One or more filters. The possible values are:
description: The Traffic Mirror filter description.
traffic-mirror-filter-id: The ID of the Traffic Mirror filter.
One or more filters. The possible values are:
description: The Traffic Mirror session description.
network-interface-id: The ID of the Traffic Mirror session network interface.
owner-id: The ID of the account that owns the Traffic Mirror session.
packet-length: The assigned number of packets to mirror.
session-number: The assigned session number.
traffic-mirror-filter-id: The ID of the Traffic Mirror filter.
traffic-mirror-session-id: The ID of the Traffic Mirror session.
traffic-mirror-target-id: The ID of the Traffic Mirror target.
virtual-network-id: The virtual network ID of the Traffic Mirror session.
One or more filters. The possible values are:
description: The Traffic Mirror target description.
network-interface-id: The ID of the Traffic Mirror session network interface.
network-load-balancer-arn: The Amazon Resource Name (ARN) of the Network Load Balancer that is associated with the session.
owner-id: The ID of the account that owns the Traffic Mirror session.
traffic-mirror-target-id: The ID of the Traffic Mirror target.
One or more filters. The possible values are:
association.state - The state of the association (associating | associated | disassociating).
association.transit-gateway-route-table-id - The ID of the route table for the transit gateway.
resource-id - The ID of the resource.
resource-owner-id - The ID of the AWS account that owns the resource.
resource-type - The resource type (vpc | vpn | direct-connect-gateway | tgw-peering).
state - The state of the attachment (available | deleted | deleting | failed | modifying | pendingAcceptance | pending | rollingBack | rejected | rejecting).
transit-gateway-attachment-id - The ID of the attachment.
transit-gateway-id - The ID of the transit gateway.
transit-gateway-owner-id - The ID of the AWS account that owns the transit gateway.
One or more filters. The possible values are:
association.state - The state of the association (associating | associated | disassociating).
association.transit-gateway-route-table-id - The ID of the route table for the transit gateway.
resource-id - The ID of the resource.
resource-owner-id - The ID of the AWS account that owns the resource.
resource-type - The resource type. Valid values are vpc | vpn | direct-connect-gateway | peering.
state - The state of the attachment. Valid values are available | deleted | deleting | failed | failing | initiatingRequest | modifying | pendingAcceptance | pending | rollingBack | rejected | rejecting.
transit-gateway-attachment-id - The ID of the attachment.
transit-gateway-id - The ID of the transit gateway.
transit-gateway-owner-id - The ID of the AWS account that owns the transit gateway.
One or more filters. The possible values are:
state - The state of the transit gateway multicast domain. Valid values are pending | available | deleting | deleted.
transit-gateway-id - The ID of the transit gateway.
transit-gateway-multicast-domain-id - The ID of the transit gateway multicast domain.
One or more filters. The possible values are:
transit-gateway-attachment-id - The ID of the transit gateway attachment.
local-owner-id - The ID of your AWS account.
remote-owner-id - The ID of the AWS account in the remote Region that owns the transit gateway.
state - The state of the peering attachment (available | deleted | deleting | failed | modifying | pendingAcceptance | pending | rollingBack | rejected | rejecting).
transit-gateway-id - The ID of the transit gateway.
One or more filters. The possible values are:
default-association-route-table - Indicates whether this is the default association route table for the transit gateway (true | false).
default-propagation-route-table - Indicates whether this is the default propagation route table for the transit gateway (true | false).
state - The state of the attachment (available | deleted | deleting | failed | modifying | pendingAcceptance | pending | rollingBack | rejected | rejecting).
transit-gateway-id - The ID of the transit gateway.
transit-gateway-route-table-id - The ID of the transit gateway route table.
One or more filters. The possible values are:
state - The state of the attachment (available | deleted | deleting | failed | modifying | pendingAcceptance | pending | rollingBack | rejected | rejecting).
transit-gateway-attachment-id - The ID of the attachment.
transit-gateway-id - The ID of the transit gateway.
vpc-id - The ID of the VPC.
One or more filters. The possible values are:
options.propagation-default-route-table-id - The ID of the default propagation route table.
options.amazon-side-asn - The private ASN for the Amazon side of a BGP session.
options.association-default-route-table-id - The ID of the default association route table.
options.auto-accept-shared-attachments - Indicates whether there is automatic acceptance of attachment requests (enable | disable).
options.default-route-table-association - Indicates whether resource attachments are automatically associated with the default association route table (enable | disable).
options.default-route-table-propagation - Indicates whether resource attachments automatically propagate routes to the default propagation route table (enable | disable).
options.dns-support - Indicates whether DNS support is enabled (enable | disable).
options.vpn-ecmp-support - Indicates whether Equal Cost Multipath Protocol support is enabled (enable | disable).
owner-id - The ID of the AWS account that owns the transit gateway.
state - The state of the attachment (available | deleted | deleting | failed | modifying | pendingAcceptance | pending | rollingBack | rejected | rejecting).
transit-gateway-id - The ID of the transit gateway.
One or more filters. The possible values are:
transit-gateway-attachment-id - The ID of the transit gateway attachment.
local-owner-id - The ID of your AWS account.
remote-owner-id - The ID of the AWS account in the remote Region that owns the transit gateway.
state - The state of the peering attachment. Valid values are available | deleted | deleting | failed | failing | initiatingRequest | modifying | pendingAcceptance | pending | rollingBack | rejected | rejecting).
transit-gateway-id - The ID of the transit gateway.
One or more filters. The possible values are:
default-association-route-table - Indicates whether this is the default association route table for the transit gateway (true | false).
default-propagation-route-table - Indicates whether this is the default propagation route table for the transit gateway (true | false).
state - The state of the route table (available | deleting | deleted | pending).
transit-gateway-id - The ID of the transit gateway.
transit-gateway-route-table-id - The ID of the transit gateway route table.
One or more filters. The possible values are:
state - The state of the attachment. Valid values are available | deleted | deleting | failed | failing | initiatingRequest | modifying | pendingAcceptance | pending | rollingBack | rejected | rejecting.
transit-gateway-attachment-id - The ID of the attachment.
transit-gateway-id - The ID of the transit gateway.
vpc-id - The ID of the VPC.
One or more filters. The possible values are:
options.propagation-default-route-table-id - The ID of the default propagation route table.
options.amazon-side-asn - The private ASN for the Amazon side of a BGP session.
options.association-default-route-table-id - The ID of the default association route table.
options.auto-accept-shared-attachments - Indicates whether there is automatic acceptance of attachment requests (enable | disable).
options.default-route-table-association - Indicates whether resource attachments are automatically associated with the default association route table (enable | disable).
options.default-route-table-propagation - Indicates whether resource attachments automatically propagate routes to the default propagation route table (enable | disable).
options.dns-support - Indicates whether DNS support is enabled (enable | disable).
options.vpn-ecmp-support - Indicates whether Equal Cost Multipath Protocol support is enabled (enable | disable).
owner-id - The ID of the AWS account that owns the transit gateway.
state - The state of the transit gateway (available | deleted | deleting | modifying | pending).
transit-gateway-id - The ID of the transit gateway.
The filters.
action.code - The action code for the event (for example, enable-volume-io).
action.description - A description of the action.
action.event-id - The event ID associated with the action.
availability-zone - The Availability Zone of the instance.
event.description - A description of the event.
event.event-id - The event ID.
event.event-type - The event type (for io-enabled: passed | failed; for io-performance: io-performance:degraded | io-performance:severely-degraded | io-performance:stalled).
event.not-after - The latest end time for the event.
event.not-before - The earliest start time for the event.
volume-status.details-name - The cause for volume-status.status (io-enabled | io-performance).
volume-status.details-status - The status of volume-status.details-name (for io-enabled: passed | failed; for io-performance: normal | degraded | severely-degraded | stalled).
volume-status.status - The status of the volume (ok | impaired | warning | insufficient-data).
The filters.
modification-state - The current modification state (modifying | optimizing | completed | failed).
original-iops - The original IOPS rate of the volume.
original-size - The original size of the volume, in GiB.
original-volume-type - The original volume type of the volume (standard | io1 | io2 | gp2 | sc1 | st1).
originalMultiAttachEnabled - Indicates whether Multi-Attach support was enabled (true | false).
start-time - The modification start time.
target-iops - The target IOPS rate of the volume.
target-size - The target size of the volume, in GiB.
target-volume-type - The target volume type of the volume (standard | io1 | io2 | gp2 | sc1 | st1).
targetMultiAttachEnabled - Indicates whether Multi-Attach support is to be enabled (true | false).
volume-id - The ID of the volume.
The filters.
attachment.attach-time - The time stamp when the attachment initiated.
attachment.delete-on-termination - Whether the volume is deleted on instance termination.
attachment.device - The device name specified in the block device mapping (for example, /dev/sda1).
attachment.instance-id - The ID of the instance the volume is attached to.
attachment.status - The attachment state (attaching | attached | detaching).
availability-zone - The Availability Zone in which the volume was created.
create-time - The time stamp when the volume was created.
encrypted - Indicates whether the volume is encrypted (true | false)
multi-attach-enabled - Indicates whether the volume is enabled for Multi-Attach (true | false)
fast-restored - Indicates whether the volume was created from a snapshot that is enabled for fast snapshot restore (true | false).
size - The size of the volume, in GiB.
snapshot-id - The snapshot from which the volume was created.
status - The state of the volume (creating | available | in-use | deleting | deleted | error).
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
volume-id - The volume ID.
volume-type - The Amazon EBS volume type. This can be gp2 for General Purpose SSD, io1 or io2 for Provisioned IOPS SSD, st1 for Throughput Optimized HDD, sc1 for Cold HDD, or standard for Magnetic volumes.
One or more filters.
cidr - The primary IPv4 CIDR block of the VPC. The CIDR block you specify must exactly match the VPC's CIDR block for information to be returned for the VPC. Must contain the slash followed by one or two digits (for example, /28).
cidr-block-association.cidr-block - An IPv4 CIDR block associated with the VPC.
cidr-block-association.association-id - The association ID for an IPv4 CIDR block associated with the VPC.
cidr-block-association.state - The state of an IPv4 CIDR block associated with the VPC.
dhcp-options-id - The ID of a set of DHCP options.
ipv6-cidr-block-association.ipv6-cidr-block - An IPv6 CIDR block associated with the VPC.
ipv6-cidr-block-association.ipv6-pool - The ID of the IPv6 address pool from which the IPv6 CIDR block is allocated.
ipv6-cidr-block-association.association-id - The association ID for an IPv6 CIDR block associated with the VPC.
ipv6-cidr-block-association.state - The state of an IPv6 CIDR block associated with the VPC.
isDefault - Indicates whether the VPC is the default VPC.
owner-id - The ID of the AWS account that owns the VPC.
state - The state of the VPC (pending | available).
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
vpc-id - The ID of the VPC.
One or more filters.
customer-gateway-configuration - The configuration information for the customer gateway.
customer-gateway-id - The ID of a customer gateway associated with the VPN connection.
state - The state of the VPN connection (pending | available | deleting | deleted).
option.static-routes-only - Indicates whether the connection has static routes only. Used for devices that do not support Border Gateway Protocol (BGP).
route.destination-cidr-block - The destination CIDR block. This corresponds to the subnet used in a customer data center.
bgp-asn - The BGP Autonomous System Number (ASN) associated with a BGP device.
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
type - The type of VPN connection. Currently the only supported type is ipsec.1.
vpn-connection-id - The ID of the VPN connection.
vpn-gateway-id - The ID of a virtual private gateway associated with the VPN connection.
transit-gateway-id - The ID of a transit gateway associated with the VPN connection.
One or more filters.
amazon-side-asn - The Autonomous System Number (ASN) for the Amazon side of the gateway.
attachment.state - The current state of the attachment between the gateway and the VPC (attaching | attached | detaching | detached).
attachment.vpc-id - The ID of an attached VPC.
availability-zone - The Availability Zone for the virtual private gateway (if applicable).
state - The state of the virtual private gateway (pending | available | deleting | deleted).
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
type - The type of virtual private gateway. Currently the only supported type is ipsec.1.
vpn-gateway-id - The ID of the virtual private gateway.
One or more filters. The possible values are:
attachment.transit-gateway-attachment-id - The id of the transit gateway attachment.
attachment.resource-id - The resource id of the transit gateway attachment.
route-search.exact-match - The exact match of the specified filter.
route-search.longest-prefix-match - The longest prefix that matches the route.
route-search.subnet-of-match - The routes with a subnet that match the specified CIDR filter.
route-search.supernet-of-match - The routes with a CIDR that encompass the CIDR filter. For example, if you have 10.0.1.0/29 and 10.0.1.0/31 routes in your route table and you specify supernet-of-match as 10.0.1.0/30, then the result returns 10.0.1.0/29.
state - The state of the attachment (available | deleted | deleting | failed | modifying | pendingAcceptance | pending | rollingBack | rejected | rejecting).
transit-gateway-route-destination-cidr-block - The CIDR range.
type - The type of route (active | blackhole).
One or more filters. The possible values are:
attachment.transit-gateway-attachment-id - The id of the transit gateway attachment.
attachment.resource-id - The resource id of the transit gateway attachment.
route-search.exact-match - The exact match of the specified filter.
route-search.longest-prefix-match - The longest prefix that matches the route.
route-search.subnet-of-match - The routes with a subnet that match the specified CIDR filter.
route-search.supernet-of-match - The routes with a CIDR that encompass the CIDR filter. For example, if you have 10.0.1.0/29 and 10.0.1.0/31 routes in your route table and you specify supernet-of-match as 10.0.1.0/30, then the result returns 10.0.1.0/29.
state - The state of the route (active | blackhole).
transit-gateway-route-destination-cidr-block - The CIDR range.
type - The type of route (propagated | static).
The filters. The following are the possible values:
coip-address-usage.allocation-id
coip-address-usage.aws-account-id
coip-address-usage.aws-service
coip-address-usage.co-ip
One or more filters. The possible values are:
transit-gateway-route-table-id - The ID of the transit gateway route table.
One or more filters. The possible values are:
resource-id - The ID of the resource.
resource-type - The type of resource. The valid value is: vpc.
state - The state of the subnet association. Valid values are associated | associating | disassociated | disassociating.
subnet-id - The ID of the subnet.
transit-gateway-attachment-id - The id of the transit gateway attachment.
One or more filters. The possible values are:
attachment.resource-id - The ID of the resource for the attachment.
attachment.resource-type - The type of resource for the attachment (vpc | vpn | direct-connect-gateway | tgw-peering).
attachment.transit-gateway-attachment-id - The ID of the attachment.
is-blackhole - Whether traffic matching the route is blocked (true | false).
prefix-list-id - The ID of the prefix list.
prefix-list-owner-id - The ID of the owner of the prefix list.
state - The state of the prefix list reference (pending | available | modifying | deleting).
One or more filters. The possible values are:
resource-id - The ID of the resource.
resource-type - The resource type (vpc | vpn | direct-connect-gateway | tgw-peering).
transit-gateway-attachment-id - The ID of the attachment.
One or more filters. The possible values are:
resource-id - The ID of the resource.
resource-type - The resource type (vpc | vpn | direct-connect-gateway | tgw-peering).
transit-gateway-attachment-id - The ID of the attachment.
One or more filters. The possible values are:
attachment.resource-id - The ID of the resource for the attachment.
attachment.resource-type - The type of resource for the attachment. Valid values are vpc | vpn | direct-connect-gateway | peering.
attachment.transit-gateway-attachment-id - The ID of the attachment.
is-blackhole - Whether traffic matching the route is blocked (true | false).
prefix-list-id - The ID of the prefix list.
prefix-list-owner-id - The ID of the owner of the prefix list.
state - The state of the prefix list reference (pending | available | modifying | deleting).
One or more filters. The possible values are:
resource-id - The ID of the resource.
resource-type - The resource type. Valid values are vpc | vpn | direct-connect-gateway | peering.
transit-gateway-attachment-id - The ID of the attachment.
One or more filters. The possible values are:
resource-id - The ID of the resource.
resource-type - The resource type. Valid values are vpc | vpn | direct-connect-gateway | peering.
transit-gateway-attachment-id - The ID of the attachment.
One or more filters.
", "SearchTransitGatewayMulticastGroupsRequest$Filters": "One or more filters. The possible values are:
group-ip-address - The IP address of the transit gateway multicast group.
is-group-member - The resource is a group member. Valid values are true | false.
is-group-source - The resource is a group source. Valid values are true | false.
member-type - The member type. Valid values are igmp | static.
resource-id - The ID of the resource.
resource-type - The type of resource. Valid values are vpc | vpn | direct-connect-gateway | tgw-peering.
source-type - The source type. Valid values are igmp | static.
state - The state of the subnet association. Valid values are associated | associated | disassociated | disassociating.
subnet-id - The ID of the subnet.
transit-gateway-attachment-id - The id of the transit gateway attachment.
One or more filters. The possible values are:
attachment.transit-gateway-attachment-id- The id of the transit gateway attachment.
attachment.resource-id - The resource id of the transit gateway attachment.
attachment.resource-type - The attachment resource type (vpc | vpn | direct-connect-gateway | tgw-peering).
prefix-list-id - The ID of the prefix list.
route-search.exact-match - The exact match of the specified filter.
route-search.longest-prefix-match - The longest prefix that matches the route.
route-search.subnet-of-match - The routes with a subnet that match the specified CIDR filter.
route-search.supernet-of-match - The routes with a CIDR that encompass the CIDR filter. For example, if you have 10.0.1.0/29 and 10.0.1.0/31 routes in your route table and you specify supernet-of-match as 10.0.1.0/30, then the result returns 10.0.1.0/29.
state - The state of the route (active | blackhole).
type - The type of route (propagated | static).
One or more filters. The possible values are:
attachment.transit-gateway-attachment-id- The id of the transit gateway attachment.
attachment.resource-id - The resource id of the transit gateway attachment.
attachment.resource-type - The attachment resource type. Valid values are vpc | vpn | direct-connect-gateway | peering.
prefix-list-id - The ID of the prefix list.
route-search.exact-match - The exact match of the specified filter.
route-search.longest-prefix-match - The longest prefix that matches the route.
route-search.subnet-of-match - The routes with a subnet that match the specified CIDR filter.
route-search.supernet-of-match - The routes with a CIDR that encompass the CIDR filter. For example, if you have 10.0.1.0/29 and 10.0.1.0/31 routes in your route table and you specify supernet-of-match as 10.0.1.0/30, then the result returns 10.0.1.0/29.
state - The state of the route (active | blackhole).
type - The type of route (propagated | static).
The resource type.
", - "TransitGatewayAttachment$ResourceType": "The resource type.
", + "TransitGatewayAssociation$ResourceType": "The resource type. Note that the tgw-peering resource type has been deprecated.
The resource type. Note that the tgw-peering resource type has been deprecated.
The type of resource, for example a VPC attachment.
", "TransitGatewayMulticastDomainAssociations$ResourceType": "The type of resource, for example a VPC attachment.
", "TransitGatewayMulticastGroup$ResourceType": "The type of resource, for example a VPC attachment.
", - "TransitGatewayPrefixListAttachment$ResourceType": "The resource type.
", - "TransitGatewayPropagation$ResourceType": "The resource type.
", - "TransitGatewayRouteAttachment$ResourceType": "The resource type.
", - "TransitGatewayRouteTableAssociation$ResourceType": "The resource type.
", - "TransitGatewayRouteTablePropagation$ResourceType": "The type of resource.
" + "TransitGatewayPrefixListAttachment$ResourceType": "The resource type. Note that the tgw-peering resource type has been deprecated.
The resource type. Note that the tgw-peering resource type has been deprecated.
The resource type. Note that the tgw-peering resource type has been deprecated.
The resource type. Note that the tgw-peering resource type has been deprecated.
The type of resource. Note that the tgw-peering resource type has been deprecated.
The attachment state.
", - "TransitGatewayPeeringAttachment$State": "The state of the transit gateway peering attachment.
", - "TransitGatewayVpcAttachment$State": "The state of the VPC attachment.
" + "TransitGatewayAttachment$State": "The attachment state. Note that the initiating state has been deprecated.
The state of the transit gateway peering attachment. Note that the initiating state has been deprecated.
The state of the VPC attachment. Note that the initiating state has been deprecated.
Provides information about the number of S3 buckets that use certain types of server-side encryption or don't encrypt objects by default.
", "refs" : { - "GetBucketStatisticsResponse$BucketCountByEncryptionType" : "The total number of buckets, grouped by server-side encryption type. This object also reports the total number of buckets that aren't encrypted.
" + "GetBucketStatisticsResponse$BucketCountByEncryptionType" : "The total number of buckets, grouped by server-side encryption type. This object also reports the total number of buckets that don't encrypt objects by default.
" } }, "BucketCountBySharedAccessType" : { @@ -169,7 +169,7 @@ } }, "BucketLevelPermissions" : { - "base" : "Provides information about bucket-level permissions settings for an S3 bucket.
", + "base" : "Provides information about the bucket-level permissions settings for an S3 bucket.
", "refs" : { "BucketPermissionConfiguration$BucketLevelPermissions" : "The bucket-level permissions settings for the bucket.
" } @@ -181,7 +181,7 @@ } }, "BucketPermissionConfiguration" : { - "base" : "The account-level and bucket-level permissions settings for an S3 bucket.
", + "base" : "Provides information about the account-level and bucket-level permissions settings for an S3 bucket.
", "refs" : { "BucketPublicAccess$PermissionConfiguration" : "The account-level and bucket-level permissions for the bucket.
" } @@ -193,7 +193,7 @@ } }, "BucketPublicAccess" : { - "base" : "Provides information about permissions settings that determine whether an S3 bucket is publicly accessible.
", + "base" : "Provides information about the permissions settings that determine whether an S3 bucket is publicly accessible.
", "refs" : { "BucketMetadata$PublicAccess" : "Specifies whether the bucket is publicly accessible. If this value is true, an access control list (ACL), bucket policy, or block public access settings allow the bucket to be accessed by the general public.
", "S3Bucket$PublicAccess" : "The permissions settings that determine whether the bucket is publicly accessible.
" @@ -222,7 +222,7 @@ "ClassificationResult" : { "base" : "Provides detailed information about a sensitive data finding, including the types and number of occurrences of the sensitive data that was found.
", "refs" : { - "ClassificationDetails$Result" : "The status and detailed results of the finding.
" + "ClassificationDetails$Result" : "The status and other details for the finding.
" } }, "ClassificationResultStatus" : { @@ -236,7 +236,7 @@ "refs" : { } }, "CreateClassificationJobRequest" : { - "base" : "Specifies the scope, schedule, and other settings for a classification job. You can't delete or change the settings for a classification job after you create it. In Amazon Macie, classification jobs are immutable. This ensures accurate data classification results for audits or investigations.
", + "base" : "Specifies the scope, schedule, and other settings for a classification job. You can't delete or change the settings for a classification job after you create it. This helps ensure that you have an immutable history of sensitive data findings and discovery results for data privacy and protection audits or investigations.
", "refs" : { } }, "CreateClassificationJobResponse" : { @@ -244,7 +244,7 @@ "refs" : { } }, "CreateCustomDataIdentifierRequest" : { - "base" : "Specifies the criteria and other settings for a new custom data identifier. You can't change a custom data identifier after you create it. In Amazon Macie, custom data identifiers are immutable. This ensures accurate data classification results for audits or investigations.
", + "base" : "Specifies the criteria and other settings for a new custom data identifier. You can't change a custom data identifier after you create it. This helps ensure that you have an immutable history of sensitive data findings and discovery results for data privacy and protection audits or investigations.
", "refs" : { } }, "CreateCustomDataIdentifierResponse" : { @@ -387,7 +387,7 @@ "EffectivePermission" : { "base" : null, "refs" : { - "BucketPublicAccess$EffectivePermission" : "Specifies whether the bucket is publicly accessible due to the combination of permissions settings that apply to the bucket. Possible values are: PUBLIC, the bucket is publicly accessible; and, NOT_PUBLIC, the bucket isn't publicly accessible.
" + "BucketPublicAccess$EffectivePermission" : "Specifies whether the bucket is publicly accessible due to the combination of permissions settings that apply to the bucket. Possible values are:
NOT_PUBLIC - The bucket isn't publicly accessible.
PUBLIC - The bucket is publicly accessible.
UNKNOWN - Amazon Macie can't determine whether the bucket is publicly accessible.
Specifies an account that's associated with the S3 buckets to retrieve aggregated statistical data for.
", + "base" : "Specifies the account that owns the S3 buckets to retrieve aggregated statistical data for.
", "refs" : { } }, "GetBucketStatisticsResponse" : { - "base" : "Provides the results of a query that retrieved aggregated statistical data for all the S3 buckets that Amazon Macie monitors and analyzes for an account.
", + "base" : "Provides the results of a query that retrieved aggregated statistical data for the S3 buckets that are owned by an account.
", "refs" : { } }, "GetClassificationExportConfigurationResponse" : { @@ -656,8 +656,8 @@ "JobStatus" : { "base" : "The current status of a classification job. Possible values are:
", "refs" : { - "DescribeClassificationJobResponse$JobStatus" : "The current status of the job. Possible values are:
CANCELLED - The job was cancelled by you or a user of the master account for your organization. A job might also be cancelled if ownership of an S3 bucket changed while the job was running, and that change affected the job's access to the bucket.
COMPLETE - Amazon Macie finished processing all the data specified for the job.
IDLE - For a recurring job, the previous scheduled run is complete and the next scheduled run is pending. This value doesn't apply to jobs that occur only once.
PAUSED - Amazon Macie started the job, but completion of the job would exceed one or more quotas for your account.
RUNNING - The job is in progress.
The current status of the job. Possible values are:
CANCELLED - The job was cancelled by you or a user of the master account for your organization. A job might also be cancelled if ownership of an S3 bucket changed while the job was running, and that change affected the job's access to the bucket.
COMPLETE - Amazon Macie finished processing all the data specified for the job.
IDLE - For a recurring job, the previous scheduled run is complete and the next scheduled run is pending. This value doesn't apply to jobs that occur only once.
PAUSED - Amazon Macie started the job, but completion of the job would exceed one or more quotas for your account.
RUNNING - The job is in progress.
The current status of the job. Possible values are:
CANCELLED - You cancelled the job. A job might also be cancelled if ownership of an S3 bucket changed while the job was running, and that change affected the job's access to the bucket.
COMPLETE - Amazon Macie finished processing all the data specified for the job.
IDLE - For a recurring job, the previous scheduled run is complete and the next scheduled run is pending. This value doesn't apply to jobs that occur only once.
PAUSED - Amazon Macie started the job, but completion of the job would exceed one or more quotas for your account.
RUNNING - The job is in progress.
The current status of the job. Possible values are:
CANCELLED - You cancelled the job. A job might also be cancelled if ownership of an S3 bucket changed while the job was running, and that change affected the job's access to the bucket.
COMPLETE - Amazon Macie finished processing all the data specified for the job.
IDLE - For a recurring job, the previous scheduled run is complete and the next scheduled run is pending. This value doesn't apply to jobs that occur only once.
PAUSED - Amazon Macie started the job, but completion of the job would exceed one or more quotas for your account.
RUNNING - The job is in progress.
The status to change the job's status to. The only supported value is CANCELLED, which cancels the job completely.
" } }, @@ -790,6 +790,15 @@ "BucketMetadata$ObjectCountByEncryptionType" : "The total number of objects that are in the bucket, grouped by server-side encryption type. This includes a grouping that reports the total number of objects that aren't encrypted or use client-side encryption.
" } }, + "ObjectLevelStatistics" : { + "base" : "Provides information about the total storage size (in bytes) or number of objects that Amazon Macie can't analyze in one or more S3 buckets. In a BucketMetadata object, this data is for a specific bucket. In a GetBucketStatisticsResponse object, this data is aggregated for all the buckets in the query results.
", + "refs" : { + "BucketMetadata$UnclassifiableObjectCount" : "The total number of objects that Amazon Macie can't analyze in the bucket. These objects use an unsupported file or storage format or storage class.
", + "BucketMetadata$UnclassifiableObjectSizeInBytes" : "The total storage size, in bytes, of the objects that Amazon Macie can't analyze in the bucket. These objects use an unsupported file or storage format or storage class.
", + "GetBucketStatisticsResponse$UnclassifiableObjectCount" : "The total number of objects that Amazon Macie can't analyze in the buckets. These objects use an unsupported file or storage format or storage class.
", + "GetBucketStatisticsResponse$UnclassifiableObjectSizeInBytes" : "The total storage size, in bytes, of all the objects that Amazon Macie can't analyze in the buckets. These objects use an unsupported file or storage format or storage class.
" + } + }, "OrderBy" : { "base" : null, "refs" : { @@ -956,7 +965,7 @@ "SharedAccess" : { "base" : null, "refs" : { - "BucketMetadata$SharedAccess" : "Specifies whether the bucket is shared with another AWS account. Valid values are:
EXTERNAL - The bucket is shared with an AWS account that isn’t part of the same Amazon Macie organization.
INTERNAL - The bucket is shared with an AWS account that's part of the same Amazon Macie organization.
NOT_SHARED - The bucket isn't shared with other AWS accounts.
Specifies whether the bucket is shared with another AWS account. Possible values are:
EXTERNAL - The bucket is shared with an AWS account that isn’t part of the same Amazon Macie organization.
INTERNAL - The bucket is shared with an AWS account that's part of the same Amazon Macie organization.
NOT_SHARED - The bucket isn't shared with other AWS accounts.
UNKNOWN - Amazon Macie wasn't able to evaluate the shared access settings for the bucket.
Specifies a tag-based condition that determines whether an object is included or excluded from a classification job.
", "refs" : { - "JobScopeTerm$TagScopeTerm" : "A tag-based condition that defines an operator and a tag key and value for including or excluding an object from the job.
" + "JobScopeTerm$TagScopeTerm" : "A tag-based condition that defines the operator and a tag key or tag keys and values for including or excluding an object from the job.
" } }, "TagTarget" : { @@ -1175,16 +1184,16 @@ "BucketMetadata$Versioning" : "Specifies whether versioning is enabled for the bucket.
", "BucketPolicy$AllowsPublicReadAccess" : "Specifies whether the bucket policy allows the general public to have read access to the bucket.
", "BucketPolicy$AllowsPublicWriteAccess" : "Specifies whether the bucket policy allows the general public to have write access to the bucket.
", - "CreateClassificationJobRequest$InitialRun" : "Specifies whether to run the job immediately, after it's created.
", + "CreateClassificationJobRequest$InitialRun" : "Specifies whether to analyze all existing, eligible objects immediately after the job is created.
", "CreateInvitationsRequest$DisableEmailNotification" : "Specifies whether to send an email notification to the root user of each account that the invitation will be sent to. This notification is in addition to an alert that the root user receives in AWS Personal Health Dashboard. To send an email notification to the root user of each account, set this value to true.
", - "DescribeClassificationJobResponse$InitialRun" : "Specifies whether the job has run for the first time.
", + "DescribeClassificationJobResponse$InitialRun" : "Specifies whether the job is configured to analyze all existing, eligible objects immediately after it's created.
", "DescribeOrganizationConfigurationResponse$AutoEnable" : "Specifies whether Amazon Macie is enabled automatically for accounts that are added to the AWS organization.
", "DescribeOrganizationConfigurationResponse$MaxAccountLimitReached" : "Specifies whether the maximum number of Amazon Macie member accounts are already associated with the AWS organization.
", "Finding$Archived" : "Specifies whether the finding is archived.
", "Finding$Sample" : "Specifies whether the finding is a sample finding. A sample finding is a finding that uses example data to demonstrate what a finding might contain.
", "GetCustomDataIdentifierResponse$Deleted" : "Specifies whether the custom data identifier was deleted. If you delete a custom data identifier, Amazon Macie doesn't delete it permanently. Instead, it soft deletes the identifier.
", "ReplicationDetails$Replicated" : "Specifies whether the bucket is configured to replicate one or more objects to any destination.
", - "ReplicationDetails$ReplicatedExternally" : "Specifies whether the bucket is configured to replicate one or more objects to an AWS account that isn't part of the Amazon Macie organization.
", + "ReplicationDetails$ReplicatedExternally" : "Specifies whether the bucket is configured to replicate one or more objects to an AWS account that isn't part of the same Amazon Macie organization.
", "S3Object$PublicAccess" : "Specifies whether the object is publicly accessible due to the combination of permissions settings that apply to the object.
", "ServiceLimit$IsServiceLimited" : "Specifies whether the account has met the quota that corresponds to the metric specified by the UsageByAccount.type field in the response.
", "SessionContextAttributes$MfaAuthenticated" : "Specifies whether the credentials were authenticated with a multi-factor authentication (MFA) device.
", @@ -1207,7 +1216,7 @@ "CreateCustomDataIdentifierRequest$MaximumMatchDistance" : "The maximum number of characters that can exist between text that matches the regex pattern and the character sequences specified by the keywords array. Macie includes or excludes a result based on the proximity of a keyword to text that matches the regex pattern. The distance can be 1 - 300 characters. The default value is 50.
", "CreateFindingsFilterRequest$Position" : "The position of the filter in the list of saved filters on the Amazon Macie console. This value also determines the order in which the filter is applied to findings, relative to other filters that are also applied to the findings.
", "DescribeBucketsRequest$MaxResults" : "The maximum number of items to include in each page of the response. The default value is 50.
", - "DescribeClassificationJobResponse$SamplingPercentage" : "The sampling depth, as a percentage, that determines the number of objects that the job processes.
", + "DescribeClassificationJobResponse$SamplingPercentage" : "The sampling depth, as a percentage, that determines the percentage of eligible objects that the job analyzes.
", "GetCustomDataIdentifierResponse$MaximumMatchDistance" : "The maximum number of characters that can exist between text that matches the regex pattern and the character sequences specified by the keywords array. Macie includes or excludes a result based on the proximity of a keyword to text that matches the regex pattern.
", "GetFindingStatisticsRequest$Size" : "The maximum number of items to include in each page of the response.
", "GetFindingsFilterResponse$Position" : "The position of the filter in the list of saved filters on the Amazon Macie console. This value also determines the order in which the filter is applied to findings, relative to other filters that are also applied to the findings.
", @@ -1396,7 +1405,8 @@ "BucketCriteriaAdditionalProperties$Gte" : "A greater than or equal to condition to apply to a specified attribute value for buckets.
", "BucketCriteriaAdditionalProperties$Lt" : "A less than condition to apply to a specified attribute value for buckets.
", "BucketCriteriaAdditionalProperties$Lte" : "A less than or equal to condition to apply to a specified attribute value for buckets.
", - "BucketMetadata$ClassifiableObjectCount" : "The total number of objects that Amazon Macie can analyze in the bucket. These objects use a file format, file extension, or content type that Amazon Macie supports.
", + "BucketMetadata$ClassifiableObjectCount" : "The total number of objects that Amazon Macie can analyze in the bucket. These objects use a supported file or storage format and storage class.
", + "BucketMetadata$ClassifiableSizeInBytes" : "The total storage size, in bytes, of the objects that Amazon Macie can analyze in the bucket. These objects use a supported file or storage format and storage class.
", "BucketMetadata$ObjectCount" : "The total number of objects in the bucket.
", "BucketMetadata$SizeInBytes" : "The total storage size, in bytes, of the bucket.
", "BucketMetadata$SizeInBytesCompressed" : "The total compressed storage size, in bytes, of the bucket.
", @@ -1410,16 +1420,20 @@ "DefaultDetection$Count" : "The total number of occurrences of the type of data that was detected.
", "Finding$Count" : "The total number of occurrences of this finding.
", "GetBucketStatisticsResponse$BucketCount" : "The total number of buckets.
", - "GetBucketStatisticsResponse$ClassifiableObjectCount" : "The total number of objects that Amazon Macie can analyze in all the buckets. These objects use a file format, file extension, or content type that Amazon Macie supports.
", - "GetBucketStatisticsResponse$ObjectCount" : "The total number of objects in all the buckets.
", - "GetBucketStatisticsResponse$SizeInBytes" : "The total storage size, in bytes, of all the buckets.
", - "GetBucketStatisticsResponse$SizeInBytesCompressed" : "The total compressed storage size, in bytes, of all the buckets.
", + "GetBucketStatisticsResponse$ClassifiableObjectCount" : "The total number of objects that Amazon Macie can analyze in the buckets. These objects use a supported file or storage format and storage class.
", + "GetBucketStatisticsResponse$ClassifiableSizeInBytes" : "The total storage size, in bytes, of all the objects that Amazon Macie can analyze in the buckets. These objects use a supported file or storage format and storage class.
", + "GetBucketStatisticsResponse$ObjectCount" : "The total number of objects in the buckets.
", + "GetBucketStatisticsResponse$SizeInBytes" : "The total storage size, in bytes, of the buckets.
", + "GetBucketStatisticsResponse$SizeInBytesCompressed" : "The total compressed storage size, in bytes, of the buckets.
", "GetInvitationsCountResponse$InvitationsCount" : "The total number of invitations that were received by the account, not including the currently accepted invitation.
", "GroupCount$Count" : "The total number of findings in the group of query results.
", "ObjectCountByEncryptionType$CustomerManaged" : "The total number of objects that are encrypted using a customer-managed key. The objects use customer-provided server-side (SSE-C) encryption.
", "ObjectCountByEncryptionType$KmsManaged" : "The total number of objects that are encrypted using an AWS Key Management Service (AWS KMS) customer master key (CMK). The objects use AWS KMS AWS-managed (AWS-KMS) encryption or AWS KMS customer-managed (SSE-KMS) encryption.
", "ObjectCountByEncryptionType$S3Managed" : "The total number of objects that are encrypted using an Amazon S3-managed key. The objects use Amazon S3-managed (SSE-S3) encryption.
", "ObjectCountByEncryptionType$Unencrypted" : "The total number of objects that aren't encrypted or use client-side encryption.
", + "ObjectLevelStatistics$FileType" : "The total storage size (in bytes) or number of objects that Amazon Macie can't analyze because the objects use an unsupported file or storage format.
", + "ObjectLevelStatistics$StorageClass" : "The total storage size (in bytes) or number of objects that Amazon Macie can't analyze because the objects use an unsupported storage class.
", + "ObjectLevelStatistics$Total" : "The total storage size (in bytes) or number of objects that Amazon Macie can't analyze because the objects use an unsupported file or storage format or storage class.
", "S3Object$Size" : "The total storage size, in bytes, of the object.
", "SensitiveDataItem$TotalCount" : "The total number of occurrences of the sensitive data that was detected.
", "ServiceLimit$Value" : "The value for the metric specified by the UsageByAccount.type field in the response.
", @@ -1449,16 +1463,16 @@ "BatchGetCustomDataIdentifierSummary$Id" : "The unique identifier for the custom data identifier.
", "BatchGetCustomDataIdentifierSummary$Name" : "The custom name of the custom data identifier.
", "BucketCriteriaAdditionalProperties$Prefix" : "The prefix of the buckets to include in the results.
", - "BucketMetadata$AccountId" : "The unique identifier for the AWS account that's associated with the bucket.
", + "BucketMetadata$AccountId" : "The unique identifier for the AWS account that owns the bucket.
", "BucketMetadata$BucketArn" : "The Amazon Resource Name (ARN) of the bucket.
", "BucketMetadata$BucketName" : "The name of the bucket.
", "BucketMetadata$Region" : "The AWS Region that hosts the bucket.
", - "BucketSortCriteria$AttributeName" : "The name of the attribute to sort the results by. This value can be the name of any property that Amazon Macie defines as bucket metadata, such as bucketName, accountId, or lastUpdated.
", - "ClassificationDetails$DetailedResultsLocation" : "The Amazon Resource Name (ARN) of the file that contains the detailed record, including offsets, for the finding.
", + "BucketSortCriteria$AttributeName" : "The name of the attribute to sort the results by. This value can be the name of any property that Amazon Macie defines as bucket metadata, such as bucketName or accountId.
", + "ClassificationDetails$DetailedResultsLocation" : "The path to the folder or file (in Amazon S3) that contains the corresponding sensitive data discovery results for the finding. If a finding applies to a large archive or compressed file, this is a path to a folder. Otherwise, this is a path to a file.
", "ClassificationDetails$JobArn" : "The Amazon Resource Name (ARN) of the classification job that produced the finding.
", "ClassificationDetails$JobId" : "The unique identifier for the classification job that produced the finding.
", "ClassificationResult$MimeType" : "The type of content, expressed as a MIME type, that the finding applies to. For example, application/gzip, for a GNU Gzip compressed archive file, or application/pdf, for an Adobe PDF file.
", - "ClassificationResultStatus$Code" : "The status of the finding, such as COMPLETE.
", + "ClassificationResultStatus$Code" : "The status of the finding. Possible values are:
COMPLETE - Amazon Macie successfully completed its analysis of the object that the finding applies to.
PARTIAL - Macie was able to analyze only a subset of the data in the object that the finding applies to. For example, the object is a compressed or archive file that contains files in an unsupported format.
SKIPPED - Macie wasn't able to analyze the object that the finding applies to. For example, the object is a malformed file or a file that's in an unsupported format.
A brief description of the status of the finding. Amazon Macie uses this value to notify you of any errors, warnings, or considerations that might impact your analysis of the finding.
", "ConflictException$Message" : "The explanation of the error that occurred.
", "CreateClassificationJobRequest$ClientToken" : "A unique, case-sensitive token that you provide to ensure the idempotency of the request.
", @@ -1572,11 +1586,11 @@ "S3Destination$KmsKeyArn" : "The Amazon Resource Name (ARN) of the AWS Key Management Service (AWS KMS) customer master key (CMK) to use for encryption of the results. This must be the ARN of an existing CMK that's in the same AWS Region as the bucket.
", "S3Object$BucketArn" : "The Amazon Resource Name (ARN) of the bucket that contains the object.
", "S3Object$ETag" : "The entity tag (ETag) that identifies the affected version of the object. If the object was overwritten or changed after Amazon Macie produced the finding, this value might be different from the current ETag for the object.
", - "S3Object$Extension" : "The file extension of the object. If the object doesn't have a file extension, this value is \"\".
", + "S3Object$Extension" : "The file name extension of the object. If the object doesn't have a file name extension, this value is \"\".
", "S3Object$Key" : "The full key (name) that's assigned to the object.
", "S3Object$Path" : "The path to the object, including the full key (name).
", "S3Object$VersionId" : "The identifier for the affected version of the object.
", - "ServerSideEncryption$KmsMasterKeyId" : "The Amazon Resource Name (ARN) of the AWS Key Management Service (AWS KMS) master key that's used to encrypt the bucket or object. This value is null if KMS isn't used to encrypt the bucket or object.
", + "ServerSideEncryption$KmsMasterKeyId" : "The unique identifier for the AWS Key Management Service (AWS KMS) master key that's used to encrypt the bucket or object. This value is null if AWS KMS isn't used to encrypt the bucket or object.
", "ServiceQuotaExceededException$Message" : "The explanation of the error that occurred.
", "SessionIssuer$AccountId" : "The unique identifier for the AWS account that owns the entity that was used to get the credentials.
", "SessionIssuer$Arn" : "The Amazon Resource Name (ARN) of the source account, IAM user, or role that was used to get the credentials.
", @@ -1614,13 +1628,13 @@ "ApiCallDetails$LastSeen" : "The most recent date and time, in UTC and extended ISO 8601 format, when the specified operation (api) was invoked and produced the finding.
", "BatchGetCustomDataIdentifierSummary$CreatedAt" : "The date and time, in UTC and extended ISO 8601 format, when the custom data identifier was created.
", "BucketMetadata$BucketCreatedAt" : "The date and time, in UTC and extended ISO 8601 format, when the bucket was created.
", - "BucketMetadata$LastUpdated" : "The date and time, in UTC and extended ISO 8601 format, when Amazon Macie last analyzed the bucket.
", + "BucketMetadata$LastUpdated" : "The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most recently retrieved data about the bucket from Amazon S3.
", "CustomDataIdentifierSummary$CreatedAt" : "The date and time, in UTC and extended ISO 8601 format, when the custom data identifier was created.
", "DescribeClassificationJobResponse$CreatedAt" : "The date and time, in UTC and extended ISO 8601 format, when the job was created.
", "DescribeClassificationJobResponse$LastRunTime" : "The date and time, in UTC and extended ISO 8601 format, when the job last ran.
", "Finding$CreatedAt" : "The date and time, in UTC and extended ISO 8601 format, when the finding was created.
", "Finding$UpdatedAt" : "The date and time, in UTC and extended ISO 8601 format, when the finding was last updated. For sensitive data findings, this value is the same as the value for the createdAt property. Sensitive data findings aren't updated.
", - "GetBucketStatisticsResponse$LastUpdated" : "The date and time, in UTC and extended ISO 8601 format, when Amazon Macie last analyzed the buckets.
", + "GetBucketStatisticsResponse$LastUpdated" : "The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most recently retrieved data about the buckets from Amazon S3.
", "GetCustomDataIdentifierResponse$CreatedAt" : "The date and time, in UTC and extended ISO 8601 format, when the custom data identifier was created.
", "GetMacieSessionResponse$CreatedAt" : "The date and time, in UTC and extended ISO 8601 format, when the Amazon Macie account was created.
", "GetMacieSessionResponse$UpdatedAt" : "The date and time, in UTC and extended ISO 8601 format, of the most recent change to the status of the Amazon Macie account.
", diff --git a/aws-sdk-core/endpoints.json b/aws-sdk-core/endpoints.json index c163ee7e9c5..fd3c6492db6 100644 --- a/aws-sdk-core/endpoints.json +++ b/aws-sdk-core/endpoints.json @@ -5989,6 +5989,12 @@ }, "waf-regional" : { "endpoints" : { + "af-south-1" : { + "credentialScope" : { + "region" : "af-south-1" + }, + "hostname" : "waf-regional.af-south-1.amazonaws.com" + }, "ap-east-1" : { "credentialScope" : { "region" : "ap-east-1" @@ -6043,6 +6049,12 @@ }, "hostname" : "waf-regional.eu-north-1.amazonaws.com" }, + "eu-south-1" : { + "credentialScope" : { + "region" : "eu-south-1" + }, + "hostname" : "waf-regional.eu-south-1.amazonaws.com" + }, "eu-west-1" : { "credentialScope" : { "region" : "eu-west-1" @@ -6061,6 +6073,12 @@ }, "hostname" : "waf-regional.eu-west-3.amazonaws.com" }, + "fips-af-south-1" : { + "credentialScope" : { + "region" : "af-south-1" + }, + "hostname" : "waf-regional-fips.af-south-1.amazonaws.com" + }, "fips-ap-east-1" : { "credentialScope" : { "region" : "ap-east-1" @@ -6115,6 +6133,12 @@ }, "hostname" : "waf-regional-fips.eu-north-1.amazonaws.com" }, + "fips-eu-south-1" : { + "credentialScope" : { + "region" : "eu-south-1" + }, + "hostname" : "waf-regional-fips.eu-south-1.amazonaws.com" + }, "fips-eu-west-1" : { "credentialScope" : { "region" : "eu-west-1" @@ -7768,20 +7792,18 @@ }, "kinesis" : { "endpoints" : { - "fips-us-gov-east-1" : { + "us-gov-east-1" : { "credentialScope" : { "region" : "us-gov-east-1" }, - "hostname" : "kinesis-fips.us-gov-east-1.amazonaws.com" + "hostname" : "kinesis.us-gov-east-1.amazonaws.com" }, - "fips-us-gov-west-1" : { + "us-gov-west-1" : { "credentialScope" : { "region" : "us-gov-west-1" }, - "hostname" : "kinesis-fips.us-gov-west-1.amazonaws.com" - }, - "us-gov-east-1" : { }, - "us-gov-west-1" : { } + "hostname" : "kinesis.us-gov-west-1.amazonaws.com" + } } }, "kinesisanalytics" : {