Gets the latest analytics data for all your current active assessments.
", "GetInsightsByAssessment": "Gets the latest analytics data for a specific active assessment.
", "GetOrganizationAdminAccount": "Gets the name of the delegated Amazon Web Services administrator account for a specified organization.
", - "GetServicesInScope": "Gets a list of all of the Amazon Web Services that you can choose to include in your assessment. When you create an assessment, specify which of these services you want to include to narrow the assessment's scope.
", + "GetServicesInScope": "Gets a list of the Amazon Web Services from which Audit Manager can collect evidence.
Audit Manager defines which Amazon Web Services are in scope for an assessment. Audit Manager infers this scope by examining the assessment’s controls and their data sources, and then mapping this information to one or more of the corresponding Amazon Web Services that are in this list.
For information about why it's no longer possible to specify services in scope manually, see I can't edit the services in scope for my assessment in the Troubleshooting section of the Audit Manager user guide.
Gets the settings for a specified Amazon Web Services account.
", "ListAssessmentControlInsightsByControlDomain": "Lists the latest analytics data for controls within a specific control domain and a specific active assessment.
Control insights are listed only if the control belongs to the control domain and assessment that was specified. Moreover, the control must have collected evidence on the lastUpdated date of controlInsightsByAssessment. If neither of these conditions are met, no data is listed for that control.
Returns a list of sent or received share requests for custom frameworks in Audit Manager.
", "ListAssessmentFrameworks": "Returns a list of the frameworks that are available in the Audit Manager framework library.
", "ListAssessmentReports": "Returns a list of assessment reports created in Audit Manager.
", "ListAssessments": "Returns a list of current and past assessments from Audit Manager.
", - "ListControlDomainInsights": "Lists the latest analytics data for control domains across all of your active assessments.
A control domain is listed only if at least one of the controls within that domain collected evidence on the lastUpdated date of controlDomainInsights. If this condition isn’t met, no data is listed for that control domain.
Lists analytics data for control domains within a specified active assessment.
A control domain is listed only if at least one of the controls within that domain collected evidence on the lastUpdated date of controlDomainInsights. If this condition isn’t met, no data is listed for that domain.
Lists the latest analytics data for control domains across all of your active assessments.
Audit Manager supports the control domains that are provided by Amazon Web Services Control Catalog. For information about how to find a list of available control domains, see ListDomains in the Amazon Web Services Control Catalog API Reference.
A control domain is listed only if at least one of the controls within that domain collected evidence on the lastUpdated date of controlDomainInsights. If this condition isn’t met, no data is listed for that control domain.
Lists analytics data for control domains within a specified active assessment.
Audit Manager supports the control domains that are provided by Amazon Web Services Control Catalog. For information about how to find a list of available control domains, see ListDomains in the Amazon Web Services Control Catalog API Reference.
A control domain is listed only if at least one of the controls within that domain collected evidence on the lastUpdated date of controlDomainInsights. If this condition isn’t met, no data is listed for that domain.
Lists the latest analytics data for controls within a specific control domain across all active assessments.
Control insights are listed only if the control belongs to the control domain that was specified and the control collected evidence on the lastUpdated date of controlInsightsMetadata. If neither of these conditions are met, no data is listed for that control.
Returns a list of controls from Audit Manager.
", - "ListKeywordsForDataSource": "Returns a list of keywords that are pre-mapped to the specified control data source.
", + "ListKeywordsForDataSource": "Returns a list of keywords that are pre-mapped to the specified control data source.
", "ListNotifications": "Returns a list of all Audit Manager notifications.
", "ListTagsForResource": "Returns a list of tags for the specified resource in Audit Manager.
", "RegisterAccount": "Enables Audit Manager for the specified Amazon Web Services account.
", @@ -96,7 +96,7 @@ "AWSServices": { "base": null, "refs": { - "Scope$awsServices": "The Amazon Web Services services that are included in the scope of the assessment.
" + "Scope$awsServices": "The Amazon Web Services services that are included in the scope of the assessment.
This API parameter is no longer supported. If you use this parameter to specify one or more Amazon Web Services, Audit Manager ignores this input. Instead, the value for awsServices will show as empty.
The name of the updated control set that the UpdateControl API returned.
A filter that narrows the list of controls to a specific resource from the Amazon Web Services Control Catalog.
To use this parameter, specify the ARN of the Control Catalog resource. You can specify either a control domain, a control objective, or a common control. For information about how to find the ARNs for these resources, see ListDomains , ListObjectives , and ListCommonControls .
You can only filter by one Control Catalog resource at a time. Specifying multiple resource ARNs isn’t currently supported. If you want to filter by more than one ARN, we recommend that you run the ListControls operation separately for each ARN.
Alternatively, specify UNCATEGORIZED to list controls that aren't mapped to a Control Catalog resource. For example, this operation might return a list of custom controls that don't belong to any control domain or control objective.
A comment that's posted by a user on a control. This includes the author's name, the comment text, and a timestamp.
", "refs": { @@ -544,6 +550,16 @@ "UpdateControlRequest$description": "The optional description of the control.
" } }, + "ControlDomainId": { + "base": null, + "refs": { + "ControlDomainInsights$id": "The unique identifier for the control domain. Audit Manager supports the control domains that are provided by Amazon Web Services Control Catalog. For information about how to find a list of available control domains, see ListDomains in the Amazon Web Services Control Catalog API Reference.
The unique identifier for the assessment control.
", + "ControlInsightsMetadataItem$id": "The unique identifier for the control.
", + "ListAssessmentControlInsightsByControlDomainRequest$controlDomainId": "The unique identifier for the control domain.
Audit Manager supports the control domains that are provided by Amazon Web Services Control Catalog. For information about how to find a list of available control domains, see ListDomains in the Amazon Web Services Control Catalog API Reference.
The unique identifier for the control domain.
Audit Manager supports the control domains that are provided by Amazon Web Services Control Catalog. For information about how to find a list of available control domains, see ListDomains in the Amazon Web Services Control Catalog API Reference.
A summary of the latest analytics data for a specific control domain.
Control domain insights are grouped by control domain, and ranked by the highest total count of non-compliant evidence.
", "refs": { @@ -682,6 +698,12 @@ "Framework$controlSources": "The control data sources where Audit Manager collects evidence from.
" } }, + "ControlState": { + "base": null, + "refs": { + "Control$state": "The state of the control. The END_OF_SUPPORT state is applicable to standard controls only. This state indicates that the standard control can still be used to collect evidence, but Audit Manager is no longer updating or maintaining that control.
Specifies whether the control is a standard control or a custom control.
", - "ListControlsRequest$controlType": "The type of control, such as a standard control or a custom control.
" + "ListControlsRequest$controlType": "A filter that narrows the list of controls to a specific type.
" } }, "Controls": { @@ -764,7 +786,7 @@ } }, "CreateControlMappingSource": { - "base": " The control mapping fields that represent the source for evidence collection, along with related parameters and metadata. This doesn't contain mappingID.
The mapping attributes that determine the evidence source for a given control, along with related parameters and metadata. This doesn't contain mappingID.
The user or role that created the framework.
" } }, + "DataSourceType": { + "base": null, + "refs": { + "ListKeywordsForDataSourceRequest$source": "The control mapping data source that the keywords apply to.
" + } + }, "DefaultExportDestination": { "base": "The default s3 bucket where Audit Manager saves the files that you export from evidence finder.
", "refs": { @@ -1373,7 +1401,7 @@ "Keywords": { "base": null, "refs": { - "ListKeywordsForDataSourceResponse$keywords": "The list of keywords for the event mapping source.
" + "ListKeywordsForDataSourceResponse$keywords": "The list of keywords for the control mapping source.
" } }, "KmsKey": { @@ -1559,7 +1587,7 @@ "ListControlDomainInsightsByAssessmentRequest$maxResults": "Represents the maximum number of results on a page or for an API request call.
", "ListControlDomainInsightsRequest$maxResults": "Represents the maximum number of results on a page or for an API request call.
", "ListControlInsightsByControlDomainRequest$maxResults": "Represents the maximum number of results on a page or for an API request call.
", - "ListControlsRequest$maxResults": "Represents the maximum number of results on a page or for an API request call.
", + "ListControlsRequest$maxResults": "The maximum number of results on a page or for an API request call.
", "ListKeywordsForDataSourceRequest$maxResults": "Represents the maximum number of results on a page or for an API request call.
", "ListNotificationsRequest$maxResults": "Represents the maximum number of results on a page or for an API request call.
" } @@ -1569,10 +1597,7 @@ "refs": { "AssessmentControlSet$description": "The description for the control set.
", "ChangeLog$objectName": "The name of the object that changed. This could be the name of an assessment, control, or control set.
", - "ControlDomainInsights$name": "The name of the control domain.
", - "ControlInsightsMetadataByAssessmentItem$name": "The name of the assessment control.
", "ControlInsightsMetadataByAssessmentItem$controlSetName": "The name of the control set that the assessment control belongs to.
", - "ControlInsightsMetadataItem$name": "The name of the control.
", "DelegationMetadata$controlSetName": "Specifies the name of the control set that was delegated for review.
", "EvidenceSources$member": null, "GetEvidenceFileUploadUrlResponse$evidenceFileName": "The name of the uploaded manual evidence file that the presigned URL was generated for.
", @@ -1720,7 +1745,7 @@ } }, "Scope": { - "base": "The wrapper that contains the Amazon Web Services accounts and services that are in scope for the assessment.
", + "base": "The wrapper that contains the Amazon Web Services accounts that are in scope for the assessment.
You no longer need to specify which Amazon Web Services are in scope when you create or update an assessment. Audit Manager infers the services in scope by examining your assessment controls and their data sources, and then mapping this information to the relevant Amazon Web Services.
If an underlying data source changes for your assessment, we automatically update the services scope as needed to reflect the correct Amazon Web Services. This ensures that your assessment collects accurate and comprehensive evidence about all of the relevant services in your AWS environment.
The wrapper of Amazon Web Services accounts and services that are in scope for the assessment.
", "CreateAssessmentRequest$scope": null, @@ -1821,16 +1846,15 @@ "SourceSetUpOption": { "base": null, "refs": { - "ControlMappingSource$sourceSetUpOption": "The setup option for the data source. This option reflects if the evidence collection is automated or manual.
", - "CreateControlMappingSource$sourceSetUpOption": "The setup option for the data source, which reflects if the evidence collection is automated or manual.
" + "ControlMappingSource$sourceSetUpOption": "The setup option for the data source. This option reflects if the evidence collection method is automated or manual. If you don’t provide a value for sourceSetUpOption, Audit Manager automatically infers and populates the correct value based on the sourceType that you specify.
The setup option for the data source. This option reflects if the evidence collection method is automated or manual. If you don’t provide a value for sourceSetUpOption, Audit Manager automatically infers and populates the correct value based on the sourceType that you specify.
Specifies one of the five data source types for evidence collection.
", - "CreateControlMappingSource$sourceType": "Specifies one of the five types of data sources for evidence collection.
", - "ListKeywordsForDataSourceRequest$source": "The control mapping data source that the keywords apply to.
" + "ControlMappingSource$sourceType": "Specifies which type of data source is used to collect evidence.
The source can be an individual data source type, such as AWS_Cloudtrail, AWS_Config, AWS_Security_Hub, AWS_API_Call, or MANUAL.
The source can also be a managed grouping of data sources, such as a Core_Control or a Common_Control.
Specifies which type of data source is used to collect evidence.
The source can be an individual data source type, such as AWS_Cloudtrail, AWS_Config, AWS_Security_Hub, AWS_API_Call, or MANUAL.
The source can also be a managed grouping of data sources, such as a Core_Control or a Common_Control.
The Amazon Web Service that the evidence was collected from.
", "AssessmentEvidenceFolder$author": "The name of the user who created the evidence folder.
", + "ControlDomainInsights$name": "The name of the control domain.
", + "ControlInsightsMetadataByAssessmentItem$name": "The name of the assessment control.
", + "ControlInsightsMetadataItem$name": "The name of the control.
", "Evidence$dataSource": "The data source where the evidence was collected from.
", "Evidence$evidenceByType": "The type of automated evidence.
", "Evidence$complianceCheck": "The evaluation status for automated evidence that falls under the compliance check category.
Audit Manager classes evidence as non-compliant if Security Hub reports a Fail result, or if Config reports a Non-compliant result.
Audit Manager classes evidence as compliant if Security Hub reports a Pass result, or if Config reports a Compliant result.
If a compliance check isn't available or applicable, then no compliance evaluation can be made for that evidence. This is the case if the evidence uses Config or Security Hub as the underlying data source type, but those services aren't enabled. This is also the case if the evidence uses an underlying data source type that doesn't support compliance checks (such as manual evidence, Amazon Web Services API calls, or CloudTrail).
The pagination token that's used to fetch the next set of results.
", "ListControlInsightsByControlDomainRequest$nextToken": "The pagination token that's used to fetch the next set of results.
", "ListControlInsightsByControlDomainResponse$nextToken": "The pagination token that's used to fetch the next set of results.
", - "ListControlsRequest$nextToken": "The pagination token that's used to fetch the next set of results.
", - "ListControlsResponse$nextToken": "The pagination token that's used to fetch the next set of results.
", + "ListControlsRequest$nextToken": "The pagination token that's used to fetch the next set of results.
", + "ListControlsResponse$nextToken": "The pagination token that's used to fetch the next set of results.
", "ListKeywordsForDataSourceRequest$nextToken": "The pagination token that's used to fetch the next set of results.
", "ListKeywordsForDataSourceResponse$nextToken": "The pagination token that's used to fetch the next set of results.
", "ListNotificationsRequest$nextToken": "The pagination token that's used to fetch the next set of results.
", @@ -2047,9 +2074,6 @@ "BatchImportEvidenceToAssessmentControlRequest$assessmentId": "The identifier for the assessment.
", "BatchImportEvidenceToAssessmentControlRequest$controlId": "The identifier for the control.
", "Control$id": "The unique identifier for the control.
", - "ControlDomainInsights$id": "The unique identifier for the control domain.
", - "ControlInsightsMetadataByAssessmentItem$id": "The unique identifier for the assessment control.
", - "ControlInsightsMetadataItem$id": "The unique identifier for the control.
", "ControlMappingSource$sourceId": "The unique identifier for the source.
", "ControlMetadata$id": "The unique identifier for the control.
", "ControlSet$id": "The identifier of the control set in the assessment. This is the control set name in a plain string format.
", @@ -2091,10 +2115,8 @@ "GetEvidenceRequest$evidenceFolderId": "The unique identifier for the folder that the evidence is stored in.
", "GetEvidenceRequest$evidenceId": "The unique identifier for the evidence.
", "GetInsightsByAssessmentRequest$assessmentId": "The unique identifier for the assessment.
", - "ListAssessmentControlInsightsByControlDomainRequest$controlDomainId": "The unique identifier for the control domain.
", "ListAssessmentControlInsightsByControlDomainRequest$assessmentId": "The unique identifier for the active assessment.
", "ListControlDomainInsightsByAssessmentRequest$assessmentId": "The unique identifier for the active assessment.
", - "ListControlInsightsByControlDomainRequest$controlDomainId": "The unique identifier for the control domain.
", "Notification$assessmentId": "The identifier for the assessment.
", "StartAssessmentFrameworkShareRequest$frameworkId": "The unique identifier for the custom framework to be shared.
", "UpdateAssessmentControlRequest$assessmentId": "The unique identifier for the assessment.
", diff --git a/models/apis/auditmanager/2017-07-25/endpoint-rule-set-1.json b/models/apis/auditmanager/2017-07-25/endpoint-rule-set-1.json index b38eb1c9a64..3208bdbf6a1 100644 --- a/models/apis/auditmanager/2017-07-25/endpoint-rule-set-1.json +++ b/models/apis/auditmanager/2017-07-25/endpoint-rule-set-1.json @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff --git a/models/apis/b2bi/2022-06-23/api-2.json b/models/apis/b2bi/2022-06-23/api-2.json index 4ce87ea0b35..3be6b07eba9 100644 --- a/models/apis/b2bi/2022-06-23/api-2.json +++ b/models/apis/b2bi/2022-06-23/api-2.json @@ -2,9 +2,11 @@ "version":"2.0", "metadata":{ "apiVersion":"2022-06-23", + "auth":["aws.auth#sigv4"], "endpointPrefix":"b2bi", "jsonVersion":"1.0", "protocol":"json", + "protocols":["json"], "serviceAbbreviation":"AWS B2BI", "serviceFullName":"AWS B2B Data Interchange", "serviceId":"b2bi", @@ -245,7 +247,13 @@ "requestUri":"/" }, "input":{"shape":"ListCapabilitiesRequest"}, - "output":{"shape":"ListCapabilitiesResponse"} + "output":{"shape":"ListCapabilitiesResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ] }, "ListPartnerships":{ "name":"ListPartnerships", @@ -270,7 +278,13 @@ "requestUri":"/" }, "input":{"shape":"ListProfilesRequest"}, - "output":{"shape":"ListProfilesResponse"} + "output":{"shape":"ListProfilesResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ] }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -293,7 +307,13 @@ "requestUri":"/" }, "input":{"shape":"ListTransformersRequest"}, - "output":{"shape":"ListTransformersResponse"} + "output":{"shape":"ListTransformersResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ] }, "StartTransformerJob":{ "name":"StartTransformerJob", @@ -304,6 +324,7 @@ "input":{"shape":"StartTransformerJobRequest"}, "output":{"shape":"StartTransformerJobResponse"}, "errors":[ + {"shape":"ConflictException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, @@ -569,7 +590,8 @@ "required":[ "profileId", "name", - "email" + "email", + "capabilities" ], "members":{ "profileId":{"shape":"ProfileId"}, diff --git a/models/apis/codepipeline/2015-07-09/api-2.json b/models/apis/codepipeline/2015-07-09/api-2.json index 109b08b0f7e..754823242db 100644 --- a/models/apis/codepipeline/2015-07-09/api-2.json +++ b/models/apis/codepipeline/2015-07-09/api-2.json @@ -11,7 +11,8 @@ "serviceId":"CodePipeline", "signatureVersion":"v4", "targetPrefix":"CodePipeline_20150709", - "uid":"codepipeline-2015-07-09" + "uid":"codepipeline-2015-07-09", + "auth":["aws.auth#sigv4"] }, "operations":{ "AcknowledgeJob":{ @@ -2744,7 +2745,8 @@ "enum":[ "COMMIT_ID", "IMAGE_DIGEST", - "S3_OBJECT_VERSION_ID" + "S3_OBJECT_VERSION_ID", + "S3_OBJECT_KEY" ] }, "StageActionDeclarationList":{ diff --git a/models/apis/codepipeline/2015-07-09/docs-2.json b/models/apis/codepipeline/2015-07-09/docs-2.json index 460c47c740a..06c94964a9b 100644 --- a/models/apis/codepipeline/2015-07-09/docs-2.json +++ b/models/apis/codepipeline/2015-07-09/docs-2.json @@ -20,7 +20,7 @@ "GetThirdPartyJobDetails": "Requests the details of a job for a third party action. Used for partner actions only.
When this API is called, CodePipeline returns temporary credentials for the S3 bucket used to store artifacts for the pipeline, if the action requires access to that S3 bucket for input or output artifacts. This API also returns any secret values defined for the action.
Lists the action executions that have occurred in a pipeline.
", "ListActionTypes": "Gets a summary of all CodePipeline action types associated with your account.
", - "ListPipelineExecutions": "Gets a summary of the most recent executions for a pipeline.
", + "ListPipelineExecutions": "Gets a summary of the most recent executions for a pipeline.
When applying the filter for pipeline executions that have succeeded in the stage, the operation returns all executions in the current pipeline version beginning on February 1, 2024.
Gets a summary of all of the pipelines associated with your account.
", "ListTagsForResource": "Gets the set of key-value pairs (metadata) that are used to manage the resource.
", "ListWebhooks": "Gets a listing of all the webhooks in this Amazon Web Services Region for this account. The output lists all webhooks and includes the webhook URL and ARN and the configuration for each webhook.
", @@ -1283,7 +1283,7 @@ "MaxResults": { "base": null, "refs": { - "ListActionExecutionsInput$maxResults": "The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned nextToken value. Action execution history is retained for up to 12 months, based on action execution start times. Default value is 100.
Detailed execution history is available for executions run on or after February 21, 2019.
The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned nextToken value. Action execution history is retained for up to 12 months, based on action execution start times. Default value is 100.
", "ListPipelineExecutionsInput$maxResults": "The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned nextToken value. Pipeline history is limited to the most recent 12 months, based on pipeline execution start times. Default value is 100.
", "ListTagsForResourceInput$maxResults": "The maximum number of results to return in a single call.
", "ListWebhooksInput$MaxResults": "The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned nextToken value.
" @@ -1929,7 +1929,7 @@ } }, "SourceRevisionOverride": { - "base": "A list that allows you to specify, or override, the source revision for a pipeline execution that's being started. A source revision is the version with all the changes to your application code, or source artifact, for the pipeline execution.
", + "base": "A list that allows you to specify, or override, the source revision for a pipeline execution that's being started. A source revision is the version with all the changes to your application code, or source artifact, for the pipeline execution.
For the S3_OBJECT_VERSION_ID and S3_OBJECT_KEY types of source revisions, either of the types can be used independently, or they can be used together to override the source with a specific ObjectKey and VersionID.
The content of the model card. Content must be in model card JSON schema and provided as a string.
", "DescribeModelCardResponse$Content": "The content of the model card.
", "ModelCard$Content": "The content of the model card. Content uses the model card JSON schema and provided as a string.
", - "ModelPackageModelCard$ModelCardContent": "The content of the model card.
", + "ModelPackageModelCard$ModelCardContent": "The content of the model card. The content must follow the schema described in Model Package Model Card Schema.
", "UpdateModelCardRequest$Content": "The updated model card content. Content must be in model card JSON schema and provided as a string.
When updating model card content, be sure to include the full content and not just updated content.
" } }, @@ -9977,12 +9977,12 @@ } }, "ModelPackageModelCard": { - "base": "The model card associated with the model package. Since ModelPackageModelCard is tied to a model package, it is a specific usage of a model card and its schema is simplified compared to the schema of ModelCard. The ModelPackageModelCard schema does not include model_package_details, and model_overview is composed of the model_creator and model_artifact properties. For more information about the model card associated with the model package, see View the Details of a Model Version.
The model card associated with the model package. Since ModelPackageModelCard is tied to a model package, it is a specific usage of a model card and its schema is simplified compared to the schema of ModelCard. The ModelPackageModelCard schema does not include model_package_details, and model_overview is composed of the model_creator and model_artifact properties. For more information about the model package model card schema, see Model package model card schema. For more information about the model card associated with the model package, see View the Details of a Model Version.
The model card associated with the model package. Since ModelPackageModelCard is tied to a model package, it is a specific usage of a model card and its schema is simplified compared to the schema of ModelCard. The ModelPackageModelCard schema does not include model_package_details, and model_overview is composed of the model_creator and model_artifact properties. For more information about the model card associated with the model package, see View the Details of a Model Version.
The model card associated with the model package. Since ModelPackageModelCard is tied to a model package, it is a specific usage of a model card and its schema is simplified compared to the schema of ModelCard. The ModelPackageModelCard schema does not include model_package_details, and model_overview is composed of the model_creator and model_artifact properties. For more information about the model card associated with the model package, see View the Details of a Model Version.
The model card associated with the model package. Since ModelPackageModelCard is tied to a model package, it is a specific usage of a model card and its schema is simplified compared to the schema of ModelCard. The ModelPackageModelCard schema does not include model_package_details, and model_overview is composed of the model_creator and model_artifact properties. For more information about the model package model card schema, see Model package model card schema. For more information about the model card associated with the model package, see View the Details of a Model Version.
The model card associated with the model package. Since ModelPackageModelCard is tied to a model package, it is a specific usage of a model card and its schema is simplified compared to the schema of ModelCard. The ModelPackageModelCard schema does not include model_package_details, and model_overview is composed of the model_creator and model_artifact properties. For more information about the model package model card schema, see Model package model card schema. For more information about the model card associated with the model package, see View the Details of a Model Version.
The model card associated with the model package. Since ModelPackageModelCard is tied to a model package, it is a specific usage of a model card and its schema is simplified compared to the schema of ModelCard. The ModelPackageModelCard schema does not include model_package_details, and model_overview is composed of the model_creator and model_artifact properties. For more information about the model card associated with the model package, see View the Details of a Model Version.
The model card associated with the model package. Since ModelPackageModelCard is tied to a model package, it is a specific usage of a model card and its schema is simplified compared to the schema of ModelCard. The ModelPackageModelCard schema does not include model_package_details, and model_overview is composed of the model_creator and model_artifact properties. For more information about the model package model card schema, see Model package model card schema. For more information about the model card associated with the model package, see View the Details of a Model Version.
Specifies configuration for a core dump from the model container when the process crashes.
" } }, + "ProductionVariantInferenceAmiVersion": { + "base": null, + "refs": { + "ProductionVariant$InferenceAmiVersion": "Specifies an option from a collection of preconfigured Amazon Machine Image (AMI) images. Each image is configured by Amazon Web Services with a set of software and driver versions. Amazon Web Services optimizes these configurations for different machine learning workloads.
By selecting an AMI version, you can ensure that your inference environment is compatible with specific software requirements, such as CUDA driver versions, Linux kernel versions, or Amazon Web Services Neuron driver versions.
" + } + }, "ProductionVariantInstanceType": { "base": null, "refs": { diff --git a/models/apis/verifiedpermissions/2021-12-01/api-2.json b/models/apis/verifiedpermissions/2021-12-01/api-2.json index 670dd9e6cc3..66992bfa335 100644 --- a/models/apis/verifiedpermissions/2021-12-01/api-2.json +++ b/models/apis/verifiedpermissions/2021-12-01/api-2.json @@ -509,6 +509,17 @@ }, "union":true }, + "Audience":{ + "type":"string", + "max":255, + "min":1 + }, + "Audiences":{ + "type":"list", + "member":{"shape":"Audience"}, + "max":255, + "min":1 + }, "BatchIsAuthorizedInput":{ "type":"structure", "required":[ @@ -624,6 +635,11 @@ "box":true, "sensitive":true }, + "Claim":{ + "type":"string", + "min":1, + "sensitive":true + }, "ClientId":{ "type":"string", "max":255, @@ -696,21 +712,24 @@ "Configuration":{ "type":"structure", "members":{ - "cognitoUserPoolConfiguration":{"shape":"CognitoUserPoolConfiguration"} + "cognitoUserPoolConfiguration":{"shape":"CognitoUserPoolConfiguration"}, + "openIdConnectConfiguration":{"shape":"OpenIdConnectConfiguration"} }, "union":true }, "ConfigurationDetail":{ "type":"structure", "members":{ - "cognitoUserPoolConfiguration":{"shape":"CognitoUserPoolConfigurationDetail"} + "cognitoUserPoolConfiguration":{"shape":"CognitoUserPoolConfigurationDetail"}, + "openIdConnectConfiguration":{"shape":"OpenIdConnectConfigurationDetail"} }, "union":true }, "ConfigurationItem":{ "type":"structure", "members":{ - "cognitoUserPoolConfiguration":{"shape":"CognitoUserPoolConfigurationItem"} + "cognitoUserPoolConfiguration":{"shape":"CognitoUserPoolConfigurationItem"}, + "openIdConnectConfiguration":{"shape":"OpenIdConnectConfigurationItem"} }, "union":true }, @@ -736,7 +755,8 @@ "ContextMap":{ "type":"map", "key":{"shape":"String"}, - "value":{"shape":"AttributeValue"} + "value":{"shape":"AttributeValue"}, + "sensitive":true }, "CreateIdentitySourceInput":{ "type":"structure", @@ -966,6 +986,12 @@ "pattern":".*", "sensitive":true }, + "EntityIdPrefix":{ + "type":"string", + "max":100, + "min":1, + "sensitive":true + }, "EntityIdentifier":{ "type":"structure", "required":[ @@ -1442,15 +1468,151 @@ "min":1, "pattern":"[A-Za-z0-9-_=+/\\.]*" }, + "OpenIdConnectAccessTokenConfiguration":{ + "type":"structure", + "members":{ + "principalIdClaim":{"shape":"Claim"}, + "audiences":{"shape":"Audiences"} + } + }, + "OpenIdConnectAccessTokenConfigurationDetail":{ + "type":"structure", + "members":{ + "principalIdClaim":{"shape":"Claim"}, + "audiences":{"shape":"Audiences"} + } + }, + "OpenIdConnectAccessTokenConfigurationItem":{ + "type":"structure", + "members":{ + "principalIdClaim":{"shape":"Claim"}, + "audiences":{"shape":"Audiences"} + } + }, + "OpenIdConnectConfiguration":{ + "type":"structure", + "required":[ + "issuer", + "tokenSelection" + ], + "members":{ + "issuer":{"shape":"Issuer"}, + "entityIdPrefix":{"shape":"EntityIdPrefix"}, + "groupConfiguration":{"shape":"OpenIdConnectGroupConfiguration"}, + "tokenSelection":{"shape":"OpenIdConnectTokenSelection"} + } + }, + "OpenIdConnectConfigurationDetail":{ + "type":"structure", + "required":[ + "issuer", + "tokenSelection" + ], + "members":{ + "issuer":{"shape":"Issuer"}, + "entityIdPrefix":{"shape":"EntityIdPrefix"}, + "groupConfiguration":{"shape":"OpenIdConnectGroupConfigurationDetail"}, + "tokenSelection":{"shape":"OpenIdConnectTokenSelectionDetail"} + } + }, + "OpenIdConnectConfigurationItem":{ + "type":"structure", + "required":[ + "issuer", + "tokenSelection" + ], + "members":{ + "issuer":{"shape":"Issuer"}, + "entityIdPrefix":{"shape":"EntityIdPrefix"}, + "groupConfiguration":{"shape":"OpenIdConnectGroupConfigurationItem"}, + "tokenSelection":{"shape":"OpenIdConnectTokenSelectionItem"} + } + }, + "OpenIdConnectGroupConfiguration":{ + "type":"structure", + "required":[ + "groupClaim", + "groupEntityType" + ], + "members":{ + "groupClaim":{"shape":"Claim"}, + "groupEntityType":{"shape":"GroupEntityType"} + } + }, + "OpenIdConnectGroupConfigurationDetail":{ + "type":"structure", + "required":[ + "groupClaim", + "groupEntityType" + ], + "members":{ + "groupClaim":{"shape":"Claim"}, + "groupEntityType":{"shape":"GroupEntityType"} + } + }, + "OpenIdConnectGroupConfigurationItem":{ + "type":"structure", + "required":[ + "groupClaim", + "groupEntityType" + ], + "members":{ + "groupClaim":{"shape":"Claim"}, + "groupEntityType":{"shape":"GroupEntityType"} + } + }, + "OpenIdConnectIdentityTokenConfiguration":{ + "type":"structure", + "members":{ + "principalIdClaim":{"shape":"Claim"}, + "clientIds":{"shape":"ClientIds"} + } + }, + "OpenIdConnectIdentityTokenConfigurationDetail":{ + "type":"structure", + "members":{ + "principalIdClaim":{"shape":"Claim"}, + "clientIds":{"shape":"ClientIds"} + } + }, + "OpenIdConnectIdentityTokenConfigurationItem":{ + "type":"structure", + "members":{ + "principalIdClaim":{"shape":"Claim"}, + "clientIds":{"shape":"ClientIds"} + } + }, + "OpenIdConnectTokenSelection":{ + "type":"structure", + "members":{ + "accessTokenOnly":{"shape":"OpenIdConnectAccessTokenConfiguration"}, + "identityTokenOnly":{"shape":"OpenIdConnectIdentityTokenConfiguration"} + }, + "union":true + }, + "OpenIdConnectTokenSelectionDetail":{ + "type":"structure", + "members":{ + "accessTokenOnly":{"shape":"OpenIdConnectAccessTokenConfigurationDetail"}, + "identityTokenOnly":{"shape":"OpenIdConnectIdentityTokenConfigurationDetail"} + }, + "union":true + }, + "OpenIdConnectTokenSelectionItem":{ + "type":"structure", + "members":{ + "accessTokenOnly":{"shape":"OpenIdConnectAccessTokenConfigurationItem"}, + "identityTokenOnly":{"shape":"OpenIdConnectIdentityTokenConfigurationItem"} + }, + "union":true + }, "OpenIdIssuer":{ "type":"string", "enum":["COGNITO"] }, "ParentList":{ "type":"list", - "member":{"shape":"EntityIdentifier"}, - "max":100, - "min":0 + "member":{"shape":"EntityIdentifier"} }, "PolicyDefinition":{ "type":"structure", @@ -1817,7 +1979,8 @@ "UpdateConfiguration":{ "type":"structure", "members":{ - "cognitoUserPoolConfiguration":{"shape":"UpdateCognitoUserPoolConfiguration"} + "cognitoUserPoolConfiguration":{"shape":"UpdateCognitoUserPoolConfiguration"}, + "openIdConnectConfiguration":{"shape":"UpdateOpenIdConnectConfiguration"} }, "union":true }, @@ -1850,6 +2013,52 @@ "policyStoreId":{"shape":"PolicyStoreId"} } }, + "UpdateOpenIdConnectAccessTokenConfiguration":{ + "type":"structure", + "members":{ + "principalIdClaim":{"shape":"Claim"}, + "audiences":{"shape":"Audiences"} + } + }, + "UpdateOpenIdConnectConfiguration":{ + "type":"structure", + "required":[ + "issuer", + "tokenSelection" + ], + "members":{ + "issuer":{"shape":"Issuer"}, + "entityIdPrefix":{"shape":"EntityIdPrefix"}, + "groupConfiguration":{"shape":"UpdateOpenIdConnectGroupConfiguration"}, + "tokenSelection":{"shape":"UpdateOpenIdConnectTokenSelection"} + } + }, + "UpdateOpenIdConnectGroupConfiguration":{ + "type":"structure", + "required":[ + "groupClaim", + "groupEntityType" + ], + "members":{ + "groupClaim":{"shape":"Claim"}, + "groupEntityType":{"shape":"GroupEntityType"} + } + }, + "UpdateOpenIdConnectIdentityTokenConfiguration":{ + "type":"structure", + "members":{ + "principalIdClaim":{"shape":"Claim"}, + "clientIds":{"shape":"ClientIds"} + } + }, + "UpdateOpenIdConnectTokenSelection":{ + "type":"structure", + "members":{ + "accessTokenOnly":{"shape":"UpdateOpenIdConnectAccessTokenConfiguration"}, + "identityTokenOnly":{"shape":"UpdateOpenIdConnectIdentityTokenConfiguration"} + }, + "union":true + }, "UpdatePolicyDefinition":{ "type":"structure", "members":{ diff --git a/models/apis/verifiedpermissions/2021-12-01/docs-2.json b/models/apis/verifiedpermissions/2021-12-01/docs-2.json index a0bc37bb0e8..f210382fa5e 100644 --- a/models/apis/verifiedpermissions/2021-12-01/docs-2.json +++ b/models/apis/verifiedpermissions/2021-12-01/docs-2.json @@ -4,7 +4,7 @@ "operations": { "BatchIsAuthorized": "Makes a series of decisions about multiple authorization requests for one principal or resource. Each request contains the equivalent content of an IsAuthorized request: principal, action, resource, and context. Either the principal or the resource parameter must be identical across all requests. For example, Verified Permissions won't evaluate a pair of requests where bob views photo1 and alice views photo2. Authorization of bob to view photo1 and photo2, or bob and alice to view photo1, are valid batches.
The request is evaluated against all policies in the specified policy store that match the entities that you declare. The result of the decisions is a series of Allow or Deny responses, along with the IDs of the policies that produced each decision.
The entities of a BatchIsAuthorized API request can contain up to 100 principals and up to 100 resources. The requests of a BatchIsAuthorized API request can contain up to 30 requests.
The BatchIsAuthorized operation doesn't have its own IAM permission. To authorize this operation for Amazon Web Services principals, include the permission verifiedpermissions:IsAuthorized in their IAM policies.
Makes a series of decisions about multiple authorization requests for one token. The principal in this request comes from an external identity source in the form of an identity or access token, formatted as a JSON web token (JWT). The information in the parameters can also define additional context that Verified Permissions can include in the evaluations.
The request is evaluated against all policies in the specified policy store that match the entities that you provide in the entities declaration and in the token. The result of the decisions is a series of Allow or Deny responses, along with the IDs of the policies that produced each decision.
The entities of a BatchIsAuthorizedWithToken API request can contain up to 100 resources and up to 99 user groups. The requests of a BatchIsAuthorizedWithToken API request can contain up to 30 requests.
The BatchIsAuthorizedWithToken operation doesn't have its own IAM permission. To authorize this operation for Amazon Web Services principals, include the permission verifiedpermissions:IsAuthorizedWithToken in their IAM policies.
Creates a reference to an Amazon Cognito user pool as an external identity provider (IdP).
After you create an identity source, you can use the identities provided by the IdP as proxies for the principal in authorization queries that use the IsAuthorizedWithToken operation. These identities take the form of tokens that contain claims about the user, such as IDs, attributes and group memberships. Amazon Cognito provides both identity tokens and access tokens, and Verified Permissions can use either or both. Any combination of identity and access tokens results in the same Cedar principal. Verified Permissions automatically translates the information about the identities into the standard Cedar attributes that can be evaluated by your policies. Because the Amazon Cognito identity and access tokens can contain different information, the tokens you choose to use determine which principal attributes are available to access when evaluating Cedar policies.
If you delete a Amazon Cognito user pool or user, tokens from that deleted pool or that deleted user continue to be usable until they expire.
To reference a user from this identity source in your Cedar policies, use the following syntax.
IdentityType::\"<CognitoUserPoolIdentifier>|<CognitoClientId>
Where IdentityType is the string that you provide to the PrincipalEntityType parameter for this operation. The CognitoUserPoolId and CognitoClientId are defined by the Amazon Cognito user pool.
Verified Permissions is eventually consistent . It can take a few seconds for a new or changed element to propagate through the service and be visible in the results of other Verified Permissions operations.
Adds an identity source to a policy store–an Amazon Cognito user pool or OpenID Connect (OIDC) identity provider (IdP).
After you create an identity source, you can use the identities provided by the IdP as proxies for the principal in authorization queries that use the IsAuthorizedWithToken or BatchIsAuthorizedWithToken API operations. These identities take the form of tokens that contain claims about the user, such as IDs, attributes and group memberships. Identity sources provide identity (ID) tokens and access tokens. Verified Permissions derives information about your user and session from token claims. Access tokens provide action context to your policies, and ID tokens provide principal Attributes.
Tokens from an identity source user continue to be usable until they expire. Token revocation and resource deletion have no effect on the validity of a token in your policy store
To reference a user from this identity source in your Cedar policies, refer to the following syntax examples.
Amazon Cognito user pool: Namespace::[Entity type]::[User pool ID]|[user principal attribute], for example MyCorp::User::us-east-1_EXAMPLE|a1b2c3d4-5678-90ab-cdef-EXAMPLE11111.
OpenID Connect (OIDC) provider: Namespace::[Entity type]::[principalIdClaim]|[user principal attribute], for example MyCorp::User::MyOIDCProvider|a1b2c3d4-5678-90ab-cdef-EXAMPLE22222.
Verified Permissions is eventually consistent . It can take a few seconds for a new or changed element to propagate through the service and be visible in the results of other Verified Permissions operations.
Creates a Cedar policy and saves it in the specified policy store. You can create either a static policy or a policy linked to a policy template.
To create a static policy, provide the Cedar policy text in the StaticPolicy section of the PolicyDefinition.
To create a policy that is dynamically linked to a policy template, specify the policy template ID and the principal and resource to associate with this policy in the templateLinked section of the PolicyDefinition. If the policy template is ever updated, any policies linked to the policy template automatically use the updated template.
Creating a policy causes it to be validated against the schema in the policy store. If the policy doesn't pass validation, the operation fails and the policy isn't stored.
Verified Permissions is eventually consistent . It can take a few seconds for a new or changed element to propagate through the service and be visible in the results of other Verified Permissions operations.
Creates a policy store. A policy store is a container for policy resources.
Although Cedar supports multiple namespaces, Verified Permissions currently supports only one namespace per policy store.
Verified Permissions is eventually consistent . It can take a few seconds for a new or changed element to propagate through the service and be visible in the results of other Verified Permissions operations.
Creates a policy template. A template can use placeholders for the principal and resource. A template must be instantiated into a policy by associating it with specific principals and resources to use for the placeholders. That instantiated policy can then be considered in authorization decisions. The instantiated policy works identically to any other policy, except that it is dynamically linked to the template. If the template changes, then any policies that are linked to that template are immediately updated as well.
Verified Permissions is eventually consistent . It can take a few seconds for a new or changed element to propagate through the service and be visible in the results of other Verified Permissions operations.
Retrieve the details for the specified policy template in the specified policy store.
", "GetSchema": "Retrieve the details for the specified schema in the specified policy store.
", "IsAuthorized": "Makes an authorization decision about a service request described in the parameters. The information in the parameters can also define additional context that Verified Permissions can include in the evaluation. The request is evaluated against all matching policies in the specified policy store. The result of the decision is either Allow or Deny, along with a list of the policies that resulted in the decision.
Makes an authorization decision about a service request described in the parameters. The principal in this request comes from an external identity source in the form of an identity token formatted as a JSON web token (JWT). The information in the parameters can also define additional context that Verified Permissions can include in the evaluation. The request is evaluated against all matching policies in the specified policy store. The result of the decision is either Allow or Deny, along with a list of the policies that resulted in the decision.
At this time, Verified Permissions accepts tokens from only Amazon Cognito.
Verified Permissions validates each token that is specified in a request by checking its expiration date and its signature.
If you delete a Amazon Cognito user pool or user, tokens from that deleted pool or that deleted user continue to be usable until they expire.
Makes an authorization decision about a service request described in the parameters. The principal in this request comes from an external identity source in the form of an identity token formatted as a JSON web token (JWT). The information in the parameters can also define additional context that Verified Permissions can include in the evaluation. The request is evaluated against all matching policies in the specified policy store. The result of the decision is either Allow or Deny, along with a list of the policies that resulted in the decision.
At this time, Verified Permissions accepts tokens from only Amazon Cognito.
Verified Permissions validates each token that is specified in a request by checking its expiration date and its signature.
Tokens from an identity source user continue to be usable until they expire. Token revocation and resource deletion have no effect on the validity of a token in your policy store
Returns a paginated list of all of the identity sources defined in the specified policy store.
", "ListPolicies": "Returns a paginated list of all policies stored in the specified policy store.
", "ListPolicyStores": "Returns a paginated list of all policy stores in the calling Amazon Web Services account.
", "ListPolicyTemplates": "Returns a paginated list of all policy templates in the specified policy store.
", "PutSchema": "Creates or updates the policy schema in the specified policy store. The schema is used to validate any Cedar policies and policy templates submitted to the policy store. Any changes to the schema validate only policies and templates submitted after the schema change. Existing policies and templates are not re-evaluated against the changed schema. If you later update a policy, then it is evaluated against the new schema at that time.
Verified Permissions is eventually consistent . It can take a few seconds for a new or changed element to propagate through the service and be visible in the results of other Verified Permissions operations.
Updates the specified identity source to use a new identity provider (IdP) source, or to change the mapping of identities from the IdP to a different principal entity type.
Verified Permissions is eventually consistent . It can take a few seconds for a new or changed element to propagate through the service and be visible in the results of other Verified Permissions operations.
Updates the specified identity source to use a new identity provider (IdP), or to change the mapping of identities from the IdP to a different principal entity type.
Verified Permissions is eventually consistent . It can take a few seconds for a new or changed element to propagate through the service and be visible in the results of other Verified Permissions operations.
Modifies a Cedar static policy in the specified policy store. You can change only certain elements of the UpdatePolicyDefinition parameter. You can directly update only static policies. To change a template-linked policy, you must update the template instead, using UpdatePolicyTemplate.
If policy validation is enabled in the policy store, then updating a static policy causes Verified Permissions to validate the policy against the schema in the policy store. If the updated static policy doesn't pass validation, the operation fails and the update isn't stored.
When you edit a static policy, you can change only certain elements of a static policy:
The action referenced by the policy.
A condition clause, such as when and unless.
You can't change these elements of a static policy:
Changing a policy from a static policy to a template-linked policy.
Changing the effect of a static policy from permit or forbid.
The principal referenced by a static policy.
The resource referenced by a static policy.
To update a template-linked policy, you must update the template instead.
Verified Permissions is eventually consistent . It can take a few seconds for a new or changed element to propagate through the service and be visible in the results of other Verified Permissions operations.
Modifies the validation setting for a policy store.
Verified Permissions is eventually consistent . It can take a few seconds for a new or changed element to propagate through the service and be visible in the results of other Verified Permissions operations.
Updates the specified policy template. You can update only the description and the some elements of the policyBody.
Changes you make to the policy template content are immediately (within the constraints of eventual consistency) reflected in authorization decisions that involve all template-linked policies instantiated from this template.
Verified Permissions is eventually consistent . It can take a few seconds for a new or changed element to propagate through the service and be visible in the results of other Verified Permissions operations.
The access token aud claim values that you want to accept in your policy store. For example, https://myapp.example.com, https://myapp2.example.com.
The access token aud claim values that you want to accept in your policy store. For example, https://myapp.example.com, https://myapp2.example.com.
The access token aud claim values that you want to accept in your policy store. For example, https://myapp.example.com, https://myapp2.example.com.
The access token aud claim values that you want to accept in your policy store. For example, https://myapp.example.com, https://myapp2.example.com.
An attribute value of Boolean type.
Example: {\"boolean\": true}
The claim that determines the principal in OIDC access tokens. For example, sub.
The claim that determines the principal in OIDC access tokens. For example, sub.
The claim that determines the principal in OIDC access tokens. For example, sub.
The token claim that you want Verified Permissions to interpret as group membership. For example, groups.
The token claim that you want Verified Permissions to interpret as group membership. For example, groups.
The token claim that you want Verified Permissions to interpret as group membership. For example, groups.
The claim that determines the principal in OIDC access tokens. For example, sub.
The claim that determines the principal in OIDC access tokens. For example, sub.
The claim that determines the principal in OIDC access tokens. For example, sub.
The claim that determines the principal in OIDC access tokens. For example, sub.
The token claim that you want Verified Permissions to interpret as group membership. For example, groups.
The claim that determines the principal in OIDC access tokens. For example, sub.
The unique application client IDs that are associated with the specified Amazon Cognito user pool.
Example: \"clientIds\": [\"&ExampleCogClientId;\"]
The application client IDs associated with the specified Amazon Cognito user pool that are enabled for this identity source.
", "IdentitySourceItemDetails$clientIds": "The application client IDs associated with the specified Amazon Cognito user pool that are enabled for this identity source.
", - "UpdateCognitoUserPoolConfiguration$clientIds": "The client ID of an app client that is configured for the specified Amazon Cognito user pool.
" + "OpenIdConnectIdentityTokenConfiguration$clientIds": "The ID token audience, or client ID, claim values that you want to accept in your policy store from an OIDC identity provider. For example, 1example23456789, 2example10111213.
The ID token audience, or client ID, claim values that you want to accept in your policy store from an OIDC identity provider. For example, 1example23456789, 2example10111213.
The ID token audience, or client ID, claim values that you want to accept in your policy store from an OIDC identity provider. For example, 1example23456789, 2example10111213.
The client ID of an app client that is configured for the specified Amazon Cognito user pool.
", + "UpdateOpenIdConnectIdentityTokenConfiguration$clientIds": "The ID token audience, or client ID, claim values that you want to accept in your policy store from an OIDC identity provider. For example, 1example23456789, 2example10111213.
The configuration for an identity source that represents a connection to an Amazon Cognito user pool used as an identity provider for Verified Permissions.
This data type is used as a field that is part of an Configuration structure that is used as a parameter to CreateIdentitySource.
Example:\"CognitoUserPoolConfiguration\":{\"UserPoolArn\":\"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5\",\"ClientIds\": [\"a1b2c3d4e5f6g7h8i9j0kalbmc\"],\"groupConfiguration\": {\"groupEntityType\": \"MyCorp::Group\"}}
The configuration for an identity source that represents a connection to an Amazon Cognito user pool used as an identity provider for Verified Permissions.
This data type part of a Configuration structure that is used as a parameter to CreateIdentitySource.
Example:\"CognitoUserPoolConfiguration\":{\"UserPoolArn\":\"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5\",\"ClientIds\": [\"a1b2c3d4e5f6g7h8i9j0kalbmc\"],\"groupConfiguration\": {\"groupEntityType\": \"MyCorp::Group\"}}
Contains configuration details of a Amazon Cognito user pool that Verified Permissions can use as a source of authenticated identities as entities. It specifies the Amazon Resource Name (ARN) of a Amazon Cognito user pool and one or more application client IDs.
Example: \"configuration\":{\"cognitoUserPoolConfiguration\":{\"userPoolArn\":\"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5\",\"clientIds\": [\"a1b2c3d4e5f6g7h8i9j0kalbmc\"],\"groupConfiguration\": {\"groupEntityType\": \"MyCorp::Group\"}}}
Contains configuration information used when creating a new identity source.
At this time, the only valid member of this structure is a Amazon Cognito user pool configuration.
Specifies a userPoolArn, a groupConfiguration, and a ClientId.
This data type is used as a request parameter for the CreateIdentitySource operation.
", + "base": "Contains configuration information used when creating a new identity source.
This data type is used as a request parameter for the CreateIdentitySource operation.
", "refs": { - "CreateIdentitySourceInput$configuration": "Specifies the details required to communicate with the identity provider (IdP) associated with this identity source.
At this time, the only valid member of this structure is a Amazon Cognito user pool configuration.
You must specify a UserPoolArn, and optionally, a ClientId.
Specifies the details required to communicate with the identity provider (IdP) associated with this identity source.
" } }, "ConfigurationDetail": { @@ -380,6 +416,15 @@ "EntityIdentifier$entityId": "The identifier of an entity.
\"entityId\":\"identifier\"
A descriptive string that you want to prefix to user entities from your OIDC identity provider. For example, if you set an entityIdPrefix of MyOIDCProvider, you can reference principals in your policies in the format MyCorp::User::MyOIDCProvider|Carlos.
A descriptive string that you want to prefix to user entities from your OIDC identity provider. For example, if you set an entityIdPrefix of MyOIDCProvider, you can reference principals in your policies in the format MyCorp::User::MyOIDCProvider|Carlos.
A descriptive string that you want to prefix to user entities from your OIDC identity provider. For example, if you set an entityIdPrefix of MyOIDCProvider, you can reference principals in your policies in the format MyCorp::User::MyOIDCProvider|Carlos.
A descriptive string that you want to prefix to user entities from your OIDC identity provider. For example, if you set an entityIdPrefix of MyOIDCProvider, you can reference principals in your policies in the format MyCorp::User::MyOIDCProvider|Carlos.
Contains the identifier of an entity, including its ID and type.
This data type is used as a request parameter for IsAuthorized operation, and as a response parameter for the CreatePolicy, GetPolicy, and UpdatePolicy operations.
Example: {\"entityId\":\"string\",\"entityType\":\"string\"}
The name of the schema entity type that's mapped to the user pool group. Defaults to AWS::CognitoGroup.
The name of the schema entity type that's mapped to the user pool group. Defaults to AWS::CognitoGroup.
The name of the schema entity type that's mapped to the user pool group. Defaults to AWS::CognitoGroup.
The name of the schema entity type that's mapped to the user pool group. Defaults to AWS::CognitoGroup.
The policy store entity type that you want to map your users' group claim to. For example, MyCorp::UserGroup. A group entity type is an entity that can have a user entity type as a member.
The policy store entity type that you want to map your users' group claim to. For example, MyCorp::UserGroup. A group entity type is an entity that can have a user entity type as a member.
The policy store entity type that you want to map your users' group claim to. For example, MyCorp::UserGroup. A group entity type is an entity that can have a user entity type as a member.
The name of the schema entity type that's mapped to the user pool group. Defaults to AWS::CognitoGroup.
The policy store entity type that you want to map your users' group claim to. For example, MyCorp::UserGroup. A group entity type is an entity that can have a user entity type as a member.
The OpenID Connect (OIDC) issuer ID of the Amazon Cognito user pool that contains the identities to be authorized.
Example: \"issuer\": \"https://cognito-idp.us-east-1.amazonaws.com/us-east-1_1a2b3c4d5\"
The OpenID Connect (OIDC) issuer ID of the Amazon Cognito user pool that contains the identities to be authorized.
Example: \"issuer\": \"https://cognito-idp.us-east-1.amazonaws.com/us-east-1_1a2b3c4d5\"
The OpenID Connect (OIDC) issuer ID of the Amazon Cognito user pool that contains the identities to be authorized.
Example: \"issuer\": \"https://cognito-idp.us-east-1.amazonaws.com/us-east-1_1a2b3c4d5\"
The issuer URL of an OIDC identity provider. This URL must have an OIDC discovery endpoint at the path .well-known/openid-configuration.
The issuer URL of an OIDC identity provider. This URL must have an OIDC discovery endpoint at the path .well-known/openid-configuration.
The issuer URL of an OIDC identity provider. This URL must have an OIDC discovery endpoint at the path .well-known/openid-configuration.
The issuer URL of an OIDC identity provider. This URL must have an OIDC discovery endpoint at the path .well-known/openid-configuration.
If present, this value indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. This indicates that this is the last page of results.
The configuration of an OpenID Connect (OIDC) identity source for handling access token claims. Contains the claim that you want to identify as the principal in an authorization request, and the values of the aud claim, or audiences, that you want to accept.
This data type is part of a OpenIdConnectTokenSelection structure, which is a parameter of CreateIdentitySource.
", + "refs": { + "OpenIdConnectTokenSelection$accessTokenOnly": "The OIDC configuration for processing access tokens. Contains allowed audience claims, for example https://auth.example.com, and the claim that you want to map to the principal, for example sub.
The configuration of an OpenID Connect (OIDC) identity source for handling access token claims. Contains the claim that you want to identify as the principal in an authorization request, and the values of the aud claim, or audiences, that you want to accept.
This data type is part of a OpenIdConnectTokenSelectionDetail structure, which is a parameter of GetIdentitySource.
", + "refs": { + "OpenIdConnectTokenSelectionDetail$accessTokenOnly": "The OIDC configuration for processing access tokens. Contains allowed audience claims, for example https://auth.example.com, and the claim that you want to map to the principal, for example sub.
The configuration of an OpenID Connect (OIDC) identity source for handling access token claims. Contains the claim that you want to identify as the principal in an authorization request, and the values of the aud claim, or audiences, that you want to accept.
This data type is part of a OpenIdConnectTokenSelectionItem structure, which is a parameter of ListIdentitySources.
", + "refs": { + "OpenIdConnectTokenSelectionItem$accessTokenOnly": "The OIDC configuration for processing access tokens. Contains allowed audience claims, for example https://auth.example.com, and the claim that you want to map to the principal, for example sub.
Contains configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. It specifies the issuer URL, token type that you want to use, and policy store entity details.
This data type is part of a Configuration structure, which is a parameter to CreateIdentitySource.
", + "refs": { + "Configuration$openIdConnectConfiguration": "Contains configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. It specifies the issuer URL, token type that you want to use, and policy store entity details.
Example:\"configuration\":{\"openIdConnectConfiguration\":{\"issuer\":\"https://auth.example.com\",\"tokenSelection\":{\"accessTokenOnly\":{\"audiences\":[\"https://myapp.example.com\",\"https://myapp2.example.com\"],\"principalIdClaim\":\"sub\"}},\"entityIdPrefix\":\"MyOIDCProvider\",\"groupConfiguration\":{\"groupClaim\":\"groups\",\"groupEntityType\":\"MyCorp::UserGroup\"}}}
Contains configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. It specifies the issuer URL, token type that you want to use, and policy store entity details.
This data type is part of a ConfigurationDetail structure, which is a parameter to GetIdentitySource.
", + "refs": { + "ConfigurationDetail$openIdConnectConfiguration": "Contains configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. It specifies the issuer URL, token type that you want to use, and policy store entity details.
Example:\"configuration\":{\"openIdConnectConfiguration\":{\"issuer\":\"https://auth.example.com\",\"tokenSelection\":{\"accessTokenOnly\":{\"audiences\":[\"https://myapp.example.com\",\"https://myapp2.example.com\"],\"principalIdClaim\":\"sub\"}},\"entityIdPrefix\":\"MyOIDCProvider\",\"groupConfiguration\":{\"groupClaim\":\"groups\",\"groupEntityType\":\"MyCorp::UserGroup\"}}}
Contains configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. It specifies the issuer URL, token type that you want to use, and policy store entity details.
This data type is part of a ConfigurationItem structure, which is a parameter to ListIdentitySources.
", + "refs": { + "ConfigurationItem$openIdConnectConfiguration": "Contains configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. It specifies the issuer URL, token type that you want to use, and policy store entity details.
Example:\"configuration\":{\"openIdConnectConfiguration\":{\"issuer\":\"https://auth.example.com\",\"tokenSelection\":{\"accessTokenOnly\":{\"audiences\":[\"https://myapp.example.com\",\"https://myapp2.example.com\"],\"principalIdClaim\":\"sub\"}},\"entityIdPrefix\":\"MyOIDCProvider\",\"groupConfiguration\":{\"groupClaim\":\"groups\",\"groupEntityType\":\"MyCorp::UserGroup\"}}}
The claim in OIDC identity provider tokens that indicates a user's group membership, and the entity type that you want to map it to. For example, this object can map the contents of a groups claim to MyCorp::UserGroup.
This data type is part of a OpenIdConnectConfiguration structure, which is a parameter of CreateIdentitySource.
", + "refs": { + "OpenIdConnectConfiguration$groupConfiguration": "The claim in OIDC identity provider tokens that indicates a user's group membership, and the entity type that you want to map it to. For example, this object can map the contents of a groups claim to MyCorp::UserGroup.
The claim in OIDC identity provider tokens that indicates a user's group membership, and the entity type that you want to map it to. For example, this object can map the contents of a groups claim to MyCorp::UserGroup.
This data type is part of a OpenIdConnectConfigurationDetail structure, which is a parameter of GetIdentitySource.
", + "refs": { + "OpenIdConnectConfigurationDetail$groupConfiguration": "The claim in OIDC identity provider tokens that indicates a user's group membership, and the entity type that you want to map it to. For example, this object can map the contents of a groups claim to MyCorp::UserGroup.
The claim in OIDC identity provider tokens that indicates a user's group membership, and the entity type that you want to map it to. For example, this object can map the contents of a groups claim to MyCorp::UserGroup.
This data type is part of a OpenIdConnectConfigurationItem structure, which is a parameter of ListIdentitySourcea.
", + "refs": { + "OpenIdConnectConfigurationItem$groupConfiguration": "The claim in OIDC identity provider tokens that indicates a user's group membership, and the entity type that you want to map it to. For example, this object can map the contents of a groups claim to MyCorp::UserGroup.
The configuration of an OpenID Connect (OIDC) identity source for handling identity (ID) token claims. Contains the claim that you want to identify as the principal in an authorization request, and the values of the aud claim, or audiences, that you want to accept.
This data type is part of a OpenIdConnectTokenSelection structure, which is a parameter of CreateIdentitySource.
", + "refs": { + "OpenIdConnectTokenSelection$identityTokenOnly": "The OIDC configuration for processing identity (ID) tokens. Contains allowed client ID claims, for example 1example23456789, and the claim that you want to map to the principal, for example sub.
The configuration of an OpenID Connect (OIDC) identity source for handling identity (ID) token claims. Contains the claim that you want to identify as the principal in an authorization request, and the values of the aud claim, or audiences, that you want to accept.
This data type is part of a OpenIdConnectTokenSelectionDetail structure, which is a parameter of GetIdentitySource.
", + "refs": { + "OpenIdConnectTokenSelectionDetail$identityTokenOnly": "The OIDC configuration for processing identity (ID) tokens. Contains allowed client ID claims, for example 1example23456789, and the claim that you want to map to the principal, for example sub.
The configuration of an OpenID Connect (OIDC) identity source for handling identity (ID) token claims. Contains the claim that you want to identify as the principal in an authorization request, and the values of the aud claim, or audiences, that you want to accept.
This data type is part of a OpenIdConnectTokenSelectionItem structure, which is a parameter of ListIdentitySources.
", + "refs": { + "OpenIdConnectTokenSelectionItem$identityTokenOnly": "The OIDC configuration for processing identity (ID) tokens. Contains allowed client ID claims, for example 1example23456789, and the claim that you want to map to the principal, for example sub.
The token type that you want to process from your OIDC identity provider. Your policy store can process either identity (ID) or access tokens from a given OIDC identity source.
This data type is part of a OpenIdConnectConfiguration structure, which is a parameter of CreateIdentitySource.
", + "refs": { + "OpenIdConnectConfiguration$tokenSelection": "The token type that you want to process from your OIDC identity provider. Your policy store can process either identity (ID) or access tokens from a given OIDC identity source.
" + } + }, + "OpenIdConnectTokenSelectionDetail": { + "base": "The token type that you want to process from your OIDC identity provider. Your policy store can process either identity (ID) or access tokens from a given OIDC identity source.
This data type is part of a OpenIdConnectConfigurationDetail structure, which is a parameter of GetIdentitySource.
", + "refs": { + "OpenIdConnectConfigurationDetail$tokenSelection": "The token type that you want to process from your OIDC identity provider. Your policy store can process either identity (ID) or access tokens from a given OIDC identity source.
" + } + }, + "OpenIdConnectTokenSelectionItem": { + "base": "The token type that you want to process from your OIDC identity provider. Your policy store can process either identity (ID) or access tokens from a given OIDC identity source.
This data type is part of a OpenIdConnectConfigurationItem structure, which is a parameter of ListIdentitySources.
", + "refs": { + "OpenIdConnectConfigurationItem$tokenSelection": "The token type that you want to process from your OIDC identity provider. Your policy store can process either identity (ID) or access tokens from a given OIDC identity source.
" + } + }, "OpenIdIssuer": { "base": null, "refs": { @@ -695,7 +838,7 @@ "ParentList": { "base": null, "refs": { - "EntityItem$parents": "The parents in the hierarchy that contains the entity.
" + "EntityItem$parents": "The parent entities in the hierarchy that contains the entity. A principal or resource entity can be defined with at most 99 transitive parents per authorization request.
A transitive parent is an entity in the hierarchy of entities including all direct parents, and parents of parents. For example, a user can be a member of 91 groups if one of those groups is a member of eight groups, for a total of 100: one entity, 91 entity parents, and eight parents of parents.
" } }, "PolicyDefinition": { @@ -1110,7 +1253,7 @@ } }, "UpdateConfiguration": { - "base": "Contains an updated configuration to replace the configuration in an existing identity source.
At this time, the only valid member of this structure is a Amazon Cognito user pool configuration.
You must specify a userPoolArn, and optionally, a ClientId.
Contains an update to replace the configuration in an existing identity source.
", "refs": { "UpdateIdentitySourceInput$updateConfiguration": "Specifies the details required to communicate with the identity provider (IdP) associated with this identity source.
At this time, the only valid member of this structure is a Amazon Cognito user pool configuration.
You must specify a userPoolArn, and optionally, a ClientId.
The configuration of an OpenID Connect (OIDC) identity source for handling access token claims. Contains the claim that you want to identify as the principal in an authorization request, and the values of the aud claim, or audiences, that you want to accept.
This data type is part of a UpdateOpenIdConnectTokenSelection structure, which is a parameter to UpdateIdentitySource.
", + "refs": { + "UpdateOpenIdConnectTokenSelection$accessTokenOnly": "The OIDC configuration for processing access tokens. Contains allowed audience claims, for example https://auth.example.com, and the claim that you want to map to the principal, for example sub.
Contains configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. It specifies the issuer URL, token type that you want to use, and policy store entity details.
This data type is part of a UpdateConfiguration structure, which is a parameter to UpdateIdentitySource.
", + "refs": { + "UpdateConfiguration$openIdConnectConfiguration": "Contains configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. It specifies the issuer URL, token type that you want to use, and policy store entity details.
" + } + }, + "UpdateOpenIdConnectGroupConfiguration": { + "base": "The claim in OIDC identity provider tokens that indicates a user's group membership, and the entity type that you want to map it to. For example, this object can map the contents of a groups claim to MyCorp::UserGroup.
This data type is part of a UpdateOpenIdConnectConfiguration structure, which is a parameter to UpdateIdentitySource.
", + "refs": { + "UpdateOpenIdConnectConfiguration$groupConfiguration": "The claim in OIDC identity provider tokens that indicates a user's group membership, and the entity type that you want to map it to. For example, this object can map the contents of a groups claim to MyCorp::UserGroup.
The configuration of an OpenID Connect (OIDC) identity source for handling identity (ID) token claims. Contains the claim that you want to identify as the principal in an authorization request, and the values of the aud claim, or audiences, that you want to accept.
This data type is part of a UpdateOpenIdConnectTokenSelection structure, which is a parameter to UpdateIdentitySource.
", + "refs": { + "UpdateOpenIdConnectTokenSelection$identityTokenOnly": "The OIDC configuration for processing identity (ID) tokens. Contains allowed client ID claims, for example 1example23456789, and the claim that you want to map to the principal, for example sub.
The token type that you want to process from your OIDC identity provider. Your policy store can process either identity (ID) or access tokens from a given OIDC identity source.
This data type is part of a UpdateOpenIdConnectConfiguration structure, which is a parameter to UpdateIdentitySource.
", + "refs": { + "UpdateOpenIdConnectConfiguration$tokenSelection": "The token type that you want to process from your OIDC identity provider. Your policy store can process either identity (ID) or access tokens from a given OIDC identity source.
" + } + }, "UpdatePolicyDefinition": { "base": "Contains information about updates to be applied to a policy.
This data type is used as a request parameter in the UpdatePolicy operation.
", "refs": { diff --git a/models/endpoints/endpoints.json b/models/endpoints/endpoints.json index ddc93c85e14..24ae0282309 100644 --- a/models/endpoints/endpoints.json +++ b/models/endpoints/endpoints.json @@ -2682,6 +2682,12 @@ }, "hostname" : "bedrock.ap-southeast-2.amazonaws.com" }, + "bedrock-ca-central-1" : { + "credentialScope" : { + "region" : "ca-central-1" + }, + "hostname" : "bedrock.ca-central-1.amazonaws.com" + }, "bedrock-eu-central-1" : { "credentialScope" : { "region" : "eu-central-1" @@ -2694,6 +2700,12 @@ }, "hostname" : "bedrock.eu-west-1.amazonaws.com" }, + "bedrock-eu-west-2" : { + "credentialScope" : { + "region" : "eu-west-2" + }, + "hostname" : "bedrock.eu-west-2.amazonaws.com" + }, "bedrock-eu-west-3" : { "credentialScope" : { "region" : "eu-west-3" @@ -2736,6 +2748,12 @@ }, "hostname" : "bedrock-runtime.ap-southeast-2.amazonaws.com" }, + "bedrock-runtime-ca-central-1" : { + "credentialScope" : { + "region" : "ca-central-1" + }, + "hostname" : "bedrock-runtime.ca-central-1.amazonaws.com" + }, "bedrock-runtime-eu-central-1" : { "credentialScope" : { "region" : "eu-central-1" @@ -2748,6 +2766,12 @@ }, "hostname" : "bedrock-runtime.eu-west-1.amazonaws.com" }, + "bedrock-runtime-eu-west-2" : { + "credentialScope" : { + "region" : "eu-west-2" + }, + "hostname" : "bedrock-runtime.eu-west-2.amazonaws.com" + }, "bedrock-runtime-eu-west-3" : { "credentialScope" : { "region" : "eu-west-3" @@ -2766,6 +2790,12 @@ }, "hostname" : "bedrock-runtime-fips.us-west-2.amazonaws.com" }, + "bedrock-runtime-sa-east-1" : { + "credentialScope" : { + "region" : "sa-east-1" + }, + "hostname" : "bedrock-runtime.sa-east-1.amazonaws.com" + }, "bedrock-runtime-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -2778,6 +2808,12 @@ }, "hostname" : "bedrock-runtime.us-west-2.amazonaws.com" }, + "bedrock-sa-east-1" : { + "credentialScope" : { + "region" : "sa-east-1" + }, + "hostname" : "bedrock.sa-east-1.amazonaws.com" + }, "bedrock-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -2790,9 +2826,12 @@ }, "hostname" : "bedrock.us-west-2.amazonaws.com" }, + "ca-central-1" : { }, "eu-central-1" : { }, "eu-west-1" : { }, + "eu-west-2" : { }, "eu-west-3" : { }, + "sa-east-1" : { }, "us-east-1" : { }, "us-west-2" : { } } @@ -2832,6 +2871,8 @@ }, "cases" : { "endpoints" : { + "ap-northeast-1" : { }, + "ap-northeast-2" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, "ca-central-1" : { }, @@ -10288,9 +10329,21 @@ "ap-south-1" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, - "ca-central-1" : { }, + "ca-central-1" : { + "variants" : [ { + "hostname" : "kendra-fips.ca-central-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, "eu-west-1" : { }, "eu-west-2" : { }, + "fips-ca-central-1" : { + "credentialScope" : { + "region" : "ca-central-1" + }, + "deprecated" : true, + "hostname" : "kendra-fips.ca-central-1.amazonaws.com" + }, "fips-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -18624,6 +18677,19 @@ "deprecated" : true, "hostname" : "storagegateway-fips.ca-central-1.amazonaws.com" }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "storagegateway-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "ca-west-1-fips" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "storagegateway-fips.ca-west-1.amazonaws.com" + }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, diff --git a/service/auditmanager/api.go b/service/auditmanager/api.go index 6622ed09b85..15cf55995a1 100644 --- a/service/auditmanager/api.go +++ b/service/auditmanager/api.go @@ -654,6 +654,9 @@ func (c *AuditManager) CreateAssessmentRequest(input *CreateAssessmentInput) (re // the Service Quotas console. For a list of Audit Manager service quotas, see // Quotas and restrictions for Audit Manager (https://docs.aws.amazon.com/audit-manager/latest/userguide/service-quotas.html). // +// - ThrottlingException +// The request was denied due to request throttling. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/auditmanager-2017-07-25/CreateAssessment func (c *AuditManager) CreateAssessment(input *CreateAssessmentInput) (*CreateAssessmentOutput, error) { req, out := c.CreateAssessmentRequest(input) @@ -3548,10 +3551,18 @@ func (c *AuditManager) GetServicesInScopeRequest(input *GetServicesInScopeInput) // GetServicesInScope API operation for AWS Audit Manager. // -// Gets a list of all of the Amazon Web Services that you can choose to include -// in your assessment. When you create an assessment (https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_CreateAssessment.html), -// specify which of these services you want to include to narrow the assessment's -// scope (https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_Scope.html). +// Gets a list of the Amazon Web Services from which Audit Manager can collect +// evidence. +// +// Audit Manager defines which Amazon Web Services are in scope for an assessment. +// Audit Manager infers this scope by examining the assessment’s controls +// and their data sources, and then mapping this information to one or more +// of the corresponding Amazon Web Services that are in this list. +// +// For information about why it's no longer possible to specify services in +// scope manually, see I can't edit the services in scope for my assessment +// (https://docs.aws.amazon.com/audit-manager/latest/userguide/evidence-collection-issues.html#unable-to-edit-services) +// in the Troubleshooting section of the Audit Manager user guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4462,6 +4473,11 @@ func (c *AuditManager) ListControlDomainInsightsRequest(input *ListControlDomain // Lists the latest analytics data for control domains across all of your active // assessments. // +// Audit Manager supports the control domains that are provided by Amazon Web +// Services Control Catalog. For information about how to find a list of available +// control domains, see ListDomains (https://docs.aws.amazon.com/controlcatalog/latest/APIReference/API_ListDomains.html) +// in the Amazon Web Services Control Catalog API Reference. +// // A control domain is listed only if at least one of the controls within that // domain collected evidence on the lastUpdated date of controlDomainInsights. // If this condition isn’t met, no data is listed for that control domain. @@ -4613,6 +4629,11 @@ func (c *AuditManager) ListControlDomainInsightsByAssessmentRequest(input *ListC // // Lists analytics data for control domains within a specified active assessment. // +// Audit Manager supports the control domains that are provided by Amazon Web +// Services Control Catalog. For information about how to find a list of available +// control domains, see ListDomains (https://docs.aws.amazon.com/controlcatalog/latest/APIReference/API_ListDomains.html) +// in the Amazon Web Services Control Catalog API Reference. +// // A control domain is listed only if at least one of the controls within that // domain collected evidence on the lastUpdated date of controlDomainInsights. // If this condition isn’t met, no data is listed for that domain. @@ -5939,6 +5960,9 @@ func (c *AuditManager) UpdateAssessmentRequest(input *UpdateAssessmentInput) (re // An internal service error occurred during the processing of your request. // Try again later. // +// - ThrottlingException +// The request was denied due to request throttling. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/auditmanager-2017-07-25/UpdateAssessment func (c *AuditManager) UpdateAssessment(input *UpdateAssessmentInput) (*UpdateAssessmentOutput, error) { req, out := c.UpdateAssessmentRequest(input) @@ -6968,7 +6992,11 @@ type AssessmentControl struct { Comments []*ControlComment `locationName:"comments" type:"list"` // The description of the control. - Description *string `locationName:"description" type:"string"` + // + // Description is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by AssessmentControl's + // String and GoString methods. + Description *string `locationName:"description" type:"string" sensitive:"true"` // The amount of evidence that's collected for the control. EvidenceCount *int64 `locationName:"evidenceCount" type:"integer"` @@ -9248,7 +9276,11 @@ type Control struct { CreatedBy *string `locationName:"createdBy" min:"1" type:"string" sensitive:"true"` // The description of the control. - Description *string `locationName:"description" type:"string"` + // + // Description is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by Control's + // String and GoString methods. + Description *string `locationName:"description" type:"string" sensitive:"true"` // The unique identifier for the control. Id *string `locationName:"id" min:"36" type:"string"` @@ -9266,6 +9298,12 @@ type Control struct { // The name of the control. Name *string `locationName:"name" min:"1" type:"string"` + // The state of the control. The END_OF_SUPPORT state is applicable to standard + // controls only. This state indicates that the standard control can still be + // used to collect evidence, but Audit Manager is no longer updating or maintaining + // that control. + State *string `locationName:"state" type:"string" enum:"ControlState"` + // The tags associated with the control. Tags map[string]*string `locationName:"tags" type:"map"` @@ -9370,6 +9408,12 @@ func (s *Control) SetName(v string) *Control { return s } +// SetState sets the State field's value. +func (s *Control) SetState(v string) *Control { + s.State = &v + return s +} + // SetTags sets the Tags field's value. func (s *Control) SetTags(v map[string]*string) *Control { s.Tags = v @@ -9462,14 +9506,18 @@ type ControlDomainInsights struct { // with the control domain. EvidenceInsights *EvidenceInsights `locationName:"evidenceInsights" type:"structure"` - // The unique identifier for the control domain. - Id *string `locationName:"id" min:"36" type:"string"` + // The unique identifier for the control domain. Audit Manager supports the + // control domains that are provided by Amazon Web Services Control Catalog. + // For information about how to find a list of available control domains, see + // ListDomains (https://docs.aws.amazon.com/controlcatalog/latest/APIReference/API_ListDomains.html) + // in the Amazon Web Services Control Catalog API Reference. + Id *string `locationName:"id" min:"13" type:"string"` // The time when the control domain insights were last updated. LastUpdated *time.Time `locationName:"lastUpdated" type:"timestamp"` // The name of the control domain. - Name *string `locationName:"name" min:"1" type:"string"` + Name *string `locationName:"name" type:"string"` // The total number of controls in the control domain. TotalControlsCount *int64 `locationName:"totalControlsCount" type:"integer"` @@ -9545,13 +9593,13 @@ type ControlInsightsMetadataByAssessmentItem struct { EvidenceInsights *EvidenceInsights `locationName:"evidenceInsights" type:"structure"` // The unique identifier for the assessment control. - Id *string `locationName:"id" min:"36" type:"string"` + Id *string `locationName:"id" min:"13" type:"string"` // The time when the assessment control insights were last updated. LastUpdated *time.Time `locationName:"lastUpdated" type:"timestamp"` // The name of the assessment control. - Name *string `locationName:"name" min:"1" type:"string"` + Name *string `locationName:"name" type:"string"` } // String returns the string representation. @@ -9615,13 +9663,13 @@ type ControlInsightsMetadataItem struct { EvidenceInsights *EvidenceInsights `locationName:"evidenceInsights" type:"structure"` // The unique identifier for the control. - Id *string `locationName:"id" min:"36" type:"string"` + Id *string `locationName:"id" min:"13" type:"string"` // The time when the control insights were last updated. LastUpdated *time.Time `locationName:"lastUpdated" type:"timestamp"` // The name of the control. - Name *string `locationName:"name" min:"1" type:"string"` + Name *string `locationName:"name" type:"string"` } // String returns the string representation. @@ -9705,10 +9753,18 @@ type ControlMappingSource struct { SourceName *string `locationName:"sourceName" min:"1" type:"string"` // The setup option for the data source. This option reflects if the evidence - // collection is automated or manual. + // collection method is automated or manual. If you don’t provide a value + // for sourceSetUpOption, Audit Manager automatically infers and populates the + // correct value based on the sourceType that you specify. SourceSetUpOption *string `locationName:"sourceSetUpOption" type:"string" enum:"SourceSetUpOption"` - // Specifies one of the five data source types for evidence collection. + // Specifies which type of data source is used to collect evidence. + // + // * The source can be an individual data source type, such as AWS_Cloudtrail, + // AWS_Config, AWS_Security_Hub, AWS_API_Call, or MANUAL. + // + // * The source can also be a managed grouping of data sources, such as a + // Core_Control or a Common_Control. SourceType *string `locationName:"sourceType" type:"string" enum:"SourceType"` // The instructions for troubleshooting the control. @@ -10245,8 +10301,18 @@ type CreateAssessmentInput struct { // Roles is a required field Roles []*Role `locationName:"roles" type:"list" required:"true" sensitive:"true"` - // The wrapper that contains the Amazon Web Services accounts and services that - // are in scope for the assessment. + // The wrapper that contains the Amazon Web Services accounts that are in scope + // for the assessment. + // + // You no longer need to specify which Amazon Web Services are in scope when + // you create or update an assessment. Audit Manager infers the services in + // scope by examining your assessment controls and their data sources, and then + // mapping this information to the relevant Amazon Web Services. + // + // If an underlying data source changes for your assessment, we automatically + // update the services scope as needed to reflect the correct Amazon Web Services. + // This ensures that your assessment collects accurate and comprehensive evidence + // about all of the relevant services in your AWS environment. // // Scope is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CreateAssessmentInput's @@ -10561,7 +10627,11 @@ type CreateControlInput struct { ControlMappingSources []*CreateControlMappingSource `locationName:"controlMappingSources" min:"1" type:"list" required:"true"` // The description of the control. - Description *string `locationName:"description" type:"string"` + // + // Description is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateControlInput's + // String and GoString methods. + Description *string `locationName:"description" type:"string" sensitive:"true"` // The name of the control. // @@ -10671,7 +10741,7 @@ func (s *CreateControlInput) SetTestingInformation(v string) *CreateControlInput return s } -// The control mapping fields that represent the source for evidence collection, +// The mapping attributes that determine the evidence source for a given control, // along with related parameters and metadata. This doesn't contain mappingID. type CreateControlMappingSource struct { _ struct{} `type:"structure"` @@ -10707,11 +10777,19 @@ type CreateControlMappingSource struct { // The name of the control mapping data source. SourceName *string `locationName:"sourceName" min:"1" type:"string"` - // The setup option for the data source, which reflects if the evidence collection - // is automated or manual. + // The setup option for the data source. This option reflects if the evidence + // collection method is automated or manual. If you don’t provide a value + // for sourceSetUpOption, Audit Manager automatically infers and populates the + // correct value based on the sourceType that you specify. SourceSetUpOption *string `locationName:"sourceSetUpOption" type:"string" enum:"SourceSetUpOption"` - // Specifies one of the five types of data sources for evidence collection. + // Specifies which type of data source is used to collect evidence. + // + // * The source can be an individual data source type, such as AWS_Cloudtrail, + // AWS_Config, AWS_Security_Hub, AWS_API_Call, or MANUAL. + // + // * The source can also be a managed grouping of data sources, such as a + // Core_Control or a Common_Control. SourceType *string `locationName:"sourceType" type:"string" enum:"SourceType"` // The instructions for troubleshooting the control. @@ -14443,8 +14521,13 @@ type ListAssessmentControlInsightsByControlDomainInput struct { // The unique identifier for the control domain. // + // Audit Manager supports the control domains that are provided by Amazon Web + // Services Control Catalog. For information about how to find a list of available + // control domains, see ListDomains (https://docs.aws.amazon.com/controlcatalog/latest/APIReference/API_ListDomains.html) + // in the Amazon Web Services Control Catalog API Reference. + // // ControlDomainId is a required field - ControlDomainId *string `location:"querystring" locationName:"controlDomainId" min:"36" type:"string" required:"true"` + ControlDomainId *string `location:"querystring" locationName:"controlDomainId" min:"13" type:"string" required:"true"` // Represents the maximum number of results on a page or for an API request // call. @@ -14484,8 +14567,8 @@ func (s *ListAssessmentControlInsightsByControlDomainInput) Validate() error { if s.ControlDomainId == nil { invalidParams.Add(request.NewErrParamRequired("ControlDomainId")) } - if s.ControlDomainId != nil && len(*s.ControlDomainId) < 36 { - invalidParams.Add(request.NewErrParamMinLen("ControlDomainId", 36)) + if s.ControlDomainId != nil && len(*s.ControlDomainId) < 13 { + invalidParams.Add(request.NewErrParamMinLen("ControlDomainId", 13)) } if s.MaxResults != nil && *s.MaxResults < 1 { invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) @@ -15210,8 +15293,13 @@ type ListControlInsightsByControlDomainInput struct { // The unique identifier for the control domain. // + // Audit Manager supports the control domains that are provided by Amazon Web + // Services Control Catalog. For information about how to find a list of available + // control domains, see ListDomains (https://docs.aws.amazon.com/controlcatalog/latest/APIReference/API_ListDomains.html) + // in the Amazon Web Services Control Catalog API Reference. + // // ControlDomainId is a required field - ControlDomainId *string `location:"querystring" locationName:"controlDomainId" min:"36" type:"string" required:"true"` + ControlDomainId *string `location:"querystring" locationName:"controlDomainId" min:"13" type:"string" required:"true"` // Represents the maximum number of results on a page or for an API request // call. @@ -15245,8 +15333,8 @@ func (s *ListControlInsightsByControlDomainInput) Validate() error { if s.ControlDomainId == nil { invalidParams.Add(request.NewErrParamRequired("ControlDomainId")) } - if s.ControlDomainId != nil && len(*s.ControlDomainId) < 36 { - invalidParams.Add(request.NewErrParamMinLen("ControlDomainId", 36)) + if s.ControlDomainId != nil && len(*s.ControlDomainId) < 13 { + invalidParams.Add(request.NewErrParamMinLen("ControlDomainId", 13)) } if s.MaxResults != nil && *s.MaxResults < 1 { invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) @@ -15323,13 +15411,33 @@ func (s *ListControlInsightsByControlDomainOutput) SetNextToken(v string) *ListC type ListControlsInput struct { _ struct{} `type:"structure" nopayload:"true"` - // The type of control, such as a standard control or a custom control. + // A filter that narrows the list of controls to a specific resource from the + // Amazon Web Services Control Catalog. + // + // To use this parameter, specify the ARN of the Control Catalog resource. You + // can specify either a control domain, a control objective, or a common control. + // For information about how to find the ARNs for these resources, see ListDomains + // (https://docs.aws.amazon.com/controlcatalog/latest/APIReference/API_ListDomains.html), + // ListObjectives (https://docs.aws.amazon.com/controlcatalog/latest/APIReference/API_ListObjectives.html), + // and ListCommonControls (https://docs.aws.amazon.com/controlcatalog/latest/APIReference/API_ListCommonControls.html). + // + // You can only filter by one Control Catalog resource at a time. Specifying + // multiple resource ARNs isn’t currently supported. If you want to filter + // by more than one ARN, we recommend that you run the ListControls operation + // separately for each ARN. + // + // Alternatively, specify UNCATEGORIZED to list controls that aren't mapped + // to a Control Catalog resource. For example, this operation might return a + // list of custom controls that don't belong to any control domain or control + // objective. + ControlCatalogId *string `location:"querystring" locationName:"controlCatalogId" min:"13" type:"string"` + + // A filter that narrows the list of controls to a specific type. // // ControlType is a required field ControlType *string `location:"querystring" locationName:"controlType" type:"string" required:"true" enum:"ControlType"` - // Represents the maximum number of results on a page or for an API request - // call. + // The maximum number of results on a page or for an API request call. MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"` // The pagination token that's used to fetch the next set of results. @@ -15357,6 +15465,9 @@ func (s ListControlsInput) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *ListControlsInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "ListControlsInput"} + if s.ControlCatalogId != nil && len(*s.ControlCatalogId) < 13 { + invalidParams.Add(request.NewErrParamMinLen("ControlCatalogId", 13)) + } if s.ControlType == nil { invalidParams.Add(request.NewErrParamRequired("ControlType")) } @@ -15373,6 +15484,12 @@ func (s *ListControlsInput) Validate() error { return nil } +// SetControlCatalogId sets the ControlCatalogId field's value. +func (s *ListControlsInput) SetControlCatalogId(v string) *ListControlsInput { + s.ControlCatalogId = &v + return s +} + // SetControlType sets the ControlType field's value. func (s *ListControlsInput) SetControlType(v string) *ListControlsInput { s.ControlType = &v @@ -15444,7 +15561,7 @@ type ListKeywordsForDataSourceInput struct { // The control mapping data source that the keywords apply to. // // Source is a required field - Source *string `location:"querystring" locationName:"source" type:"string" required:"true" enum:"SourceType"` + Source *string `location:"querystring" locationName:"source" type:"string" required:"true" enum:"DataSourceType"` } // String returns the string representation. @@ -15505,7 +15622,7 @@ func (s *ListKeywordsForDataSourceInput) SetSource(v string) *ListKeywordsForDat type ListKeywordsForDataSourceOutput struct { _ struct{} `type:"structure"` - // The list of keywords for the event mapping source. + // The list of keywords for the control mapping source. Keywords []*string `locationName:"keywords" type:"list"` // The pagination token that's used to fetch the next set of results. @@ -16285,8 +16402,18 @@ func (s *Role) SetRoleType(v string) *Role { return s } -// The wrapper that contains the Amazon Web Services accounts and services that -// are in scope for the assessment. +// The wrapper that contains the Amazon Web Services accounts that are in scope +// for the assessment. +// +// You no longer need to specify which Amazon Web Services are in scope when +// you create or update an assessment. Audit Manager infers the services in +// scope by examining your assessment controls and their data sources, and then +// mapping this information to the relevant Amazon Web Services. +// +// If an underlying data source changes for your assessment, we automatically +// update the services scope as needed to reflect the correct Amazon Web Services. +// This ensures that your assessment collects accurate and comprehensive evidence +// about all of the relevant services in your AWS environment. type Scope struct { _ struct{} `type:"structure" sensitive:"true"` @@ -16298,7 +16425,13 @@ type Scope struct { AwsAccounts []*AWSAccount `locationName:"awsAccounts" min:"1" type:"list" sensitive:"true"` // The Amazon Web Services services that are included in the scope of the assessment. - AwsServices []*AWSService `locationName:"awsServices" type:"list"` + // + // This API parameter is no longer supported. If you use this parameter to specify + // one or more Amazon Web Services, Audit Manager ignores this input. Instead, + // the value for awsServices will show as empty. + // + // Deprecated: You can't specify services in scope when creating/updating an assessment. If you use the parameter to specify one or more AWS services, Audit Manager ignores the input. Instead the value of the parameter will show as empty indicating that the services are defined and managed by Audit Manager. + AwsServices []*AWSService `locationName:"awsServices" deprecated:"true" type:"list"` } // String returns the string representation. @@ -18056,7 +18189,11 @@ type UpdateControlInput struct { ControlMappingSources []*ControlMappingSource `locationName:"controlMappingSources" min:"1" type:"list" required:"true"` // The optional description of the control. - Description *string `locationName:"description" type:"string"` + // + // Description is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by UpdateControlInput's + // String and GoString methods. + Description *string `locationName:"description" type:"string" sensitive:"true"` // The name of the updated control. // @@ -18755,6 +18892,22 @@ func ControlSetStatus_Values() []string { } } +const ( + // ControlStateActive is a ControlState enum value + ControlStateActive = "ACTIVE" + + // ControlStateEndOfSupport is a ControlState enum value + ControlStateEndOfSupport = "END_OF_SUPPORT" +) + +// ControlState_Values returns all elements of the ControlState enum +func ControlState_Values() []string { + return []string{ + ControlStateActive, + ControlStateEndOfSupport, + } +} + const ( // ControlStatusUnderReview is a ControlStatus enum value ControlStatusUnderReview = "UNDER_REVIEW" @@ -18781,6 +18934,9 @@ const ( // ControlTypeCustom is a ControlType enum value ControlTypeCustom = "Custom" + + // ControlTypeCore is a ControlType enum value + ControlTypeCore = "Core" ) // ControlType_Values returns all elements of the ControlType enum @@ -18788,6 +18944,35 @@ func ControlType_Values() []string { return []string{ ControlTypeStandard, ControlTypeCustom, + ControlTypeCore, + } +} + +const ( + // DataSourceTypeAwsCloudtrail is a DataSourceType enum value + DataSourceTypeAwsCloudtrail = "AWS_Cloudtrail" + + // DataSourceTypeAwsConfig is a DataSourceType enum value + DataSourceTypeAwsConfig = "AWS_Config" + + // DataSourceTypeAwsSecurityHub is a DataSourceType enum value + DataSourceTypeAwsSecurityHub = "AWS_Security_Hub" + + // DataSourceTypeAwsApiCall is a DataSourceType enum value + DataSourceTypeAwsApiCall = "AWS_API_Call" + + // DataSourceTypeManual is a DataSourceType enum value + DataSourceTypeManual = "MANUAL" +) + +// DataSourceType_Values returns all elements of the DataSourceType enum +func DataSourceType_Values() []string { + return []string{ + DataSourceTypeAwsCloudtrail, + DataSourceTypeAwsConfig, + DataSourceTypeAwsSecurityHub, + DataSourceTypeAwsApiCall, + DataSourceTypeManual, } } @@ -19130,6 +19315,12 @@ const ( // SourceTypeManual is a SourceType enum value SourceTypeManual = "MANUAL" + + // SourceTypeCommonControl is a SourceType enum value + SourceTypeCommonControl = "Common_Control" + + // SourceTypeCoreControl is a SourceType enum value + SourceTypeCoreControl = "Core_Control" ) // SourceType_Values returns all elements of the SourceType enum @@ -19140,6 +19331,8 @@ func SourceType_Values() []string { SourceTypeAwsSecurityHub, SourceTypeAwsApiCall, SourceTypeManual, + SourceTypeCommonControl, + SourceTypeCoreControl, } } diff --git a/service/b2bi/api.go b/service/b2bi/api.go index 97a0bd97f4e..d70ffcd1acf 100644 --- a/service/b2bi/api.go +++ b/service/b2bi/api.go @@ -1398,6 +1398,24 @@ func (c *B2bi) ListCapabilitiesRequest(input *ListCapabilitiesInput) (req *reque // // See the AWS API reference guide for AWS B2B Data Interchange's // API operation ListCapabilities for usage and error information. +// +// Returned Error Types: +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ValidationException +// Occurs when a B2BI object cannot be validated against a request from another +// object. +// +// - ThrottlingException +// The request was denied due to throttling: the data speed and rendering may +// be limited depending on various parameters and conditions. +// +// - InternalServerException +// This exception is thrown when an error occurs in the Amazon Web Services +// B2B Data Interchange service. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/b2bi-2022-06-23/ListCapabilities func (c *B2bi) ListCapabilities(input *ListCapabilitiesInput) (*ListCapabilitiesOutput, error) { req, out := c.ListCapabilitiesRequest(input) @@ -1686,6 +1704,24 @@ func (c *B2bi) ListProfilesRequest(input *ListProfilesInput) (req *request.Reque // // See the AWS API reference guide for AWS B2B Data Interchange's // API operation ListProfiles for usage and error information. +// +// Returned Error Types: +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ValidationException +// Occurs when a B2BI object cannot be validated against a request from another +// object. +// +// - ThrottlingException +// The request was denied due to throttling: the data speed and rendering may +// be limited depending on various parameters and conditions. +// +// - InternalServerException +// This exception is thrown when an error occurs in the Amazon Web Services +// B2B Data Interchange service. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/b2bi-2022-06-23/ListProfiles func (c *B2bi) ListProfiles(input *ListProfilesInput) (*ListProfilesOutput, error) { req, out := c.ListProfilesRequest(input) @@ -1908,6 +1944,24 @@ func (c *B2bi) ListTransformersRequest(input *ListTransformersInput) (req *reque // // See the AWS API reference guide for AWS B2B Data Interchange's // API operation ListTransformers for usage and error information. +// +// Returned Error Types: +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ValidationException +// Occurs when a B2BI object cannot be validated against a request from another +// object. +// +// - ThrottlingException +// The request was denied due to throttling: the data speed and rendering may +// be limited depending on various parameters and conditions. +// +// - InternalServerException +// This exception is thrown when an error occurs in the Amazon Web Services +// B2B Data Interchange service. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/b2bi-2022-06-23/ListTransformers func (c *B2bi) ListTransformers(input *ListTransformersInput) (*ListTransformersOutput, error) { req, out := c.ListTransformersRequest(input) @@ -2041,6 +2095,10 @@ func (c *B2bi) StartTransformerJobRequest(input *StartTransformerJobInput) (req // // Returned Error Types: // +// - ConflictException +// A conflict exception is thrown when you attempt to delete a resource (such +// as a profile or a capability) that is being used by other resources. +// // - AccessDeniedException // You do not have sufficient access to perform this action. // @@ -3389,7 +3447,9 @@ type CreatePartnershipInput struct { _ struct{} `type:"structure"` // Specifies a list of the capabilities associated with this partnership. - Capabilities []*string `locationName:"capabilities" type:"list"` + // + // Capabilities is a required field + Capabilities []*string `locationName:"capabilities" type:"list" required:"true"` // Reserved for future use. ClientToken *string `locationName:"clientToken" type:"string" idempotencyToken:"true"` @@ -3448,6 +3508,9 @@ func (s CreatePartnershipInput) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *CreatePartnershipInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "CreatePartnershipInput"} + if s.Capabilities == nil { + invalidParams.Add(request.NewErrParamRequired("Capabilities")) + } if s.Email == nil { invalidParams.Add(request.NewErrParamRequired("Email")) } diff --git a/service/b2bi/examples_test.go b/service/b2bi/examples_test.go index 98f7c6ee5ee..7b978cf7678 100644 --- a/service/b2bi/examples_test.go +++ b/service/b2bi/examples_test.go @@ -618,6 +618,14 @@ func ExampleB2bi_ListCapabilities_shared00() { if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { + case b2bi.ErrCodeAccessDeniedException: + fmt.Println(b2bi.ErrCodeAccessDeniedException, aerr.Error()) + case b2bi.ErrCodeValidationException: + fmt.Println(b2bi.ErrCodeValidationException, aerr.Error()) + case b2bi.ErrCodeThrottlingException: + fmt.Println(b2bi.ErrCodeThrottlingException, aerr.Error()) + case b2bi.ErrCodeInternalServerException: + fmt.Println(b2bi.ErrCodeInternalServerException, aerr.Error()) default: fmt.Println(aerr.Error()) } @@ -685,6 +693,14 @@ func ExampleB2bi_ListProfiles_shared00() { if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { + case b2bi.ErrCodeAccessDeniedException: + fmt.Println(b2bi.ErrCodeAccessDeniedException, aerr.Error()) + case b2bi.ErrCodeValidationException: + fmt.Println(b2bi.ErrCodeValidationException, aerr.Error()) + case b2bi.ErrCodeThrottlingException: + fmt.Println(b2bi.ErrCodeThrottlingException, aerr.Error()) + case b2bi.ErrCodeInternalServerException: + fmt.Println(b2bi.ErrCodeInternalServerException, aerr.Error()) default: fmt.Println(aerr.Error()) } @@ -746,6 +762,14 @@ func ExampleB2bi_ListTransformers_shared00() { if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { + case b2bi.ErrCodeAccessDeniedException: + fmt.Println(b2bi.ErrCodeAccessDeniedException, aerr.Error()) + case b2bi.ErrCodeValidationException: + fmt.Println(b2bi.ErrCodeValidationException, aerr.Error()) + case b2bi.ErrCodeThrottlingException: + fmt.Println(b2bi.ErrCodeThrottlingException, aerr.Error()) + case b2bi.ErrCodeInternalServerException: + fmt.Println(b2bi.ErrCodeInternalServerException, aerr.Error()) default: fmt.Println(aerr.Error()) } @@ -782,6 +806,8 @@ func ExampleB2bi_StartTransformerJob_shared00() { if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { + case b2bi.ErrCodeConflictException: + fmt.Println(b2bi.ErrCodeConflictException, aerr.Error()) case b2bi.ErrCodeAccessDeniedException: fmt.Println(b2bi.ErrCodeAccessDeniedException, aerr.Error()) case b2bi.ErrCodeValidationException: diff --git a/service/codepipeline/api.go b/service/codepipeline/api.go index 82e3b1504a9..644fe9f98b7 100644 --- a/service/codepipeline/api.go +++ b/service/codepipeline/api.go @@ -1774,6 +1774,10 @@ func (c *CodePipeline) ListPipelineExecutionsRequest(input *ListPipelineExecutio // // Gets a summary of the most recent executions for a pipeline. // +// When applying the filter for pipeline executions that have succeeded in the +// stage, the operation returns all executions in the current pipeline version +// beginning on February 1, 2024. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -11213,9 +11217,6 @@ type ListActionExecutionsInput struct { // remaining results, make another call with the returned nextToken value. Action // execution history is retained for up to 12 months, based on action execution // start times. Default value is 100. - // - // Detailed execution history is available for executions run on or after February - // 21, 2019. MaxResults *int64 `locationName:"maxResults" min:"1" type:"integer"` // The token that was returned from the previous ListActionExecutions call, @@ -15323,6 +15324,10 @@ func (s *SourceRevision) SetRevisionUrl(v string) *SourceRevision { // pipeline execution that's being started. A source revision is the version // with all the changes to your application code, or source artifact, for the // pipeline execution. +// +// For the S3_OBJECT_VERSION_ID and S3_OBJECT_KEY types of source revisions, +// either of the types can be used independently, or they can be used together +// to override the source with a specific ObjectKey and VersionID. type SourceRevisionOverride struct { _ struct{} `type:"structure"` @@ -17741,6 +17746,9 @@ const ( // SourceRevisionTypeS3ObjectVersionId is a SourceRevisionType enum value SourceRevisionTypeS3ObjectVersionId = "S3_OBJECT_VERSION_ID" + + // SourceRevisionTypeS3ObjectKey is a SourceRevisionType enum value + SourceRevisionTypeS3ObjectKey = "S3_OBJECT_KEY" ) // SourceRevisionType_Values returns all elements of the SourceRevisionType enum @@ -17749,6 +17757,7 @@ func SourceRevisionType_Values() []string { SourceRevisionTypeCommitId, SourceRevisionTypeImageDigest, SourceRevisionTypeS3ObjectVersionId, + SourceRevisionTypeS3ObjectKey, } } diff --git a/service/sagemaker/api.go b/service/sagemaker/api.go index 1d50627e250..49955d859ee 100644 --- a/service/sagemaker/api.go +++ b/service/sagemaker/api.go @@ -46641,8 +46641,10 @@ type CreateModelPackageInput struct { // schema is simplified compared to the schema of ModelCard. The ModelPackageModelCard // schema does not include model_package_details, and model_overview is composed // of the model_creator and model_artifact properties. For more information - // about the model card associated with the model package, see View the Details - // of a Model Version (https://docs.aws.amazon.com/sagemaker/latest/dg/model-registry-details.html). + // about the model package model card schema, see Model package model card schema + // (https://docs.aws.amazon.com/sagemaker/latest/dg/model-registry-details.html#model-card-schema). + // For more information about the model card associated with the model package, + // see View the Details of a Model Version (https://docs.aws.amazon.com/sagemaker/latest/dg/model-registry-details.html). ModelCard *ModelPackageModelCard `type:"structure"` // A structure that contains model metrics reports. @@ -64738,8 +64740,10 @@ type DescribeModelPackageOutput struct { // schema is simplified compared to the schema of ModelCard. The ModelPackageModelCard // schema does not include model_package_details, and model_overview is composed // of the model_creator and model_artifact properties. For more information - // about the model card associated with the model package, see View the Details - // of a Model Version (https://docs.aws.amazon.com/sagemaker/latest/dg/model-registry-details.html). + // about the model package model card schema, see Model package model card schema + // (https://docs.aws.amazon.com/sagemaker/latest/dg/model-registry-details.html#model-card-schema). + // For more information about the model card associated with the model package, + // see View the Details of a Model Version (https://docs.aws.amazon.com/sagemaker/latest/dg/model-registry-details.html). ModelCard *ModelPackageModelCard `type:"structure"` // Metrics for the model. @@ -97340,8 +97344,10 @@ type ModelPackage struct { // schema is simplified compared to the schema of ModelCard. The ModelPackageModelCard // schema does not include model_package_details, and model_overview is composed // of the model_creator and model_artifact properties. For more information - // about the model card associated with the model package, see View the Details - // of a Model Version (https://docs.aws.amazon.com/sagemaker/latest/dg/model-registry-details.html). + // about the model package model card schema, see Model package model card schema + // (https://docs.aws.amazon.com/sagemaker/latest/dg/model-registry-details.html#model-card-schema). + // For more information about the model card associated with the model package, + // see View the Details of a Model Version (https://docs.aws.amazon.com/sagemaker/latest/dg/model-registry-details.html). ModelCard *ModelPackageModelCard `type:"structure"` // Metrics for the model. @@ -97971,12 +97977,15 @@ func (s *ModelPackageGroupSummary) SetModelPackageGroupStatus(v string) *ModelPa // schema is simplified compared to the schema of ModelCard. The ModelPackageModelCard // schema does not include model_package_details, and model_overview is composed // of the model_creator and model_artifact properties. For more information -// about the model card associated with the model package, see View the Details -// of a Model Version (https://docs.aws.amazon.com/sagemaker/latest/dg/model-registry-details.html). +// about the model package model card schema, see Model package model card schema +// (https://docs.aws.amazon.com/sagemaker/latest/dg/model-registry-details.html#model-card-schema). +// For more information about the model card associated with the model package, +// see View the Details of a Model Version (https://docs.aws.amazon.com/sagemaker/latest/dg/model-registry-details.html). type ModelPackageModelCard struct { _ struct{} `type:"structure"` - // The content of the model card. + // The content of the model card. The content must follow the schema described + // in Model Package Model Card Schema (https://docs.aws.amazon.com/sagemaker/latest/dg/model-registry-details.html#model-card-schema). // // ModelCardContent is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by ModelPackageModelCard's @@ -105324,6 +105333,16 @@ type ProductionVariant struct { // endpoint by creating a new endpoint configuration and calling UpdateEndpoint. EnableSSMAccess *bool `type:"boolean"` + // Specifies an option from a collection of preconfigured Amazon Machine Image + // (AMI) images. Each image is configured by Amazon Web Services with a set + // of software and driver versions. Amazon Web Services optimizes these configurations + // for different machine learning workloads. + // + // By selecting an AMI version, you can ensure that your inference environment + // is compatible with specific software requirements, such as CUDA driver versions, + // Linux kernel versions, or Amazon Web Services Neuron driver versions. + InferenceAmiVersion *string `type:"string" enum:"ProductionVariantInferenceAmiVersion"` + // Number of instances to launch initially. InitialInstanceCount *int64 `min:"1" type:"integer"` @@ -105455,6 +105474,12 @@ func (s *ProductionVariant) SetEnableSSMAccess(v bool) *ProductionVariant { return s } +// SetInferenceAmiVersion sets the InferenceAmiVersion field's value. +func (s *ProductionVariant) SetInferenceAmiVersion(v string) *ProductionVariant { + s.InferenceAmiVersion = &v + return s +} + // SetInitialInstanceCount sets the InitialInstanceCount field's value. func (s *ProductionVariant) SetInitialInstanceCount(v int64) *ProductionVariant { s.InitialInstanceCount = &v @@ -123179,8 +123204,10 @@ type UpdateModelPackageInput struct { // schema is simplified compared to the schema of ModelCard. The ModelPackageModelCard // schema does not include model_package_details, and model_overview is composed // of the model_creator and model_artifact properties. For more information - // about the model card associated with the model package, see View the Details - // of a Model Version (https://docs.aws.amazon.com/sagemaker/latest/dg/model-registry-details.html). + // about the model package model card schema, see Model package model card schema + // (https://docs.aws.amazon.com/sagemaker/latest/dg/model-registry-details.html#model-card-schema). + // For more information about the model card associated with the model package, + // see View the Details of a Model Version (https://docs.aws.amazon.com/sagemaker/latest/dg/model-registry-details.html). ModelCard *ModelPackageModelCard `type:"structure"` // The Amazon Resource Name (ARN) of the model package. @@ -132446,6 +132473,18 @@ func ProductionVariantAcceleratorType_Values() []string { } } +const ( + // ProductionVariantInferenceAmiVersionAl2AmiSagemakerInferenceGpu2 is a ProductionVariantInferenceAmiVersion enum value + ProductionVariantInferenceAmiVersionAl2AmiSagemakerInferenceGpu2 = "al2-ami-sagemaker-inference-gpu-2" +) + +// ProductionVariantInferenceAmiVersion_Values returns all elements of the ProductionVariantInferenceAmiVersion enum +func ProductionVariantInferenceAmiVersion_Values() []string { + return []string{ + ProductionVariantInferenceAmiVersionAl2AmiSagemakerInferenceGpu2, + } +} + const ( // ProductionVariantInstanceTypeMlT2Medium is a ProductionVariantInstanceType enum value ProductionVariantInstanceTypeMlT2Medium = "ml.t2.medium" diff --git a/service/verifiedpermissions/api.go b/service/verifiedpermissions/api.go index 4ad1f7a1623..e4208c4dd17 100644 --- a/service/verifiedpermissions/api.go +++ b/service/verifiedpermissions/api.go @@ -363,34 +363,32 @@ func (c *VerifiedPermissions) CreateIdentitySourceRequest(input *CreateIdentityS // CreateIdentitySource API operation for Amazon Verified Permissions. // -// Creates a reference to an Amazon Cognito user pool as an external identity -// provider (IdP). +// Adds an identity source to a policy store–an Amazon Cognito user pool or +// OpenID Connect (OIDC) identity provider (IdP). // // After you create an identity source, you can use the identities provided // by the IdP as proxies for the principal in authorization queries that use // the IsAuthorizedWithToken (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html) -// operation. These identities take the form of tokens that contain claims about -// the user, such as IDs, attributes and group memberships. Amazon Cognito provides -// both identity tokens and access tokens, and Verified Permissions can use -// either or both. Any combination of identity and access tokens results in -// the same Cedar principal. Verified Permissions automatically translates the -// information about the identities into the standard Cedar attributes that -// can be evaluated by your policies. Because the Amazon Cognito identity and -// access tokens can contain different information, the tokens you choose to -// use determine which principal attributes are available to access when evaluating -// Cedar policies. +// or BatchIsAuthorizedWithToken (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_BatchIsAuthorizedWithToken.html) +// API operations. These identities take the form of tokens that contain claims +// about the user, such as IDs, attributes and group memberships. Identity sources +// provide identity (ID) tokens and access tokens. Verified Permissions derives +// information about your user and session from token claims. Access tokens +// provide action context to your policies, and ID tokens provide principal +// Attributes. // -// If you delete a Amazon Cognito user pool or user, tokens from that deleted -// pool or that deleted user continue to be usable until they expire. +// Tokens from an identity source user continue to be usable until they expire. +// Token revocation and resource deletion have no effect on the validity of +// a token in your policy store // -// To reference a user from this identity source in your Cedar policies, use -// the following syntax. +// To reference a user from this identity source in your Cedar policies, refer +// to the following syntax examples. // -// IdentityType::"