP" diff --git a/service/bedrockagentruntime/eventstream_test.go b/service/bedrockagentruntime/eventstream_test.go index 6fed9466a2d..12527f9bd71 100644 --- a/service/bedrockagentruntime/eventstream_test.go +++ b/service/bedrockagentruntime/eventstream_test.go @@ -701,6 +701,686 @@ func mockInvokeAgentReadEvents() ( FailureReason: aws.String("string value goes here"), TraceId: aws.String("string value goes here"), }, + GuardrailTrace: &GuardrailTrace{ + Action: aws.String("string value goes here"), + InputAssessments: []*GuardrailAssessment{ + { + ContentPolicy: &GuardrailContentPolicyAssessment{ + Filters: []*GuardrailContentFilter{ + { + Action: aws.String("string value goes here"), + Confidence: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Confidence: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Confidence: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + }, + }, + SensitiveInformationPolicy: &GuardrailSensitiveInformationPolicyAssessment{ + PiiEntities: []*GuardrailPiiEntityFilter{ + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + }, + Regexes: []*GuardrailRegexFilter{ + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Name: aws.String("string value goes here"), + Regex: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Name: aws.String("string value goes here"), + Regex: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Name: aws.String("string value goes here"), + Regex: aws.String("string value goes here"), + }, + }, + }, + TopicPolicy: &GuardrailTopicPolicyAssessment{ + Topics: []*GuardrailTopic{ + { + Action: aws.String("string value goes here"), + Name: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Name: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Name: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + }, + }, + WordPolicy: &GuardrailWordPolicyAssessment{ + CustomWords: []*GuardrailCustomWord{ + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + }, + }, + ManagedWordLists: []*GuardrailManagedWord{ + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + }, + }, + }, + { + ContentPolicy: &GuardrailContentPolicyAssessment{ + Filters: []*GuardrailContentFilter{ + { + Action: aws.String("string value goes here"), + Confidence: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Confidence: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Confidence: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + }, + }, + SensitiveInformationPolicy: &GuardrailSensitiveInformationPolicyAssessment{ + PiiEntities: []*GuardrailPiiEntityFilter{ + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + }, + Regexes: []*GuardrailRegexFilter{ + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Name: aws.String("string value goes here"), + Regex: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Name: aws.String("string value goes here"), + Regex: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Name: aws.String("string value goes here"), + Regex: aws.String("string value goes here"), + }, + }, + }, + TopicPolicy: &GuardrailTopicPolicyAssessment{ + Topics: []*GuardrailTopic{ + { + Action: aws.String("string value goes here"), + Name: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Name: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Name: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + }, + }, + WordPolicy: &GuardrailWordPolicyAssessment{ + CustomWords: []*GuardrailCustomWord{ + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + }, + }, + ManagedWordLists: []*GuardrailManagedWord{ + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + }, + }, + }, + { + ContentPolicy: &GuardrailContentPolicyAssessment{ + Filters: []*GuardrailContentFilter{ + { + Action: aws.String("string value goes here"), + Confidence: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Confidence: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Confidence: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + }, + }, + SensitiveInformationPolicy: &GuardrailSensitiveInformationPolicyAssessment{ + PiiEntities: []*GuardrailPiiEntityFilter{ + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + }, + Regexes: []*GuardrailRegexFilter{ + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Name: aws.String("string value goes here"), + Regex: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Name: aws.String("string value goes here"), + Regex: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Name: aws.String("string value goes here"), + Regex: aws.String("string value goes here"), + }, + }, + }, + TopicPolicy: &GuardrailTopicPolicyAssessment{ + Topics: []*GuardrailTopic{ + { + Action: aws.String("string value goes here"), + Name: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Name: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Name: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + }, + }, + WordPolicy: &GuardrailWordPolicyAssessment{ + CustomWords: []*GuardrailCustomWord{ + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + }, + }, + ManagedWordLists: []*GuardrailManagedWord{ + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + }, + }, + }, + }, + OutputAssessments: []*GuardrailAssessment{ + { + ContentPolicy: &GuardrailContentPolicyAssessment{ + Filters: []*GuardrailContentFilter{ + { + Action: aws.String("string value goes here"), + Confidence: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Confidence: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Confidence: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + }, + }, + SensitiveInformationPolicy: &GuardrailSensitiveInformationPolicyAssessment{ + PiiEntities: []*GuardrailPiiEntityFilter{ + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + }, + Regexes: []*GuardrailRegexFilter{ + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Name: aws.String("string value goes here"), + Regex: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Name: aws.String("string value goes here"), + Regex: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Name: aws.String("string value goes here"), + Regex: aws.String("string value goes here"), + }, + }, + }, + TopicPolicy: &GuardrailTopicPolicyAssessment{ + Topics: []*GuardrailTopic{ + { + Action: aws.String("string value goes here"), + Name: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Name: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Name: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + }, + }, + WordPolicy: &GuardrailWordPolicyAssessment{ + CustomWords: []*GuardrailCustomWord{ + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + }, + }, + ManagedWordLists: []*GuardrailManagedWord{ + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + }, + }, + }, + { + ContentPolicy: &GuardrailContentPolicyAssessment{ + Filters: []*GuardrailContentFilter{ + { + Action: aws.String("string value goes here"), + Confidence: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Confidence: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Confidence: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + }, + }, + SensitiveInformationPolicy: &GuardrailSensitiveInformationPolicyAssessment{ + PiiEntities: []*GuardrailPiiEntityFilter{ + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + }, + Regexes: []*GuardrailRegexFilter{ + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Name: aws.String("string value goes here"), + Regex: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Name: aws.String("string value goes here"), + Regex: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Name: aws.String("string value goes here"), + Regex: aws.String("string value goes here"), + }, + }, + }, + TopicPolicy: &GuardrailTopicPolicyAssessment{ + Topics: []*GuardrailTopic{ + { + Action: aws.String("string value goes here"), + Name: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Name: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Name: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + }, + }, + WordPolicy: &GuardrailWordPolicyAssessment{ + CustomWords: []*GuardrailCustomWord{ + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + }, + }, + ManagedWordLists: []*GuardrailManagedWord{ + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + }, + }, + }, + { + ContentPolicy: &GuardrailContentPolicyAssessment{ + Filters: []*GuardrailContentFilter{ + { + Action: aws.String("string value goes here"), + Confidence: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Confidence: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Confidence: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + }, + }, + SensitiveInformationPolicy: &GuardrailSensitiveInformationPolicyAssessment{ + PiiEntities: []*GuardrailPiiEntityFilter{ + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + }, + Regexes: []*GuardrailRegexFilter{ + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Name: aws.String("string value goes here"), + Regex: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Name: aws.String("string value goes here"), + Regex: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Name: aws.String("string value goes here"), + Regex: aws.String("string value goes here"), + }, + }, + }, + TopicPolicy: &GuardrailTopicPolicyAssessment{ + Topics: []*GuardrailTopic{ + { + Action: aws.String("string value goes here"), + Name: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Name: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Name: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + }, + }, + WordPolicy: &GuardrailWordPolicyAssessment{ + CustomWords: []*GuardrailCustomWord{ + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + }, + }, + ManagedWordLists: []*GuardrailManagedWord{ + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + { + Action: aws.String("string value goes here"), + Match: aws.String("string value goes here"), + Type: aws.String("string value goes here"), + }, + }, + }, + }, + }, + TraceId: aws.String("string value goes here"), + }, OrchestrationTrace: &OrchestrationTrace{ InvocationInput: &InvocationInput_{ ActionGroupInvocationInput: &ActionGroupInvocationInput_{ diff --git a/service/controltower/api.go b/service/controltower/api.go index df4a2a7f370..9be2aac78cc 100644 --- a/service/controltower/api.go +++ b/service/controltower/api.go @@ -156,6 +156,8 @@ func (c *ControlTower) DisableBaselineRequest(input *DisableBaselineInput) (req // Disable an EnabledBaseline resource on the specified Target. This API starts // an asynchronous operation to remove all resources deployed as part of the // baseline enablement. The resource will vary depending on the enabled baseline. +// For usage examples, see the Amazon Web Services Control Tower User Guide +// (https://docs.aws.amazon.com/controltower/latest/userguide/baseline-api-examples.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -358,7 +360,8 @@ func (c *ControlTower) EnableBaselineRequest(input *EnableBaselineInput) (req *r // EnableBaseline API operation for AWS Control Tower. // // Enable (apply) a Baseline to a Target. This API starts an asynchronous operation -// to deploy resources specified by the Baseline to the specified Target. +// to deploy resources specified by the Baseline to the specified Target. For +// usage examples, see the Amazon Web Services Control Tower User Guide (https://docs.aws.amazon.com/controltower/latest/userguide/baseline-api-examples.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -561,6 +564,8 @@ func (c *ControlTower) GetBaselineRequest(input *GetBaselineInput) (req *request // GetBaseline API operation for AWS Control Tower. // // Retrieve details about an existing Baseline resource by specifying its identifier. +// For usage examples, see the Amazon Web Services Control Tower User Guide +// (https://docs.aws.amazon.com/controltower/latest/userguide/baseline-api-examples.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -655,7 +660,8 @@ func (c *ControlTower) GetBaselineOperationRequest(input *GetBaselineOperationIn // Returns the details of an asynchronous baseline operation, as initiated by // any of these APIs: EnableBaseline, DisableBaseline, UpdateEnabledBaseline, // ResetEnabledBaseline. A status message is displayed in case of operation -// failure. +// failure. For usage examples, see the Amazon Web Services Control Tower User +// Guide (https://docs.aws.amazon.com/controltower/latest/userguide/baseline-api-examples.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1028,7 +1034,7 @@ func (c *ControlTower) GetLandingZoneOperationRequest(input *GetLandingZoneOpera // GetLandingZoneOperation API operation for AWS Control Tower. // // Returns the status of the specified landing zone operation. Details for an -// operation are available for 60 days. +// operation are available for 90 days. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1126,7 +1132,8 @@ func (c *ControlTower) ListBaselinesRequest(input *ListBaselinesInput) (req *req // ListBaselines API operation for AWS Control Tower. // -// Returns a summary list of all available baselines. +// Returns a summary list of all available baselines. For usage examples, see +// the Amazon Web Services Control Tower User Guide (https://docs.aws.amazon.com/controltower/latest/userguide/baseline-api-examples.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1223,6 +1230,152 @@ func (c *ControlTower) ListBaselinesPagesWithContext(ctx aws.Context, input *Lis return p.Err() } +const opListControlOperations = "ListControlOperations" + +// ListControlOperationsRequest generates a "aws/request.Request" representing the +// client's request for the ListControlOperations operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListControlOperations for more information on using the ListControlOperations +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ListControlOperationsRequest method. +// req, resp := client.ListControlOperationsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/controltower-2018-05-10/ListControlOperations +func (c *ControlTower) ListControlOperationsRequest(input *ListControlOperationsInput) (req *request.Request, output *ListControlOperationsOutput) { + op := &request.Operation{ + Name: opListControlOperations, + HTTPMethod: "POST", + HTTPPath: "/list-control-operations", + Paginator: &request.Paginator{ + InputTokens: []string{"nextToken"}, + OutputTokens: []string{"nextToken"}, + LimitToken: "maxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListControlOperationsInput{} + } + + output = &ListControlOperationsOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListControlOperations API operation for AWS Control Tower. +// +// Provides a list of operations in progress or queued. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Control Tower's +// API operation ListControlOperations for usage and error information. +// +// Returned Error Types: +// +// - ValidationException +// The input does not satisfy the constraints specified by an Amazon Web Services +// service. +// +// - InternalServerException +// An unexpected error occurred during processing of a request. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ThrottlingException +// The request was denied due to request throttling. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/controltower-2018-05-10/ListControlOperations +func (c *ControlTower) ListControlOperations(input *ListControlOperationsInput) (*ListControlOperationsOutput, error) { + req, out := c.ListControlOperationsRequest(input) + return out, req.Send() +} + +// ListControlOperationsWithContext is the same as ListControlOperations with the addition of +// the ability to pass a context and additional request options. +// +// See ListControlOperations for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ControlTower) ListControlOperationsWithContext(ctx aws.Context, input *ListControlOperationsInput, opts ...request.Option) (*ListControlOperationsOutput, error) { + req, out := c.ListControlOperationsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListControlOperationsPages iterates over the pages of a ListControlOperations operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListControlOperations method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListControlOperations operation. +// pageNum := 0 +// err := client.ListControlOperationsPages(params, +// func(page *controltower.ListControlOperationsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *ControlTower) ListControlOperationsPages(input *ListControlOperationsInput, fn func(*ListControlOperationsOutput, bool) bool) error { + return c.ListControlOperationsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListControlOperationsPagesWithContext same as ListControlOperationsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ControlTower) ListControlOperationsPagesWithContext(ctx aws.Context, input *ListControlOperationsInput, fn func(*ListControlOperationsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListControlOperationsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListControlOperationsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListControlOperationsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opListEnabledBaselines = "ListEnabledBaselines" // ListEnabledBaselinesRequest generates a "aws/request.Request" representing the @@ -1274,7 +1427,8 @@ func (c *ControlTower) ListEnabledBaselinesRequest(input *ListEnabledBaselinesIn // // Returns a list of summaries describing EnabledBaseline resources. You can // filter the list by the corresponding Baseline or Target of the EnabledBaseline -// resources. +// resources. For usage examples, see the Amazon Web Services Control Tower +// User Guide (https://docs.aws.amazon.com/controltower/latest/userguide/baseline-api-examples.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1804,6 +1958,8 @@ func (c *ControlTower) ResetEnabledBaselineRequest(input *ResetEnabledBaselineIn // // Re-enables an EnabledBaseline resource. For example, this API can re-apply // the existing Baseline after a new member account is moved to the target OU. +// For usage examples, see the Amazon Web Services Control Tower User Guide +// (https://docs.aws.amazon.com/controltower/latest/userguide/baseline-api-examples.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2175,7 +2331,8 @@ func (c *ControlTower) UpdateEnabledBaselineRequest(input *UpdateEnabledBaseline // UpdateEnabledBaseline API operation for AWS Control Tower. // -// Updates an EnabledBaseline resource's applied parameters or version. +// Updates an EnabledBaseline resource's applied parameters or version. For +// usage examples, see the Amazon Web Services Control Tower User Guide (https://docs.aws.amazon.com/controltower/latest/userguide/baseline-api-examples.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2497,9 +2654,18 @@ func (s *ConflictException) RequestID() string { type ControlOperation struct { _ struct{} `type:"structure"` + // The controlIdentifier of the control for the operation. + ControlIdentifier *string `locationName:"controlIdentifier" min:"20" type:"string"` + + // The controlIdentifier of the enabled control. + EnabledControlIdentifier *string `locationName:"enabledControlIdentifier" min:"20" type:"string"` + // The time that the operation finished. EndTime *time.Time `locationName:"endTime" type:"timestamp" timestampFormat:"iso8601"` + // The identifier of the specified operation. + OperationIdentifier *string `locationName:"operationIdentifier" min:"36" type:"string"` + // One of ENABLE_CONTROL or DISABLE_CONTROL. OperationType *string `locationName:"operationType" type:"string" enum:"ControlOperationType"` @@ -2512,6 +2678,9 @@ type ControlOperation struct { // If the operation result is FAILED, this string contains a message explaining // why the operation failed. StatusMessage *string `locationName:"statusMessage" type:"string"` + + // The target upon which the control operation is working. + TargetIdentifier *string `locationName:"targetIdentifier" min:"20" type:"string"` } // String returns the string representation. @@ -2532,12 +2701,30 @@ func (s ControlOperation) GoString() string { return s.String() } +// SetControlIdentifier sets the ControlIdentifier field's value. +func (s *ControlOperation) SetControlIdentifier(v string) *ControlOperation { + s.ControlIdentifier = &v + return s +} + +// SetEnabledControlIdentifier sets the EnabledControlIdentifier field's value. +func (s *ControlOperation) SetEnabledControlIdentifier(v string) *ControlOperation { + s.EnabledControlIdentifier = &v + return s +} + // SetEndTime sets the EndTime field's value. func (s *ControlOperation) SetEndTime(v time.Time) *ControlOperation { s.EndTime = &v return s } +// SetOperationIdentifier sets the OperationIdentifier field's value. +func (s *ControlOperation) SetOperationIdentifier(v string) *ControlOperation { + s.OperationIdentifier = &v + return s +} + // SetOperationType sets the OperationType field's value. func (s *ControlOperation) SetOperationType(v string) *ControlOperation { s.OperationType = &v @@ -2562,6 +2749,210 @@ func (s *ControlOperation) SetStatusMessage(v string) *ControlOperation { return s } +// SetTargetIdentifier sets the TargetIdentifier field's value. +func (s *ControlOperation) SetTargetIdentifier(v string) *ControlOperation { + s.TargetIdentifier = &v + return s +} + +// A filter object that lets you call ListCOntrolOperations with a specific +// filter. +type ControlOperationFilter struct { + _ struct{} `type:"structure"` + + // The set of controlIdentifier returned by the filter. + ControlIdentifiers []*string `locationName:"controlIdentifiers" min:"1" type:"list"` + + // The set of ControlOperation objects returned by the filter. + ControlOperationTypes []*string `locationName:"controlOperationTypes" min:"1" type:"list" enum:"ControlOperationType"` + + // The set controlIdentifier of enabled controls selected by the filter. + EnabledControlIdentifiers []*string `locationName:"enabledControlIdentifiers" min:"1" type:"list"` + + // Lists the status of control operations. + Statuses []*string `locationName:"statuses" min:"1" type:"list" enum:"ControlOperationStatus"` + + // The set of targetIdentifier objects returned by the filter. + TargetIdentifiers []*string `locationName:"targetIdentifiers" min:"1" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ControlOperationFilter) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ControlOperationFilter) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ControlOperationFilter) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ControlOperationFilter"} + if s.ControlIdentifiers != nil && len(s.ControlIdentifiers) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ControlIdentifiers", 1)) + } + if s.ControlOperationTypes != nil && len(s.ControlOperationTypes) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ControlOperationTypes", 1)) + } + if s.EnabledControlIdentifiers != nil && len(s.EnabledControlIdentifiers) < 1 { + invalidParams.Add(request.NewErrParamMinLen("EnabledControlIdentifiers", 1)) + } + if s.Statuses != nil && len(s.Statuses) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Statuses", 1)) + } + if s.TargetIdentifiers != nil && len(s.TargetIdentifiers) < 1 { + invalidParams.Add(request.NewErrParamMinLen("TargetIdentifiers", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetControlIdentifiers sets the ControlIdentifiers field's value. +func (s *ControlOperationFilter) SetControlIdentifiers(v []*string) *ControlOperationFilter { + s.ControlIdentifiers = v + return s +} + +// SetControlOperationTypes sets the ControlOperationTypes field's value. +func (s *ControlOperationFilter) SetControlOperationTypes(v []*string) *ControlOperationFilter { + s.ControlOperationTypes = v + return s +} + +// SetEnabledControlIdentifiers sets the EnabledControlIdentifiers field's value. +func (s *ControlOperationFilter) SetEnabledControlIdentifiers(v []*string) *ControlOperationFilter { + s.EnabledControlIdentifiers = v + return s +} + +// SetStatuses sets the Statuses field's value. +func (s *ControlOperationFilter) SetStatuses(v []*string) *ControlOperationFilter { + s.Statuses = v + return s +} + +// SetTargetIdentifiers sets the TargetIdentifiers field's value. +func (s *ControlOperationFilter) SetTargetIdentifiers(v []*string) *ControlOperationFilter { + s.TargetIdentifiers = v + return s +} + +// A summary of information about the specified control operation. +type ControlOperationSummary struct { + _ struct{} `type:"structure"` + + // The controlIdentifier of a control. + ControlIdentifier *string `locationName:"controlIdentifier" min:"20" type:"string"` + + // The controlIdentifier of an enabled control. + EnabledControlIdentifier *string `locationName:"enabledControlIdentifier" min:"20" type:"string"` + + // The time at which the control operation was completed. + EndTime *time.Time `locationName:"endTime" type:"timestamp" timestampFormat:"iso8601"` + + // The unique identifier of a control operation. + OperationIdentifier *string `locationName:"operationIdentifier" min:"36" type:"string"` + + // The type of operation. + OperationType *string `locationName:"operationType" type:"string" enum:"ControlOperationType"` + + // The time at which a control operation began. + StartTime *time.Time `locationName:"startTime" type:"timestamp" timestampFormat:"iso8601"` + + // The status of the specified control operation. + Status *string `locationName:"status" type:"string" enum:"ControlOperationStatus"` + + // A speficic message displayed as part of the control status. + StatusMessage *string `locationName:"statusMessage" type:"string"` + + // The unique identifier of the target of a control operation. + TargetIdentifier *string `locationName:"targetIdentifier" min:"20" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ControlOperationSummary) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ControlOperationSummary) GoString() string { + return s.String() +} + +// SetControlIdentifier sets the ControlIdentifier field's value. +func (s *ControlOperationSummary) SetControlIdentifier(v string) *ControlOperationSummary { + s.ControlIdentifier = &v + return s +} + +// SetEnabledControlIdentifier sets the EnabledControlIdentifier field's value. +func (s *ControlOperationSummary) SetEnabledControlIdentifier(v string) *ControlOperationSummary { + s.EnabledControlIdentifier = &v + return s +} + +// SetEndTime sets the EndTime field's value. +func (s *ControlOperationSummary) SetEndTime(v time.Time) *ControlOperationSummary { + s.EndTime = &v + return s +} + +// SetOperationIdentifier sets the OperationIdentifier field's value. +func (s *ControlOperationSummary) SetOperationIdentifier(v string) *ControlOperationSummary { + s.OperationIdentifier = &v + return s +} + +// SetOperationType sets the OperationType field's value. +func (s *ControlOperationSummary) SetOperationType(v string) *ControlOperationSummary { + s.OperationType = &v + return s +} + +// SetStartTime sets the StartTime field's value. +func (s *ControlOperationSummary) SetStartTime(v time.Time) *ControlOperationSummary { + s.StartTime = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *ControlOperationSummary) SetStatus(v string) *ControlOperationSummary { + s.Status = &v + return s +} + +// SetStatusMessage sets the StatusMessage field's value. +func (s *ControlOperationSummary) SetStatusMessage(v string) *ControlOperationSummary { + s.StatusMessage = &v + return s +} + +// SetTargetIdentifier sets the TargetIdentifier field's value. +func (s *ControlOperationSummary) SetTargetIdentifier(v string) *ControlOperationSummary { + s.TargetIdentifier = &v + return s +} + type DeleteLandingZoneInput struct { _ struct{} `type:"structure"` @@ -3431,6 +3822,77 @@ func (s *EnabledControlDetails) SetTargetRegions(v []*Region) *EnabledControlDet return s } +// A structure that returns a set of control identifiers, the control status +// for each control in the set, and the drift status for each control in the +// set. +type EnabledControlFilter struct { + _ struct{} `type:"structure"` + + // The set of controlIdentifier returned by the filter. + ControlIdentifiers []*string `locationName:"controlIdentifiers" min:"1" type:"list"` + + // A list of DriftStatus items. + DriftStatuses []*string `locationName:"driftStatuses" min:"1" type:"list" enum:"DriftStatus"` + + // A list of EnablementStatus items. + Statuses []*string `locationName:"statuses" min:"1" type:"list" enum:"EnablementStatus"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnabledControlFilter) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnabledControlFilter) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *EnabledControlFilter) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "EnabledControlFilter"} + if s.ControlIdentifiers != nil && len(s.ControlIdentifiers) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ControlIdentifiers", 1)) + } + if s.DriftStatuses != nil && len(s.DriftStatuses) < 1 { + invalidParams.Add(request.NewErrParamMinLen("DriftStatuses", 1)) + } + if s.Statuses != nil && len(s.Statuses) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Statuses", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetControlIdentifiers sets the ControlIdentifiers field's value. +func (s *EnabledControlFilter) SetControlIdentifiers(v []*string) *EnabledControlFilter { + s.ControlIdentifiers = v + return s +} + +// SetDriftStatuses sets the DriftStatuses field's value. +func (s *EnabledControlFilter) SetDriftStatuses(v []*string) *EnabledControlFilter { + s.DriftStatuses = v + return s +} + +// SetStatuses sets the Statuses field's value. +func (s *EnabledControlFilter) SetStatuses(v []*string) *EnabledControlFilter { + s.Statuses = v + return s +} + // Returns a summary of information about an enabled control. type EnabledControlSummary struct { _ struct{} `type:"structure"` @@ -4334,6 +4796,116 @@ func (s *ListBaselinesOutput) SetNextToken(v string) *ListBaselinesOutput { return s } +type ListControlOperationsInput struct { + _ struct{} `type:"structure"` + + // An input filter for the ListControlOperations API that lets you select the + // types of control operations to view. + Filter *ControlOperationFilter `locationName:"filter" type:"structure"` + + // The maximum number of results to be shown. + MaxResults *int64 `locationName:"maxResults" min:"1" type:"integer"` + + // A pagination token. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListControlOperationsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListControlOperationsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListControlOperationsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListControlOperationsInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + if s.Filter != nil { + if err := s.Filter.Validate(); err != nil { + invalidParams.AddNested("Filter", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetFilter sets the Filter field's value. +func (s *ListControlOperationsInput) SetFilter(v *ControlOperationFilter) *ListControlOperationsInput { + s.Filter = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListControlOperationsInput) SetMaxResults(v int64) *ListControlOperationsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListControlOperationsInput) SetNextToken(v string) *ListControlOperationsInput { + s.NextToken = &v + return s +} + +type ListControlOperationsOutput struct { + _ struct{} `type:"structure"` + + // Returns a list of output from control operations. PLACEHOLDER + // + // ControlOperations is a required field + ControlOperations []*ControlOperationSummary `locationName:"controlOperations" type:"list" required:"true"` + + // A pagination token. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListControlOperationsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListControlOperationsOutput) GoString() string { + return s.String() +} + +// SetControlOperations sets the ControlOperations field's value. +func (s *ListControlOperationsOutput) SetControlOperations(v []*ControlOperationSummary) *ListControlOperationsOutput { + s.ControlOperations = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListControlOperationsOutput) SetNextToken(v string) *ListControlOperationsOutput { + s.NextToken = &v + return s +} + type ListEnabledBaselinesInput struct { _ struct{} `type:"structure"` @@ -4448,6 +5020,10 @@ func (s *ListEnabledBaselinesOutput) SetNextToken(v string) *ListEnabledBaseline type ListEnabledControlsInput struct { _ struct{} `type:"structure"` + // An input filter for the ListCEnabledControls API that lets you select the + // types of control operations to view. + Filter *EnabledControlFilter `locationName:"filter" type:"structure"` + // How many results to return per API call. MaxResults *int64 `locationName:"maxResults" min:"1" type:"integer"` @@ -4456,9 +5032,7 @@ type ListEnabledControlsInput struct { // The ARN of the organizational unit. For information on how to find the targetIdentifier, // see the overview page (https://docs.aws.amazon.com/controltower/latest/APIReference/Welcome.html). - // - // TargetIdentifier is a required field - TargetIdentifier *string `locationName:"targetIdentifier" min:"20" type:"string" required:"true"` + TargetIdentifier *string `locationName:"targetIdentifier" min:"20" type:"string"` } // String returns the string representation. @@ -4485,12 +5059,14 @@ func (s *ListEnabledControlsInput) Validate() error { if s.MaxResults != nil && *s.MaxResults < 1 { invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) } - if s.TargetIdentifier == nil { - invalidParams.Add(request.NewErrParamRequired("TargetIdentifier")) - } if s.TargetIdentifier != nil && len(*s.TargetIdentifier) < 20 { invalidParams.Add(request.NewErrParamMinLen("TargetIdentifier", 20)) } + if s.Filter != nil { + if err := s.Filter.Validate(); err != nil { + invalidParams.AddNested("Filter", err.(request.ErrInvalidParams)) + } + } if invalidParams.Len() > 0 { return invalidParams @@ -4498,6 +5074,12 @@ func (s *ListEnabledControlsInput) Validate() error { return nil } +// SetFilter sets the Filter field's value. +func (s *ListEnabledControlsInput) SetFilter(v *EnabledControlFilter) *ListEnabledControlsInput { + s.Filter = v + return s +} + // SetMaxResults sets the MaxResults field's value. func (s *ListEnabledControlsInput) SetMaxResults(v int64) *ListEnabledControlsInput { s.MaxResults = &v diff --git a/service/controltower/controltoweriface/interface.go b/service/controltower/controltoweriface/interface.go index 44706c015f4..f7d876f0957 100644 --- a/service/controltower/controltoweriface/interface.go +++ b/service/controltower/controltoweriface/interface.go @@ -111,6 +111,13 @@ type ControlTowerAPI interface { ListBaselinesPages(*controltower.ListBaselinesInput, func(*controltower.ListBaselinesOutput, bool) bool) error ListBaselinesPagesWithContext(aws.Context, *controltower.ListBaselinesInput, func(*controltower.ListBaselinesOutput, bool) bool, ...request.Option) error + ListControlOperations(*controltower.ListControlOperationsInput) (*controltower.ListControlOperationsOutput, error) + ListControlOperationsWithContext(aws.Context, *controltower.ListControlOperationsInput, ...request.Option) (*controltower.ListControlOperationsOutput, error) + ListControlOperationsRequest(*controltower.ListControlOperationsInput) (*request.Request, *controltower.ListControlOperationsOutput) + + ListControlOperationsPages(*controltower.ListControlOperationsInput, func(*controltower.ListControlOperationsOutput, bool) bool) error + ListControlOperationsPagesWithContext(aws.Context, *controltower.ListControlOperationsInput, func(*controltower.ListControlOperationsOutput, bool) bool, ...request.Option) error + ListEnabledBaselines(*controltower.ListEnabledBaselinesInput) (*controltower.ListEnabledBaselinesOutput, error) ListEnabledBaselinesWithContext(aws.Context, *controltower.ListEnabledBaselinesInput, ...request.Option) (*controltower.ListEnabledBaselinesOutput, error) ListEnabledBaselinesRequest(*controltower.ListEnabledBaselinesInput) (*request.Request, *controltower.ListEnabledBaselinesOutput) diff --git a/service/controltower/doc.go b/service/controltower/doc.go index 9775a3363a7..b3bad8bf2e4 100644 --- a/service/controltower/doc.go +++ b/service/controltower/doc.go @@ -3,6 +3,21 @@ // Package controltower provides the client and types for making API // requests to AWS Control Tower. // +// Amazon Web Services Control Tower offers application programming interface +// (API) operations that support programmatic interaction with these types of +// resources: +// +// - controls (https://docs.aws.amazon.com/controltower/latest/userguide/controls.html) +// +// - landing zones (https://docs.aws.amazon.com/controltower/latest/userguide/lz-api-launch.html) +// +// - baselines (https://docs.aws.amazon.com/controltower/latest/userguide/types-of-baselines.html) +// +// For more information about these types of resources, see the Amazon Web Services +// Control Tower User Guide (https://docs.aws.amazon.com/controltower/latest/userguide/what-is-control-tower.html). +// +// # About control APIs +// // These interfaces allow you to apply the Amazon Web Services library of pre-defined // controls to your organizational units, programmatically. In Amazon Web Services // Control Tower, the terms "control" and "guardrail" are synonyms. @@ -25,6 +40,7 @@ // The controlIdentifier is unique in each Amazon Web Services Region for each // control. You can find the controlIdentifier for each Region and control in // the Tables of control metadata (https://docs.aws.amazon.com/controltower/latest/userguide/control-metadata-tables.html) +// or the Control availability by Region tables (https://docs.aws.amazon.com/controltower/latest/userguide/control-region-tables.html) // in the Amazon Web Services Control Tower User Guide. // // A quick-reference list of control identifers for the Amazon Web Services @@ -51,13 +67,48 @@ // // arn:${Partition}:organizations::${MasterAccountId}:ou/o-${OrganizationId}/ou-${OrganizationalUnitId} // +// About landing zone APIs +// +// You can configure and launch an Amazon Web Services Control Tower landing +// zone with APIs. For an introduction and steps, see Getting started with Amazon +// Web Services Control Tower using APIs (https://docs.aws.amazon.com/controltower/latest/userguide/getting-started-apis.html). +// +// For an overview of landing zone API operations, see Amazon Web Services Control +// Tower supports landing zone APIs (https://docs.aws.amazon.com/controltower/latest/userguide/2023-all.html#landing-zone-apis). +// The individual API operations for landing zones are detailed in this document, +// the API reference manual (https://docs.aws.amazon.com/controltower/latest/APIReference/API_Operations.html), +// in the "Actions" section. +// +// # About baseline APIs +// +// You can apply the AWSControlTowerBaseline baseline to an organizational unit +// (OU) as a way to register the OU with Amazon Web Services Control Tower, +// programmatically. For a general overview of this capability, see Amazon Web +// Services Control Tower supports APIs for OU registration and configuration +// with baselines (https://docs.aws.amazon.com/controltower/latest/userguide/2024-all.html#baseline-apis). +// +// You can call the baseline API operations to view the baselines that Amazon +// Web Services Control Tower enables for your landing zone, on your behalf, +// when setting up the landing zone. These baselines are read-only baselines. +// +// The individual API operations for baselines are detailed in this document, +// the API reference manual (https://docs.aws.amazon.com/controltower/latest/APIReference/API_Operations.html), +// in the "Actions" section. For usage examples, see Baseline API input and +// output examples with CLI (https://docs.aws.amazon.com/controltower/latest/userguide/baseline-api-examples.html). +// // Details and examples // // - Control API input and output examples with CLI (https://docs.aws.amazon.com/controltower/latest/userguide/control-api-examples-short.html) // +// - Baseline API input and output examples with CLI (https://docs.aws.amazon.com/controltower/latest/userguide/baseline-api-examples.html) +// // - Enable controls with CloudFormation (https://docs.aws.amazon.com/controltower/latest/userguide/enable-controls.html) // -// - Control metadata tables (https://docs.aws.amazon.com/controltower/latest/userguide/control-metadata-tables.html) +// - Launch a landing zone with CloudFormation (https://docs.aws.amazon.com/controltower/latest/userguide/lz-apis-cfn-setup.html) +// +// - Control metadata tables (large page) (https://docs.aws.amazon.com/controltower/latest/userguide/control-metadata-tables.html) +// +// - Control availability by Region tables (large page) (https://docs.aws.amazon.com/controltower/latest/userguide/control-region-tables.html) // // - List of identifiers for legacy controls (https://docs.aws.amazon.com/controltower/latest/userguide/control-identifiers.html) // diff --git a/service/osis/api.go b/service/osis/api.go index 6e12785c93e..776c21d0481 100644 --- a/service/osis/api.go +++ b/service/osis/api.go @@ -68,6 +68,9 @@ func (c *OSIS) CreatePipelineRequest(input *CreatePipelineInput) (req *request.R // // Returned Error Types: // +// - DisabledOperationException +// Exception is thrown when an operation has been disabled. +// // - LimitExceededException // You attempted to create more than the allowed number of tags. // @@ -165,6 +168,9 @@ func (c *OSIS) DeletePipelineRequest(input *DeletePipelineInput) (req *request.R // // Returned Error Types: // +// - DisabledOperationException +// Exception is thrown when an operation has been disabled. +// // - ValidationException // An exception for missing or invalid input fields. // @@ -257,6 +263,9 @@ func (c *OSIS) GetPipelineRequest(input *GetPipelineInput) (req *request.Request // // Returned Error Types: // +// - DisabledOperationException +// Exception is thrown when an operation has been disabled. +// // - ValidationException // An exception for missing or invalid input fields. // @@ -349,6 +358,9 @@ func (c *OSIS) GetPipelineBlueprintRequest(input *GetPipelineBlueprintInput) (re // // Returned Error Types: // +// - DisabledOperationException +// Exception is thrown when an operation has been disabled. +// // - AccessDeniedException // You don't have permissions to access the resource. // @@ -442,6 +454,9 @@ func (c *OSIS) GetPipelineChangeProgressRequest(input *GetPipelineChangeProgress // // Returned Error Types: // +// - DisabledOperationException +// Exception is thrown when an operation has been disabled. +// // - ValidationException // An exception for missing or invalid input fields. // @@ -532,6 +547,9 @@ func (c *OSIS) ListPipelineBlueprintsRequest(input *ListPipelineBlueprintsInput) // // Returned Error Types: // +// - DisabledOperationException +// Exception is thrown when an operation has been disabled. +// // - ValidationException // An exception for missing or invalid input fields. // @@ -629,6 +647,9 @@ func (c *OSIS) ListPipelinesRequest(input *ListPipelinesInput) (req *request.Req // // Returned Error Types: // +// - DisabledOperationException +// Exception is thrown when an operation has been disabled. +// // - ValidationException // An exception for missing or invalid input fields. // @@ -770,6 +791,9 @@ func (c *OSIS) ListTagsForResourceRequest(input *ListTagsForResourceInput) (req // // Returned Error Types: // +// - DisabledOperationException +// Exception is thrown when an operation has been disabled. +// // - ValidationException // An exception for missing or invalid input fields. // @@ -860,6 +884,9 @@ func (c *OSIS) StartPipelineRequest(input *StartPipelineInput) (req *request.Req // // Returned Error Types: // +// - DisabledOperationException +// Exception is thrown when an operation has been disabled. +// // - AccessDeniedException // You don't have permissions to access the resource. // @@ -953,6 +980,9 @@ func (c *OSIS) StopPipelineRequest(input *StopPipelineInput) (req *request.Reque // // Returned Error Types: // +// - DisabledOperationException +// Exception is thrown when an operation has been disabled. +// // - AccessDeniedException // You don't have permissions to access the resource. // @@ -1047,6 +1077,9 @@ func (c *OSIS) TagResourceRequest(input *TagResourceInput) (req *request.Request // // Returned Error Types: // +// - DisabledOperationException +// Exception is thrown when an operation has been disabled. +// // - LimitExceededException // You attempted to create more than the allowed number of tags. // @@ -1141,6 +1174,9 @@ func (c *OSIS) UntagResourceRequest(input *UntagResourceInput) (req *request.Req // // Returned Error Types: // +// - DisabledOperationException +// Exception is thrown when an operation has been disabled. +// // - ValidationException // An exception for missing or invalid input fields. // @@ -1231,6 +1267,9 @@ func (c *OSIS) UpdatePipelineRequest(input *UpdatePipelineInput) (req *request.R // // Returned Error Types: // +// - DisabledOperationException +// Exception is thrown when an operation has been disabled. +// // - ValidationException // An exception for missing or invalid input fields. // @@ -1325,6 +1364,9 @@ func (c *OSIS) ValidatePipelineRequest(input *ValidatePipelineInput) (req *reque // // Returned Error Types: // +// - DisabledOperationException +// Exception is thrown when an operation has been disabled. +// // - AccessDeniedException // You don't have permissions to access the resource. // @@ -1423,6 +1465,7 @@ func (s *AccessDeniedException) RequestID() string { // Options that specify the configuration of a persistent buffer. To configure // how OpenSearch Ingestion encrypts this data, set the EncryptionAtRestOptions. +// For more information, see Persistent buffering (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/osis-features-overview.html#persistent-buffering). type BufferOptions struct { _ struct{} `type:"structure"` @@ -1593,7 +1636,7 @@ type CloudWatchLogDestination struct { _ struct{} `type:"structure"` // The name of the CloudWatch Logs group to send pipeline logs to. You can specify - // an existing log group or create a new one. For example, /aws/OpenSearchService/IngestionService/my-pipeline. + // an existing log group or create a new one. For example, /aws/vendedlogs/OpenSearchService/pipelines. // // LogGroup is a required field LogGroup *string `min:"1" type:"string" required:"true"` @@ -1987,12 +2030,76 @@ func (s DeletePipelineOutput) GoString() string { return s.String() } -// Options to control how OpenSearch encrypts all data-at-rest. +// Exception is thrown when an operation has been disabled. +type DisabledOperationException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisabledOperationException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisabledOperationException) GoString() string { + return s.String() +} + +func newErrorDisabledOperationException(v protocol.ResponseMetadata) error { + return &DisabledOperationException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *DisabledOperationException) Code() string { + return "DisabledOperationException" +} + +// Message returns the exception's message. +func (s *DisabledOperationException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *DisabledOperationException) OrigErr() error { + return nil +} + +func (s *DisabledOperationException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *DisabledOperationException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *DisabledOperationException) RequestID() string { + return s.RespMetadata.RequestID +} + +// Options to control how OpenSearch encrypts buffer data. type EncryptionAtRestOptions struct { _ struct{} `type:"structure"` - // The ARN of the KMS key used to encrypt data-at-rest in OpenSearch Ingestion. - // By default, data is encrypted using an AWS owned key. + // The ARN of the KMS key used to encrypt buffer data. By default, data is encrypted + // using an Amazon Web Services owned key. // // KmsKeyArn is a required field KmsKeyArn *string `min:"7" type:"string" required:"true"` @@ -2045,6 +2152,9 @@ type GetPipelineBlueprintInput struct { // // BlueprintName is a required field BlueprintName *string `location:"uri" locationName:"BlueprintName" type:"string" required:"true"` + + // The format format of the blueprint to retrieve. + Format *string `location:"querystring" locationName:"format" type:"string"` } // String returns the string representation. @@ -2087,11 +2197,20 @@ func (s *GetPipelineBlueprintInput) SetBlueprintName(v string) *GetPipelineBluep return s } +// SetFormat sets the Format field's value. +func (s *GetPipelineBlueprintInput) SetFormat(v string) *GetPipelineBlueprintInput { + s.Format = &v + return s +} + type GetPipelineBlueprintOutput struct { _ struct{} `type:"structure"` // The requested blueprint in YAML format. Blueprint *PipelineBlueprint `type:"structure"` + + // The format of the blueprint. + Format *string `type:"string"` } // String returns the string representation. @@ -2118,6 +2237,12 @@ func (s *GetPipelineBlueprintOutput) SetBlueprint(v *PipelineBlueprint) *GetPipe return s } +// SetFormat sets the Format field's value. +func (s *GetPipelineBlueprintOutput) SetFormat(v string) *GetPipelineBlueprintOutput { + s.Format = &v + return s +} + type GetPipelineChangeProgressInput struct { _ struct{} `type:"structure" nopayload:"true"` @@ -2201,7 +2326,7 @@ func (s *GetPipelineChangeProgressOutput) SetChangeProgressStatuses(v []*ChangeP type GetPipelineInput struct { _ struct{} `type:"structure" nopayload:"true"` - // The name of the pipeline to get information about. + // The name of the pipeline. // // PipelineName is a required field PipelineName *string `location:"uri" locationName:"PipelineName" min:"3" type:"string" required:"true"` @@ -2767,12 +2892,16 @@ type Pipeline struct { // Options that specify the configuration of a persistent buffer. To configure // how OpenSearch Ingestion encrypts this data, set the EncryptionAtRestOptions. + // For more information, see Persistent buffering (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/osis-features-overview.html#persistent-buffering). BufferOptions *BufferOptions `type:"structure"` // The date and time when the pipeline was created. CreatedAt *time.Time `type:"timestamp"` - // Options to control how OpenSearch encrypts all data-at-rest. + // Destinations to which the pipeline writes data. + Destinations []*PipelineDestination `type:"list"` + + // Options to control how OpenSearch encrypts buffer data. EncryptionAtRestOptions *EncryptionAtRestOptions `type:"structure"` // The ingestion endpoints for the pipeline, which you can send data to. @@ -2799,8 +2928,8 @@ type Pipeline struct { // The name of the pipeline. PipelineName *string `type:"string"` - // A list of VPC endpoints that OpenSearch Ingestion has created to other AWS - // services. + // A list of VPC endpoints that OpenSearch Ingestion has created to other Amazon + // Web Services services. ServiceVpcEndpoints []*ServiceVpcEndpoint `type:"list"` // The current status of the pipeline. @@ -2846,6 +2975,12 @@ func (s *Pipeline) SetCreatedAt(v time.Time) *Pipeline { return s } +// SetDestinations sets the Destinations field's value. +func (s *Pipeline) SetDestinations(v []*PipelineDestination) *Pipeline { + s.Destinations = v + return s +} + // SetEncryptionAtRestOptions sets the EncryptionAtRestOptions field's value. func (s *Pipeline) SetEncryptionAtRestOptions(v *EncryptionAtRestOptions) *Pipeline { s.EncryptionAtRestOptions = v @@ -2937,8 +3072,20 @@ type PipelineBlueprint struct { // The name of the blueprint. BlueprintName *string `type:"string"` + // A description of the blueprint. + DisplayDescription *string `type:"string"` + + // The display name of the blueprint. + DisplayName *string `type:"string"` + // The YAML configuration of the blueprint. PipelineConfigurationBody *string `type:"string"` + + // The name of the service that the blueprint is associated with. + Service *string `type:"string"` + + // The use case that the blueprint relates to. + UseCase *string `type:"string"` } // String returns the string representation. @@ -2965,18 +3112,54 @@ func (s *PipelineBlueprint) SetBlueprintName(v string) *PipelineBlueprint { return s } +// SetDisplayDescription sets the DisplayDescription field's value. +func (s *PipelineBlueprint) SetDisplayDescription(v string) *PipelineBlueprint { + s.DisplayDescription = &v + return s +} + +// SetDisplayName sets the DisplayName field's value. +func (s *PipelineBlueprint) SetDisplayName(v string) *PipelineBlueprint { + s.DisplayName = &v + return s +} + // SetPipelineConfigurationBody sets the PipelineConfigurationBody field's value. func (s *PipelineBlueprint) SetPipelineConfigurationBody(v string) *PipelineBlueprint { s.PipelineConfigurationBody = &v return s } +// SetService sets the Service field's value. +func (s *PipelineBlueprint) SetService(v string) *PipelineBlueprint { + s.Service = &v + return s +} + +// SetUseCase sets the UseCase field's value. +func (s *PipelineBlueprint) SetUseCase(v string) *PipelineBlueprint { + s.UseCase = &v + return s +} + // A summary of an OpenSearch Ingestion blueprint. type PipelineBlueprintSummary struct { _ struct{} `type:"structure"` // The name of the blueprint. BlueprintName *string `type:"string"` + + // A description of the blueprint. + DisplayDescription *string `type:"string"` + + // The display name of the blueprint. + DisplayName *string `type:"string"` + + // The name of the service that the blueprint is associated with. + Service *string `type:"string"` + + // The use case that the blueprint relates to. + UseCase *string `type:"string"` } // String returns the string representation. @@ -3003,6 +3186,71 @@ func (s *PipelineBlueprintSummary) SetBlueprintName(v string) *PipelineBlueprint return s } +// SetDisplayDescription sets the DisplayDescription field's value. +func (s *PipelineBlueprintSummary) SetDisplayDescription(v string) *PipelineBlueprintSummary { + s.DisplayDescription = &v + return s +} + +// SetDisplayName sets the DisplayName field's value. +func (s *PipelineBlueprintSummary) SetDisplayName(v string) *PipelineBlueprintSummary { + s.DisplayName = &v + return s +} + +// SetService sets the Service field's value. +func (s *PipelineBlueprintSummary) SetService(v string) *PipelineBlueprintSummary { + s.Service = &v + return s +} + +// SetUseCase sets the UseCase field's value. +func (s *PipelineBlueprintSummary) SetUseCase(v string) *PipelineBlueprintSummary { + s.UseCase = &v + return s +} + +// An object representing the destination of a pipeline. +type PipelineDestination struct { + _ struct{} `type:"structure"` + + // The endpoint receiving data from the pipeline. + Endpoint *string `type:"string"` + + // The name of the service receiving data from the pipeline. + ServiceName *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PipelineDestination) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PipelineDestination) GoString() string { + return s.String() +} + +// SetEndpoint sets the Endpoint field's value. +func (s *PipelineDestination) SetEndpoint(v string) *PipelineDestination { + s.Endpoint = &v + return s +} + +// SetServiceName sets the ServiceName field's value. +func (s *PipelineDestination) SetServiceName(v string) *PipelineDestination { + s.ServiceName = &v + return s +} + // Information about a pipeline's current status. type PipelineStatusReason struct { _ struct{} `type:"structure"` @@ -3042,6 +3290,9 @@ type PipelineSummary struct { // The date and time when the pipeline was created. CreatedAt *time.Time `type:"timestamp"` + // A list of destinations to which the pipeline writes data. + Destinations []*PipelineDestination `type:"list"` + // The date and time when the pipeline was last updated. LastUpdatedAt *time.Time `type:"timestamp"` @@ -3091,6 +3342,12 @@ func (s *PipelineSummary) SetCreatedAt(v time.Time) *PipelineSummary { return s } +// SetDestinations sets the Destinations field's value. +func (s *PipelineSummary) SetDestinations(v []*PipelineDestination) *PipelineSummary { + s.Destinations = v + return s +} + // SetLastUpdatedAt sets the LastUpdatedAt field's value. func (s *PipelineSummary) SetLastUpdatedAt(v time.Time) *PipelineSummary { s.LastUpdatedAt = &v @@ -3275,7 +3532,7 @@ type ServiceVpcEndpoint struct { // The name of the service for which a VPC endpoint was created. ServiceName *string `type:"string" enum:"VpcEndpointServiceName"` - // The ID of the VPC endpoint that was created. + // The unique identifier of the VPC endpoint that was created. VpcEndpointId *string `type:"string"` } @@ -4064,6 +4321,63 @@ func (s *ValidationMessage) SetMessage(v string) *ValidationMessage { return s } +// Options for attaching a VPC to pipeline. +type VpcAttachmentOptions struct { + _ struct{} `type:"structure"` + + // Whether a VPC is attached to the pipeline. + // + // AttachToVpc is a required field + AttachToVpc *bool `type:"boolean" required:"true"` + + // The CIDR block to be reserved for OpenSearch Ingestion to create elastic + // network interfaces (ENIs). + CidrBlock *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VpcAttachmentOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VpcAttachmentOptions) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *VpcAttachmentOptions) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "VpcAttachmentOptions"} + if s.AttachToVpc == nil { + invalidParams.Add(request.NewErrParamRequired("AttachToVpc")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAttachToVpc sets the AttachToVpc field's value. +func (s *VpcAttachmentOptions) SetAttachToVpc(v bool) *VpcAttachmentOptions { + s.AttachToVpc = &v + return s +} + +// SetCidrBlock sets the CidrBlock field's value. +func (s *VpcAttachmentOptions) SetCidrBlock(v string) *VpcAttachmentOptions { + s.CidrBlock = &v + return s +} + // An OpenSearch Ingestion-managed VPC endpoint that will access one or more // pipelines. type VpcEndpoint struct { @@ -4128,6 +4442,9 @@ type VpcOptions struct { // // SubnetIds is a required field SubnetIds []*string `min:"1" type:"list" required:"true"` + + // Options for attaching a VPC to a pipeline. + VpcAttachmentOptions *VpcAttachmentOptions `type:"structure"` } // String returns the string representation. @@ -4160,6 +4477,11 @@ func (s *VpcOptions) Validate() error { if s.SubnetIds != nil && len(s.SubnetIds) < 1 { invalidParams.Add(request.NewErrParamMinLen("SubnetIds", 1)) } + if s.VpcAttachmentOptions != nil { + if err := s.VpcAttachmentOptions.Validate(); err != nil { + invalidParams.AddNested("VpcAttachmentOptions", err.(request.ErrInvalidParams)) + } + } if invalidParams.Len() > 0 { return invalidParams @@ -4179,6 +4501,12 @@ func (s *VpcOptions) SetSubnetIds(v []*string) *VpcOptions { return s } +// SetVpcAttachmentOptions sets the VpcAttachmentOptions field's value. +func (s *VpcOptions) SetVpcAttachmentOptions(v *VpcAttachmentOptions) *VpcOptions { + s.VpcAttachmentOptions = v + return s +} + const ( // ChangeProgressStageStatusesPending is a ChangeProgressStageStatuses enum value ChangeProgressStageStatusesPending = "PENDING" diff --git a/service/osis/errors.go b/service/osis/errors.go index 48f6b52904d..d108b26feb7 100644 --- a/service/osis/errors.go +++ b/service/osis/errors.go @@ -20,6 +20,12 @@ const ( // The client attempted to remove a resource that is currently in use. ErrCodeConflictException = "ConflictException" + // ErrCodeDisabledOperationException for service response error code + // "DisabledOperationException". + // + // Exception is thrown when an operation has been disabled. + ErrCodeDisabledOperationException = "DisabledOperationException" + // ErrCodeInternalException for service response error code // "InternalException". // @@ -61,6 +67,7 @@ const ( var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{ "AccessDeniedException": newErrorAccessDeniedException, "ConflictException": newErrorConflictException, + "DisabledOperationException": newErrorDisabledOperationException, "InternalException": newErrorInternalException, "InvalidPaginationTokenException": newErrorInvalidPaginationTokenException, "LimitExceededException": newErrorLimitExceededException, diff --git a/service/rds/api.go b/service/rds/api.go index 09374e00d54..7481b7b48a7 100644 --- a/service/rds/api.go +++ b/service/rds/api.go @@ -22005,14 +22005,17 @@ type CreateDBClusterInput struct { // Valid for Cluster Type: Multi-AZ DB clusters only AutoMinorVersionUpgrade *bool `type:"boolean"` - // A list of Availability Zones (AZs) where DB instances in the DB cluster can - // be created. + // A list of Availability Zones (AZs) where you specifically want to create + // DB instances in the DB cluster. // - // For information on Amazon Web Services Regions and Availability Zones, see - // Choosing the Regions and Availability Zones (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.RegionsAndAvailabilityZones.html) + // For information on AZs, see Availability Zones (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.RegionsAndAvailabilityZones.html#Concepts.RegionsAndAvailabilityZones.AvailabilityZones) // in the Amazon Aurora User Guide. // // Valid for Cluster Type: Aurora DB clusters only + // + // Constraints: + // + // * Can't specify more than three AZs. AvailabilityZones []*string `locationNameList:"AvailabilityZone" type:"list"` // The target backtrack window, in seconds. To disable backtracking, set this @@ -22248,11 +22251,50 @@ type CreateDBClusterInput struct { // // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters // - // Valid Values: aurora-mysql | aurora-postgresql | mysql | postgres + // Valid Values: + // + // * aurora-mysql + // + // * aurora-postgresql + // + // * mysql + // + // * postgres + // + // * neptune - For information about using Amazon Neptune, see the Amazon + // Neptune User Guide (https://docs.aws.amazon.com/neptune/latest/userguide/intro.html). // // Engine is a required field Engine *string `type:"string" required:"true"` + // The life cycle type for this DB cluster. + // + // By default, this value is set to open-source-rds-extended-support, which + // enrolls your DB cluster into Amazon RDS Extended Support. At the end of standard + // support, you can avoid charges for Extended Support by setting the value + // to open-source-rds-extended-support-disabled. In this case, creating the + // DB cluster will fail if the DB major version is past its end of standard + // support date. + // + // You can use this setting to enroll your DB cluster into Amazon RDS Extended + // Support. With RDS Extended Support, you can run the selected major engine + // version on your DB cluster past the end of standard support for that engine + // version. For more information, see the following sections: + // + // * Amazon Aurora (PostgreSQL only) - Using Amazon RDS Extended Support + // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/extended-support.html) + // in the Amazon Aurora User Guide + // + // * Amazon RDS - Using Amazon RDS Extended Support (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/extended-support.html) + // in the Amazon RDS User Guide + // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + // + // Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled + // + // Default: open-source-rds-extended-support + EngineLifecycleSupport *string `type:"string"` + // The DB engine mode of the DB cluster, either provisioned or serverless. // // The serverless engine mode only applies for Aurora Serverless v1 DB clusters. @@ -22900,6 +22942,12 @@ func (s *CreateDBClusterInput) SetEngine(v string) *CreateDBClusterInput { return s } +// SetEngineLifecycleSupport sets the EngineLifecycleSupport field's value. +func (s *CreateDBClusterInput) SetEngineLifecycleSupport(v string) *CreateDBClusterInput { + s.EngineLifecycleSupport = &v + return s +} + // SetEngineMode sets the EngineMode field's value. func (s *CreateDBClusterInput) SetEngineMode(v string) *CreateDBClusterInput { s.EngineMode = &v @@ -24008,6 +24056,29 @@ type CreateDBInstanceInput struct { // Engine is a required field Engine *string `type:"string" required:"true"` + // The life cycle type for this DB instance. + // + // By default, this value is set to open-source-rds-extended-support, which + // enrolls your DB instance into Amazon RDS Extended Support. At the end of + // standard support, you can avoid charges for Extended Support by setting the + // value to open-source-rds-extended-support-disabled. In this case, creating + // the DB instance will fail if the DB major version is past its end of standard + // support date. + // + // This setting applies only to RDS for MySQL and RDS for PostgreSQL. For Amazon + // Aurora DB instances, the life cycle type is managed by the DB cluster. + // + // You can use this setting to enroll your DB instance into Amazon RDS Extended + // Support. With RDS Extended Support, you can run the selected major engine + // version on your DB instance past the end of standard support for that engine + // version. For more information, see Using Amazon RDS Extended Support (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/extended-support.html) + // in the Amazon RDS User Guide. + // + // Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled + // + // Default: open-source-rds-extended-support + EngineLifecycleSupport *string `type:"string"` + // The version number of the database engine to use. // // This setting doesn't apply to Amazon Aurora DB instances. The version number @@ -24718,6 +24789,12 @@ func (s *CreateDBInstanceInput) SetEngine(v string) *CreateDBInstanceInput { return s } +// SetEngineLifecycleSupport sets the EngineLifecycleSupport field's value. +func (s *CreateDBInstanceInput) SetEngineLifecycleSupport(v string) *CreateDBInstanceInput { + s.EngineLifecycleSupport = &v + return s +} + // SetEngineVersion sets the EngineVersion field's value. func (s *CreateDBInstanceInput) SetEngineVersion(v string) *CreateDBInstanceInput { s.EngineVersion = &v @@ -27050,8 +27127,9 @@ type CreateEventSubscriptionInput struct { // to db-instance. For RDS Proxy events, specify db-proxy. If this value isn't // specified, all events are returned. // - // Valid Values: db-instance | db-cluster | db-parameter-group | db-security-group - // | db-snapshot | db-cluster-snapshot | db-proxy + // Valid Values:db-instance | db-cluster | db-parameter-group | db-security-group + // | db-snapshot | db-cluster-snapshot | db-proxy | zero-etl | custom-engine-version + // | blue-green-deployment SourceType *string `type:"string"` // The name of the subscription. @@ -27202,6 +27280,29 @@ type CreateGlobalClusterInput struct { // case, Amazon Aurora uses the engine of the source DB cluster. Engine *string `type:"string"` + // The life cycle type for this global database cluster. + // + // By default, this value is set to open-source-rds-extended-support, which + // enrolls your global cluster into Amazon RDS Extended Support. At the end + // of standard support, you can avoid charges for Extended Support by setting + // the value to open-source-rds-extended-support-disabled. In this case, creating + // the global cluster will fail if the DB major version is past its end of standard + // support date. + // + // This setting only applies to Aurora PostgreSQL-based global databases. + // + // You can use this setting to enroll your global cluster into Amazon RDS Extended + // Support. With RDS Extended Support, you can run the selected major engine + // version on your global cluster past the end of standard support for that + // engine version. For more information, see Using Amazon RDS Extended Support + // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/extended-support.html) + // in the Amazon Aurora User Guide. + // + // Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled + // + // Default: open-source-rds-extended-support + EngineLifecycleSupport *string `type:"string"` + // The engine version to use for this global database cluster. // // Constraints: @@ -27276,6 +27377,12 @@ func (s *CreateGlobalClusterInput) SetEngine(v string) *CreateGlobalClusterInput return s } +// SetEngineLifecycleSupport sets the EngineLifecycleSupport field's value. +func (s *CreateGlobalClusterInput) SetEngineLifecycleSupport(v string) *CreateGlobalClusterInput { + s.EngineLifecycleSupport = &v + return s +} + // SetEngineVersion sets the EngineVersion field's value. func (s *CreateGlobalClusterInput) SetEngineVersion(v string) *CreateGlobalClusterInput { s.EngineVersion = &v @@ -28171,6 +28278,11 @@ type DBCluster struct { // The database engine used for this DB cluster. Engine *string `type:"string"` + // The life cycle type for the DB cluster. + // + // For more information, see CreateDBCluster. + EngineLifecycleSupport *string `type:"string"` + // The DB engine mode of the DB cluster, either provisioned or serverless. // // For more information, see CreateDBCluster (https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBCluster.html). @@ -28650,6 +28762,12 @@ func (s *DBCluster) SetEngine(v string) *DBCluster { return s } +// SetEngineLifecycleSupport sets the EngineLifecycleSupport field's value. +func (s *DBCluster) SetEngineLifecycleSupport(v string) *DBCluster { + s.EngineLifecycleSupport = &v + return s +} + // SetEngineMode sets the EngineMode field's value. func (s *DBCluster) SetEngineMode(v string) *DBCluster { s.EngineMode = &v @@ -30601,6 +30719,11 @@ type DBInstance struct { // The database engine used for this DB instance. Engine *string `type:"string"` + // The life cycle type for the DB instance. + // + // For more information, see CreateDBInstance. + EngineLifecycleSupport *string `type:"string"` + // The version of the database engine. EngineVersion *string `type:"string"` @@ -31089,6 +31212,12 @@ func (s *DBInstance) SetEngine(v string) *DBInstance { return s } +// SetEngineLifecycleSupport sets the EngineLifecycleSupport field's value. +func (s *DBInstance) SetEngineLifecycleSupport(v string) *DBInstance { + s.EngineLifecycleSupport = &v + return s +} + // SetEngineVersion sets the EngineVersion field's value. func (s *DBInstance) SetEngineVersion(v string) *DBInstance { s.EngineVersion = &v @@ -45050,6 +45179,11 @@ type GlobalCluster struct { // The Aurora database engine used by the global database cluster. Engine *string `type:"string"` + // The life cycle type for the global cluster. + // + // For more information, see CreateGlobalCluster. + EngineLifecycleSupport *string `type:"string"` + // Indicates the database engine version. EngineVersion *string `type:"string"` @@ -45118,6 +45252,12 @@ func (s *GlobalCluster) SetEngine(v string) *GlobalCluster { return s } +// SetEngineLifecycleSupport sets the EngineLifecycleSupport field's value. +func (s *GlobalCluster) SetEngineLifecycleSupport(v string) *GlobalCluster { + s.EngineLifecycleSupport = &v + return s +} + // SetEngineVersion sets the EngineVersion field's value. func (s *GlobalCluster) SetEngineVersion(v string) *GlobalCluster { s.EngineVersion = &v @@ -50598,8 +50738,9 @@ type ModifyEventSubscriptionInput struct { // to db-instance. For RDS Proxy events, specify db-proxy. If this value isn't // specified, all events are returned. // - // Valid Values: db-instance | db-cluster | db-parameter-group | db-security-group - // | db-snapshot | db-cluster-snapshot | db-proxy + // Valid Values:db-instance | db-cluster | db-parameter-group | db-security-group + // | db-snapshot | db-cluster-snapshot | db-proxy | zero-etl | custom-engine-version + // | blue-green-deployment SourceType *string `type:"string"` // The name of the RDS event notification subscription. @@ -52708,7 +52849,11 @@ type PendingMaintenanceAction struct { _ struct{} `type:"structure"` // The type of pending maintenance action that is available for the resource. - // Valid actions are system-update, db-upgrade, hardware-maintenance, and ca-certificate-rotation. + // + // For more information about maintenance actions, see Maintaining a DB instance + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html). + // + // Valid Values:system-update | db-upgrade | hardware-maintenance | ca-certificate-rotation Action *string `type:"string"` // The date of the maintenance window when the action is applied. The maintenance @@ -55584,6 +55729,34 @@ type RestoreDBClusterFromS3Input struct { // Engine is a required field Engine *string `type:"string" required:"true"` + // The life cycle type for this DB cluster. + // + // By default, this value is set to open-source-rds-extended-support, which + // enrolls your DB cluster into Amazon RDS Extended Support. At the end of standard + // support, you can avoid charges for Extended Support by setting the value + // to open-source-rds-extended-support-disabled. In this case, RDS automatically + // upgrades your restored DB cluster to a higher engine version, if the major + // engine version is past its end of standard support date. + // + // You can use this setting to enroll your DB cluster into Amazon RDS Extended + // Support. With RDS Extended Support, you can run the selected major engine + // version on your DB cluster past the end of standard support for that engine + // version. For more information, see the following sections: + // + // * Amazon Aurora (PostgreSQL only) - Using Amazon RDS Extended Support + // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/extended-support.html) + // in the Amazon Aurora User Guide + // + // * Amazon RDS - Using Amazon RDS Extended Support (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/extended-support.html) + // in the Amazon RDS User Guide + // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + // + // Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled + // + // Default: open-source-rds-extended-support + EngineLifecycleSupport *string `type:"string"` + // The version number of the database engine to use. // // To list all of the available engine versions for aurora-mysql (Aurora MySQL), @@ -55932,6 +56105,12 @@ func (s *RestoreDBClusterFromS3Input) SetEngine(v string) *RestoreDBClusterFromS return s } +// SetEngineLifecycleSupport sets the EngineLifecycleSupport field's value. +func (s *RestoreDBClusterFromS3Input) SetEngineLifecycleSupport(v string) *RestoreDBClusterFromS3Input { + s.EngineLifecycleSupport = &v + return s +} + // SetEngineVersion sets the EngineVersion field's value. func (s *RestoreDBClusterFromS3Input) SetEngineVersion(v string) *RestoreDBClusterFromS3Input { s.EngineVersion = &v @@ -56272,6 +56451,34 @@ type RestoreDBClusterFromSnapshotInput struct { // Engine is a required field Engine *string `type:"string" required:"true"` + // The life cycle type for this DB cluster. + // + // By default, this value is set to open-source-rds-extended-support, which + // enrolls your DB cluster into Amazon RDS Extended Support. At the end of standard + // support, you can avoid charges for Extended Support by setting the value + // to open-source-rds-extended-support-disabled. In this case, RDS automatically + // upgrades your restored DB cluster to a higher engine version, if the major + // engine version is past its end of standard support date. + // + // You can use this setting to enroll your DB cluster into Amazon RDS Extended + // Support. With RDS Extended Support, you can run the selected major engine + // version on your DB cluster past the end of standard support for that engine + // version. For more information, see the following sections: + // + // * Amazon Aurora (PostgreSQL only) - Using Amazon RDS Extended Support + // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/extended-support.html) + // in the Amazon Aurora User Guide + // + // * Amazon RDS - Using Amazon RDS Extended Support (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/extended-support.html) + // in the Amazon RDS User Guide + // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + // + // Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled + // + // Default: open-source-rds-extended-support + EngineLifecycleSupport *string `type:"string"` + // The DB engine mode of the DB cluster, either provisioned or serverless. // // For more information, see CreateDBCluster (https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBCluster.html). @@ -56602,6 +56809,12 @@ func (s *RestoreDBClusterFromSnapshotInput) SetEngine(v string) *RestoreDBCluste return s } +// SetEngineLifecycleSupport sets the EngineLifecycleSupport field's value. +func (s *RestoreDBClusterFromSnapshotInput) SetEngineLifecycleSupport(v string) *RestoreDBClusterFromSnapshotInput { + s.EngineLifecycleSupport = &v + return s +} + // SetEngineMode sets the EngineMode field's value. func (s *RestoreDBClusterFromSnapshotInput) SetEngineMode(v string) *RestoreDBClusterFromSnapshotInput { s.EngineMode = &v @@ -56881,6 +57094,34 @@ type RestoreDBClusterToPointInTimeInput struct { // Valid for: Aurora DB clusters only EnableIAMDatabaseAuthentication *bool `type:"boolean"` + // The life cycle type for this DB cluster. + // + // By default, this value is set to open-source-rds-extended-support, which + // enrolls your DB cluster into Amazon RDS Extended Support. At the end of standard + // support, you can avoid charges for Extended Support by setting the value + // to open-source-rds-extended-support-disabled. In this case, RDS automatically + // upgrades your restored DB cluster to a higher engine version, if the major + // engine version is past its end of standard support date. + // + // You can use this setting to enroll your DB cluster into Amazon RDS Extended + // Support. With RDS Extended Support, you can run the selected major engine + // version on your DB cluster past the end of standard support for that engine + // version. For more information, see the following sections: + // + // * Amazon Aurora (PostgreSQL only) - Using Amazon RDS Extended Support + // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/extended-support.html) + // in the Amazon Aurora User Guide + // + // * Amazon RDS - Using Amazon RDS Extended Support (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/extended-support.html) + // in the Amazon RDS User Guide + // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + // + // Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled + // + // Default: open-source-rds-extended-support + EngineLifecycleSupport *string `type:"string"` + // The engine mode of the new cluster. Specify provisioned or serverless, depending // on the type of the cluster you are creating. You can create an Aurora Serverless // v1 clone from a provisioned cluster, or a provisioned clone from an Aurora @@ -57189,6 +57430,12 @@ func (s *RestoreDBClusterToPointInTimeInput) SetEnableIAMDatabaseAuthentication( return s } +// SetEngineLifecycleSupport sets the EngineLifecycleSupport field's value. +func (s *RestoreDBClusterToPointInTimeInput) SetEngineLifecycleSupport(v string) *RestoreDBClusterToPointInTimeInput { + s.EngineLifecycleSupport = &v + return s +} + // SetEngineMode sets the EngineMode field's value. func (s *RestoreDBClusterToPointInTimeInput) SetEngineMode(v string) *RestoreDBClusterToPointInTimeInput { s.EngineMode = &v @@ -57658,6 +57905,29 @@ type RestoreDBInstanceFromDBSnapshotInput struct { // * sqlserver-web Engine *string `type:"string"` + // The life cycle type for this DB instance. + // + // By default, this value is set to open-source-rds-extended-support, which + // enrolls your DB instance into Amazon RDS Extended Support. At the end of + // standard support, you can avoid charges for Extended Support by setting the + // value to open-source-rds-extended-support-disabled. In this case, RDS automatically + // upgrades your restored DB instance to a higher engine version, if the major + // engine version is past its end of standard support date. + // + // You can use this setting to enroll your DB instance into Amazon RDS Extended + // Support. With RDS Extended Support, you can run the selected major engine + // version on your DB instance past the end of standard support for that engine + // version. For more information, see Using Amazon RDS Extended Support (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/extended-support.html) + // in the Amazon RDS User Guide. + // + // This setting applies only to RDS for MySQL and RDS for PostgreSQL. For Amazon + // Aurora DB instances, the life cycle type is managed by the DB cluster. + // + // Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled + // + // Default: open-source-rds-extended-support + EngineLifecycleSupport *string `type:"string"` + // Specifies the amount of provisioned IOPS for the DB instance, expressed in // I/O operations per second. If this parameter isn't specified, the IOPS value // is taken from the backup. If this parameter is set to 0, the new instance @@ -57971,6 +58241,12 @@ func (s *RestoreDBInstanceFromDBSnapshotInput) SetEngine(v string) *RestoreDBIns return s } +// SetEngineLifecycleSupport sets the EngineLifecycleSupport field's value. +func (s *RestoreDBInstanceFromDBSnapshotInput) SetEngineLifecycleSupport(v string) *RestoreDBInstanceFromDBSnapshotInput { + s.EngineLifecycleSupport = &v + return s +} + // SetIops sets the Iops field's value. func (s *RestoreDBInstanceFromDBSnapshotInput) SetIops(v int64) *RestoreDBInstanceFromDBSnapshotInput { s.Iops = &v @@ -58233,6 +58509,29 @@ type RestoreDBInstanceFromS3Input struct { // Engine is a required field Engine *string `type:"string" required:"true"` + // The life cycle type for this DB instance. + // + // By default, this value is set to open-source-rds-extended-support, which + // enrolls your DB instance into Amazon RDS Extended Support. At the end of + // standard support, you can avoid charges for Extended Support by setting the + // value to open-source-rds-extended-support-disabled. In this case, RDS automatically + // upgrades your restored DB instance to a higher engine version, if the major + // engine version is past its end of standard support date. + // + // You can use this setting to enroll your DB instance into Amazon RDS Extended + // Support. With RDS Extended Support, you can run the selected major engine + // version on your DB instance past the end of standard support for that engine + // version. For more information, see Using Amazon RDS Extended Support (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/extended-support.html) + // in the Amazon RDS User Guide. + // + // This setting applies only to RDS for MySQL and RDS for PostgreSQL. For Amazon + // Aurora DB instances, the life cycle type is managed by the DB cluster. + // + // Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled + // + // Default: open-source-rds-extended-support + EngineLifecycleSupport *string `type:"string"` + // The version number of the database engine to use. Choose the latest minor // version of your database engine. For information about engine versions, see // CreateDBInstance, or call DescribeDBEngineVersions. @@ -58699,6 +58998,12 @@ func (s *RestoreDBInstanceFromS3Input) SetEngine(v string) *RestoreDBInstanceFro return s } +// SetEngineLifecycleSupport sets the EngineLifecycleSupport field's value. +func (s *RestoreDBInstanceFromS3Input) SetEngineLifecycleSupport(v string) *RestoreDBInstanceFromS3Input { + s.EngineLifecycleSupport = &v + return s +} + // SetEngineVersion sets the EngineVersion field's value. func (s *RestoreDBInstanceFromS3Input) SetEngineVersion(v string) *RestoreDBInstanceFromS3Input { s.EngineVersion = &v @@ -59197,6 +59502,29 @@ type RestoreDBInstanceToPointInTimeInput struct { // * Must be compatible with the engine of the source. Engine *string `type:"string"` + // The life cycle type for this DB instance. + // + // By default, this value is set to open-source-rds-extended-support, which + // enrolls your DB instance into Amazon RDS Extended Support. At the end of + // standard support, you can avoid charges for Extended Support by setting the + // value to open-source-rds-extended-support-disabled. In this case, RDS automatically + // upgrades your restored DB instance to a higher engine version, if the major + // engine version is past its end of standard support date. + // + // You can use this setting to enroll your DB instance into Amazon RDS Extended + // Support. With RDS Extended Support, you can run the selected major engine + // version on your DB instance past the end of standard support for that engine + // version. For more information, see Using Amazon RDS Extended Support (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/extended-support.html) + // in the Amazon RDS User Guide. + // + // This setting applies only to RDS for MySQL and RDS for PostgreSQL. For Amazon + // Aurora DB instances, the life cycle type is managed by the DB cluster. + // + // Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled + // + // Default: open-source-rds-extended-support + EngineLifecycleSupport *string `type:"string"` + // The amount of Provisioned IOPS (input/output operations per second) to initially // allocate for the DB instance. // @@ -59555,6 +59883,12 @@ func (s *RestoreDBInstanceToPointInTimeInput) SetEngine(v string) *RestoreDBInst return s } +// SetEngineLifecycleSupport sets the EngineLifecycleSupport field's value. +func (s *RestoreDBInstanceToPointInTimeInput) SetEngineLifecycleSupport(v string) *RestoreDBInstanceToPointInTimeInput { + s.EngineLifecycleSupport = &v + return s +} + // SetIops sets the Iops field's value. func (s *RestoreDBInstanceToPointInTimeInput) SetIops(v int64) *RestoreDBInstanceToPointInTimeInput { s.Iops = &v @@ -62339,6 +62673,8 @@ type UpgradeTarget struct { // Indicates whether the target version is applied to any source DB instances // that have AutoMinorVersionUpgrade set to true. + // + // This parameter is dynamic, and is set by RDS. AutoUpgrade *bool `type:"boolean"` // The version of the database engine that a DB instance can be upgraded to. diff --git a/service/secretsmanager/api.go b/service/secretsmanager/api.go index f4b1d874f7c..97c1ac7b74d 100644 --- a/service/secretsmanager/api.go +++ b/service/secretsmanager/api.go @@ -4054,8 +4054,7 @@ type DescribeSecretOutput struct { // * InSync, which indicates that the replica was created. ReplicationStatus []*ReplicationStatusType `type:"list"` - // Specifies whether automatic rotation is turned on for this secret. If the - // secret has never been configured for rotation, Secrets Manager returns null. + // Specifies whether automatic rotation is turned on for this secret. // // To turn on rotation, use RotateSecret. To turn off rotation, use CancelRotateSecret. RotationEnabled *bool `type:"boolean"` @@ -4620,8 +4619,7 @@ func (s *GetResourcePolicyOutput) SetResourcePolicy(v string) *GetResourcePolicy type GetSecretValueInput struct { _ struct{} `type:"structure"` - // The ARN or name of the secret to retrieve. To retrieve a secret from another - // account, you must use an ARN. + // The ARN or name of the secret to retrieve. // // For an ARN, we recommend that you specify a complete ARN rather than a partial // ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen). @@ -6600,7 +6598,7 @@ type RotateSecretInput struct { // // For secrets that use a Lambda rotation function to rotate, if you don't immediately // rotate the secret, Secrets Manager tests the rotation configuration by running - // the testSecret step (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_lambda-functions.html#rotate-secrets_lambda-functions-code) + // the testSecret step (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html) // of the Lambda rotation function. The test creates an AWSPENDING version of // the secret and then removes it. // @@ -7925,8 +7923,7 @@ type ValidateResourcePolicyInput struct { // ResourcePolicy is a required field ResourcePolicy *string `min:"1" type:"string" required:"true"` - // The ARN or name of the secret with the resource-based policy you want to - // validate. + // This field is reserved for internal use. SecretId *string `min:"1" type:"string"` }