From 740d2418d9da9c6bac0f7dcc6bf1987fd7ced101 Mon Sep 17 00:00:00 2001 From: awstools Date: Mon, 20 Nov 2023 20:22:13 +0000 Subject: [PATCH] feat(client-ec2): This release adds support for Security group referencing over Transit gateways, enabling you to simplify Security group management and control of instance-to-instance traffic across VPCs that are connected by Transit gateway. --- ...cceptTransitGatewayVpcAttachmentCommand.ts | 1 + .../AuthorizeSecurityGroupEgressCommand.ts | 6 ++ .../commands/CreateCarrierGatewayCommand.ts | 3 +- .../commands/CreateTransitGatewayCommand.ts | 2 + ...reateTransitGatewayVpcAttachmentCommand.ts | 2 + .../src/commands/DeleteNatGatewayCommand.ts | 3 +- .../commands/DeleteTransitGatewayCommand.ts | 1 + ...eleteTransitGatewayVpcAttachmentCommand.ts | 1 + .../DescribeImportSnapshotTasksCommand.ts | 2 +- .../DescribeSecurityGroupReferencesCommand.ts | 3 +- .../DescribeStaleSecurityGroupsCommand.ts | 5 +- .../src/commands/DescribeSubnetsCommand.ts | 3 +- ...ribeTransitGatewayVpcAttachmentsCommand.ts | 1 + .../DescribeTransitGatewaysCommand.ts | 1 + .../src/commands/GetIpamPoolCidrsCommand.ts | 3 +- .../commands/ModifyTransitGatewayCommand.ts | 2 + ...odifyTransitGatewayVpcAttachmentCommand.ts | 2 + ...nsitGatewayMulticastGroupSourcesCommand.ts | 6 +- ...ejectTransitGatewayVpcAttachmentCommand.ts | 1 + clients/client-ec2/src/models/models_0.ts | 56 ++++++-------- clients/client-ec2/src/models/models_1.ts | 51 ++++++++----- clients/client-ec2/src/models/models_2.ts | 63 +++++++++++----- clients/client-ec2/src/models/models_3.ts | 57 +++++--------- clients/client-ec2/src/models/models_4.ts | 64 +++++++++++----- clients/client-ec2/src/models/models_5.ts | 37 +++++---- clients/client-ec2/src/models/models_6.ts | 43 ++++++++--- clients/client-ec2/src/models/models_7.ts | 18 ++++- clients/client-ec2/src/protocols/Aws_ec2.ts | 35 +++++++-- codegen/sdk-codegen/aws-models/ec2.json | 75 +++++++++++++++++-- 29 files changed, 360 insertions(+), 187 deletions(-) diff --git a/clients/client-ec2/src/commands/AcceptTransitGatewayVpcAttachmentCommand.ts b/clients/client-ec2/src/commands/AcceptTransitGatewayVpcAttachmentCommand.ts index 821ff098fb87..f362c5991758 100644 --- a/clients/client-ec2/src/commands/AcceptTransitGatewayVpcAttachmentCommand.ts +++ b/clients/client-ec2/src/commands/AcceptTransitGatewayVpcAttachmentCommand.ts @@ -71,6 +71,7 @@ export interface AcceptTransitGatewayVpcAttachmentCommandOutput * // CreationTime: new Date("TIMESTAMP"), * // Options: { // TransitGatewayVpcAttachmentOptions * // DnsSupport: "enable" || "disable", + * // SecurityGroupReferencingSupport: "enable" || "disable", * // Ipv6Support: "enable" || "disable", * // ApplianceModeSupport: "enable" || "disable", * // }, diff --git a/clients/client-ec2/src/commands/AuthorizeSecurityGroupEgressCommand.ts b/clients/client-ec2/src/commands/AuthorizeSecurityGroupEgressCommand.ts index 8888cc42f21c..4c567db750ec 100644 --- a/clients/client-ec2/src/commands/AuthorizeSecurityGroupEgressCommand.ts +++ b/clients/client-ec2/src/commands/AuthorizeSecurityGroupEgressCommand.ts @@ -50,6 +50,12 @@ export interface AuthorizeSecurityGroupEgressCommandOutput * You can use -1 for the type or code to mean all types or all codes.

*

Rule changes are propagated to affected instances as quickly as possible. However, a small delay might occur.

*

For information about VPC security group quotas, see Amazon VPC quotas.

+ * + *

If you want to reference a security group across VPCs attached to a transit gateway using the + * security group + * referencing feature, note that you can only reference security groups + * for ingress rules. You cannot reference a security group for egress rules.

+ * * @example * Use a bare-bones client and the command you need to make an API call. * ```javascript diff --git a/clients/client-ec2/src/commands/CreateCarrierGatewayCommand.ts b/clients/client-ec2/src/commands/CreateCarrierGatewayCommand.ts index 97aa71302c19..2af9217d65b6 100644 --- a/clients/client-ec2/src/commands/CreateCarrierGatewayCommand.ts +++ b/clients/client-ec2/src/commands/CreateCarrierGatewayCommand.ts @@ -15,8 +15,7 @@ import { } from "@smithy/types"; import { EC2ClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../EC2Client"; -import { CreateCarrierGatewayRequest } from "../models/models_0"; -import { CreateCarrierGatewayResult } from "../models/models_1"; +import { CreateCarrierGatewayRequest, CreateCarrierGatewayResult } from "../models/models_1"; import { de_CreateCarrierGatewayCommand, se_CreateCarrierGatewayCommand } from "../protocols/Aws_ec2"; /** diff --git a/clients/client-ec2/src/commands/CreateTransitGatewayCommand.ts b/clients/client-ec2/src/commands/CreateTransitGatewayCommand.ts index 44a3f07b2574..1f5eb3eb5faf 100644 --- a/clients/client-ec2/src/commands/CreateTransitGatewayCommand.ts +++ b/clients/client-ec2/src/commands/CreateTransitGatewayCommand.ts @@ -65,6 +65,7 @@ export interface CreateTransitGatewayCommandOutput extends CreateTransitGatewayR * DefaultRouteTablePropagation: "enable" || "disable", * VpnEcmpSupport: "enable" || "disable", * DnsSupport: "enable" || "disable", + * SecurityGroupReferencingSupport: "enable" || "disable", * MulticastSupport: "enable" || "disable", * TransitGatewayCidrBlocks: [ // TransitGatewayCidrBlockStringList * "STRING_VALUE", @@ -105,6 +106,7 @@ export interface CreateTransitGatewayCommandOutput extends CreateTransitGatewayR * // PropagationDefaultRouteTableId: "STRING_VALUE", * // VpnEcmpSupport: "enable" || "disable", * // DnsSupport: "enable" || "disable", + * // SecurityGroupReferencingSupport: "enable" || "disable", * // MulticastSupport: "enable" || "disable", * // }, * // Tags: [ // TagList diff --git a/clients/client-ec2/src/commands/CreateTransitGatewayVpcAttachmentCommand.ts b/clients/client-ec2/src/commands/CreateTransitGatewayVpcAttachmentCommand.ts index 312b2c2addc0..bb5b5058475d 100644 --- a/clients/client-ec2/src/commands/CreateTransitGatewayVpcAttachmentCommand.ts +++ b/clients/client-ec2/src/commands/CreateTransitGatewayVpcAttachmentCommand.ts @@ -60,6 +60,7 @@ export interface CreateTransitGatewayVpcAttachmentCommandOutput * ], * Options: { // CreateTransitGatewayVpcAttachmentRequestOptions * DnsSupport: "enable" || "disable", + * SecurityGroupReferencingSupport: "enable" || "disable", * Ipv6Support: "enable" || "disable", * ApplianceModeSupport: "enable" || "disable", * }, @@ -91,6 +92,7 @@ export interface CreateTransitGatewayVpcAttachmentCommandOutput * // CreationTime: new Date("TIMESTAMP"), * // Options: { // TransitGatewayVpcAttachmentOptions * // DnsSupport: "enable" || "disable", + * // SecurityGroupReferencingSupport: "enable" || "disable", * // Ipv6Support: "enable" || "disable", * // ApplianceModeSupport: "enable" || "disable", * // }, diff --git a/clients/client-ec2/src/commands/DeleteNatGatewayCommand.ts b/clients/client-ec2/src/commands/DeleteNatGatewayCommand.ts index 95653995e6a8..3bd500bb81ea 100644 --- a/clients/client-ec2/src/commands/DeleteNatGatewayCommand.ts +++ b/clients/client-ec2/src/commands/DeleteNatGatewayCommand.ts @@ -15,8 +15,7 @@ import { } from "@smithy/types"; import { EC2ClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../EC2Client"; -import { DeleteNatGatewayRequest } from "../models/models_2"; -import { DeleteNatGatewayResult } from "../models/models_3"; +import { DeleteNatGatewayRequest, DeleteNatGatewayResult } from "../models/models_3"; import { de_DeleteNatGatewayCommand, se_DeleteNatGatewayCommand } from "../protocols/Aws_ec2"; /** diff --git a/clients/client-ec2/src/commands/DeleteTransitGatewayCommand.ts b/clients/client-ec2/src/commands/DeleteTransitGatewayCommand.ts index 5ec020308b20..ed562677c6a2 100644 --- a/clients/client-ec2/src/commands/DeleteTransitGatewayCommand.ts +++ b/clients/client-ec2/src/commands/DeleteTransitGatewayCommand.ts @@ -70,6 +70,7 @@ export interface DeleteTransitGatewayCommandOutput extends DeleteTransitGatewayR * // PropagationDefaultRouteTableId: "STRING_VALUE", * // VpnEcmpSupport: "enable" || "disable", * // DnsSupport: "enable" || "disable", + * // SecurityGroupReferencingSupport: "enable" || "disable", * // MulticastSupport: "enable" || "disable", * // }, * // Tags: [ // TagList diff --git a/clients/client-ec2/src/commands/DeleteTransitGatewayVpcAttachmentCommand.ts b/clients/client-ec2/src/commands/DeleteTransitGatewayVpcAttachmentCommand.ts index 8f81ef6771c2..52fa0fc5d6d1 100644 --- a/clients/client-ec2/src/commands/DeleteTransitGatewayVpcAttachmentCommand.ts +++ b/clients/client-ec2/src/commands/DeleteTransitGatewayVpcAttachmentCommand.ts @@ -68,6 +68,7 @@ export interface DeleteTransitGatewayVpcAttachmentCommandOutput * // CreationTime: new Date("TIMESTAMP"), * // Options: { // TransitGatewayVpcAttachmentOptions * // DnsSupport: "enable" || "disable", + * // SecurityGroupReferencingSupport: "enable" || "disable", * // Ipv6Support: "enable" || "disable", * // ApplianceModeSupport: "enable" || "disable", * // }, diff --git a/clients/client-ec2/src/commands/DescribeImportSnapshotTasksCommand.ts b/clients/client-ec2/src/commands/DescribeImportSnapshotTasksCommand.ts index 3825882eacfe..f10488f9b39d 100644 --- a/clients/client-ec2/src/commands/DescribeImportSnapshotTasksCommand.ts +++ b/clients/client-ec2/src/commands/DescribeImportSnapshotTasksCommand.ts @@ -15,8 +15,8 @@ import { } from "@smithy/types"; import { EC2ClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../EC2Client"; -import { DescribeImportSnapshotTasksRequest } from "../models/models_3"; import { + DescribeImportSnapshotTasksRequest, DescribeImportSnapshotTasksResult, DescribeImportSnapshotTasksResultFilterSensitiveLog, } from "../models/models_4"; diff --git a/clients/client-ec2/src/commands/DescribeSecurityGroupReferencesCommand.ts b/clients/client-ec2/src/commands/DescribeSecurityGroupReferencesCommand.ts index bd332fbceead..566ef97bbe7a 100644 --- a/clients/client-ec2/src/commands/DescribeSecurityGroupReferencesCommand.ts +++ b/clients/client-ec2/src/commands/DescribeSecurityGroupReferencesCommand.ts @@ -42,7 +42,7 @@ export interface DescribeSecurityGroupReferencesCommandOutput /** * @public - *

Describes the VPCs on the other side of a VPC peering connection that are referencing the security groups you've specified in this request.

+ *

Describes the VPCs on the other side of a VPC peering connection or the VPCs attached to a transit gateway that are referencing the security groups you've specified in this request.

* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript @@ -63,6 +63,7 @@ export interface DescribeSecurityGroupReferencesCommandOutput * // GroupId: "STRING_VALUE", * // ReferencingVpcId: "STRING_VALUE", * // VpcPeeringConnectionId: "STRING_VALUE", + * // TransitGatewayId: "STRING_VALUE", * // }, * // ], * // }; diff --git a/clients/client-ec2/src/commands/DescribeStaleSecurityGroupsCommand.ts b/clients/client-ec2/src/commands/DescribeStaleSecurityGroupsCommand.ts index f8bfd2a56396..4b879fbf2bfc 100644 --- a/clients/client-ec2/src/commands/DescribeStaleSecurityGroupsCommand.ts +++ b/clients/client-ec2/src/commands/DescribeStaleSecurityGroupsCommand.ts @@ -38,9 +38,8 @@ export interface DescribeStaleSecurityGroupsCommandOutput extends DescribeStaleS /** * @public *

Describes the stale security group rules for security groups in a specified VPC. - * Rules are stale when they reference a deleted security group in the same VPC or in a peer VPC, - * or if they reference a security group in a peer VPC for which the VPC peering connection has - * been deleted.

+ * Rules are stale when they reference a deleted security group in the same VPC, peered VPC, or in separate VPCs attached to a transit gateway (with security group referencing support enabled). Rules can also be stale if they reference a security group in a peer VPC for which the VPC peering connection has + * been deleted or if they reference a security group in a VPC that has been detached from a transit gateway.

* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript diff --git a/clients/client-ec2/src/commands/DescribeSubnetsCommand.ts b/clients/client-ec2/src/commands/DescribeSubnetsCommand.ts index 323a25a0feda..fcc109948eef 100644 --- a/clients/client-ec2/src/commands/DescribeSubnetsCommand.ts +++ b/clients/client-ec2/src/commands/DescribeSubnetsCommand.ts @@ -15,7 +15,8 @@ import { } from "@smithy/types"; import { EC2ClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../EC2Client"; -import { DescribeSubnetsRequest, DescribeSubnetsResult } from "../models/models_4"; +import { DescribeSubnetsRequest } from "../models/models_4"; +import { DescribeSubnetsResult } from "../models/models_5"; import { de_DescribeSubnetsCommand, se_DescribeSubnetsCommand } from "../protocols/Aws_ec2"; /** diff --git a/clients/client-ec2/src/commands/DescribeTransitGatewayVpcAttachmentsCommand.ts b/clients/client-ec2/src/commands/DescribeTransitGatewayVpcAttachmentsCommand.ts index 98a749575809..ab8b95d3736f 100644 --- a/clients/client-ec2/src/commands/DescribeTransitGatewayVpcAttachmentsCommand.ts +++ b/clients/client-ec2/src/commands/DescribeTransitGatewayVpcAttachmentsCommand.ts @@ -85,6 +85,7 @@ export interface DescribeTransitGatewayVpcAttachmentsCommandOutput * // CreationTime: new Date("TIMESTAMP"), * // Options: { // TransitGatewayVpcAttachmentOptions * // DnsSupport: "enable" || "disable", + * // SecurityGroupReferencingSupport: "enable" || "disable", * // Ipv6Support: "enable" || "disable", * // ApplianceModeSupport: "enable" || "disable", * // }, diff --git a/clients/client-ec2/src/commands/DescribeTransitGatewaysCommand.ts b/clients/client-ec2/src/commands/DescribeTransitGatewaysCommand.ts index a1a721d20790..f8bb629c9e48 100644 --- a/clients/client-ec2/src/commands/DescribeTransitGatewaysCommand.ts +++ b/clients/client-ec2/src/commands/DescribeTransitGatewaysCommand.ts @@ -84,6 +84,7 @@ export interface DescribeTransitGatewaysCommandOutput extends DescribeTransitGat * // PropagationDefaultRouteTableId: "STRING_VALUE", * // VpnEcmpSupport: "enable" || "disable", * // DnsSupport: "enable" || "disable", + * // SecurityGroupReferencingSupport: "enable" || "disable", * // MulticastSupport: "enable" || "disable", * // }, * // Tags: [ // TagList diff --git a/clients/client-ec2/src/commands/GetIpamPoolCidrsCommand.ts b/clients/client-ec2/src/commands/GetIpamPoolCidrsCommand.ts index cf6349353735..d1bb1eefdfb3 100644 --- a/clients/client-ec2/src/commands/GetIpamPoolCidrsCommand.ts +++ b/clients/client-ec2/src/commands/GetIpamPoolCidrsCommand.ts @@ -15,7 +15,8 @@ import { } from "@smithy/types"; import { EC2ClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../EC2Client"; -import { GetIpamPoolCidrsRequest, GetIpamPoolCidrsResult } from "../models/models_5"; +import { GetIpamPoolCidrsRequest } from "../models/models_5"; +import { GetIpamPoolCidrsResult } from "../models/models_6"; import { de_GetIpamPoolCidrsCommand, se_GetIpamPoolCidrsCommand } from "../protocols/Aws_ec2"; /** diff --git a/clients/client-ec2/src/commands/ModifyTransitGatewayCommand.ts b/clients/client-ec2/src/commands/ModifyTransitGatewayCommand.ts index 9b77ddf039b5..f2dcab3b9b59 100644 --- a/clients/client-ec2/src/commands/ModifyTransitGatewayCommand.ts +++ b/clients/client-ec2/src/commands/ModifyTransitGatewayCommand.ts @@ -56,6 +56,7 @@ export interface ModifyTransitGatewayCommandOutput extends ModifyTransitGatewayR * ], * VpnEcmpSupport: "enable" || "disable", * DnsSupport: "enable" || "disable", + * SecurityGroupReferencingSupport: "enable" || "disable", * AutoAcceptSharedAttachments: "enable" || "disable", * DefaultRouteTableAssociation: "enable" || "disable", * AssociationDefaultRouteTableId: "STRING_VALUE", @@ -87,6 +88,7 @@ export interface ModifyTransitGatewayCommandOutput extends ModifyTransitGatewayR * // PropagationDefaultRouteTableId: "STRING_VALUE", * // VpnEcmpSupport: "enable" || "disable", * // DnsSupport: "enable" || "disable", + * // SecurityGroupReferencingSupport: "enable" || "disable", * // MulticastSupport: "enable" || "disable", * // }, * // Tags: [ // TagList diff --git a/clients/client-ec2/src/commands/ModifyTransitGatewayVpcAttachmentCommand.ts b/clients/client-ec2/src/commands/ModifyTransitGatewayVpcAttachmentCommand.ts index 9a0da1dc38eb..89dbce233b4b 100644 --- a/clients/client-ec2/src/commands/ModifyTransitGatewayVpcAttachmentCommand.ts +++ b/clients/client-ec2/src/commands/ModifyTransitGatewayVpcAttachmentCommand.ts @@ -59,6 +59,7 @@ export interface ModifyTransitGatewayVpcAttachmentCommandOutput * ], * Options: { // ModifyTransitGatewayVpcAttachmentRequestOptions * DnsSupport: "enable" || "disable", + * SecurityGroupReferencingSupport: "enable" || "disable", * Ipv6Support: "enable" || "disable", * ApplianceModeSupport: "enable" || "disable", * }, @@ -79,6 +80,7 @@ export interface ModifyTransitGatewayVpcAttachmentCommandOutput * // CreationTime: new Date("TIMESTAMP"), * // Options: { // TransitGatewayVpcAttachmentOptions * // DnsSupport: "enable" || "disable", + * // SecurityGroupReferencingSupport: "enable" || "disable", * // Ipv6Support: "enable" || "disable", * // ApplianceModeSupport: "enable" || "disable", * // }, diff --git a/clients/client-ec2/src/commands/RegisterTransitGatewayMulticastGroupSourcesCommand.ts b/clients/client-ec2/src/commands/RegisterTransitGatewayMulticastGroupSourcesCommand.ts index 1fe98a3be3c4..32fc1ca8e43a 100644 --- a/clients/client-ec2/src/commands/RegisterTransitGatewayMulticastGroupSourcesCommand.ts +++ b/clients/client-ec2/src/commands/RegisterTransitGatewayMulticastGroupSourcesCommand.ts @@ -15,10 +15,8 @@ import { } from "@smithy/types"; import { EC2ClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../EC2Client"; -import { - RegisterTransitGatewayMulticastGroupSourcesRequest, - RegisterTransitGatewayMulticastGroupSourcesResult, -} from "../models/models_6"; +import { RegisterTransitGatewayMulticastGroupSourcesRequest } from "../models/models_6"; +import { RegisterTransitGatewayMulticastGroupSourcesResult } from "../models/models_7"; import { de_RegisterTransitGatewayMulticastGroupSourcesCommand, se_RegisterTransitGatewayMulticastGroupSourcesCommand, diff --git a/clients/client-ec2/src/commands/RejectTransitGatewayVpcAttachmentCommand.ts b/clients/client-ec2/src/commands/RejectTransitGatewayVpcAttachmentCommand.ts index 72c7e39d7aa2..1ce0e9384d42 100644 --- a/clients/client-ec2/src/commands/RejectTransitGatewayVpcAttachmentCommand.ts +++ b/clients/client-ec2/src/commands/RejectTransitGatewayVpcAttachmentCommand.ts @@ -71,6 +71,7 @@ export interface RejectTransitGatewayVpcAttachmentCommandOutput * // CreationTime: new Date("TIMESTAMP"), * // Options: { // TransitGatewayVpcAttachmentOptions * // DnsSupport: "enable" || "disable", + * // SecurityGroupReferencingSupport: "enable" || "disable", * // Ipv6Support: "enable" || "disable", * // ApplianceModeSupport: "enable" || "disable", * // }, diff --git a/clients/client-ec2/src/models/models_0.ts b/clients/client-ec2/src/models/models_0.ts index 57ab2d2c9cc5..6a56f08bbff2 100644 --- a/clients/client-ec2/src/models/models_0.ts +++ b/clients/client-ec2/src/models/models_0.ts @@ -830,6 +830,21 @@ export const Ipv6SupportValue = { */ export type Ipv6SupportValue = (typeof Ipv6SupportValue)[keyof typeof Ipv6SupportValue]; +/** + * @public + * @enum + */ +export const SecurityGroupReferencingSupportValue = { + disable: "disable", + enable: "enable", +} as const; + +/** + * @public + */ +export type SecurityGroupReferencingSupportValue = + (typeof SecurityGroupReferencingSupportValue)[keyof typeof SecurityGroupReferencingSupportValue]; + /** * @public *

Describes the VPC attachment options.

@@ -841,6 +856,12 @@ export interface TransitGatewayVpcAttachmentOptions { */ DnsSupport?: DnsSupportValue; + /** + * @public + *

For important information about this feature, see Create a transit gateway attachment to a VPC in the Amazon Web Services Transit Gateway Guide.

+ */ + SecurityGroupReferencingSupport?: SecurityGroupReferencingSupportValue; + /** * @public *

Indicates whether IPv6 support is disabled.

@@ -6549,7 +6570,7 @@ export interface ReferencedSecurityGroup { /** * @public - *

The ID of the VPC peering connection.

+ *

The ID of the VPC peering connection (if applicable).

*/ VpcPeeringConnectionId?: string; } @@ -9643,39 +9664,6 @@ export interface CreateCapacityReservationFleetResult { Tags?: Tag[]; } -/** - * @public - */ -export interface CreateCarrierGatewayRequest { - /** - * @public - *

The ID of the VPC to associate with the carrier gateway.

- */ - VpcId: string | undefined; - - /** - * @public - *

The tags to associate with the carrier gateway.

- */ - TagSpecifications?: TagSpecification[]; - - /** - * @public - *

Checks whether you have the required permissions for the action, without actually making the request, - * and provides an error response. If you have the required permissions, the error response is DryRunOperation. - * Otherwise, it is UnauthorizedOperation.

- */ - DryRun?: boolean; - - /** - * @public - *

Unique, case-sensitive identifier that you provide to ensure the idempotency of the - * request. For more information, see How to ensure - * idempotency.

- */ - ClientToken?: string; -} - /** * @internal */ diff --git a/clients/client-ec2/src/models/models_1.ts b/clients/client-ec2/src/models/models_1.ts index 1684c86706e0..8ec9c6891487 100644 --- a/clients/client-ec2/src/models/models_1.ts +++ b/clients/client-ec2/src/models/models_1.ts @@ -30,6 +30,39 @@ import { WeekDay, } from "./models_0"; +/** + * @public + */ +export interface CreateCarrierGatewayRequest { + /** + * @public + *

The ID of the VPC to associate with the carrier gateway.

+ */ + VpcId: string | undefined; + + /** + * @public + *

The tags to associate with the carrier gateway.

+ */ + TagSpecifications?: TagSpecification[]; + + /** + * @public + *

Checks whether you have the required permissions for the action, without actually making the request, + * and provides an error response. If you have the required permissions, the error response is DryRunOperation. + * Otherwise, it is UnauthorizedOperation.

+ */ + DryRun?: boolean; + + /** + * @public + *

Unique, case-sensitive identifier that you provide to ensure the idempotency of the + * request. For more information, see How to ensure + * idempotency.

+ */ + ClientToken?: string; +} + /** * @public * @enum @@ -10925,24 +10958,6 @@ export const NetworkInterfaceType = { */ export type NetworkInterfaceType = (typeof NetworkInterfaceType)[keyof typeof NetworkInterfaceType]; -/** - * @public - *

Describes an IPv6 address associated with a network interface.

- */ -export interface NetworkInterfaceIpv6Address { - /** - * @public - *

The IPv6 address.

- */ - Ipv6Address?: string; - - /** - * @public - *

Determines if an IPv6 address associated with a network interface is the primary IPv6 address. When you enable an IPv6 GUA address to be a primary IPv6, the first IPv6 GUA will be made the primary IPv6 address until the instance is terminated or the network interface is detached. For more information, see ModifyNetworkInterfaceAttribute.

- */ - IsPrimaryIpv6?: boolean; -} - /** * @internal */ diff --git a/clients/client-ec2/src/models/models_2.ts b/clients/client-ec2/src/models/models_2.ts index 2c43fdabf178..dee940c530e0 100644 --- a/clients/client-ec2/src/models/models_2.ts +++ b/clients/client-ec2/src/models/models_2.ts @@ -12,6 +12,7 @@ import { Ipv6SupportValue, ReservedInstancesListing, RouteTableAssociationState, + SecurityGroupReferencingSupportValue, Tag, TagSpecification, TransitGatewayAttachmentResourceType, @@ -51,7 +52,6 @@ import { ManagedPrefixList, NetworkInterfaceAssociation, NetworkInterfaceAttachment, - NetworkInterfaceIpv6Address, NetworkInterfaceType, Subnet, Tenancy, @@ -59,6 +59,24 @@ import { Vpc, } from "./models_1"; +/** + * @public + *

Describes an IPv6 address associated with a network interface.

+ */ +export interface NetworkInterfaceIpv6Address { + /** + * @public + *

The IPv6 address.

+ */ + Ipv6Address?: string; + + /** + * @public + *

Determines if an IPv6 address associated with a network interface is the primary IPv6 address. When you enable an IPv6 GUA address to be a primary IPv6, the first IPv6 GUA will be made the primary IPv6 address until the instance is terminated or the network interface is detached. For more information, see ModifyNetworkInterfaceAttribute.

+ */ + IsPrimaryIpv6?: boolean; +} + /** * @public *

Describes the IPv6 prefix.

@@ -3038,6 +3056,13 @@ export interface TransitGatewayRequestOptions { */ DnsSupport?: DnsSupportValue; + /** + * @public + *

Enables you to reference a security group across VPCs attached to a transit gateway (TGW). Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature.

+ *

For important information about this feature, see Create a transit gateway in the Amazon Web Services Transit Gateway Guide.

+ */ + SecurityGroupReferencingSupport?: SecurityGroupReferencingSupportValue; + /** * @public *

Indicates whether multicast is enabled on the transit gateway

@@ -3142,6 +3167,13 @@ export interface TransitGatewayOptions { */ DnsSupport?: DnsSupportValue; + /** + * @public + *

Enables you to reference a security group across VPCs attached to a transit gateway (TGW). Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature.

+ *

For important information about this feature, see Create a transit gateway in the Amazon Web Services Transit Gateway Guide.

+ */ + SecurityGroupReferencingSupport?: SecurityGroupReferencingSupportValue; + /** * @public *

Indicates whether multicast is enabled on the transit gateway

@@ -4483,6 +4515,16 @@ export interface CreateTransitGatewayVpcAttachmentRequestOptions { */ DnsSupport?: DnsSupportValue; + /** + * @public + *

Enables you to reference a security group across VPCs attached to a transit gateway (TGW). Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature.

+ *

If you don't enable or disable SecurityGroupReferencingSupport in the request, the + * attachment will inherit the security group referencing support setting on the transit + * gateway.

+ *

For important information about this feature, see Create a transit gateway attachment to a VPC in the Amazon Web Services Transit Gateway Guide.

+ */ + SecurityGroupReferencingSupport?: SecurityGroupReferencingSupportValue; + /** * @public *

Enable or disable IPv6 support. The default is disable.

@@ -9021,25 +9063,6 @@ export interface DeleteManagedPrefixListResult { PrefixList?: ManagedPrefixList; } -/** - * @public - */ -export interface DeleteNatGatewayRequest { - /** - * @public - *

Checks whether you have the required permissions for the action, without actually making the request, - * and provides an error response. If you have the required permissions, the error response is DryRunOperation. - * Otherwise, it is UnauthorizedOperation.

- */ - DryRun?: boolean; - - /** - * @public - *

The ID of the NAT gateway.

- */ - NatGatewayId: string | undefined; -} - /** * @internal */ diff --git a/clients/client-ec2/src/models/models_3.ts b/clients/client-ec2/src/models/models_3.ts index be786ae79b1d..61fb7d01743d 100644 --- a/clients/client-ec2/src/models/models_3.ts +++ b/clients/client-ec2/src/models/models_3.ts @@ -86,6 +86,25 @@ import { VerifiedAccessGroup, } from "./models_2"; +/** + * @public + */ +export interface DeleteNatGatewayRequest { + /** + * @public + *

Checks whether you have the required permissions for the action, without actually making the request, + * and provides an error response. If you have the required permissions, the error response is DryRunOperation. + * Otherwise, it is UnauthorizedOperation.

+ */ + DryRun?: boolean; + + /** + * @public + *

The ID of the NAT gateway.

+ */ + NatGatewayId: string | undefined; +} + /** * @public */ @@ -9320,44 +9339,6 @@ export interface DescribeImportImageTasksResult { NextToken?: string; } -/** - * @public - */ -export interface DescribeImportSnapshotTasksRequest { - /** - * @public - *

Checks whether you have the required permissions for the action, without actually making the request, - * and provides an error response. If you have the required permissions, the error response is DryRunOperation. - * Otherwise, it is UnauthorizedOperation.

- */ - DryRun?: boolean; - - /** - * @public - *

The filters.

- */ - Filters?: Filter[]; - - /** - * @public - *

A list of import snapshot task IDs.

- */ - ImportTaskIds?: string[]; - - /** - * @public - *

The maximum number of results to return in a single call. To retrieve the remaining results, make another call - * with the returned NextToken value.

- */ - MaxResults?: number; - - /** - * @public - *

A token that indicates the next page of results.

- */ - NextToken?: string; -} - /** * @internal */ diff --git a/clients/client-ec2/src/models/models_4.ts b/clients/client-ec2/src/models/models_4.ts index 564a16f447d8..994284ab9fa2 100644 --- a/clients/client-ec2/src/models/models_4.ts +++ b/clients/client-ec2/src/models/models_4.ts @@ -65,7 +65,6 @@ import { PrivateIpAddressSpecification, SpotInstanceType, StateReason, - Subnet, TargetCapacityUnitType, Tenancy, } from "./models_1"; @@ -98,6 +97,44 @@ import { VirtualizationType, } from "./models_3"; +/** + * @public + */ +export interface DescribeImportSnapshotTasksRequest { + /** + * @public + *

Checks whether you have the required permissions for the action, without actually making the request, + * and provides an error response. If you have the required permissions, the error response is DryRunOperation. + * Otherwise, it is UnauthorizedOperation.

+ */ + DryRun?: boolean; + + /** + * @public + *

The filters.

+ */ + Filters?: Filter[]; + + /** + * @public + *

A list of import snapshot task IDs.

+ */ + ImportTaskIds?: string[]; + + /** + * @public + *

The maximum number of results to return in a single call. To retrieve the remaining results, make another call + * with the returned NextToken value.

+ */ + MaxResults?: number; + + /** + * @public + *

A token that indicates the next page of results.

+ */ + NextToken?: string; +} + /** * @public *

Details about the import snapshot task.

@@ -9722,9 +9759,15 @@ export interface SecurityGroupReference { /** * @public - *

The ID of the VPC peering connection.

+ *

The ID of the VPC peering connection (if applicable). For more information about security group referencing for peering connections, see Update your security groups to reference peer security groups in the VPC Peering Guide.

*/ VpcPeeringConnectionId?: string; + + /** + * @public + *

The ID of the transit gateway (if applicable). For more information about security group referencing for transit gateways, see Create a transit gateway attachment to a VPC in the Amazon Web Services Transit Gateway Guide.

+ */ + TransitGatewayId?: string; } /** @@ -12884,23 +12927,6 @@ export interface DescribeSubnetsRequest { MaxResults?: number; } -/** - * @public - */ -export interface DescribeSubnetsResult { - /** - * @public - *

Information about one or more subnets.

- */ - Subnets?: Subnet[]; - - /** - * @public - *

The token to include in another request to get the next page of items. This value is null when there are no more items to return.

- */ - NextToken?: string; -} - /** * @internal */ diff --git a/clients/client-ec2/src/models/models_5.ts b/clients/client-ec2/src/models/models_5.ts index de8163f89dc0..87435ef96483 100644 --- a/clients/client-ec2/src/models/models_5.ts +++ b/clients/client-ec2/src/models/models_5.ts @@ -31,7 +31,7 @@ import { VpcIpv6CidrBlockAssociation, VpcPeeringConnection, } from "./models_0"; -import { DiskImageFormat, InstanceRequirementsRequest, IpamResourceTag, VolumeType, Vpc } from "./models_1"; +import { DiskImageFormat, InstanceRequirementsRequest, IpamResourceTag, Subnet, VolumeType, Vpc } from "./models_1"; import { ConnectionNotification, DnsEntry, @@ -69,7 +69,6 @@ import { FastLaunchStateCode, FastSnapshotRestoreStateCode, Filter, - IpamPoolCidr, MetricType, PaymentOption, PeriodType, @@ -79,6 +78,23 @@ import { } from "./models_3"; import { ArchitectureType, AttributeBooleanValue } from "./models_4"; +/** + * @public + */ +export interface DescribeSubnetsResult { + /** + * @public + *

Information about one or more subnets.

+ */ + Subnets?: Subnet[]; + + /** + * @public + *

The token to include in another request to get the next page of items. This value is null when there are no more items to return.

+ */ + NextToken?: string; +} + /** * @public */ @@ -8621,23 +8637,6 @@ export interface GetIpamPoolCidrsRequest { NextToken?: string; } -/** - * @public - */ -export interface GetIpamPoolCidrsResult { - /** - * @public - *

Information about the CIDRs provisioned to an IPAM pool.

- */ - IpamPoolCidrs?: IpamPoolCidr[]; - - /** - * @public - *

The token to use to retrieve the next page of results. This value is null when there are no more results to return.

- */ - NextToken?: string; -} - /** * @internal */ diff --git a/clients/client-ec2/src/models/models_6.ts b/clients/client-ec2/src/models/models_6.ts index 1975f07787d7..4a8a3e15f3cb 100644 --- a/clients/client-ec2/src/models/models_6.ts +++ b/clients/client-ec2/src/models/models_6.ts @@ -22,6 +22,7 @@ import { HostRecovery, InstanceEventWindow, Ipv6SupportValue, + SecurityGroupReferencingSupportValue, SubnetAssociation, Tag, TagSpecification, @@ -163,6 +164,23 @@ import { VolumeModification, } from "./models_5"; +/** + * @public + */ +export interface GetIpamPoolCidrsResult { + /** + * @public + *

Information about the CIDRs provisioned to an IPAM pool.

+ */ + IpamPoolCidrs?: IpamPoolCidr[]; + + /** + * @public + *

The token to use to retrieve the next page of results. This value is null when there are no more results to return.

+ */ + NextToken?: string; +} + /** * @public */ @@ -6512,6 +6530,13 @@ export interface ModifyTransitGatewayOptions { */ DnsSupport?: DnsSupportValue; + /** + * @public + *

Enables you to reference a security group across VPCs attached to a transit gateway (TGW). Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature.

+ *

For important information about this feature, see Create a transit gateway in the Amazon Web Services Transit Gateway Guide.

+ */ + SecurityGroupReferencingSupport?: SecurityGroupReferencingSupportValue; + /** * @public *

Enable or disable automatic acceptance of attachment requests.

@@ -6652,6 +6677,13 @@ export interface ModifyTransitGatewayVpcAttachmentRequestOptions { */ DnsSupport?: DnsSupportValue; + /** + * @public + *

Enables you to reference a security group across VPCs attached to a transit gateway (TGW). Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature.

+ *

For important information about this feature, see Create a transit gateway attachment to a VPC in the Amazon Web Services Transit Gateway Guide.

+ */ + SecurityGroupReferencingSupport?: SecurityGroupReferencingSupportValue; + /** * @public *

Enable or disable IPv6 support. The default is enable.

@@ -9400,17 +9432,6 @@ export interface TransitGatewayMulticastRegisteredGroupSources { GroupIpAddress?: string; } -/** - * @public - */ -export interface RegisterTransitGatewayMulticastGroupSourcesResult { - /** - * @public - *

Information about the transit gateway multicast group sources.

- */ - RegisteredMulticastGroupSources?: TransitGatewayMulticastRegisteredGroupSources; -} - /** * @internal */ diff --git a/clients/client-ec2/src/models/models_7.ts b/clients/client-ec2/src/models/models_7.ts index 776d131db2bd..34e3d76abf9f 100644 --- a/clients/client-ec2/src/models/models_7.ts +++ b/clients/client-ec2/src/models/models_7.ts @@ -58,7 +58,23 @@ import { SpotInstanceRequestFilterSensitiveLog, SpotPlacement, } from "./models_4"; -import { CapacityReservationSpecification, InstanceMonitoring, Status } from "./models_6"; +import { + CapacityReservationSpecification, + InstanceMonitoring, + Status, + TransitGatewayMulticastRegisteredGroupSources, +} from "./models_6"; + +/** + * @public + */ +export interface RegisterTransitGatewayMulticastGroupSourcesResult { + /** + * @public + *

Information about the transit gateway multicast group sources.

+ */ + RegisteredMulticastGroupSources?: TransitGatewayMulticastRegisteredGroupSources; +} /** * @public diff --git a/clients/client-ec2/src/protocols/Aws_ec2.ts b/clients/client-ec2/src/protocols/Aws_ec2.ts index 2c0cac17f1ff..1b81cb351575 100644 --- a/clients/client-ec2/src/protocols/Aws_ec2.ts +++ b/clients/client-ec2/src/protocols/Aws_ec2.ts @@ -2261,7 +2261,6 @@ import { CreateCapacityReservationFleetResult, CreateCapacityReservationRequest, CreateCapacityReservationResult, - CreateCarrierGatewayRequest, DeviceOptions, EnaSrdSpecification, EnaSrdUdpSpecification, @@ -2369,6 +2368,7 @@ import { ConnectionTrackingSpecification, ConnectionTrackingSpecificationRequest, CpuManufacturer, + CreateCarrierGatewayRequest, CreateCarrierGatewayResult, CreateClientVpnEndpointRequest, CreateClientVpnEndpointResult, @@ -2553,7 +2553,6 @@ import { NetworkInterfaceAttachment, NetworkInterfaceCount, NetworkInterfaceCountRequest, - NetworkInterfaceIpv6Address, NewDhcpConfiguration, OnDemandOptionsRequest, PathFilter, @@ -2731,7 +2730,6 @@ import { DeleteLocalGatewayRouteTableVpcAssociationResult, DeleteManagedPrefixListRequest, DeleteManagedPrefixListResult, - DeleteNatGatewayRequest, DnsEntry, DnsOptions, DnsOptionsSpecification, @@ -2742,6 +2740,7 @@ import { Ipv6PrefixSpecification, LastError, NetworkInterface, + NetworkInterfaceIpv6Address, NetworkInterfacePermission, NetworkInterfacePermissionState, NetworkInterfacePrivateIpAddress, @@ -2843,6 +2842,7 @@ import { ClientVpnRoute, ConnectionLogResponseOptions, ConversionTask, + DeleteNatGatewayRequest, DeleteNatGatewayResult, DeleteNetworkAclEntryRequest, DeleteNetworkAclRequest, @@ -3030,7 +3030,6 @@ import { DescribeImagesResult, DescribeImportImageTasksRequest, DescribeImportImageTasksResult, - DescribeImportSnapshotTasksRequest, DestinationOptionsResponse, DirectoryServiceAuthentication, DiskImageDescription, @@ -3097,6 +3096,7 @@ import { ConnectionTrackingSpecificationResponse, CpuOptions, CreateVolumePermission, + DescribeImportSnapshotTasksRequest, DescribeImportSnapshotTasksResult, DescribeInstanceAttributeRequest, DescribeInstanceConnectEndpointsRequest, @@ -3230,7 +3230,6 @@ import { DescribeStoreImageTasksRequest, DescribeStoreImageTasksResult, DescribeSubnetsRequest, - DescribeSubnetsResult, DiskInfo, EbsInfo, EbsInstanceBlockDevice, @@ -3354,6 +3353,7 @@ import { CoipAddressUsage, DataQuery, DataResponse, + DescribeSubnetsResult, DescribeTagsRequest, DescribeTagsResult, DescribeTrafficMirrorFiltersRequest, @@ -3587,7 +3587,6 @@ import { GetIpamPoolAllocationsRequest, GetIpamPoolAllocationsResult, GetIpamPoolCidrsRequest, - GetIpamPoolCidrsResult, InstanceEventWindowDisassociationRequest, InstanceFamilyCreditSpecification, InstanceTypeInfoFromInstanceRequirements, @@ -3637,6 +3636,7 @@ import { DiskImageDetail, DnsServersOptionsModifyStructure, EbsInstanceBlockDeviceSpecification, + GetIpamPoolCidrsResult, GetIpamResourceCidrsRequest, GetIpamResourceCidrsResult, GetLaunchTemplateDataRequest, @@ -3882,7 +3882,6 @@ import { RegisterTransitGatewayMulticastGroupMembersRequest, RegisterTransitGatewayMulticastGroupMembersResult, RegisterTransitGatewayMulticastGroupSourcesRequest, - RegisterTransitGatewayMulticastGroupSourcesResult, RemoveIpamOperatingRegion, RemovePrefixListEntry, ReservationValue, @@ -3931,6 +3930,7 @@ import { LaunchTemplateSpecification, LicenseConfigurationRequest, PrivateDnsNameOptionsRequest, + RegisterTransitGatewayMulticastGroupSourcesResult, RejectTransitGatewayMulticastDomainAssociationsRequest, RejectTransitGatewayMulticastDomainAssociationsResult, RejectTransitGatewayPeeringAttachmentRequest, @@ -44191,6 +44191,9 @@ const se_CreateTransitGatewayVpcAttachmentRequestOptions = ( if (input.DnsSupport != null) { entries["DnsSupport"] = input.DnsSupport; } + if (input.SecurityGroupReferencingSupport != null) { + entries["SecurityGroupReferencingSupport"] = input.SecurityGroupReferencingSupport; + } if (input.Ipv6Support != null) { entries["Ipv6Support"] = input.Ipv6Support; } @@ -59848,6 +59851,9 @@ const se_ModifyTransitGatewayOptions = (input: ModifyTransitGatewayOptions, cont if (input.DnsSupport != null) { entries["DnsSupport"] = input.DnsSupport; } + if (input.SecurityGroupReferencingSupport != null) { + entries["SecurityGroupReferencingSupport"] = input.SecurityGroupReferencingSupport; + } if (input.AutoAcceptSharedAttachments != null) { entries["AutoAcceptSharedAttachments"] = input.AutoAcceptSharedAttachments; } @@ -59974,6 +59980,9 @@ const se_ModifyTransitGatewayVpcAttachmentRequestOptions = ( if (input.DnsSupport != null) { entries["DnsSupport"] = input.DnsSupport; } + if (input.SecurityGroupReferencingSupport != null) { + entries["SecurityGroupReferencingSupport"] = input.SecurityGroupReferencingSupport; + } if (input.Ipv6Support != null) { entries["Ipv6Support"] = input.Ipv6Support; } @@ -66497,6 +66506,9 @@ const se_TransitGatewayRequestOptions = (input: TransitGatewayRequestOptions, co if (input.DnsSupport != null) { entries["DnsSupport"] = input.DnsSupport; } + if (input.SecurityGroupReferencingSupport != null) { + entries["SecurityGroupReferencingSupport"] = input.SecurityGroupReferencingSupport; + } if (input.MulticastSupport != null) { entries["MulticastSupport"] = input.MulticastSupport; } @@ -91021,6 +91033,9 @@ const de_SecurityGroupReference = (output: any, context: __SerdeContext): Securi if (output["vpcPeeringConnectionId"] !== undefined) { contents.VpcPeeringConnectionId = __expectString(output["vpcPeeringConnectionId"]); } + if (output["transitGatewayId"] !== undefined) { + contents.TransitGatewayId = __expectString(output["transitGatewayId"]); + } return contents; }; @@ -93965,6 +93980,9 @@ const de_TransitGatewayOptions = (output: any, context: __SerdeContext): Transit if (output["dnsSupport"] !== undefined) { contents.DnsSupport = __expectString(output["dnsSupport"]); } + if (output["securityGroupReferencingSupport"] !== undefined) { + contents.SecurityGroupReferencingSupport = __expectString(output["securityGroupReferencingSupport"]); + } if (output["multicastSupport"] !== undefined) { contents.MulticastSupport = __expectString(output["multicastSupport"]); } @@ -94623,6 +94641,9 @@ const de_TransitGatewayVpcAttachmentOptions = ( if (output["dnsSupport"] !== undefined) { contents.DnsSupport = __expectString(output["dnsSupport"]); } + if (output["securityGroupReferencingSupport"] !== undefined) { + contents.SecurityGroupReferencingSupport = __expectString(output["securityGroupReferencingSupport"]); + } if (output["ipv6Support"] !== undefined) { contents.Ipv6Support = __expectString(output["ipv6Support"]); } diff --git a/codegen/sdk-codegen/aws-models/ec2.json b/codegen/sdk-codegen/aws-models/ec2.json index 1ae6172b7a7f..dce4364b7bcf 100644 --- a/codegen/sdk-codegen/aws-models/ec2.json +++ b/codegen/sdk-codegen/aws-models/ec2.json @@ -8226,7 +8226,7 @@ "target": "com.amazonaws.ec2#AuthorizeSecurityGroupEgressResult" }, "traits": { - "smithy.api#documentation": "

Adds the specified outbound (egress) rules to a security group for use with a VPC.

\n

An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 CIDR\n address ranges, or to the instances that are associated with the specified source\n security groups. When specifying an outbound rule for your security group in a VPC, the\n IpPermissions must include a destination for the traffic.

\n

You specify a protocol for each rule (for example, TCP). \n For the TCP and UDP protocols, you must also specify the destination port or port range. \n For the ICMP protocol, you must also specify the ICMP type and code. \n You can use -1 for the type or code to mean all types or all codes.

\n

Rule changes are propagated to affected instances as quickly as possible. However, a small delay might occur.

\n

For information about VPC security group quotas, see Amazon VPC quotas.

", + "smithy.api#documentation": "

Adds the specified outbound (egress) rules to a security group for use with a VPC.

\n

An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 CIDR\n address ranges, or to the instances that are associated with the specified source\n security groups. When specifying an outbound rule for your security group in a VPC, the\n IpPermissions must include a destination for the traffic.

\n

You specify a protocol for each rule (for example, TCP). \n For the TCP and UDP protocols, you must also specify the destination port or port range. \n For the ICMP protocol, you must also specify the ICMP type and code. \n You can use -1 for the type or code to mean all types or all codes.

\n

Rule changes are propagated to affected instances as quickly as possible. However, a small delay might occur.

\n

For information about VPC security group quotas, see Amazon VPC quotas.

\n \n

If you want to reference a security group across VPCs attached to a transit gateway using the\n security group\n referencing feature, note that you can only reference security groups\n for ingress rules. You cannot reference a security group for egress rules.

\n ", "smithy.api#examples": [ { "title": "To add a rule that allows outbound traffic to a specific address range", @@ -20016,6 +20016,12 @@ "smithy.api#documentation": "

Enable or disable DNS support. The default is enable.

" } }, + "SecurityGroupReferencingSupport": { + "target": "com.amazonaws.ec2#SecurityGroupReferencingSupportValue", + "traits": { + "smithy.api#documentation": "

Enables you to reference a security group across VPCs attached to a transit gateway (TGW). Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature.

\n

If you don't enable or disable SecurityGroupReferencingSupport in the request, the\n attachment will inherit the security group referencing support setting on the transit\n gateway.

\n

For important information about this feature, see Create a transit gateway attachment to a VPC in the Amazon Web Services Transit Gateway Guide.

" + } + }, "Ipv6Support": { "target": "com.amazonaws.ec2#Ipv6SupportValue", "traits": { @@ -36113,7 +36119,7 @@ "target": "com.amazonaws.ec2#DescribeSecurityGroupReferencesResult" }, "traits": { - "smithy.api#documentation": "

Describes the VPCs on the other side of a VPC peering connection that are referencing the security groups you've specified in this request.

", + "smithy.api#documentation": "

Describes the VPCs on the other side of a VPC peering connection or the VPCs attached to a transit gateway that are referencing the security groups you've specified in this request.

", "smithy.api#examples": [ { "title": "To describe security group references", @@ -37574,7 +37580,7 @@ "target": "com.amazonaws.ec2#DescribeStaleSecurityGroupsResult" }, "traits": { - "smithy.api#documentation": "

Describes the stale security group rules for security groups in a specified VPC. \n Rules are stale when they reference a deleted security group in the same VPC or in a peer VPC, \n or if they reference a security group in a peer VPC for which the VPC peering connection has \n been deleted.

", + "smithy.api#documentation": "

Describes the stale security group rules for security groups in a specified VPC. \n Rules are stale when they reference a deleted security group in the same VPC, peered VPC, or in separate VPCs attached to a transit gateway (with security group referencing support enabled). Rules can also be stale if they reference a security group in a peer VPC for which the VPC peering connection has \n been deleted or if they reference a security group in a VPC that has been detached from a transit gateway.

", "smithy.api#paginated": { "inputToken": "NextToken", "outputToken": "NextToken", @@ -75738,6 +75744,12 @@ "smithy.api#documentation": "

Enable or disable DNS support.

" } }, + "SecurityGroupReferencingSupport": { + "target": "com.amazonaws.ec2#SecurityGroupReferencingSupportValue", + "traits": { + "smithy.api#documentation": "

Enables you to reference a security group across VPCs attached to a transit gateway (TGW). Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature.

\n

For important information about this feature, see Create a transit gateway in the Amazon Web Services Transit Gateway Guide.

" + } + }, "AutoAcceptSharedAttachments": { "target": "com.amazonaws.ec2#AutoAcceptSharedAttachmentsValue", "traits": { @@ -75960,6 +75972,12 @@ "smithy.api#documentation": "

Enable or disable DNS support. The default is enable.

" } }, + "SecurityGroupReferencingSupport": { + "target": "com.amazonaws.ec2#SecurityGroupReferencingSupportValue", + "traits": { + "smithy.api#documentation": "

Enables you to reference a security group across VPCs attached to a transit gateway (TGW). Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature.

\n

For important information about this feature, see Create a transit gateway attachment to a VPC in the Amazon Web Services Transit Gateway Guide.

" + } + }, "Ipv6Support": { "target": "com.amazonaws.ec2#Ipv6SupportValue", "traits": { @@ -83997,7 +84015,7 @@ "target": "com.amazonaws.ec2#String", "traits": { "aws.protocols#ec2QueryName": "VpcPeeringConnectionId", - "smithy.api#documentation": "

The ID of the VPC peering connection.

", + "smithy.api#documentation": "

The ID of the VPC peering connection (if applicable).

", "smithy.api#xmlName": "vpcPeeringConnectionId" } } @@ -91787,9 +91805,17 @@ "target": "com.amazonaws.ec2#String", "traits": { "aws.protocols#ec2QueryName": "VpcPeeringConnectionId", - "smithy.api#documentation": "

The ID of the VPC peering connection.

", + "smithy.api#documentation": "

The ID of the VPC peering connection (if applicable). For more information about security group referencing for peering connections, see Update your security groups to reference peer security groups in the VPC Peering Guide.

", "smithy.api#xmlName": "vpcPeeringConnectionId" } + }, + "TransitGatewayId": { + "target": "com.amazonaws.ec2#String", + "traits": { + "aws.protocols#ec2QueryName": "TransitGatewayId", + "smithy.api#documentation": "

The ID of the transit gateway (if applicable). For more information about security group referencing for transit gateways, see Create a transit gateway attachment to a VPC in the Amazon Web Services Transit Gateway Guide.

", + "smithy.api#xmlName": "transitGatewayId" + } } }, "traits": { @@ -91805,6 +91831,23 @@ } } }, + "com.amazonaws.ec2#SecurityGroupReferencingSupportValue": { + "type": "enum", + "members": { + "enable": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "enable" + } + }, + "disable": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "disable" + } + } + } + }, "com.amazonaws.ec2#SecurityGroupRule": { "type": "structure", "members": { @@ -98938,6 +98981,14 @@ "smithy.api#xmlName": "dnsSupport" } }, + "SecurityGroupReferencingSupport": { + "target": "com.amazonaws.ec2#SecurityGroupReferencingSupportValue", + "traits": { + "aws.protocols#ec2QueryName": "SecurityGroupReferencingSupport", + "smithy.api#documentation": "

Enables you to reference a security group across VPCs attached to a transit gateway (TGW). Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature.

\n

For important information about this feature, see Create a transit gateway in the Amazon Web Services Transit Gateway Guide.

", + "smithy.api#xmlName": "securityGroupReferencingSupport" + } + }, "MulticastSupport": { "target": "com.amazonaws.ec2#MulticastSupportValue", "traits": { @@ -99582,6 +99633,12 @@ "smithy.api#documentation": "

Enable or disable DNS support. Enabled by default.

" } }, + "SecurityGroupReferencingSupport": { + "target": "com.amazonaws.ec2#SecurityGroupReferencingSupportValue", + "traits": { + "smithy.api#documentation": "

Enables you to reference a security group across VPCs attached to a transit gateway (TGW). Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature.

\n

For important information about this feature, see Create a transit gateway in the Amazon Web Services Transit Gateway Guide.

" + } + }, "MulticastSupport": { "target": "com.amazonaws.ec2#MulticastSupportValue", "traits": { @@ -100360,6 +100417,14 @@ "smithy.api#xmlName": "dnsSupport" } }, + "SecurityGroupReferencingSupport": { + "target": "com.amazonaws.ec2#SecurityGroupReferencingSupportValue", + "traits": { + "aws.protocols#ec2QueryName": "SecurityGroupReferencingSupport", + "smithy.api#documentation": "

For important information about this feature, see Create a transit gateway attachment to a VPC in the Amazon Web Services Transit Gateway Guide.

", + "smithy.api#xmlName": "securityGroupReferencingSupport" + } + }, "Ipv6Support": { "target": "com.amazonaws.ec2#Ipv6SupportValue", "traits": {