From 8946a543a6a61f47ab7518b31c868887616eac40 Mon Sep 17 00:00:00 2001 From: awstools Date: Thu, 31 Aug 2023 19:32:29 +0000 Subject: [PATCH] feat(client-ecs): This release adds support for an account-level setting that you can use to configure the number of days for AWS Fargate task retirement. --- .../commands/DeleteAccountSettingCommand.ts | 4 +- .../commands/ListAccountSettingsCommand.ts | 4 +- .../src/commands/PutAccountSettingCommand.ts | 33 +-- .../PutAccountSettingDefaultCommand.ts | 4 +- clients/client-ecs/src/models/models_0.ts | 199 +++++++++++++----- codegen/sdk-codegen/aws-models/ecs.json | 30 +-- 6 files changed, 188 insertions(+), 86 deletions(-) diff --git a/clients/client-ecs/src/commands/DeleteAccountSettingCommand.ts b/clients/client-ecs/src/commands/DeleteAccountSettingCommand.ts index cde33f22b5e47..385c95725cb09 100644 --- a/clients/client-ecs/src/commands/DeleteAccountSettingCommand.ts +++ b/clients/client-ecs/src/commands/DeleteAccountSettingCommand.ts @@ -45,14 +45,14 @@ export interface DeleteAccountSettingCommandOutput extends DeleteAccountSettingR * // const { ECSClient, DeleteAccountSettingCommand } = require("@aws-sdk/client-ecs"); // CommonJS import * const client = new ECSClient(config); * const input = { // DeleteAccountSettingRequest - * name: "serviceLongArnFormat" || "taskLongArnFormat" || "containerInstanceLongArnFormat" || "awsvpcTrunking" || "containerInsights" || "fargateFIPSMode" || "tagResourceAuthorization", // required + * name: "serviceLongArnFormat" || "taskLongArnFormat" || "containerInstanceLongArnFormat" || "awsvpcTrunking" || "containerInsights" || "fargateFIPSMode" || "tagResourceAuthorization" || "fargateTaskRetirementWaitPeriod", // required * principalArn: "STRING_VALUE", * }; * const command = new DeleteAccountSettingCommand(input); * const response = await client.send(command); * // { // DeleteAccountSettingResponse * // setting: { // Setting - * // name: "serviceLongArnFormat" || "taskLongArnFormat" || "containerInstanceLongArnFormat" || "awsvpcTrunking" || "containerInsights" || "fargateFIPSMode" || "tagResourceAuthorization", + * // name: "serviceLongArnFormat" || "taskLongArnFormat" || "containerInstanceLongArnFormat" || "awsvpcTrunking" || "containerInsights" || "fargateFIPSMode" || "tagResourceAuthorization" || "fargateTaskRetirementWaitPeriod", * // value: "STRING_VALUE", * // principalArn: "STRING_VALUE", * // }, diff --git a/clients/client-ecs/src/commands/ListAccountSettingsCommand.ts b/clients/client-ecs/src/commands/ListAccountSettingsCommand.ts index 798f6c157e371..57e0f4f022ddc 100644 --- a/clients/client-ecs/src/commands/ListAccountSettingsCommand.ts +++ b/clients/client-ecs/src/commands/ListAccountSettingsCommand.ts @@ -44,7 +44,7 @@ export interface ListAccountSettingsCommandOutput extends ListAccountSettingsRes * // const { ECSClient, ListAccountSettingsCommand } = require("@aws-sdk/client-ecs"); // CommonJS import * const client = new ECSClient(config); * const input = { // ListAccountSettingsRequest - * name: "serviceLongArnFormat" || "taskLongArnFormat" || "containerInstanceLongArnFormat" || "awsvpcTrunking" || "containerInsights" || "fargateFIPSMode" || "tagResourceAuthorization", + * name: "serviceLongArnFormat" || "taskLongArnFormat" || "containerInstanceLongArnFormat" || "awsvpcTrunking" || "containerInsights" || "fargateFIPSMode" || "tagResourceAuthorization" || "fargateTaskRetirementWaitPeriod", * value: "STRING_VALUE", * principalArn: "STRING_VALUE", * effectiveSettings: true || false, @@ -56,7 +56,7 @@ export interface ListAccountSettingsCommandOutput extends ListAccountSettingsRes * // { // ListAccountSettingsResponse * // settings: [ // Settings * // { // Setting - * // name: "serviceLongArnFormat" || "taskLongArnFormat" || "containerInstanceLongArnFormat" || "awsvpcTrunking" || "containerInsights" || "fargateFIPSMode" || "tagResourceAuthorization", + * // name: "serviceLongArnFormat" || "taskLongArnFormat" || "containerInstanceLongArnFormat" || "awsvpcTrunking" || "containerInsights" || "fargateFIPSMode" || "tagResourceAuthorization" || "fargateTaskRetirementWaitPeriod", * // value: "STRING_VALUE", * // principalArn: "STRING_VALUE", * // }, diff --git a/clients/client-ecs/src/commands/PutAccountSettingCommand.ts b/clients/client-ecs/src/commands/PutAccountSettingCommand.ts index 308c2859f32f8..45bfa30e966d4 100644 --- a/clients/client-ecs/src/commands/PutAccountSettingCommand.ts +++ b/clients/client-ecs/src/commands/PutAccountSettingCommand.ts @@ -41,20 +41,20 @@ export interface PutAccountSettingCommandOutput extends PutAccountSettingRespons * and roles that do not have specified individual account settings. For more information, * see Account * Settings in the Amazon Elastic Container Service Developer Guide.

- *

When serviceLongArnFormat, taskLongArnFormat, or - * containerInstanceLongArnFormat are specified, the Amazon Resource Name - * (ARN) and resource ID format of the resource type for a specified user, role, or - * the root user for an account is affected. The opt-in and opt-out account setting must be - * set for each Amazon ECS resource separately. The ARN and resource ID format of a resource - * is defined by the opt-in status of the user or role that created the resource. You - * must turn on this setting to use Amazon ECS features such as resource tagging.

- *

When awsvpcTrunking is specified, the elastic network interface (ENI) - * limit for any new container instances that support the feature is changed. If - * awsvpcTrunking is turned on, any new container instances that support the - * feature are launched have the increased ENI limits available to them. For more + *

When you specify serviceLongArnFormat, taskLongArnFormat, or + * containerInstanceLongArnFormat, the Amazon Resource Name (ARN) and + * resource ID format of the resource type for a specified user, role, or the root user for an + * account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS + * resource separately. The ARN and resource ID format of a resource is defined by the + * opt-in status of the user or role that created the resource. You must turn on this + * setting to use Amazon ECS features such as resource tagging.

+ *

When you specify awsvpcTrunking, the elastic network interface (ENI) limit for + * any new container instances that support the feature is changed. If + * awsvpcTrunking is turned on, any new container instances that support + * the feature are launched have the increased ENI limits available to them. For more * information, see Elastic Network * Interface Trunking in the Amazon Elastic Container Service Developer Guide.

- *

When containerInsights is specified, the default setting indicating whether + *

When you specify containerInsights, the default setting indicating whether * Amazon Web Services CloudWatch Container Insights is turned on for your clusters is changed. If * containerInsights is turned on, any new clusters that are created will * have Container Insights turned on unless you disable it during cluster creation. For @@ -68,6 +68,11 @@ export interface PutAccountSettingCommandOutput extends PutAccountSettingRespons * more information, see Grant * permission to tag resources on creation in the Amazon ECS Developer * Guide.

+ *

When Amazon Web Services determines that a security or infrastructure update is needed for an Amazon ECS + * task hosted on Fargate, the tasks need to be stopped and new tasks launched to replace + * them. Use fargateTaskRetirementWaitPeriod to configure the wait time to + * retire a Fargate task. For information about the Fargate tasks maintenance, see Amazon Web Services Fargate task maintenance in the Amazon ECS Developer + * Guide.

* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript @@ -75,7 +80,7 @@ export interface PutAccountSettingCommandOutput extends PutAccountSettingRespons * // const { ECSClient, PutAccountSettingCommand } = require("@aws-sdk/client-ecs"); // CommonJS import * const client = new ECSClient(config); * const input = { // PutAccountSettingRequest - * name: "serviceLongArnFormat" || "taskLongArnFormat" || "containerInstanceLongArnFormat" || "awsvpcTrunking" || "containerInsights" || "fargateFIPSMode" || "tagResourceAuthorization", // required + * name: "serviceLongArnFormat" || "taskLongArnFormat" || "containerInstanceLongArnFormat" || "awsvpcTrunking" || "containerInsights" || "fargateFIPSMode" || "tagResourceAuthorization" || "fargateTaskRetirementWaitPeriod", // required * value: "STRING_VALUE", // required * principalArn: "STRING_VALUE", * }; @@ -83,7 +88,7 @@ export interface PutAccountSettingCommandOutput extends PutAccountSettingRespons * const response = await client.send(command); * // { // PutAccountSettingResponse * // setting: { // Setting - * // name: "serviceLongArnFormat" || "taskLongArnFormat" || "containerInstanceLongArnFormat" || "awsvpcTrunking" || "containerInsights" || "fargateFIPSMode" || "tagResourceAuthorization", + * // name: "serviceLongArnFormat" || "taskLongArnFormat" || "containerInstanceLongArnFormat" || "awsvpcTrunking" || "containerInsights" || "fargateFIPSMode" || "tagResourceAuthorization" || "fargateTaskRetirementWaitPeriod", * // value: "STRING_VALUE", * // principalArn: "STRING_VALUE", * // }, diff --git a/clients/client-ecs/src/commands/PutAccountSettingDefaultCommand.ts b/clients/client-ecs/src/commands/PutAccountSettingDefaultCommand.ts index ce31b4de9b290..b9c815c62a9f0 100644 --- a/clients/client-ecs/src/commands/PutAccountSettingDefaultCommand.ts +++ b/clients/client-ecs/src/commands/PutAccountSettingDefaultCommand.ts @@ -46,14 +46,14 @@ export interface PutAccountSettingDefaultCommandOutput extends PutAccountSetting * // const { ECSClient, PutAccountSettingDefaultCommand } = require("@aws-sdk/client-ecs"); // CommonJS import * const client = new ECSClient(config); * const input = { // PutAccountSettingDefaultRequest - * name: "serviceLongArnFormat" || "taskLongArnFormat" || "containerInstanceLongArnFormat" || "awsvpcTrunking" || "containerInsights" || "fargateFIPSMode" || "tagResourceAuthorization", // required + * name: "serviceLongArnFormat" || "taskLongArnFormat" || "containerInstanceLongArnFormat" || "awsvpcTrunking" || "containerInsights" || "fargateFIPSMode" || "tagResourceAuthorization" || "fargateTaskRetirementWaitPeriod", // required * value: "STRING_VALUE", // required * }; * const command = new PutAccountSettingDefaultCommand(input); * const response = await client.send(command); * // { // PutAccountSettingDefaultResponse * // setting: { // Setting - * // name: "serviceLongArnFormat" || "taskLongArnFormat" || "containerInstanceLongArnFormat" || "awsvpcTrunking" || "containerInsights" || "fargateFIPSMode" || "tagResourceAuthorization", + * // name: "serviceLongArnFormat" || "taskLongArnFormat" || "containerInstanceLongArnFormat" || "awsvpcTrunking" || "containerInsights" || "fargateFIPSMode" || "tagResourceAuthorization" || "fargateTaskRetirementWaitPeriod", * // value: "STRING_VALUE", * // principalArn: "STRING_VALUE", * // }, diff --git a/clients/client-ecs/src/models/models_0.ts b/clients/client-ecs/src/models/models_0.ts index 8ea50dde51f6e..b77773f10ecbc 100644 --- a/clients/client-ecs/src/models/models_0.ts +++ b/clients/client-ecs/src/models/models_0.ts @@ -165,7 +165,7 @@ export interface AutoScalingGroupProvider { /** * @public - *

he managed scaling settings for the Auto Scaling group capacity provider.

+ *

The managed scaling settings for the Auto Scaling group capacity provider.

*/ managedScaling?: ManagedScaling; @@ -3568,6 +3568,7 @@ export const SettingName = { CONTAINER_INSIGHTS: "containerInsights", CONTAINER_INSTANCE_LONG_ARN_FORMAT: "containerInstanceLongArnFormat", FARGATE_FIPS_MODE: "fargateFIPSMode", + FARGATE_TASK_RETIREMENT_WAIT_PERIOD: "fargateTaskRetirementWaitPeriod", SERVICE_LONG_ARN_FORMAT: "serviceLongArnFormat", TAG_RESOURCE_AUTHORIZATION: "tagResourceAuthorization", TASK_LONG_ARN_FORMAT: "taskLongArnFormat", @@ -4857,8 +4858,18 @@ export interface SystemControl { /** * @public - *

The value for the namespaced kernel parameter that's specified in - * namespace.

+ *

The namespaced kernel parameter to set a + * value for.

+ *

Valid IPC namespace values: "kernel.msgmax" | "kernel.msgmnb" | "kernel.msgmni" + * | "kernel.sem" | "kernel.shmall" | "kernel.shmmax" | + * "kernel.shmmni" | "kernel.shm_rmid_forced", and + * Sysctls that start with + * "fs.mqueue.*" + *

+ *

Valid network namespace values: Sysctls that start with + * "net.*" + *

+ *

All of these values are supported by Fargate.

*/ value?: string; } @@ -5641,7 +5652,9 @@ export interface ContainerDefinition { * @public *

A list of namespaced kernel parameters to set in the container. This parameter maps to * Sysctls in the Create a container section of the - * Docker Remote API and the --sysctl option to docker run.

+ * Docker Remote API and the --sysctl option to docker run. For example, you can + * configure net.ipv4.tcp_keepalive_time setting to maintain + * longer lived connections.

* *

We don't recommended that you specify network-related systemControls * parameters for multiple containers in a single task that also uses either the @@ -5651,6 +5664,15 @@ export interface ContainerDefinition { * host network mode, it changes the container instance's namespaced * kernel parameters as well as the containers.

* + * + *

This parameter is not supported for Windows containers.

+ * + * + *

This parameter is only supported for tasks that are hosted on + * Fargate if the tasks are using platform version 1.4.0 or later + * (Linux). This isn't supported for Windows containers on + * Fargate.

+ * */ systemControls?: SystemControl[]; @@ -6572,20 +6594,31 @@ export interface TaskDefinition { /** * @public *

The process namespace to use for the containers in the task. The valid - * values are host or task. If host - * is specified, then all containers within the tasks that specified the - * host PID mode on the same container instance share the - * same process namespace with the host Amazon EC2 instance. If task is - * specified, all containers within the specified task share the same - * process namespace. If no value is specified, the default is a private - * namespace. For more information, see PID settings in the Docker run + * values are host or task. On Fargate for + * Linux containers, the only valid value is task. For + * example, monitoring sidecars might need pidMode to access + * information about other containers running in the same task.

+ *

If host is specified, all containers within the tasks + * that specified the host PID mode on the same container + * instance share the same process namespace with the host Amazon EC2 + * instance.

+ *

If task is specified, all containers within the specified + * task share the same process namespace.

+ *

If no value is specified, the + * default is a private namespace for each container. For more information, + * see PID settings in the Docker run * reference.

- *

If the host PID mode is used, be aware that there is a - * heightened risk of undesired process namespace expose. For more - * information, see Docker - * security.

+ *

If the host PID mode is used, there's a heightened risk + * of undesired process namespace exposure. For more information, see + * Docker security.

* - *

This parameter is not supported for Windows containers or tasks run on Fargate.

+ *

This parameter is not supported for Windows containers.

+ * + * + *

This parameter is only supported for tasks that are hosted on + * Fargate if the tasks are using platform version 1.4.0 or later + * (Linux). This isn't supported for Windows containers on + * Fargate.

* */ pidMode?: PidMode | string; @@ -7037,8 +7070,7 @@ export interface ContainerInstance { /** * @public - *

The number of tasks on the container instance that are in the RUNNING - * status.

+ *

The number of tasks on the container instance that have a desired status (desiredStatus) of RUNNING.

*/ runningTasksCount?: number; @@ -9616,19 +9648,19 @@ export interface ListTasksResponse { export interface PutAccountSettingRequest { /** * @public - *

The Amazon ECS resource name for which to modify the account setting. If - * serviceLongArnFormat is specified, the ARN for your Amazon ECS services is - * affected. If taskLongArnFormat is specified, the ARN and resource ID for - * your Amazon ECS tasks is affected. If containerInstanceLongArnFormat is - * specified, the ARN and resource ID for your Amazon ECS container instances is affected. If - * awsvpcTrunking is specified, the elastic network interface (ENI) limit - * for your Amazon ECS container instances is affected. If containerInsights is - * specified, the default setting for Amazon Web Services CloudWatch Container Insights for your clusters is - * affected. If fargateFIPSMode is specified, Fargate FIPS 140 compliance is - * affected. If tagResourceAuthorization is specified, the opt-in option for - * tagging resources on creation is affected. For information about the opt-in timeline, - * see Tagging authorization timeline in the Amazon ECS Developer - * Guide.

+ *

The Amazon ECS resource name for which to modify the account setting. If you specify + * serviceLongArnFormat, the ARN for your Amazon ECS services is affected. If + * you specify taskLongArnFormat, the ARN and resource ID for your Amazon ECS + * tasks is affected. If you specify containerInstanceLongArnFormat, the ARN + * and resource ID for your Amazon ECS container instances is affected. If you specify + * awsvpcTrunking, the elastic network interface (ENI) limit for your + * Amazon ECS container instances is affected. If you specify containerInsights, + * the default setting for Amazon Web Services CloudWatch Container Insights for your clusters is affected. If + * you specify fargateFIPSMode, Fargate FIPS 140 compliance is affected. If + * you specify tagResourceAuthorization, the opt-in option for tagging + * resources on creation is affected. For information about the opt-in timeline, see Tagging authorization timeline in the Amazon ECS Developer + * Guide. If you specify fargateTaskRetirementWaitPeriod, the + * wait time to retire a Fargate task is affected.

*/ name: SettingName | string | undefined; @@ -9637,6 +9669,24 @@ export interface PutAccountSettingRequest { *

The account setting value for the specified principal ARN. Accepted values are * enabled, disabled, on, and * off.

+ *

When you specify fargateTaskRetirementWaitPeriod for the name, the + * following are the valid values:

+ * */ value: string | undefined; @@ -9648,6 +9698,8 @@ export interface PutAccountSettingRequest { * settings. If this field is omitted, the setting is changed only for the authenticated * user.

* + *

You must use the root user when you set the Fargate wait time + * (fargateTaskRetirementWaitPeriod).

*

Federated users assume the account setting of the root user and can't have * explicit account settings set for them.

* @@ -9672,22 +9724,30 @@ export interface PutAccountSettingResponse { export interface PutAccountSettingDefaultRequest { /** * @public - *

The resource name for which to modify the account setting. If - * serviceLongArnFormat is specified, the ARN for your Amazon ECS services is - * affected. If taskLongArnFormat is specified, the ARN and resource ID for - * your Amazon ECS tasks is affected. If containerInstanceLongArnFormat is - * specified, the ARN and resource ID for your Amazon ECS container instances is affected. If - * awsvpcTrunking is specified, the ENI limit for your Amazon ECS container - * instances is affected. If containerInsights is specified, the default - * setting for Amazon Web Services CloudWatch Container Insights for your clusters is affected. If - * tagResourceAuthorization is specified, the opt-in option for tagging - * resources on creation is affected. For information about the opt-in timeline, see Tagging authorization timeline in the Amazon ECS Developer - * Guide.

+ *

The resource name for which to modify the account setting. If you specify + * serviceLongArnFormat, the ARN for your Amazon ECS services is affected. If + * you specify taskLongArnFormat, the ARN and resource ID for your Amazon ECS + * tasks is affected. If you specify containerInstanceLongArnFormat, the ARN + * and resource ID for your Amazon ECS container instances is affected. If you specify + * awsvpcTrunking, the ENI limit for your Amazon ECS container instances is + * affected. If you specify containerInsights, the default setting for Amazon Web Services + * CloudWatch Container Insights for your clusters is affected. If you specify + * tagResourceAuthorization, the opt-in option for tagging resources on + * creation is affected. For information about the opt-in timeline, see Tagging authorization timeline in the Amazon ECS Developer + * Guide. If you specify fargateTaskRetirementWaitPeriod, the + * default wait time to retire a Fargate task due to required maintenance is + * affected.

*

When you specify fargateFIPSMode for the name and * enabled for the value, Fargate uses FIPS-140 compliant * cryptographic algorithms on your tasks. For more information about FIPS-140 compliance * with Fargate, see Amazon Web Services Fargate Federal Information Processing Standard (FIPS) 140-2 * compliance in the Amazon Elastic Container Service Developer Guide.

+ *

When Amazon Web Services determines that a security or infrastructure update is needed for an Amazon ECS task + * hosted on Fargate, the tasks need to be stopped and new tasks launched to replace + * them. Use fargateTaskRetirementWaitPeriod to set the wait time to retire a + * Fargate task to the default. For information about the Fargate tasks maintenance, + * see Amazon Web Services Fargate task + * maintenance in the Amazon ECS Developer Guide.

*/ name: SettingName | string | undefined; @@ -9696,6 +9756,26 @@ export interface PutAccountSettingDefaultRequest { *

The account setting value for the specified principal ARN. Accepted values are * enabled, disabled, on, and * off.

+ *

When you specify fargateTaskRetirementWaitPeriod for the + * name, the following are the valid values:

+ * */ value: string | undefined; } @@ -10217,20 +10297,31 @@ export interface RegisterTaskDefinitionRequest { /** * @public *

The process namespace to use for the containers in the task. The valid - * values are host or task. If host - * is specified, then all containers within the tasks that specified the - * host PID mode on the same container instance share the - * same process namespace with the host Amazon EC2 instance. If task is - * specified, all containers within the specified task share the same - * process namespace. If no value is specified, the default is a private - * namespace. For more information, see PID settings in the Docker run + * values are host or task. On Fargate for + * Linux containers, the only valid value is task. For + * example, monitoring sidecars might need pidMode to access + * information about other containers running in the same task.

+ *

If host is specified, all containers within the tasks + * that specified the host PID mode on the same container + * instance share the same process namespace with the host Amazon EC2 + * instance.

+ *

If task is specified, all containers within the specified + * task share the same process namespace.

+ *

If no value is specified, the + * default is a private namespace for each container. For more information, + * see PID settings in the Docker run * reference.

- *

If the host PID mode is used, be aware that there is a - * heightened risk of undesired process namespace expose. For more - * information, see Docker - * security.

+ *

If the host PID mode is used, there's a heightened risk + * of undesired process namespace exposure. For more information, see + * Docker security.

* - *

This parameter is not supported for Windows containers or tasks run on Fargate.

+ *

This parameter is not supported for Windows containers.

+ * + * + *

This parameter is only supported for tasks that are hosted on + * Fargate if the tasks are using platform version 1.4.0 or later + * (Linux). This isn't supported for Windows containers on + * Fargate.

* */ pidMode?: PidMode | string; diff --git a/codegen/sdk-codegen/aws-models/ecs.json b/codegen/sdk-codegen/aws-models/ecs.json index f4e6b791ff356..f6e150b85b978 100644 --- a/codegen/sdk-codegen/aws-models/ecs.json +++ b/codegen/sdk-codegen/aws-models/ecs.json @@ -1442,7 +1442,7 @@ "managedScaling": { "target": "com.amazonaws.ecs#ManagedScaling", "traits": { - "smithy.api#documentation": "

he managed scaling settings for the Auto Scaling group capacity provider.

" + "smithy.api#documentation": "

The managed scaling settings for the Auto Scaling group capacity provider.

" } }, "managedTerminationProtection": { @@ -2433,7 +2433,7 @@ "systemControls": { "target": "com.amazonaws.ecs#SystemControls", "traits": { - "smithy.api#documentation": "

A list of namespaced kernel parameters to set in the container. This parameter maps to\n\t\t\t\tSysctls in the Create a container section of the\n\t\t\tDocker Remote API and the --sysctl option to docker run.

\n \n

We don't recommended that you specify network-related systemControls\n\t\t\t\tparameters for multiple containers in a single task that also uses either the\n\t\t\t\t\tawsvpc or host network modes. For tasks that use the\n\t\t\t\t\tawsvpc network mode, the container that's started last determines\n\t\t\t\twhich systemControls parameters take effect. For tasks that use the\n\t\t\t\t\thost network mode, it changes the container instance's namespaced\n\t\t\t\tkernel parameters as well as the containers.

\n " + "smithy.api#documentation": "

A list of namespaced kernel parameters to set in the container. This parameter maps to\n\t\t\t\tSysctls in the Create a container section of the\n\t\t\tDocker Remote API and the --sysctl option to docker run. For example, you can\n\t\t\tconfigure net.ipv4.tcp_keepalive_time setting to maintain\n\t\t\tlonger lived connections.

\n \n

We don't recommended that you specify network-related systemControls\n\t\t\t\tparameters for multiple containers in a single task that also uses either the\n\t\t\t\t\tawsvpc or host network modes. For tasks that use the\n\t\t\t\t\tawsvpc network mode, the container that's started last determines\n\t\t\t\twhich systemControls parameters take effect. For tasks that use the\n\t\t\t\t\thost network mode, it changes the container instance's namespaced\n\t\t\t\tkernel parameters as well as the containers.

\n \n \n

This parameter is not supported for Windows containers.

\n \n \n

This parameter is only supported for tasks that are hosted on\n Fargate if the tasks are using platform version 1.4.0 or later\n (Linux). This isn't supported for Windows containers on\n Fargate.

\n " } }, "resourceRequirements": { @@ -2562,7 +2562,7 @@ "target": "com.amazonaws.ecs#Integer", "traits": { "smithy.api#default": 0, - "smithy.api#documentation": "

The number of tasks on the container instance that are in the RUNNING\n\t\t\tstatus.

" + "smithy.api#documentation": "

The number of tasks on the container instance that have a desired status (desiredStatus) of RUNNING.

" } }, "pendingTasksCount": { @@ -8288,7 +8288,7 @@ } ], "traits": { - "smithy.api#documentation": "

Modifies an account setting. Account settings are set on a per-Region basis.

\n

If you change the root user account setting, the default settings are reset for users\n\t\t\tand roles that do not have specified individual account settings. For more information,\n\t\t\tsee Account\n\t\t\t\tSettings in the Amazon Elastic Container Service Developer Guide.

\n

When serviceLongArnFormat, taskLongArnFormat, or\n\t\t\t\tcontainerInstanceLongArnFormat are specified, the Amazon Resource Name\n\t\t\t(ARN) and resource ID format of the resource type for a specified user, role, or\n\t\t\tthe root user for an account is affected. The opt-in and opt-out account setting must be\n\t\t\tset for each Amazon ECS resource separately. The ARN and resource ID format of a resource\n\t\t\tis defined by the opt-in status of the user or role that created the resource. You\n\t\t\tmust turn on this setting to use Amazon ECS features such as resource tagging.

\n

When awsvpcTrunking is specified, the elastic network interface (ENI)\n\t\t\tlimit for any new container instances that support the feature is changed. If\n\t\t\t\tawsvpcTrunking is turned on, any new container instances that support the\n\t\t\tfeature are launched have the increased ENI limits available to them. For more\n\t\t\tinformation, see Elastic Network\n\t\t\t\tInterface Trunking in the Amazon Elastic Container Service Developer Guide.

\n

When containerInsights is specified, the default setting indicating whether\n\t\t\tAmazon Web Services CloudWatch Container Insights is turned on for your clusters is changed. If\n\t\t\t\tcontainerInsights is turned on, any new clusters that are created will\n\t\t\thave Container Insights turned on unless you disable it during cluster creation. For\n\t\t\tmore information, see CloudWatch\n\t\t\t\tContainer Insights in the Amazon Elastic Container Service Developer Guide.

\n

Amazon ECS is introducing tagging authorization for resource creation. Users must have\n\t\t\tpermissions for actions that create the resource, such as ecsCreateCluster.\n\t\t\tIf tags are specified when you create a resource, Amazon Web Services performs additional\n\t\t\tauthorization to verify if users or roles have permissions to create tags. Therefore,\n\t\t\tyou must grant explicit permissions to use the ecs:TagResource action. For\n\t\t\tmore information, see Grant\n\t\t\t\tpermission to tag resources on creation in the Amazon ECS Developer\n\t\t\t\t\tGuide.

", + "smithy.api#documentation": "

Modifies an account setting. Account settings are set on a per-Region basis.

\n

If you change the root user account setting, the default settings are reset for users\n\t\t\tand roles that do not have specified individual account settings. For more information,\n\t\t\tsee Account\n\t\t\t\tSettings in the Amazon Elastic Container Service Developer Guide.

\n

When you specify serviceLongArnFormat, taskLongArnFormat, or\n\t\t\t\tcontainerInstanceLongArnFormat, the Amazon Resource Name (ARN) and\n\t\t\tresource ID format of the resource type for a specified user, role, or the root user for an\n\t\t\taccount is affected. The opt-in and opt-out account setting must be set for each Amazon ECS\n\t\t\tresource separately. The ARN and resource ID format of a resource is defined by the\n\t\t\topt-in status of the user or role that created the resource. You must turn on this\n\t\t\tsetting to use Amazon ECS features such as resource tagging.

\n

When you specify awsvpcTrunking, the elastic network interface (ENI) limit for\n\t\t\tany new container instances that support the feature is changed. If\n\t\t\t\tawsvpcTrunking is turned on, any new container instances that support\n\t\t\tthe feature are launched have the increased ENI limits available to them. For more\n\t\t\tinformation, see Elastic Network\n\t\t\t\tInterface Trunking in the Amazon Elastic Container Service Developer Guide.

\n

When you specify containerInsights, the default setting indicating whether\n\t\t\tAmazon Web Services CloudWatch Container Insights is turned on for your clusters is changed. If\n\t\t\t\tcontainerInsights is turned on, any new clusters that are created will\n\t\t\thave Container Insights turned on unless you disable it during cluster creation. For\n\t\t\tmore information, see CloudWatch\n\t\t\t\tContainer Insights in the Amazon Elastic Container Service Developer Guide.

\n

Amazon ECS is introducing tagging authorization for resource creation. Users must have\n\t\t\tpermissions for actions that create the resource, such as ecsCreateCluster.\n\t\t\tIf tags are specified when you create a resource, Amazon Web Services performs additional\n\t\t\tauthorization to verify if users or roles have permissions to create tags. Therefore,\n\t\t\tyou must grant explicit permissions to use the ecs:TagResource action. For\n\t\t\tmore information, see Grant\n\t\t\t\tpermission to tag resources on creation in the Amazon ECS Developer\n\t\t\t\t\tGuide.

\n

When Amazon Web Services determines that a security or infrastructure update is needed for an Amazon ECS\n\t\t\ttask hosted on Fargate, the tasks need to be stopped and new tasks launched to replace\n\t\t\tthem. Use fargateTaskRetirementWaitPeriod to configure the wait time to\n\t\t\tretire a Fargate task. For information about the Fargate tasks maintenance, see Amazon Web Services Fargate task maintenance in the Amazon ECS Developer\n\t\t\t\t\tGuide.

", "smithy.api#examples": [ { "title": "To modify your account settings", @@ -8354,14 +8354,14 @@ "name": { "target": "com.amazonaws.ecs#SettingName", "traits": { - "smithy.api#documentation": "

The resource name for which to modify the account setting. If\n\t\t\t\tserviceLongArnFormat is specified, the ARN for your Amazon ECS services is\n\t\t\taffected. If taskLongArnFormat is specified, the ARN and resource ID for\n\t\t\tyour Amazon ECS tasks is affected. If containerInstanceLongArnFormat is\n\t\t\tspecified, the ARN and resource ID for your Amazon ECS container instances is affected. If\n\t\t\t\tawsvpcTrunking is specified, the ENI limit for your Amazon ECS container\n\t\t\tinstances is affected. If containerInsights is specified, the default\n\t\t\tsetting for Amazon Web Services CloudWatch Container Insights for your clusters is affected. If\n\t\t\t\ttagResourceAuthorization is specified, the opt-in option for tagging\n\t\t\tresources on creation is affected. For information about the opt-in timeline, see Tagging authorization timeline in the Amazon ECS Developer\n\t\t\t\tGuide.

\n

When you specify fargateFIPSMode for the name and\n\t\t\tenabled for the value, Fargate uses FIPS-140 compliant\n\t\t\tcryptographic algorithms on your tasks. For more information about FIPS-140 compliance\n\t\t\twith Fargate, see Amazon Web Services Fargate Federal Information Processing Standard (FIPS) 140-2\n\t\t\t\tcompliance in the Amazon Elastic Container Service Developer Guide.

", + "smithy.api#documentation": "

The resource name for which to modify the account setting. If you specify\n\t\t\t\tserviceLongArnFormat, the ARN for your Amazon ECS services is affected. If\n\t\t\tyou specify taskLongArnFormat, the ARN and resource ID for your Amazon ECS\n\t\t\ttasks is affected. If you specify containerInstanceLongArnFormat, the ARN\n\t\t\tand resource ID for your Amazon ECS container instances is affected. If you specify\n\t\t\t\tawsvpcTrunking, the ENI limit for your Amazon ECS container instances is\n\t\t\taffected. If you specify containerInsights, the default setting for Amazon Web Services\n\t\t\tCloudWatch Container Insights for your clusters is affected. If you specify\n\t\t\t\ttagResourceAuthorization, the opt-in option for tagging resources on\n\t\t\tcreation is affected. For information about the opt-in timeline, see Tagging authorization timeline in the Amazon ECS Developer\n\t\t\t\tGuide. If you specify fargateTaskRetirementWaitPeriod, the\n\t\t\tdefault wait time to retire a Fargate task due to required maintenance is\n\t\t\taffected.

\n

When you specify fargateFIPSMode for the name and\n\t\t\tenabled for the value, Fargate uses FIPS-140 compliant\n\t\t\tcryptographic algorithms on your tasks. For more information about FIPS-140 compliance\n\t\t\twith Fargate, see Amazon Web Services Fargate Federal Information Processing Standard (FIPS) 140-2\n\t\t\t\tcompliance in the Amazon Elastic Container Service Developer Guide.

\n

When Amazon Web Services determines that a security or infrastructure update is needed for an Amazon ECS task\n\t\t\thosted on Fargate, the tasks need to be stopped and new tasks launched to replace\n\t\t\tthem. Use fargateTaskRetirementWaitPeriod to set the wait time to retire a\n\t\t\tFargate task to the default. For information about the Fargate tasks maintenance,\n\t\t\tsee Amazon Web Services Fargate task\n\t\t\t\tmaintenance in the Amazon ECS Developer Guide.

", "smithy.api#required": {} } }, "value": { "target": "com.amazonaws.ecs#String", "traits": { - "smithy.api#documentation": "

The account setting value for the specified principal ARN. Accepted values are\n\t\t\t\tenabled, disabled, on, and\n\t\t\toff.

", + "smithy.api#documentation": "

The account setting value for the specified principal ARN. Accepted values are\n\t\t\t\tenabled, disabled, on, and\n\t\t\toff.

\n

When you specify fargateTaskRetirementWaitPeriod for the\n\t\t\t\tname, the following are the valid values:

\n
    \n
  • \n

    \n 0 - immediately retire the tasks and patch Fargate

    \n

    There is no advanced notification. Your tasks are retired immediately, and\n\t\t\t\t\tFargate is patched without any notification.

    \n
    • \n
  • \n

    \n 7 -wait 7 calendar days to retire the tasks and patch Fargate\n\t\t\t\t

    \n
    • \n
  • \n

    \n 14 - wait 14 calendar days to retire the tasks and patch\n\t\t\t\t\tFargate

    \n
    • \n
", "smithy.api#required": {} } } @@ -8390,21 +8390,21 @@ "name": { "target": "com.amazonaws.ecs#SettingName", "traits": { - "smithy.api#documentation": "

The Amazon ECS resource name for which to modify the account setting. If\n\t\t\t\tserviceLongArnFormat is specified, the ARN for your Amazon ECS services is\n\t\t\taffected. If taskLongArnFormat is specified, the ARN and resource ID for\n\t\t\tyour Amazon ECS tasks is affected. If containerInstanceLongArnFormat is\n\t\t\tspecified, the ARN and resource ID for your Amazon ECS container instances is affected. If\n\t\t\t\tawsvpcTrunking is specified, the elastic network interface (ENI) limit\n\t\t\tfor your Amazon ECS container instances is affected. If containerInsights is\n\t\t\tspecified, the default setting for Amazon Web Services CloudWatch Container Insights for your clusters is\n\t\t\taffected. If fargateFIPSMode is specified, Fargate FIPS 140 compliance is\n\t\t\taffected. If tagResourceAuthorization is specified, the opt-in option for\n\t\t\ttagging resources on creation is affected. For information about the opt-in timeline,\n\t\t\tsee Tagging authorization timeline in the Amazon ECS Developer\n\t\t\t\t\tGuide.

", + "smithy.api#documentation": "

The Amazon ECS resource name for which to modify the account setting. If you specify\n\t\t\t\tserviceLongArnFormat, the ARN for your Amazon ECS services is affected. If\n\t\t\tyou specify taskLongArnFormat, the ARN and resource ID for your Amazon ECS\n\t\t\ttasks is affected. If you specify containerInstanceLongArnFormat, the ARN\n\t\t\tand resource ID for your Amazon ECS container instances is affected. If you specify\n\t\t\t\tawsvpcTrunking, the elastic network interface (ENI) limit for your\n\t\t\tAmazon ECS container instances is affected. If you specify containerInsights,\n\t\t\tthe default setting for Amazon Web Services CloudWatch Container Insights for your clusters is affected. If\n\t\t\tyou specify fargateFIPSMode, Fargate FIPS 140 compliance is affected. If\n\t\t\tyou specify tagResourceAuthorization, the opt-in option for tagging\n\t\t\tresources on creation is affected. For information about the opt-in timeline, see Tagging authorization timeline in the Amazon ECS Developer\n\t\t\t\tGuide. If you specify fargateTaskRetirementWaitPeriod, the\n\t\t\twait time to retire a Fargate task is affected.

", "smithy.api#required": {} } }, "value": { "target": "com.amazonaws.ecs#String", "traits": { - "smithy.api#documentation": "

The account setting value for the specified principal ARN. Accepted values are\n\t\t\t\tenabled, disabled, on, and\n\t\t\toff.

", + "smithy.api#documentation": "

The account setting value for the specified principal ARN. Accepted values are\n\t\t\t\tenabled, disabled, on, and\n\t\t\toff.

\n

When you specify fargateTaskRetirementWaitPeriod for the name, the\n\t\t\tfollowing are the valid values:

\n
    \n
  • \n

    \n 0 - immediately retire the tasks and patch Fargate

    \n

    There is no advanced notification. Your tasks are retired immediately, and Fargate\n\t\t\t\t\tis patched without any notification.

    \n
    • \n
  • \n

    \n 7 -wait 7 calendar days to retire the tasks and patch Fargate

    \n
    • \n
  • \n

    \n 14 - wait 14 calendar days to retire the tasks and patch Fargate

    \n
    • \n
", "smithy.api#required": {} } }, "principalArn": { "target": "com.amazonaws.ecs#String", "traits": { - "smithy.api#documentation": "

The ARN of the principal, which can be a user, role, or the root user. If\n\t\t\tyou specify the root user, it modifies the account setting for all users, roles,\n\t\t\tand the root user of the account unless a user or role explicitly overrides these\n\t\t\tsettings. If this field is omitted, the setting is changed only for the authenticated\n\t\t\tuser.

\n \n

Federated users assume the account setting of the root user and can't have\n\t\t\t\texplicit account settings set for them.

\n " + "smithy.api#documentation": "

The ARN of the principal, which can be a user, role, or the root user. If\n\t\t\tyou specify the root user, it modifies the account setting for all users, roles,\n\t\t\tand the root user of the account unless a user or role explicitly overrides these\n\t\t\tsettings. If this field is omitted, the setting is changed only for the authenticated\n\t\t\tuser.

\n \n

You must use the root user when you set the Fargate wait time\n\t\t\t\t\t(fargateTaskRetirementWaitPeriod).

\n

Federated users assume the account setting of the root user and can't have\n\t\t\t\texplicit account settings set for them.

\n " } } }, @@ -8801,7 +8801,7 @@ "pidMode": { "target": "com.amazonaws.ecs#PidMode", "traits": { - "smithy.api#documentation": "

The process namespace to use for the containers in the task. The valid\n values are host or task. If host\n is specified, then all containers within the tasks that specified the\n host PID mode on the same container instance share the\n same process namespace with the host Amazon EC2 instance. If task is\n specified, all containers within the specified task share the same\n process namespace. If no value is specified, the default is a private\n namespace. For more information, see PID settings in the Docker run\n reference.

\n

If the host PID mode is used, be aware that there is a\n heightened risk of undesired process namespace expose. For more\n information, see Docker\n security.

\n \n

This parameter is not supported for Windows containers or tasks run on Fargate.

\n " + "smithy.api#documentation": "

The process namespace to use for the containers in the task. The valid\n values are host or task. On Fargate for\n Linux containers, the only valid value is task. For\n example, monitoring sidecars might need pidMode to access\n information about other containers running in the same task.

\n

If host is specified, all containers within the tasks\n that specified the host PID mode on the same container\n instance share the same process namespace with the host Amazon EC2\n instance.

\n

If task is specified, all containers within the specified\n task share the same process namespace.

\n

If no value is specified, the\n default is a private namespace for each container. For more information,\n see PID settings in the Docker run\n reference.

\n

If the host PID mode is used, there's a heightened risk\n of undesired process namespace exposure. For more information, see\n Docker security.

\n \n

This parameter is not supported for Windows containers.

\n \n \n

This parameter is only supported for tasks that are hosted on\n Fargate if the tasks are using platform version 1.4.0 or later\n (Linux). This isn't supported for Windows containers on\n Fargate.

\n " } }, "ipcMode": { @@ -9879,6 +9879,12 @@ "traits": { "smithy.api#enumValue": "tagResourceAuthorization" } + }, + "FARGATE_TASK_RETIREMENT_WAIT_PERIOD": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "fargateTaskRetirementWaitPeriod" + } } } }, @@ -10417,7 +10423,7 @@ "value": { "target": "com.amazonaws.ecs#String", "traits": { - "smithy.api#documentation": "

The value for the namespaced kernel parameter that's specified in\n\t\t\t\tnamespace.

" + "smithy.api#documentation": "

The namespaced kernel parameter to set a\n\t\t\tvalue for.

\n

Valid IPC namespace values: \"kernel.msgmax\" | \"kernel.msgmnb\" | \"kernel.msgmni\"\n\t\t\t| \"kernel.sem\" | \"kernel.shmall\" | \"kernel.shmmax\" |\n\t\t\t\"kernel.shmmni\" | \"kernel.shm_rmid_forced\", and\n\t\t\tSysctls that start with\n\t\t\t\"fs.mqueue.*\"\n

\n

Valid network namespace values: Sysctls that start with\n\t\t\t\"net.*\"\n

\n

All of these values are supported by Fargate.

" } } }, @@ -10933,7 +10939,7 @@ "pidMode": { "target": "com.amazonaws.ecs#PidMode", "traits": { - "smithy.api#documentation": "

The process namespace to use for the containers in the task. The valid\n values are host or task. If host\n is specified, then all containers within the tasks that specified the\n host PID mode on the same container instance share the\n same process namespace with the host Amazon EC2 instance. If task is\n specified, all containers within the specified task share the same\n process namespace. If no value is specified, the default is a private\n namespace. For more information, see PID settings in the Docker run\n reference.

\n

If the host PID mode is used, be aware that there is a\n heightened risk of undesired process namespace expose. For more\n information, see Docker\n security.

\n \n

This parameter is not supported for Windows containers or tasks run on Fargate.

\n " + "smithy.api#documentation": "

The process namespace to use for the containers in the task. The valid\n values are host or task. On Fargate for\n Linux containers, the only valid value is task. For\n example, monitoring sidecars might need pidMode to access\n information about other containers running in the same task.

\n

If host is specified, all containers within the tasks\n that specified the host PID mode on the same container\n instance share the same process namespace with the host Amazon EC2\n instance.

\n

If task is specified, all containers within the specified\n task share the same process namespace.

\n

If no value is specified, the\n default is a private namespace for each container. For more information,\n see PID settings in the Docker run\n reference.

\n

If the host PID mode is used, there's a heightened risk\n of undesired process namespace exposure. For more information, see\n Docker security.

\n \n

This parameter is not supported for Windows containers.

\n \n \n

This parameter is only supported for tasks that are hosted on\n Fargate if the tasks are using platform version 1.4.0 or later\n (Linux). This isn't supported for Windows containers on\n Fargate.

\n " } }, "ipcMode": {