diff --git a/apis/ec2/2016-11-15/api-2.json b/apis/ec2/2016-11-15/api-2.json index 066614d7a8d..29ff8e14627 100644 --- a/apis/ec2/2016-11-15/api-2.json +++ b/apis/ec2/2016-11-15/api-2.json @@ -3752,6 +3752,15 @@ "input":{"shape":"ModifyInstanceEventWindowRequest"}, "output":{"shape":"ModifyInstanceEventWindowResult"} }, + "ModifyInstanceMaintenanceOptions":{ + "name":"ModifyInstanceMaintenanceOptions", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ModifyInstanceMaintenanceOptionsRequest"}, + "output":{"shape":"ModifyInstanceMaintenanceOptionsResult"} + }, "ModifyInstanceMetadataOptions":{ "name":"ModifyInstanceMetadataOptions", "http":{ @@ -22355,6 +22364,10 @@ "Ipv6Address":{ "shape":"String", "locationName":"ipv6Address" + }, + "MaintenanceOptions":{ + "shape":"InstanceMaintenanceOptions", + "locationName":"maintenanceOptions" } } }, @@ -22447,6 +22460,13 @@ "enclaveOptions" ] }, + "InstanceAutoRecoveryState":{ + "type":"string", + "enum":[ + "disabled", + "default" + ] + }, "InstanceBlockDeviceMapping":{ "type":"structure", "members":{ @@ -22896,6 +22916,21 @@ "locationName":"item" } }, + "InstanceMaintenanceOptions":{ + "type":"structure", + "members":{ + "AutoRecovery":{ + "shape":"InstanceAutoRecoveryState", + "locationName":"autoRecovery" + } + } + }, + "InstanceMaintenanceOptionsRequest":{ + "type":"structure", + "members":{ + "AutoRecovery":{"shape":"InstanceAutoRecoveryState"} + } + }, "InstanceMarketOptionsRequest":{ "type":"structure", "members":{ @@ -25518,6 +25553,13 @@ } } }, + "LaunchTemplateAutoRecoveryState":{ + "type":"string", + "enum":[ + "default", + "disabled" + ] + }, "LaunchTemplateBlockDeviceMapping":{ "type":"structure", "members":{ @@ -25787,6 +25829,21 @@ "locationName":"item" } }, + "LaunchTemplateInstanceMaintenanceOptions":{ + "type":"structure", + "members":{ + "AutoRecovery":{ + "shape":"LaunchTemplateAutoRecoveryState", + "locationName":"autoRecovery" + } + } + }, + "LaunchTemplateInstanceMaintenanceOptionsRequest":{ + "type":"structure", + "members":{ + "AutoRecovery":{"shape":"LaunchTemplateAutoRecoveryState"} + } + }, "LaunchTemplateInstanceMarketOptions":{ "type":"structure", "members":{ @@ -27453,6 +27510,28 @@ } } }, + "ModifyInstanceMaintenanceOptionsRequest":{ + "type":"structure", + "required":["InstanceId"], + "members":{ + "InstanceId":{"shape":"InstanceId"}, + "AutoRecovery":{"shape":"InstanceAutoRecoveryState"}, + "DryRun":{"shape":"Boolean"} + } + }, + "ModifyInstanceMaintenanceOptionsResult":{ + "type":"structure", + "members":{ + "InstanceId":{ + "shape":"String", + "locationName":"instanceId" + }, + "AutoRecovery":{ + "shape":"InstanceAutoRecoveryState", + "locationName":"autoRecovery" + } + } + }, "ModifyInstanceMetadataOptionsRequest":{ "type":"structure", "required":["InstanceId"], @@ -31847,7 +31926,8 @@ "MetadataOptions":{"shape":"LaunchTemplateInstanceMetadataOptionsRequest"}, "EnclaveOptions":{"shape":"LaunchTemplateEnclaveOptionsRequest"}, "InstanceRequirements":{"shape":"InstanceRequirementsRequest"}, - "PrivateDnsNameOptions":{"shape":"LaunchTemplatePrivateDnsNameOptionsRequest"} + "PrivateDnsNameOptions":{"shape":"LaunchTemplatePrivateDnsNameOptionsRequest"}, + "MaintenanceOptions":{"shape":"LaunchTemplateInstanceMaintenanceOptionsRequest"} } }, "RequestSpotFleetRequest":{ @@ -32878,6 +32958,10 @@ "PrivateDnsNameOptions":{ "shape":"LaunchTemplatePrivateDnsNameOptions", "locationName":"privateDnsNameOptions" + }, + "MaintenanceOptions":{ + "shape":"LaunchTemplateInstanceMaintenanceOptions", + "locationName":"maintenanceOptions" } } }, @@ -33483,7 +33567,8 @@ }, "MetadataOptions":{"shape":"InstanceMetadataOptionsRequest"}, "EnclaveOptions":{"shape":"EnclaveOptionsRequest"}, - "PrivateDnsNameOptions":{"shape":"PrivateDnsNameOptionsRequest"} + "PrivateDnsNameOptions":{"shape":"PrivateDnsNameOptionsRequest"}, + "MaintenanceOptions":{"shape":"InstanceMaintenanceOptionsRequest"} } }, "RunScheduledInstancesRequest":{ diff --git a/apis/ec2/2016-11-15/docs-2.json b/apis/ec2/2016-11-15/docs-2.json index 15c7715cd9c..c24c54a02c8 100644 --- a/apis/ec2/2016-11-15/docs-2.json +++ b/apis/ec2/2016-11-15/docs-2.json @@ -422,6 +422,7 @@ "ModifyInstanceCreditSpecification": "

Modifies the credit option for CPU usage on a running or stopped burstable performance instance. The credit options are standard and unlimited.

For more information, see Burstable performance instances in the Amazon EC2 User Guide.

", "ModifyInstanceEventStartTime": "

Modifies the start time for a scheduled Amazon EC2 instance event.

", "ModifyInstanceEventWindow": "

Modifies the specified event window.

You can define either a set of time ranges or a cron expression when modifying the event window, but not both.

To modify the targets associated with the event window, use the AssociateInstanceEventWindow and DisassociateInstanceEventWindow API.

If Amazon Web Services has already scheduled an event, modifying an event window won't change the time of the scheduled event.

For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.

", + "ModifyInstanceMaintenanceOptions": "

Modifies the recovery behavior of your instance to disable simplified automatic recovery or set the recovery behavior to default. The default configuration will not enable simplified automatic recovery for an unsupported instance type. For more information, see Simplified automatic recovery.

", "ModifyInstanceMetadataOptions": "

Modify the instance metadata parameters on a running or stopped instance. When you modify the parameters on a stopped instance, they are applied when the instance is started. When you modify the parameters on a running instance, the API responds with a state of “pending”. After the parameter modifications are successfully applied to the instance, the state of the modifications changes from “pending” to “applied” in subsequent describe-instances API calls. For more information, see Instance metadata and user data in the Amazon EC2 User Guide.

", "ModifyInstancePlacement": "

Modifies the placement attributes for a specified instance. You can do the following:

At least one attribute for affinity, host ID, tenancy, or placement group name must be specified in the request. Affinity and tenancy can be modified in the same request.

To modify the host ID, tenancy, placement group, or partition for an instance, the instance must be in the stopped state.

", "ModifyIpam": "

Modify the configurations of an IPAM.

", @@ -2172,7 +2173,7 @@ "ModifyDefaultCreditSpecificationRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "ModifyEbsDefaultKmsKeyIdRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "ModifyFleetRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", - "ModifyFleetResult$Return": "

Is true if the request succeeds, and an error otherwise.

", + "ModifyFleetResult$Return": "

If the request succeeds, the response returns true. If the request fails, no response is returned, and instead an error message is returned.

", "ModifyFpgaImageAttributeRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "ModifyIdFormatRequest$UseLongIds": "

Indicate whether the resource should use longer IDs (17-character IDs).

", "ModifyIdentityIdFormatRequest$UseLongIds": "

Indicates whether the resource should use longer IDs (17-character IDs)

", @@ -2183,6 +2184,7 @@ "ModifyInstanceCreditSpecificationRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "ModifyInstanceEventStartTimeRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "ModifyInstanceEventWindowRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", + "ModifyInstanceMaintenanceOptionsRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "ModifyInstanceMetadataOptionsRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "ModifyInstancePlacementResult$Return": "

Is true if the request succeeds, and an error otherwise.

", "ModifyIpamPoolRequest$DryRun": "

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", @@ -2203,7 +2205,7 @@ "ModifySecurityGroupRulesResult$Return": "

Returns true if the request succeeds; otherwise, returns an error.

", "ModifySnapshotAttributeRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "ModifySnapshotTierRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", - "ModifySpotFleetRequestResponse$Return": "

Is true if the request succeeds, and an error otherwise.

", + "ModifySpotFleetRequestResponse$Return": "

If the request succeeds, the response returns true. If the request fails, no response is returned, and instead an error message is returned.

", "ModifyTrafficMirrorFilterNetworkServicesRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "ModifyTrafficMirrorFilterRuleRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "ModifyTrafficMirrorSessionRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", @@ -9474,7 +9476,16 @@ "refs": { "DescribeInstanceAttributeRequest$Attribute": "

The instance attribute.

Note: The enaSupport attribute is not supported at this time.

", "ModifyInstanceAttributeRequest$Attribute": "

The name of the attribute.

", - "ResetInstanceAttributeRequest$Attribute": "

The attribute to reset.

You can only reset the following attributes: kernel | ramdisk | sourceDestCheck. To change an instance attribute, use ModifyInstanceAttribute.

" + "ResetInstanceAttributeRequest$Attribute": "

The attribute to reset.

You can only reset the following attributes: kernel | ramdisk | sourceDestCheck.

" + } + }, + "InstanceAutoRecoveryState": { + "base": null, + "refs": { + "InstanceMaintenanceOptions$AutoRecovery": "

Provides information on the current automatic recovery behavior of your instance.

", + "InstanceMaintenanceOptionsRequest$AutoRecovery": "

Disables the automatic recovery behavior of your instance or sets it to default. For more information, see Simplified automatic recovery.

", + "ModifyInstanceMaintenanceOptionsRequest$AutoRecovery": "

Disables the automatic recovery behavior of your instance or sets it to default.

", + "ModifyInstanceMaintenanceOptionsResult$AutoRecovery": "

Provides information on the current automatic recovery behavior of your instance.

" } }, "InstanceBlockDeviceMapping": { @@ -9710,6 +9721,7 @@ "ModifyInstanceAttributeRequest$InstanceId": "

The ID of the instance.

", "ModifyInstanceCapacityReservationAttributesRequest$InstanceId": "

The ID of the instance to be modified.

", "ModifyInstanceEventStartTimeRequest$InstanceId": "

The ID of the instance with the scheduled event.

", + "ModifyInstanceMaintenanceOptionsRequest$InstanceId": "

The ID of the instance.

", "ModifyInstanceMetadataOptionsRequest$InstanceId": "

The ID of the instance.

", "ModifyInstancePlacementRequest$InstanceId": "

The ID of the instance that you are modifying.

", "ModifyPrivateDnsNameOptionsRequest$InstanceId": "

The ID of the instance.

", @@ -9840,6 +9852,18 @@ "Reservation$Instances": "

The instances.

" } }, + "InstanceMaintenanceOptions": { + "base": "

The maintenance options for the instance.

", + "refs": { + "Instance$MaintenanceOptions": "

Provides information on the recovery and maintenance options of your instance.

" + } + }, + "InstanceMaintenanceOptionsRequest": { + "base": "

The maintenance options for the instance.

", + "refs": { + "RunInstancesRequest$MaintenanceOptions": "

The maintenance and recovery options for the instance.

" + } + }, "InstanceMarketOptionsRequest": { "base": "

Describes the market (purchasing) option for the instances.

", "refs": { @@ -11313,6 +11337,13 @@ "DescribeFleetsInstances$LaunchTemplateAndOverrides": "

The launch templates and overrides that were used for launching the instances. The values that you specify in the Overrides replace the values in the launch template.

" } }, + "LaunchTemplateAutoRecoveryState": { + "base": null, + "refs": { + "LaunchTemplateInstanceMaintenanceOptions$AutoRecovery": "

Disables the automatic recovery behavior of your instance or sets it to default.

", + "LaunchTemplateInstanceMaintenanceOptionsRequest$AutoRecovery": "

Disables the automatic recovery behavior of your instance or sets it to default. For more information, see Simplified automatic recovery.

" + } + }, "LaunchTemplateBlockDeviceMapping": { "base": "

Describes a block device mapping.

", "refs": { @@ -11486,6 +11517,18 @@ "DescribeLaunchTemplatesRequest$LaunchTemplateIds": "

One or more launch template IDs.

" } }, + "LaunchTemplateInstanceMaintenanceOptions": { + "base": "

The maintenance options of your instance.

", + "refs": { + "ResponseLaunchTemplateData$MaintenanceOptions": "

The maintenance options for your instance.

" + } + }, + "LaunchTemplateInstanceMaintenanceOptionsRequest": { + "base": "

The maintenance options of your instance.

", + "refs": { + "RequestLaunchTemplateData$MaintenanceOptions": "

The maintenance options for the instance.

" + } + }, "LaunchTemplateInstanceMarketOptions": { "base": "

The market (purchasing) option for the instances.

", "refs": { @@ -12455,6 +12498,16 @@ "refs": { } }, + "ModifyInstanceMaintenanceOptionsRequest": { + "base": null, + "refs": { + } + }, + "ModifyInstanceMaintenanceOptionsResult": { + "base": null, + "refs": { + } + }, "ModifyInstanceMetadataOptionsRequest": { "base": null, "refs": { @@ -17403,6 +17456,7 @@ "ModifyInstanceCreditSpecificationRequest$ClientToken": "

A unique, case-sensitive token that you provide to ensure idempotency of your modification request. For more information, see Ensuring Idempotency.

", "ModifyInstanceEventStartTimeRequest$InstanceEventId": "

The ID of the event whose date and time you are modifying.

", "ModifyInstanceEventWindowRequest$Name": "

The name of the event window.

", + "ModifyInstanceMaintenanceOptionsResult$InstanceId": "

The ID of the instance.

", "ModifyInstanceMetadataOptionsResult$InstanceId": "

The ID of the instance.

", "ModifyInstancePlacementRequest$HostResourceGroupArn": "

The ARN of the host resource group in which to place the instance.

", "ModifyIpamPoolRequest$Description": "

The description of the IPAM pool you want to modify.

", diff --git a/apis/fms/2018-01-01/api-2.json b/apis/fms/2018-01-01/api-2.json index 775b0a4cc47..17ddd367425 100644 --- a/apis/fms/2018-01-01/api-2.json +++ b/apis/fms/2018-01-01/api-2.json @@ -28,6 +28,21 @@ {"shape":"LimitExceededException"} ] }, + "AssociateThirdPartyFirewall":{ + "name":"AssociateThirdPartyFirewall", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"AssociateThirdPartyFirewallRequest"}, + "output":{"shape":"AssociateThirdPartyFirewallResponse"}, + "errors":[ + {"shape":"InvalidOperationException"}, + {"shape":"InvalidInputException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalErrorException"} + ] + }, "DeleteAppsList":{ "name":"DeleteAppsList", "http":{ @@ -95,6 +110,21 @@ {"shape":"InternalErrorException"} ] }, + "DisassociateThirdPartyFirewall":{ + "name":"DisassociateThirdPartyFirewall", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DisassociateThirdPartyFirewallRequest"}, + "output":{"shape":"DisassociateThirdPartyFirewallResponse"}, + "errors":[ + {"shape":"InvalidOperationException"}, + {"shape":"InvalidInputException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalErrorException"} + ] + }, "GetAdminAccount":{ "name":"GetAdminAccount", "http":{ @@ -195,6 +225,21 @@ {"shape":"InternalErrorException"} ] }, + "GetThirdPartyFirewallAssociationStatus":{ + "name":"GetThirdPartyFirewallAssociationStatus", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetThirdPartyFirewallAssociationStatusRequest"}, + "output":{"shape":"GetThirdPartyFirewallAssociationStatusResponse"}, + "errors":[ + {"shape":"InvalidOperationException"}, + {"shape":"InvalidInputException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalErrorException"} + ] + }, "GetViolationDetails":{ "name":"GetViolationDetails", "http":{ @@ -294,6 +339,21 @@ {"shape":"InvalidInputException"} ] }, + "ListThirdPartyFirewallFirewallPolicies":{ + "name":"ListThirdPartyFirewallFirewallPolicies", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListThirdPartyFirewallFirewallPoliciesRequest"}, + "output":{"shape":"ListThirdPartyFirewallFirewallPoliciesResponse"}, + "errors":[ + {"shape":"InvalidOperationException"}, + {"shape":"InvalidInputException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalErrorException"} + ] + }, "PutAppsList":{ "name":"PutAppsList", "http":{ @@ -465,6 +525,19 @@ "AdminAccount":{"shape":"AWSAccountId"} } }, + "AssociateThirdPartyFirewallRequest":{ + "type":"structure", + "required":["ThirdPartyFirewall"], + "members":{ + "ThirdPartyFirewall":{"shape":"ThirdPartyFirewall"} + } + }, + "AssociateThirdPartyFirewallResponse":{ + "type":"structure", + "members":{ + "ThirdPartyFirewallStatus":{"shape":"ThirdPartyFirewallAssociationStatus"} + } + }, "AwsEc2InstanceViolation":{ "type":"structure", "members":{ @@ -599,6 +672,19 @@ "members":{ } }, + "DisassociateThirdPartyFirewallRequest":{ + "type":"structure", + "required":["ThirdPartyFirewall"], + "members":{ + "ThirdPartyFirewall":{"shape":"ThirdPartyFirewall"} + } + }, + "DisassociateThirdPartyFirewallResponse":{ + "type":"structure", + "members":{ + "ThirdPartyFirewallStatus":{"shape":"ThirdPartyFirewallAssociationStatus"} + } + }, "DnsDuplicateRuleGroupViolation":{ "type":"structure", "members":{ @@ -748,7 +834,22 @@ }, "FirewallDeploymentModel":{ "type":"string", - "enum":["CENTRALIZED"] + "enum":[ + "CENTRALIZED", + "DISTRIBUTED" + ] + }, + "FirewallPolicyId":{ + "type":"string", + "max":1024, + "min":1, + "pattern":"^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$" + }, + "FirewallPolicyName":{ + "type":"string", + "max":1024, + "min":1, + "pattern":"^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$" }, "FirewallSubnetIsOutOfScopeViolation":{ "type":"structure", @@ -760,6 +861,15 @@ "VpcEndpointId":{"shape":"ResourceId"} } }, + "FirewallSubnetMissingVPCEndpointViolation":{ + "type":"structure", + "members":{ + "FirewallSubnetId":{"shape":"ResourceId"}, + "VpcId":{"shape":"ResourceId"}, + "SubnetAvailabilityZone":{"shape":"LengthBoundedString"}, + "SubnetAvailabilityZoneId":{"shape":"LengthBoundedString"} + } + }, "GetAdminAccountRequest":{ "type":"structure", "members":{ @@ -866,6 +976,20 @@ "ProtocolsListArn":{"shape":"ResourceArn"} } }, + "GetThirdPartyFirewallAssociationStatusRequest":{ + "type":"structure", + "required":["ThirdPartyFirewall"], + "members":{ + "ThirdPartyFirewall":{"shape":"ThirdPartyFirewall"} + } + }, + "GetThirdPartyFirewallAssociationStatusResponse":{ + "type":"structure", + "members":{ + "ThirdPartyFirewallStatus":{"shape":"ThirdPartyFirewallAssociationStatus"}, + "MarketplaceOnboardingStatus":{"shape":"MarketplaceSubscriptionOnboardingStatus"} + } + }, "GetViolationDetailsRequest":{ "type":"structure", "required":[ @@ -1036,12 +1160,39 @@ "TagList":{"shape":"TagList"} } }, + "ListThirdPartyFirewallFirewallPoliciesRequest":{ + "type":"structure", + "required":[ + "ThirdPartyFirewall", + "MaxResults" + ], + "members":{ + "ThirdPartyFirewall":{"shape":"ThirdPartyFirewall"}, + "NextToken":{"shape":"PaginationToken"}, + "MaxResults":{"shape":"PaginationMaxResults"} + } + }, + "ListThirdPartyFirewallFirewallPoliciesResponse":{ + "type":"structure", + "members":{ + "ThirdPartyFirewallFirewallPolicies":{"shape":"ThirdPartyFirewallFirewallPolicies"}, + "NextToken":{"shape":"PaginationToken"} + } + }, "ManagedServiceData":{ "type":"string", "max":8192, "min":1, "pattern":"^((?!\\\\[nr]).)+" }, + "MarketplaceSubscriptionOnboardingStatus":{ + "type":"string", + "enum":[ + "NO_SUBSCRIPTION", + "NOT_COMPLETE", + "COMPLETE" + ] + }, "MemberAccounts":{ "type":"list", "member":{"shape":"AWSAccountId"} @@ -1285,7 +1436,8 @@ "PolicyOption":{ "type":"structure", "members":{ - "NetworkFirewallPolicy":{"shape":"NetworkFirewallPolicy"} + "NetworkFirewallPolicy":{"shape":"NetworkFirewallPolicy"}, + "ThirdPartyFirewallPolicy":{"shape":"ThirdPartyFirewallPolicy"} } }, "PolicySummary":{ @@ -1566,7 +1718,11 @@ "DnsRuleGroupLimitExceededViolation":{"shape":"DnsRuleGroupLimitExceededViolation"}, "PossibleRemediationActions":{"shape":"PossibleRemediationActions"}, "FirewallSubnetIsOutOfScopeViolation":{"shape":"FirewallSubnetIsOutOfScopeViolation"}, - "RouteHasOutOfScopeEndpointViolation":{"shape":"RouteHasOutOfScopeEndpointViolation"} + "RouteHasOutOfScopeEndpointViolation":{"shape":"RouteHasOutOfScopeEndpointViolation"}, + "ThirdPartyFirewallMissingFirewallViolation":{"shape":"ThirdPartyFirewallMissingFirewallViolation"}, + "ThirdPartyFirewallMissingSubnetViolation":{"shape":"ThirdPartyFirewallMissingSubnetViolation"}, + "ThirdPartyFirewallMissingExpectedRouteTableViolation":{"shape":"ThirdPartyFirewallMissingExpectedRouteTableViolation"}, + "FirewallSubnetMissingVPCEndpointViolation":{"shape":"FirewallSubnetMissingVPCEndpointViolation"} } }, "ResourceViolations":{ @@ -1646,7 +1802,8 @@ "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", - "DNS_FIREWALL" + "DNS_FIREWALL", + "THIRD_PARTY_FIREWALL" ] }, "StatefulRuleGroup":{ @@ -1753,6 +1910,65 @@ "type":"list", "member":{"shape":"TargetViolationReason"} }, + "ThirdPartyFirewall":{ + "type":"string", + "enum":["PALO_ALTO_NETWORKS_CLOUD_NGFW"] + }, + "ThirdPartyFirewallAssociationStatus":{ + "type":"string", + "enum":[ + "ONBOARDING", + "ONBOARD_COMPLETE", + "OFFBOARDING", + "OFFBOARD_COMPLETE", + "NOT_EXIST" + ] + }, + "ThirdPartyFirewallFirewallPolicies":{ + "type":"list", + "member":{"shape":"ThirdPartyFirewallFirewallPolicy"} + }, + "ThirdPartyFirewallFirewallPolicy":{ + "type":"structure", + "members":{ + "FirewallPolicyId":{"shape":"FirewallPolicyId"}, + "FirewallPolicyName":{"shape":"FirewallPolicyName"} + } + }, + "ThirdPartyFirewallMissingExpectedRouteTableViolation":{ + "type":"structure", + "members":{ + "ViolationTarget":{"shape":"ViolationTarget"}, + "VPC":{"shape":"ResourceId"}, + "AvailabilityZone":{"shape":"LengthBoundedString"}, + "CurrentRouteTable":{"shape":"ResourceId"}, + "ExpectedRouteTable":{"shape":"ResourceId"} + } + }, + "ThirdPartyFirewallMissingFirewallViolation":{ + "type":"structure", + "members":{ + "ViolationTarget":{"shape":"ViolationTarget"}, + "VPC":{"shape":"ResourceId"}, + "AvailabilityZone":{"shape":"LengthBoundedString"}, + "TargetViolationReason":{"shape":"TargetViolationReason"} + } + }, + "ThirdPartyFirewallMissingSubnetViolation":{ + "type":"structure", + "members":{ + "ViolationTarget":{"shape":"ViolationTarget"}, + "VPC":{"shape":"ResourceId"}, + "AvailabilityZone":{"shape":"LengthBoundedString"}, + "TargetViolationReason":{"shape":"TargetViolationReason"} + } + }, + "ThirdPartyFirewallPolicy":{ + "type":"structure", + "members":{ + "FirewallDeploymentModel":{"shape":"FirewallDeploymentModel"} + } + }, "TimeStamp":{"type":"timestamp"}, "UntagResourceRequest":{ "type":"structure", @@ -1812,6 +2028,7 @@ "MISSING_FIREWALL_SUBNET_IN_AZ", "MISSING_EXPECTED_ROUTE_TABLE", "NETWORK_FIREWALL_POLICY_MODIFIED", + "FIREWALL_SUBNET_IS_OUT_OF_SCOPE", "INTERNET_GATEWAY_MISSING_EXPECTED_ROUTE", "FIREWALL_SUBNET_MISSING_EXPECTED_ROUTE", "UNEXPECTED_FIREWALL_ROUTES", @@ -1823,8 +2040,8 @@ "BLACK_HOLE_ROUTE_DETECTED", "BLACK_HOLE_ROUTE_DETECTED_IN_FIREWALL_SUBNET", "RESOURCE_MISSING_DNS_FIREWALL", - "FIREWALL_SUBNET_IS_OUT_OF_SCOPE", - "ROUTE_HAS_OUT_OF_SCOPE_ENDPOINT" + "ROUTE_HAS_OUT_OF_SCOPE_ENDPOINT", + "FIREWALL_SUBNET_MISSING_VPCE_ENDPOINT" ] }, "ViolationTarget":{ diff --git a/apis/fms/2018-01-01/docs-2.json b/apis/fms/2018-01-01/docs-2.json index 410057e9db0..d3907945e9a 100644 --- a/apis/fms/2018-01-01/docs-2.json +++ b/apis/fms/2018-01-01/docs-2.json @@ -3,11 +3,13 @@ "service": "

This is the Firewall Manager API Reference. This guide is for developers who need detailed information about the Firewall Manager API actions, data types, and errors. For detailed information about Firewall Manager features, see the Firewall Manager Developer Guide.

Some API actions require explicit resource permissions. For information, see the developer guide topic Firewall Manager required permissions for API actions.

", "operations": { "AssociateAdminAccount": "

Sets the Firewall Manager administrator account. The account must be a member of the organization in Organizations whose resources you want to protect. Firewall Manager sets the permissions that allow the account to administer your Firewall Manager policies.

The account that you associate with Firewall Manager is called the Firewall Manager administrator account.

", + "AssociateThirdPartyFirewall": "

Sets the Firewall Manager policy administrator as a tenant administrator of a third-party firewall service. A tenant is an instance of the third-party firewall service that's associated with your Amazon Web Services customer account.

", "DeleteAppsList": "

Permanently deletes an Firewall Manager applications list.

", "DeleteNotificationChannel": "

Deletes an Firewall Manager association with the IAM role and the Amazon Simple Notification Service (SNS) topic that is used to record Firewall Manager SNS logs.

", "DeletePolicy": "

Permanently deletes an Firewall Manager policy.

", "DeleteProtocolsList": "

Permanently deletes an Firewall Manager protocols list.

", "DisassociateAdminAccount": "

Disassociates the account that has been set as the Firewall Manager administrator account. To set a different account as the administrator account, you must submit an AssociateAdminAccount request.

", + "DisassociateThirdPartyFirewall": "

Disassociates a Firewall Manager policy administrator from a third-party firewall tenant. When you call DisassociateThirdPartyFirewall, the third-party firewall vendor deletes all of the firewalls that are associated with the account.

", "GetAdminAccount": "

Returns the Organizations account that is associated with Firewall Manager as the Firewall Manager administrator.

", "GetAppsList": "

Returns information about the specified Firewall Manager applications list.

", "GetComplianceDetail": "

Returns detailed compliance information about the specified member account. Details include resources that are in and out of compliance with the specified policy.

", @@ -15,6 +17,7 @@ "GetPolicy": "

Returns information about the specified Firewall Manager policy.

", "GetProtectionStatus": "

If you created a Shield Advanced policy, returns policy-level attack summary information in the event of a potential DDoS attack. Other policy types are currently unsupported.

", "GetProtocolsList": "

Returns information about the specified Firewall Manager protocols list.

", + "GetThirdPartyFirewallAssociationStatus": "

The onboarding status of a Firewall Manager admin account to third-party firewall vendor tenant.

", "GetViolationDetails": "

Retrieves violations for a resource based on the specified Firewall Manager policy and Amazon Web Services account.

", "ListAppsLists": "

Returns an array of AppsListDataSummary objects.

", "ListComplianceStatus": "

Returns an array of PolicyComplianceStatus objects. Use PolicyComplianceStatus to get a summary of which member accounts are protected by the specified policy.

", @@ -22,6 +25,7 @@ "ListPolicies": "

Returns an array of PolicySummary objects.

", "ListProtocolsLists": "

Returns an array of ProtocolsListDataSummary objects.

", "ListTagsForResource": "

Retrieves the list of tags for the specified Amazon Web Services resource.

", + "ListThirdPartyFirewallFirewallPolicies": "

Retrieves a list of all of the third-party firewall policies that are associated with the third-party firewall administrator's account.

", "PutAppsList": "

Creates an Firewall Manager applications list.

", "PutNotificationChannel": "

Designates the IAM role and Amazon Simple Notification Service (SNS) topic that Firewall Manager uses to record SNS logs.

To perform this action outside of the console, you must configure the SNS topic to allow the Firewall Manager role AWSServiceRoleForFMS to publish SNS logs. For more information, see Firewall Manager required permissions for API actions in the Firewall Manager Developer Guide.

", "PutPolicy": "

Creates an Firewall Manager policy.

Firewall Manager provides the following types of policies:

Each policy is specific to one of the types. If you want to enforce more than one policy type across accounts, create multiple policies. You can create multiple policies for each type.

You must be subscribed to Shield Advanced to create a Shield Advanced policy. For more information about subscribing to Shield Advanced, see CreateSubscription.

", @@ -111,6 +115,16 @@ "refs": { } }, + "AssociateThirdPartyFirewallRequest": { + "base": null, + "refs": { + } + }, + "AssociateThirdPartyFirewallResponse": { + "base": null, + "refs": { + } + }, "AwsEc2InstanceViolation": { "base": "

Violation detail for an EC2 instance resource.

", "refs": { @@ -154,7 +168,7 @@ "ListProtocolsListsRequest$DefaultLists": "

Specifies whether the lists to retrieve are default lists owned by Firewall Manager.

", "NetworkFirewallInternetTrafficNotInspectedViolation$IsRouteTableUsedInDifferentAZ": "

Information about whether the route table is used in another Availability Zone.

", "NetworkFirewallInvalidRouteConfigurationViolation$IsRouteTableUsedInDifferentAZ": "

Information about whether the route table is used in another Availability Zone.

", - "Policy$ExcludeResourceTags": "

If set to True, resources with the tags that are specified in the ResourceTag array are not in scope of the policy. If set to False, and the ResourceTag array is not null, only resources with the specified tags are in scope of the policy.

This option isn't available for the centralized deployment model when creating policies to configure Network Firewall.

", + "Policy$ExcludeResourceTags": "

If set to True, resources with the tags that are specified in the ResourceTag array are not in scope of the policy. If set to False, and the ResourceTag array is not null, only resources with the specified tags are in scope of the policy.

", "Policy$RemediationEnabled": "

Indicates if the policy should be automatically applied to new resources.

", "Policy$DeleteUnusedFMManagedResources": "

Indicates whether Firewall Manager should automatically remove protections from resources that leave the policy scope and clean up resources that Firewall Manager is managing for accounts when those accounts leave policy scope. For example, Firewall Manager will disassociate a Firewall Manager managed web ACL from a protected customer resource when the customer resource leaves policy scope.

By default, Firewall Manager doesn't remove protections or delete Firewall Manager managed resources.

This option is not available for Shield Advanced or WAF Classic policies.

", "PolicyComplianceDetail$EvaluationLimitExceeded": "

Indicates if over 100 resources are noncompliant with the Firewall Manager policy.

", @@ -219,8 +233,8 @@ "CustomerPolicyScopeMap": { "base": null, "refs": { - "Policy$IncludeMap": "

Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to include in the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.

You can specify inclusions or exclusions, but not both. If you specify an IncludeMap, Firewall Manager applies the policy to all accounts specified by the IncludeMap, and does not evaluate any ExcludeMap specifications. If you do not specify an IncludeMap, then Firewall Manager applies the policy to all accounts except for those specified by the ExcludeMap.

You can specify account IDs, OUs, or a combination:

This option isn't available for the centralized deployment model when creating policies to configure Network Firewall.

", - "Policy$ExcludeMap": "

Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to exclude from the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.

You can specify inclusions or exclusions, but not both. If you specify an IncludeMap, Firewall Manager applies the policy to all accounts specified by the IncludeMap, and does not evaluate any ExcludeMap specifications. If you do not specify an IncludeMap, then Firewall Manager applies the policy to all accounts except for those specified by the ExcludeMap.

You can specify account IDs, OUs, or a combination:

This option isn't available for the centralized deployment model when creating policies to configure Network Firewall.

" + "Policy$IncludeMap": "

Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to include in the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.

You can specify inclusions or exclusions, but not both. If you specify an IncludeMap, Firewall Manager applies the policy to all accounts specified by the IncludeMap, and does not evaluate any ExcludeMap specifications. If you do not specify an IncludeMap, then Firewall Manager applies the policy to all accounts except for those specified by the ExcludeMap.

You can specify account IDs, OUs, or a combination:

", + "Policy$ExcludeMap": "

Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to exclude from the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.

You can specify inclusions or exclusions, but not both. If you specify an IncludeMap, Firewall Manager applies the policy to all accounts specified by the IncludeMap, and does not evaluate any ExcludeMap specifications. If you do not specify an IncludeMap, then Firewall Manager applies the policy to all accounts except for those specified by the ExcludeMap.

You can specify account IDs, OUs, or a combination:

" } }, "DeleteAppsListRequest": { @@ -266,6 +280,16 @@ "refs": { } }, + "DisassociateThirdPartyFirewallRequest": { + "base": null, + "refs": { + } + }, + "DisassociateThirdPartyFirewallResponse": { + "base": null, + "refs": { + } + }, "DnsDuplicateRuleGroupViolation": { "base": "

A DNS Firewall rule group that Firewall Manager tried to associate with a VPC is already associated with the VPC and can't be associated again.

", "refs": { @@ -387,7 +411,20 @@ "FirewallDeploymentModel": { "base": null, "refs": { - "NetworkFirewallPolicy$FirewallDeploymentModel": "

Defines the deployment model to use for the firewall policy. To use a distributed model, set PolicyOption to NULL.

" + "NetworkFirewallPolicy$FirewallDeploymentModel": "

Defines the deployment model to use for the firewall policy. To use a distributed model, set PolicyOption to NULL.

", + "ThirdPartyFirewallPolicy$FirewallDeploymentModel": "

Defines the deployment model to use for the third-party firewall.

" + } + }, + "FirewallPolicyId": { + "base": null, + "refs": { + "ThirdPartyFirewallFirewallPolicy$FirewallPolicyId": "

The ID of the specified firewall policy.

" + } + }, + "FirewallPolicyName": { + "base": null, + "refs": { + "ThirdPartyFirewallFirewallPolicy$FirewallPolicyName": "

The name of the specified firewall policy.

" } }, "FirewallSubnetIsOutOfScopeViolation": { @@ -396,6 +433,12 @@ "ResourceViolation$FirewallSubnetIsOutOfScopeViolation": "

Contains details about the firewall subnet that violates the policy scope.

" } }, + "FirewallSubnetMissingVPCEndpointViolation": { + "base": "

The violation details for a firewall subnet's VPC endpoint that's deleted or missing.

", + "refs": { + "ResourceViolation$FirewallSubnetMissingVPCEndpointViolation": "

The violation details for a third-party firewall's VPC endpoint subnet that was deleted.

" + } + }, "GetAdminAccountRequest": { "base": null, "refs": { @@ -466,6 +509,16 @@ "refs": { } }, + "GetThirdPartyFirewallAssociationStatusRequest": { + "base": null, + "refs": { + } + }, + "GetThirdPartyFirewallAssociationStatusResponse": { + "base": null, + "refs": { + } + }, "GetViolationDetailsRequest": { "base": null, "refs": { @@ -531,6 +584,8 @@ "FMSPolicyUpdateFirewallCreationConfigAction$Description": "

Describes the remedial action.

", "FirewallSubnetIsOutOfScopeViolation$SubnetAvailabilityZone": "

The Availability Zone of the firewall subnet that violates the policy scope.

", "FirewallSubnetIsOutOfScopeViolation$SubnetAvailabilityZoneId": "

The Availability Zone ID of the firewall subnet that violates the policy scope.

", + "FirewallSubnetMissingVPCEndpointViolation$SubnetAvailabilityZone": "

The name of the Availability Zone of the deleted VPC subnet.

", + "FirewallSubnetMissingVPCEndpointViolation$SubnetAvailabilityZoneId": "

The ID of the Availability Zone of the deleted VPC subnet.

", "LengthBoundedStringList$member": null, "NetworkFirewallInternetTrafficNotInspectedViolation$SubnetAvailabilityZone": "

The subnet Availability Zone.

", "NetworkFirewallMissingExpectedRTViolation$AvailabilityZone": "

The Availability Zone of a violating subnet.

", @@ -544,6 +599,9 @@ "RouteHasOutOfScopeEndpointViolation$SubnetAvailabilityZone": "

The subnet's Availability Zone.

", "RouteHasOutOfScopeEndpointViolation$SubnetAvailabilityZoneId": "

The ID of the subnet's Availability Zone.

", "SecurityGroupRuleDescription$Protocol": "

The IP protocol name (tcp, udp, icmp, icmpv6) or number.

", + "ThirdPartyFirewallMissingExpectedRouteTableViolation$AvailabilityZone": "

The Availability Zone of the firewall subnet that's causing the violation.

", + "ThirdPartyFirewallMissingFirewallViolation$AvailabilityZone": "

The Availability Zone of the third-party firewall that's causing the violation.

", + "ThirdPartyFirewallMissingSubnetViolation$AvailabilityZone": "

The Availability Zone of a subnet that's causing the violation.

", "ViolationDetail$ResourceDescription": "

Brief description for the requested resource.

" } }, @@ -631,11 +689,27 @@ "refs": { } }, + "ListThirdPartyFirewallFirewallPoliciesRequest": { + "base": null, + "refs": { + } + }, + "ListThirdPartyFirewallFirewallPoliciesResponse": { + "base": null, + "refs": { + } + }, "ManagedServiceData": { "base": null, "refs": { "FMSPolicyUpdateFirewallCreationConfigAction$FirewallCreationConfig": "

A FirewallCreationConfig that you can copy into your current policy's SecurityServiceData in order to remedy scope violations.

", - "SecurityServicePolicyData$ManagedServiceData": "

Details about the service that are specific to the service type, in JSON format.

" + "SecurityServicePolicyData$ManagedServiceData": "

Details about the service that are specific to the service type, in JSON format.

" + } + }, + "MarketplaceSubscriptionOnboardingStatus": { + "base": null, + "refs": { + "GetThirdPartyFirewallAssociationStatusResponse$MarketplaceOnboardingStatus": "

The status for subscribing to the third-party firewall vendor in the AWS Marketplace.

" } }, "MemberAccounts": { @@ -752,7 +826,8 @@ "ListComplianceStatusRequest$MaxResults": "

Specifies the number of PolicyComplianceStatus objects that you want Firewall Manager to return for this request. If you have more PolicyComplianceStatus objects than the number that you specify for MaxResults, the response includes a NextToken value that you can use to get another batch of PolicyComplianceStatus objects.

", "ListMemberAccountsRequest$MaxResults": "

Specifies the number of member account IDs that you want Firewall Manager to return for this request. If you have more IDs than the number that you specify for MaxResults, the response includes a NextToken value that you can use to get another batch of member account IDs.

", "ListPoliciesRequest$MaxResults": "

Specifies the number of PolicySummary objects that you want Firewall Manager to return for this request. If you have more PolicySummary objects than the number that you specify for MaxResults, the response includes a NextToken value that you can use to get another batch of PolicySummary objects.

", - "ListProtocolsListsRequest$MaxResults": "

The maximum number of objects that you want Firewall Manager to return for this request. If more objects are available, in the response, Firewall Manager provides a NextToken value that you can use in a subsequent call to get the next batch of objects.

If you don't specify this, Firewall Manager returns all available objects.

" + "ListProtocolsListsRequest$MaxResults": "

The maximum number of objects that you want Firewall Manager to return for this request. If more objects are available, in the response, Firewall Manager provides a NextToken value that you can use in a subsequent call to get the next batch of objects.

If you don't specify this, Firewall Manager returns all available objects.

", + "ListThirdPartyFirewallFirewallPoliciesRequest$MaxResults": "

The maximum number of third-party firewall policies that you want Firewall Manager to return. If the specified third-party firewall vendor is associated with more than MaxResults firewall policies, the response includes a NextToken element. NextToken contains an encrypted token that identifies the first third-party firewall policies that Firewall Manager will return if you submit another request.

" } }, "PaginationToken": { @@ -769,7 +844,9 @@ "ListPoliciesRequest$NextToken": "

If you specify a value for MaxResults and you have more PolicySummary objects than the number that you specify for MaxResults, Firewall Manager returns a NextToken value in the response that allows you to list another group of PolicySummary objects. For the second and subsequent ListPolicies requests, specify the value of NextToken from the previous response to get information about another batch of PolicySummary objects.

", "ListPoliciesResponse$NextToken": "

If you have more PolicySummary objects than the number that you specified for MaxResults in the request, the response includes a NextToken value. To list more PolicySummary objects, submit another ListPolicies request, and specify the NextToken value from the response in the NextToken value in the next request.

", "ListProtocolsListsRequest$NextToken": "

If you specify a value for MaxResults in your list request, and you have more objects than the maximum, Firewall Manager returns this token in the response. For all but the first request, you provide the token returned by the prior request in the request parameters, to retrieve the next batch of objects.

", - "ListProtocolsListsResponse$NextToken": "

If you specify a value for MaxResults in your list request, and you have more objects than the maximum, Firewall Manager returns this token in the response. You can use this token in subsequent requests to retrieve the next batch of objects.

" + "ListProtocolsListsResponse$NextToken": "

If you specify a value for MaxResults in your list request, and you have more objects than the maximum, Firewall Manager returns this token in the response. You can use this token in subsequent requests to retrieve the next batch of objects.

", + "ListThirdPartyFirewallFirewallPoliciesRequest$NextToken": "

If the previous response included a NextToken element, the specified third-party firewall vendor is associated with more third-party firewall policies. To get more third-party firewall policies, submit another ListThirdPartyFirewallFirewallPoliciesRequest request.

For the value of NextToken, specify the value of NextToken from the previous response. If the previous response didn't include a NextToken element, there are no more third-party firewall policies to get.

", + "ListThirdPartyFirewallFirewallPoliciesResponse$NextToken": "

The value that you will use for NextToken in the next ListThirdPartyFirewallFirewallPolicies request.

" } }, "PartialMatch": { @@ -1039,6 +1116,8 @@ "FirewallSubnetIsOutOfScopeViolation$FirewallSubnetId": "

The ID of the firewall subnet that violates the policy scope.

", "FirewallSubnetIsOutOfScopeViolation$VpcId": "

The VPC ID of the firewall subnet that violates the policy scope.

", "FirewallSubnetIsOutOfScopeViolation$VpcEndpointId": "

The VPC endpoint ID of the firewall subnet that violates the policy scope.

", + "FirewallSubnetMissingVPCEndpointViolation$FirewallSubnetId": "

The ID of the firewall that this VPC endpoint is associated with.

", + "FirewallSubnetMissingVPCEndpointViolation$VpcId": "

The resource ID of the VPC associated with the deleted VPC subnet.

", "GetViolationDetailsRequest$ResourceId": "

The ID of the resource that has violations.

", "NetworkFirewallBlackHoleRouteDetectedViolation$RouteTableId": "

Information about the route table ID.

", "NetworkFirewallBlackHoleRouteDetectedViolation$VpcId": "

Information about the VPC ID.

", @@ -1083,6 +1162,11 @@ "SecurityGroupRuleDescription$PrefixListId": "

The ID of the prefix list for the security group rule.

", "StatefulRuleGroup$ResourceId": "

The resource ID of the rule group.

", "StatelessRuleGroup$ResourceId": "

The resource ID of the rule group.

", + "ThirdPartyFirewallMissingExpectedRouteTableViolation$VPC": "

The resource ID of the VPC associated with a fireawll subnet that's causing the violation.

", + "ThirdPartyFirewallMissingExpectedRouteTableViolation$CurrentRouteTable": "

The resource ID of the current route table that's associated with the subnet, if one is available.

", + "ThirdPartyFirewallMissingExpectedRouteTableViolation$ExpectedRouteTable": "

The resource ID of the route table that should be associated with the subnet.

", + "ThirdPartyFirewallMissingFirewallViolation$VPC": "

The resource ID of the VPC associated with a third-party firewall.

", + "ThirdPartyFirewallMissingSubnetViolation$VPC": "

The resource ID of the VPC associated with a subnet that's causing the violation.

", "ViolationDetail$ResourceId": "

The resource ID that the violation details were requested for.

" } }, @@ -1283,7 +1367,7 @@ "PutPolicyRequest$TagList": "

The tags to add to the Amazon Web Services resource.

", "PutProtocolsListRequest$TagList": "

The tags associated with the resource.

", "TagResourceRequest$TagList": "

The tags to add to the resource.

", - "ViolationDetail$ResourceTags": "

The ResourceTag objects associated with the resource.

This option isn't available for the centralized deployment model when creating policies to configure Network Firewall.

" + "ViolationDetail$ResourceTags": "

The ResourceTag objects associated with the resource.

" } }, "TagResourceRequest": { @@ -1313,7 +1397,9 @@ "refs": { "NetworkFirewallMissingFirewallViolation$TargetViolationReason": "

The reason the resource has this violation, if one is available.

", "NetworkFirewallMissingSubnetViolation$TargetViolationReason": "

The reason the resource has this violation, if one is available.

", - "TargetViolationReasons$member": null + "TargetViolationReasons$member": null, + "ThirdPartyFirewallMissingFirewallViolation$TargetViolationReason": "

The reason the resource is causing this violation, if a reason is available.

", + "ThirdPartyFirewallMissingSubnetViolation$TargetViolationReason": "

The reason the resource is causing the violation, if a reason is available.

" } }, "TargetViolationReasons": { @@ -1322,6 +1408,59 @@ "PartialMatch$TargetViolationReasons": "

The violation reason.

" } }, + "ThirdPartyFirewall": { + "base": null, + "refs": { + "AssociateThirdPartyFirewallRequest$ThirdPartyFirewall": "

The name of the third-party firewall vendor.

", + "DisassociateThirdPartyFirewallRequest$ThirdPartyFirewall": "

The name of the third-party firewall vendor.

", + "GetThirdPartyFirewallAssociationStatusRequest$ThirdPartyFirewall": "

The name of the third-party firewall vendor.

", + "ListThirdPartyFirewallFirewallPoliciesRequest$ThirdPartyFirewall": "

The name of the third-party firewall vendor.

" + } + }, + "ThirdPartyFirewallAssociationStatus": { + "base": null, + "refs": { + "AssociateThirdPartyFirewallResponse$ThirdPartyFirewallStatus": "

The current status for setting a Firewall Manager policy administrator's account as an administrator of the third-party firewall tenant.

", + "DisassociateThirdPartyFirewallResponse$ThirdPartyFirewallStatus": "

The current status for the disassociation of a Firewall Manager administrators account with a third-party firewall.

", + "GetThirdPartyFirewallAssociationStatusResponse$ThirdPartyFirewallStatus": "

The current status for setting a Firewall Manager policy administrators account as an administrator of the third-party firewall tenant.

" + } + }, + "ThirdPartyFirewallFirewallPolicies": { + "base": null, + "refs": { + "ListThirdPartyFirewallFirewallPoliciesResponse$ThirdPartyFirewallFirewallPolicies": "

A list that contains one ThirdPartyFirewallFirewallPolicies element for each third-party firewall policies that the specified third-party firewall vendor is associated with. Each ThirdPartyFirewallFirewallPolicies element contains the firewall policy name and ID.

" + } + }, + "ThirdPartyFirewallFirewallPolicy": { + "base": "

Configures the firewall policy deployment model for a third-party firewall. The deployment model can either be distributed or centralized.

", + "refs": { + "ThirdPartyFirewallFirewallPolicies$member": null + } + }, + "ThirdPartyFirewallMissingExpectedRouteTableViolation": { + "base": "

The violation details for a third-party firewall that's not associated with an Firewall Manager managed route table.

", + "refs": { + "ResourceViolation$ThirdPartyFirewallMissingExpectedRouteTableViolation": "

The violation details for a third-party firewall that has the Firewall Manager managed route table that was associated with the third-party firewall has been deleted.

" + } + }, + "ThirdPartyFirewallMissingFirewallViolation": { + "base": "

The violation details about a third-party firewall's subnet that doesn't have a Firewall Manager managed firewall in its VPC.

", + "refs": { + "ResourceViolation$ThirdPartyFirewallMissingFirewallViolation": "

The violation details for a third-party firewall that's been deleted.

" + } + }, + "ThirdPartyFirewallMissingSubnetViolation": { + "base": "

The violation details for a third-party firewall for an Availability Zone that's missing the Firewall Manager managed subnet.

", + "refs": { + "ResourceViolation$ThirdPartyFirewallMissingSubnetViolation": "

The violation details for a third-party firewall's subnet that's been deleted.

" + } + }, + "ThirdPartyFirewallPolicy": { + "base": "

Configures the policy for the third-party firewall.

", + "refs": { + "PolicyOption$ThirdPartyFirewallPolicy": "

Defines the policy options for a third-party firewall policy.

" + } + }, "TimeStamp": { "base": null, "refs": { @@ -1378,7 +1517,10 @@ "NetworkFirewallMissingExpectedRoutesViolation$ViolationTarget": "

The target of the violation.

", "NetworkFirewallMissingFirewallViolation$ViolationTarget": "

The ID of the Network Firewall or VPC resource that's in violation.

", "NetworkFirewallMissingSubnetViolation$ViolationTarget": "

The ID of the Network Firewall or VPC resource that's in violation.

", - "NetworkFirewallPolicyModifiedViolation$ViolationTarget": "

The ID of the Network Firewall or VPC resource that's in violation.

" + "NetworkFirewallPolicyModifiedViolation$ViolationTarget": "

The ID of the Network Firewall or VPC resource that's in violation.

", + "ThirdPartyFirewallMissingExpectedRouteTableViolation$ViolationTarget": "

The ID of the third-party firewall or VPC resource that's causing the violation.

", + "ThirdPartyFirewallMissingFirewallViolation$ViolationTarget": "

The ID of the third-party firewall that's causing the violation.

", + "ThirdPartyFirewallMissingSubnetViolation$ViolationTarget": "

The ID of the third-party firewall or VPC resource that's causing the violation.

" } } } diff --git a/apis/fms/2018-01-01/paginators-1.json b/apis/fms/2018-01-01/paginators-1.json index 681520cbad1..b6fef983691 100644 --- a/apis/fms/2018-01-01/paginators-1.json +++ b/apis/fms/2018-01-01/paginators-1.json @@ -29,6 +29,12 @@ "limit_key": "MaxResults", "output_token": "NextToken", "result_key": "ProtocolsLists" + }, + "ListThirdPartyFirewallFirewallPolicies": { + "input_token": "NextToken", + "limit_key": "MaxResults", + "output_token": "NextToken", + "result_key": "ThirdPartyFirewallFirewallPolicies" } } } \ No newline at end of file diff --git a/apis/fsx/2018-03-01/api-2.json b/apis/fsx/2018-03-01/api-2.json index 582965ce708..2f57552dca9 100644 --- a/apis/fsx/2018-03-01/api-2.json +++ b/apis/fsx/2018-03-01/api-2.json @@ -3189,7 +3189,8 @@ "DailyAutomaticBackupStartTime":{"shape":"DailyTime"}, "FsxAdminPassword":{"shape":"AdminPassword"}, "WeeklyMaintenanceStartTime":{"shape":"WeeklyTime"}, - "DiskIopsConfiguration":{"shape":"DiskIopsConfiguration"} + "DiskIopsConfiguration":{"shape":"DiskIopsConfiguration"}, + "ThroughputCapacity":{"shape":"MegabytesPerSecond"} } }, "UpdateFileSystemOpenZFSConfiguration":{ diff --git a/apis/fsx/2018-03-01/docs-2.json b/apis/fsx/2018-03-01/docs-2.json index 70b0cfa80f4..06884bb3750 100644 --- a/apis/fsx/2018-03-01/docs-2.json +++ b/apis/fsx/2018-03-01/docs-2.json @@ -8,7 +8,7 @@ "CreateBackup": "

Creates a backup of an existing Amazon FSx for Windows File Server file system, Amazon FSx for Lustre file system, Amazon FSx for NetApp ONTAP volume, or Amazon FSx for OpenZFS file system. We recommend creating regular backups so that you can restore a file system or volume from a backup if an issue arises with the original file system or volume.

For Amazon FSx for Lustre file systems, you can create a backup only for file systems that have the following configuration:

For more information about backups, see the following:

If a backup with the specified client request token exists and the parameters match, this operation returns the description of the existing backup. If a backup with the specified client request token exists and the parameters don't match, this operation returns IncompatibleParameterError. If a backup with the specified client request token doesn't exist, CreateBackup does the following:

By using the idempotent operation, you can retry a CreateBackup operation without the risk of creating an extra backup. This approach can be useful when an initial call fails in a way that makes it unclear whether a backup was created. If you use the same client request token and the initial call created a backup, the operation returns a successful result because all the parameters are the same.

The CreateBackup operation returns while the backup's lifecycle state is still CREATING. You can check the backup creation status by calling the DescribeBackups operation, which returns the backup state along with other information.

", "CreateDataRepositoryAssociation": "

Creates an Amazon FSx for Lustre data repository association (DRA). A data repository association is a link between a directory on the file system and an Amazon S3 bucket or prefix. You can have a maximum of 8 data repository associations on a file system. Data repository associations are supported only for file systems with the Persistent_2 deployment type.

Each data repository association must have a unique Amazon FSx file system directory and a unique S3 bucket or prefix associated with it. You can configure a data repository association for automatic import only, for automatic export only, or for both. To learn more about linking a data repository to your file system, see Linking your file system to an S3 bucket.

", "CreateDataRepositoryTask": "

Creates an Amazon FSx for Lustre data repository task. You use data repository tasks to perform bulk operations between your Amazon FSx file system and its linked data repositories. An example of a data repository task is exporting any data and metadata changes, including POSIX metadata, to files, directories, and symbolic links (symlinks) from your FSx file system to a linked data repository. A CreateDataRepositoryTask operation will fail if a data repository is not linked to the FSx file system. To learn more about data repository tasks, see Data Repository Tasks. To learn more about linking a data repository to your file system, see Linking your file system to an S3 bucket.

", - "CreateFileSystem": "

Creates a new, empty Amazon FSx file system. You can create the following supported Amazon FSx file systems using the CreateFileSystem API operation:

This operation requires a client request token in the request that Amazon FSx uses to ensure idempotent creation. This means that calling the operation multiple times with the same client request token has no effect. By using the idempotent operation, you can retry a CreateFileSystem operation without the risk of creating an extra file system. This approach can be useful when an initial call fails in a way that makes it unclear whether a file system was created. Examples are if a transport level timeout occurred, or your connection was reset. If you use the same client request token and the initial call created a file system, the client receives success as long as the parameters are the same.

If a file system with the specified client request token exists and the parameters match, CreateFileSystem returns the description of the existing file system. If a file system with the specified client request token exists and the parameters don't match, this call returns IncompatibleParameterError. If a file system with the specified client request token doesn't exist, CreateFileSystem does the following:

This operation requires a client request token in the request that Amazon FSx uses to ensure idempotent creation. This means that calling the operation multiple times with the same client request token has no effect. By using the idempotent operation, you can retry a CreateFileSystem operation without the risk of creating an extra file system. This approach can be useful when an initial call fails in a way that makes it unclear whether a file system was created. Examples are if a transport-level timeout occurred, or your connection was reset. If you use the same client request token and the initial call created a file system, the client receives a success message as long as the parameters are the same.

The CreateFileSystem call returns while the file system's lifecycle state is still CREATING. You can check the file-system creation status by calling the DescribeFileSystems operation, which returns the file system state along with other information.

", + "CreateFileSystem": "

Creates a new, empty Amazon FSx file system. You can create the following supported Amazon FSx file systems using the CreateFileSystem API operation:

This operation requires a client request token in the request that Amazon FSx uses to ensure idempotent creation. This means that calling the operation multiple times with the same client request token has no effect. By using the idempotent operation, you can retry a CreateFileSystem operation without the risk of creating an extra file system. This approach can be useful when an initial call fails in a way that makes it unclear whether a file system was created. Examples are if a transport level timeout occurred, or your connection was reset. If you use the same client request token and the initial call created a file system, the client receives success as long as the parameters are the same.

If a file system with the specified client request token exists and the parameters match, CreateFileSystem returns the description of the existing file system. If a file system with the specified client request token exists and the parameters don't match, this call returns IncompatibleParameterError. If a file system with the specified client request token doesn't exist, CreateFileSystem does the following:

This operation requires a client request token in the request that Amazon FSx uses to ensure idempotent creation. This means that calling the operation multiple times with the same client request token has no effect. By using the idempotent operation, you can retry a CreateFileSystem operation without the risk of creating an extra file system. This approach can be useful when an initial call fails in a way that makes it unclear whether a file system was created. Examples are if a transport-level timeout occurred, or your connection was reset. If you use the same client request token and the initial call created a file system, the client receives a success message as long as the parameters are the same.

The CreateFileSystem call returns while the file system's lifecycle state is still CREATING. You can check the file-system creation status by calling the DescribeFileSystems operation, which returns the file system state along with other information.

", "CreateFileSystemFromBackup": "

Creates a new Amazon FSx for Lustre, Amazon FSx for Windows File Server, or Amazon FSx for OpenZFS file system from an existing Amazon FSx backup.

If a file system with the specified client request token exists and the parameters match, this operation returns the description of the file system. If a file system with the specified client request token exists but the parameters don't match, this call returns IncompatibleParameterError. If a file system with the specified client request token doesn't exist, this operation does the following:

Parameters like the Active Directory, default share name, automatic backup, and backup settings default to the parameters of the file system that was backed up, unless overridden. You can explicitly supply other settings.

By using the idempotent operation, you can retry a CreateFileSystemFromBackup call without the risk of creating an extra file system. This approach can be useful when an initial call fails in a way that makes it unclear whether a file system was created. Examples are if a transport level timeout occurred, or your connection was reset. If you use the same client request token and the initial call created a file system, the client receives a success message as long as the parameters are the same.

The CreateFileSystemFromBackup call returns while the file system's lifecycle state is still CREATING. You can check the file-system creation status by calling the DescribeFileSystems operation, which returns the file system state along with other information.

", "CreateSnapshot": "

Creates a snapshot of an existing Amazon FSx for OpenZFS volume. With snapshots, you can easily undo file changes and compare file versions by restoring the volume to a previous version.

If a snapshot with the specified client request token exists, and the parameters match, this operation returns the description of the existing snapshot. If a snapshot with the specified client request token exists, and the parameters don't match, this operation returns IncompatibleParameterError. If a snapshot with the specified client request token doesn't exist, CreateSnapshot does the following:

By using the idempotent operation, you can retry a CreateSnapshot operation without the risk of creating an extra snapshot. This approach can be useful when an initial call fails in a way that makes it unclear whether a snapshot was created. If you use the same client request token and the initial call created a snapshot, the operation returns a successful result because all the parameters are the same.

The CreateSnapshot operation returns while the snapshot's lifecycle state is still CREATING. You can check the snapshot creation status by calling the DescribeSnapshots operation, which returns the snapshot state along with other information.

", "CreateStorageVirtualMachine": "

Creates a storage virtual machine (SVM) for an Amazon FSx for ONTAP file system.

", @@ -35,7 +35,7 @@ "TagResource": "

Tags an Amazon FSx resource.

", "UntagResource": "

This action removes a tag from an Amazon FSx resource.

", "UpdateDataRepositoryAssociation": "

Updates the configuration of an existing data repository association on an Amazon FSx for Lustre file system. Data repository associations are supported only for file systems with the Persistent_2 deployment type.

", - "UpdateFileSystem": "

Use this operation to update the configuration of an existing Amazon FSx file system. You can update multiple properties in a single request.

For Amazon FSx for Windows File Server file systems, you can update the following properties:

For Amazon FSx for Lustre file systems, you can update the following properties:

For Amazon FSx for NetApp ONTAP file systems, you can update the following properties:

For the Amazon FSx for OpenZFS file systems, you can update the following properties:

", + "UpdateFileSystem": "

Use this operation to update the configuration of an existing Amazon FSx file system. You can update multiple properties in a single request.

For Amazon FSx for Windows File Server file systems, you can update the following properties:

For Amazon FSx for Lustre file systems, you can update the following properties:

For Amazon FSx for NetApp ONTAP file systems, you can update the following properties:

For the Amazon FSx for OpenZFS file systems, you can update the following properties:

", "UpdateSnapshot": "

Updates the name of an Amazon FSx for OpenZFS snapshot.

", "UpdateStorageVirtualMachine": "

Updates an Amazon FSx for ONTAP storage virtual machine (SVM).

", "UpdateVolume": "

Updates the configuration of an Amazon FSx for NetApp ONTAP or Amazon FSx for OpenZFS volume.

" @@ -1164,7 +1164,7 @@ } }, "FileSystems": { - "base": "

A list of file systems.

", + "base": "

A list of file system resource descriptions.

", "refs": { "DescribeFileSystemsResponse$FileSystems": "

An array of file system descriptions.

" } @@ -1355,13 +1355,13 @@ } }, "KmsKeyId": { - "base": "

The ID of the Key Management Service (KMS) key used to encrypt the file system's data for Amazon FSx for Windows File Server file systems, Amazon FSx for NetApp ONTAP file systems, and Amazon FSx for Lustre PERSISTENT_1 and PERSISTENT_2 file systems at rest. If this ID isn't specified, the key managed by Amazon FSx is used. The Amazon FSx for Lustre SCRATCH_1 and SCRATCH_2 file systems are always encrypted at rest using Amazon FSx-managed keys. For more information, see Encrypt in the Key Management Service API Reference.

", + "base": "

Specifies the ID of the Key Management Service (KMS) key to use for encrypting data on Amazon FSx file systems, as follows:

If a KmsKeyId isn't specified, the Amazon FSx-managed KMS key for your account is used. For more information, see Encrypt in the Key Management Service API Reference.

", "refs": { "Backup$KmsKeyId": "

The ID of the Key Management Service (KMS) key used to encrypt the backup of the Amazon FSx file system's data at rest.

", "CopyBackupRequest$KmsKeyId": null, "CreateFileSystemFromBackupRequest$KmsKeyId": null, "CreateFileSystemRequest$KmsKeyId": null, - "FileSystem$KmsKeyId": "

The ID of the Key Management Service (KMS) key used to encrypt the file system's data for Amazon FSx for Windows File Server file systems, Amazon FSx for NetApp ONTAP file systems, and PERSISTENT Amazon FSx for Lustre file systems at rest. If this ID isn't specified, the Amazon FSx-managed key for your account is used. The scratch Amazon FSx for Lustre file systems are always encrypted at rest using the Amazon FSx-managed key for your account. For more information, see Encrypt in the Key Management Service API Reference.

" + "FileSystem$KmsKeyId": "

The ID of the Key Management Service (KMS) key used to encrypt Amazon FSx file system data. Used as follows with Amazon FSx file system types:

" } }, "LastUpdatedTime": { @@ -1457,13 +1457,14 @@ } }, "MegabytesPerSecond": { - "base": "

The sustained throughput of an Amazon FSx file system in MBps.

", + "base": "

The sustained throughput of an Amazon FSx file system in Megabytes per second (MBps).

", "refs": { "CreateFileSystemOntapConfiguration$ThroughputCapacity": "

Sets the throughput capacity for the file system that you're creating. Valid values are 128, 256, 512, 1024, and 2048 MBps.

", "CreateFileSystemOpenZFSConfiguration$ThroughputCapacity": "

Specifies the throughput of an Amazon FSx for OpenZFS file system, measured in megabytes per second (MB/s). Valid values are 64, 128, 256, 512, 1024, 2048, 3072, or 4096 MB/s. You pay for additional throughput capacity that you provision.

", "CreateFileSystemWindowsConfiguration$ThroughputCapacity": "

Sets the throughput capacity of an Amazon FSx file system, measured in megabytes per second (MB/s), in 2 to the nth increments, between 2^3 (8) and 2^11 (2048).

", "OntapFileSystemConfiguration$ThroughputCapacity": null, "OpenZFSFileSystemConfiguration$ThroughputCapacity": "

The throughput of an Amazon FSx file system, measured in megabytes per second (MBps). Valid values are 64, 128, 256, 512, 1024, 2048, 3072, or 4096 MB/s.

", + "UpdateFileSystemOntapConfiguration$ThroughputCapacity": "

Specifies the throughput of an FSx for NetApp ONTAP file system, measured in megabytes per second (MBps). Valid values are 64, 128, 256, 512, 1024, 2048, 3072, or 4096 MB/s.

", "UpdateFileSystemOpenZFSConfiguration$ThroughputCapacity": "

The throughput of an Amazon FSx file system, measured in megabytes per second (MBps). Valid values are 64, 128, 256, 512, 1024, 2048, 3072, or 4096 MB/s.

", "UpdateFileSystemWindowsConfiguration$ThroughputCapacity": "

Sets the target value for a file system's throughput capacity, in MB/s, that you are updating the file system to. Valid values are 8, 16, 32, 64, 128, 256, 512, 1024, 2048. You cannot make a throughput capacity update request if there is an existing throughput capacity update request in progress. For more information, see Managing Throughput Capacity.

", "WindowsFileSystemConfiguration$ThroughputCapacity": "

The throughput of the Amazon FSx file system, measured in megabytes per second.

" @@ -1550,7 +1551,7 @@ "OntapFileSystemConfiguration": { "base": "

Configuration for the FSx for NetApp ONTAP file system.

", "refs": { - "FileSystem$OntapConfiguration": "

The configuration for this FSx for ONTAP file system.

" + "FileSystem$OntapConfiguration": "

The configuration for this Amazon FSx for NetApp ONTAP file system.

" } }, "OntapVolumeConfiguration": { @@ -1566,7 +1567,7 @@ } }, "OpenZFSClientConfiguration": { - "base": "

Specifies who can mount the file system and the options that can be used while mounting the file system.

", + "base": "

Specifies who can mount an OpenZFS file system and the options available while mounting the file system.

", "refs": { "OpenZFSClientConfigurations$member": null } @@ -1757,7 +1758,7 @@ "CreateOpenZFSOriginSnapshotConfiguration$SnapshotARN": null, "DataRepositoryAssociation$ResourceARN": null, "DataRepositoryTask$ResourceARN": null, - "FileSystem$ResourceARN": "

The Amazon Resource Name (ARN) for the file system resource.

", + "FileSystem$ResourceARN": "

The Amazon Resource Name (ARN) of the file system resource.

", "ListTagsForResourceRequest$ResourceARN": "

The ARN of the Amazon FSx resource that will have its tags listed.

", "NotServiceResourceError$ResourceARN": "

The Amazon Resource Name (ARN) of the non-Amazon FSx resource.

", "OpenZFSOriginSnapshotConfiguration$SnapshotARN": null, @@ -2006,7 +2007,7 @@ } }, "StorageVirtualMachine": { - "base": "

Describes the Amazon FSx for NetApp ONTAP storage virtual machine (SVM) configuraton.

", + "base": "

Describes the Amazon FSx for NetApp ONTAP storage virtual machine (SVM) configuration.

", "refs": { "CreateStorageVirtualMachineResponse$StorageVirtualMachine": "

Returned after a successful CreateStorageVirtualMachine operation; describes the SVM just created.

", "StorageVirtualMachines$member": null, @@ -2530,7 +2531,7 @@ "WindowsFileSystemConfiguration": { "base": "

The configuration for this Microsoft Windows file system.

", "refs": { - "FileSystem$WindowsConfiguration": "

The configuration for this FSx for Windows File Server file system.

" + "FileSystem$WindowsConfiguration": "

The configuration for this Amazon FSx for Windows File Server file system.

" } } } diff --git a/apis/iot-data/2015-05-28/api-2.json b/apis/iot-data/2015-05-28/api-2.json index ea2dc17e199..4015290bd93 100644 --- a/apis/iot-data/2015-05-28/api-2.json +++ b/apis/iot-data/2015-05-28/api-2.json @@ -2,7 +2,7 @@ "version":"2.0", "metadata":{ "apiVersion":"2015-05-28", - "endpointPrefix":"data.iot", + "endpointPrefix":"data-ats.iot", "protocol":"rest-json", "serviceFullName":"AWS IoT Data Plane", "serviceId":"IoT Data Plane", diff --git a/apis/iot-data/2015-05-28/docs-2.json b/apis/iot-data/2015-05-28/docs-2.json index f9777d819d7..d1e16ddeb92 100644 --- a/apis/iot-data/2015-05-28/docs-2.json +++ b/apis/iot-data/2015-05-28/docs-2.json @@ -3,11 +3,11 @@ "service": "IoT data

IoT data enables secure, bi-directional communication between Internet-connected things (such as sensors, actuators, embedded devices, or smart appliances) and the Amazon Web Services cloud. It implements a broker for applications and things to publish messages over HTTP (Publish) and retrieve, update, and delete shadows. A shadow is a persistent representation of your things and their state in the Amazon Web Services cloud.

Find the endpoint address for actions in IoT data by running this CLI command:

aws iot describe-endpoint --endpoint-type iot:Data-ATS

The service name used by Amazon Web ServicesSignature Version 4 to sign requests is: iotdevicegateway.

", "operations": { "DeleteThingShadow": "

Deletes the shadow for the specified thing.

Requires permission to access the DeleteThingShadow action.

For more information, see DeleteThingShadow in the IoT Developer Guide.

", - "GetRetainedMessage": "

Gets the details of a single retained message for the specified topic.

This action returns the message payload of the retained message, which can incur messaging costs. To list only the topic names of the retained messages, call ListRetainedMessages.

Requires permission to access the GetRetainedMessage action.

For more information about messaging costs, see IoT Core pricing - Messaging.

", + "GetRetainedMessage": "

Gets the details of a single retained message for the specified topic.

This action returns the message payload of the retained message, which can incur messaging costs. To list only the topic names of the retained messages, call ListRetainedMessages.

Requires permission to access the GetRetainedMessage action.

For more information about messaging costs, see Amazon Web Services IoT Core pricing - Messaging.

", "GetThingShadow": "

Gets the shadow for the specified thing.

Requires permission to access the GetThingShadow action.

For more information, see GetThingShadow in the IoT Developer Guide.

", "ListNamedShadowsForThing": "

Lists the shadows for the specified thing.

Requires permission to access the ListNamedShadowsForThing action.

", - "ListRetainedMessages": "

Lists summary information about the retained messages stored for the account.

This action returns only the topic names of the retained messages. It doesn't return any message payloads. Although this action doesn't return a message payload, it can still incur messaging costs.

To get the message payload of a retained message, call GetRetainedMessage with the topic name of the retained message.

Requires permission to access the ListRetainedMessages action.

For more information about messaging costs, see IoT Core pricing - Messaging.

", - "Publish": "

Publishes an MQTT message.

Requires permission to access the Publish action.

For more information about MQTT messages, see MQTT Protocol in the IoT Developer Guide.

For more information about messaging costs, see IoT Core pricing - Messaging.

", + "ListRetainedMessages": "

Lists summary information about the retained messages stored for the account.

This action returns only the topic names of the retained messages. It doesn't return any message payloads. Although this action doesn't return a message payload, it can still incur messaging costs.

To get the message payload of a retained message, call GetRetainedMessage with the topic name of the retained message.

Requires permission to access the ListRetainedMessages action.

For more information about messaging costs, see Amazon Web Services IoT Core pricing - Messaging.

", + "Publish": "

Publishes an MQTT message.

Requires permission to access the Publish action.

For more information about MQTT messages, see MQTT Protocol in the IoT Developer Guide.

For more information about messaging costs, see Amazon Web Services IoT Core pricing - Messaging.

", "UpdateThingShadow": "

Updates the shadow for the specified thing.

Requires permission to access the UpdateThingShadow action.

For more information, see UpdateThingShadow in the IoT Developer Guide.

" }, "shapes": { @@ -121,7 +121,7 @@ "base": null, "refs": { "GetRetainedMessageResponse$payload": "

The Base64-encoded message payload of the retained message body.

", - "PublishRequest$payload": "

The message body. MQTT accepts text, binary, and empty (null) message payloads.

Publishing an empty (null) payload with retain = true deletes the retained message identified by topic from IoT Core.

" + "PublishRequest$payload": "

The message body. MQTT accepts text, binary, and empty (null) message payloads.

Publishing an empty (null) payload with retain = true deletes the retained message identified by topic from Amazon Web Services IoT Core.

" } }, "PayloadSize": { diff --git a/apis/iot/2015-05-28/docs-2.json b/apis/iot/2015-05-28/docs-2.json index 34bd962f5b4..71937210fac 100644 --- a/apis/iot/2015-05-28/docs-2.json +++ b/apis/iot/2015-05-28/docs-2.json @@ -1560,7 +1560,7 @@ "refs": { "Certificate$status": "

The status of the certificate.

The status value REGISTER_INACTIVE is deprecated and should not be used.

", "CertificateDescription$status": "

The status of the certificate.

", - "RegisterCertificateRequest$status": "

The status of the register certificate request.

", + "RegisterCertificateRequest$status": "

The status of the register certificate request. Valid values that you can use include ACTIVE, INACTIVE, and REVOKED.

", "RegisterCertificateWithoutCARequest$status": "

The status of the register certificate request.

", "UpdateCertificateRequest$newStatus": "

The new status.

Note: Setting the status to PENDING_TRANSFER or PENDING_ACTIVATION will result in an exception being thrown. PENDING_TRANSFER and PENDING_ACTIVATION are statuses used internally by IoT. They are not intended for developer use.

Note: The status value REGISTER_INACTIVE is deprecated and should not be used.

" } @@ -2078,9 +2078,9 @@ "CredentialDurationSeconds": { "base": null, "refs": { - "CreateRoleAliasRequest$credentialDurationSeconds": "

How long (in seconds) the credentials will be valid. The default value is 3,600 seconds.

", + "CreateRoleAliasRequest$credentialDurationSeconds": "

How long (in seconds) the credentials will be valid. The default value is 3,600 seconds.

This value must be less than or equal to the maximum session duration of the IAM role that the role alias references.

", "RoleAliasDescription$credentialDurationSeconds": "

The number of seconds for which the credential is valid.

", - "UpdateRoleAliasRequest$credentialDurationSeconds": "

The number of seconds the credential will be valid.

" + "UpdateRoleAliasRequest$credentialDurationSeconds": "

The number of seconds the credential will be valid.

This value must be less than or equal to the maximum session duration of the IAM role that the role alias references.

" } }, "CustomCodeSigning": { @@ -2092,7 +2092,7 @@ "CustomMetricArn": { "base": null, "refs": { - "CreateCustomMetricResponse$metricArn": "

The Amazon Resource Number (ARN) of the custom metric, e.g. arn:aws-partition:iot:region:accountId:custommetric/metricName

", + "CreateCustomMetricResponse$metricArn": "

The Amazon Resource Number (ARN) of the custom metric. For example, arn:aws-partition:iot:region:accountId:custommetric/metricName

", "DescribeCustomMetricResponse$metricArn": "

The Amazon Resource Number (ARN) of the custom metric.

", "UpdateCustomMetricResponse$metricArn": "

The Amazon Resource Number (ARN) of the custom metric.

" } @@ -2100,7 +2100,7 @@ "CustomMetricDisplayName": { "base": null, "refs": { - "CreateCustomMetricRequest$displayName": "

Field represents a friendly name in the console for the custom metric; it doesn't have to be unique. Don't use this name as the metric identifier in the device metric report. Can be updated once defined.

", + "CreateCustomMetricRequest$displayName": "

The friendly name in the console for the custom metric. This name doesn't have to be unique. Don't use this name as the metric identifier in the device metric report. You can update the friendly name after you define it.

", "DescribeCustomMetricResponse$displayName": "

Field represents a friendly name in the console for the custom metric; doesn't have to be unique. Don't use this name as the metric identifier in the device metric report. Can be updated.

", "UpdateCustomMetricRequest$displayName": "

Field represents a friendly name in the console for the custom metric, it doesn't have to be unique. Don't use this name as the metric identifier in the device metric report. Can be updated.

", "UpdateCustomMetricResponse$displayName": "

A friendly name in the console for the custom metric

" @@ -2109,9 +2109,9 @@ "CustomMetricType": { "base": null, "refs": { - "CreateCustomMetricRequest$metricType": "

The type of the custom metric. Types include string-list, ip-address-list, number-list, and number.

", - "DescribeCustomMetricResponse$metricType": "

The type of the custom metric. Types include string-list, ip-address-list, number-list, and number.

", - "UpdateCustomMetricResponse$metricType": "

The type of the custom metric. Types include string-list, ip-address-list, number-list, and number.

" + "CreateCustomMetricRequest$metricType": "

The type of the custom metric.

The type number only takes a single metric value as an input, but when you submit the metrics value in the DeviceMetrics report, you must pass it as an array with a single value.

", + "DescribeCustomMetricResponse$metricType": "

The type of the custom metric.

The type number only takes a single metric value as an input, but while submitting the metrics value in the DeviceMetrics report, it must be passed as an array with a single value.

", + "UpdateCustomMetricResponse$metricType": "

The type of the custom metric.

The type number only takes a single metric value as an input, but while submitting the metrics value in the DeviceMetrics report, it must be passed as an array with a single value.

" } }, "CustomerVersion": { @@ -3755,7 +3755,7 @@ "HashAlgorithm": { "base": null, "refs": { - "CustomCodeSigning$hashAlgorithm": "

The hash algorithm used to code sign the file.

" + "CustomCodeSigning$hashAlgorithm": "

The hash algorithm used to code sign the file. You can use a string as the algorithm name if the target over-the-air (OTA) update devices are able to verify the signature that was generated using the same signature algorithm. For example, FreeRTOS uses SHA256 or SHA1, so you can pass either of them based on which was used for generating the signature.

" } }, "HashKeyField": { @@ -5105,7 +5105,7 @@ "MetricName": { "base": null, "refs": { - "CreateCustomMetricRequest$metricName": "

The name of the custom metric. This will be used in the metric report submitted from the device/thing. Shouldn't begin with aws:. Cannot be updated once defined.

", + "CreateCustomMetricRequest$metricName": "

The name of the custom metric. This will be used in the metric report submitted from the device/thing. The name can't begin with aws:. You can't change the name after you define it.

", "CreateCustomMetricResponse$metricName": "

The name of the custom metric to be used in the metric report.

", "DeleteCustomMetricRequest$metricName": "

The name of the custom metric.

", "DescribeCustomMetricRequest$metricName": "

The name of the custom metric.

", @@ -6803,13 +6803,13 @@ "AcceptCertificateTransferRequest$setAsActive": "

Specifies whether the certificate is active.

", "CreateCertificateFromCsrRequest$setAsActive": "

Specifies whether the certificate is active.

", "CreateKeysAndCertificateRequest$setAsActive": "

Specifies whether the certificate is active.

", - "RegisterCACertificateRequest$setAsActive": "

A boolean value that specifies if the CA certificate is set to active.

" + "RegisterCACertificateRequest$setAsActive": "

A boolean value that specifies if the CA certificate is set to active.

Valid values: ACTIVE | INACTIVE

" } }, "SetAsActiveFlag": { "base": null, "refs": { - "RegisterCertificateRequest$setAsActive": "

A boolean value that specifies if the certificate is set to active.

" + "RegisterCertificateRequest$setAsActive": "

A boolean value that specifies if the certificate is set to active.

Valid values: ACTIVE | INACTIVE

" } }, "SetAsDefault": { @@ -6864,7 +6864,7 @@ "SignatureAlgorithm": { "base": null, "refs": { - "CustomCodeSigning$signatureAlgorithm": "

The signature algorithm used to code sign the file.

" + "CustomCodeSigning$signatureAlgorithm": "

The signature algorithm used to code sign the file. You can use a string as the algorithm name if the target over-the-air (OTA) update devices are able to verify the signature that was generated using the same signature algorithm. For example, FreeRTOS uses ECDSA or RSA, so you can pass either of them based on which was used for generating the signature.

" } }, "SigningJobId": { diff --git a/gems/aws-sdk-ec2/CHANGELOG.md b/gems/aws-sdk-ec2/CHANGELOG.md index bd5cc0bdbff..943cf656e87 100644 --- a/gems/aws-sdk-ec2/CHANGELOG.md +++ b/gems/aws-sdk-ec2/CHANGELOG.md @@ -1,6 +1,11 @@ Unreleased Changes ------------------ +1.305.0 (2022-03-30) +------------------ + +* Feature - This release simplifies the auto-recovery configuration process enabling customers to set the recovery behavior to disabled or default + 1.304.0 (2022-03-25) ------------------ diff --git a/gems/aws-sdk-ec2/VERSION b/gems/aws-sdk-ec2/VERSION index a223a68a10d..90f3765509b 100644 --- a/gems/aws-sdk-ec2/VERSION +++ b/gems/aws-sdk-ec2/VERSION @@ -1 +1 @@ -1.304.0 +1.305.0 diff --git a/gems/aws-sdk-ec2/lib/aws-sdk-ec2.rb b/gems/aws-sdk-ec2/lib/aws-sdk-ec2.rb index b48a74cffd8..61f5571b54d 100644 --- a/gems/aws-sdk-ec2/lib/aws-sdk-ec2.rb +++ b/gems/aws-sdk-ec2/lib/aws-sdk-ec2.rb @@ -72,6 +72,6 @@ # @!group service module Aws::EC2 - GEM_VERSION = '1.304.0' + GEM_VERSION = '1.305.0' end diff --git a/gems/aws-sdk-ec2/lib/aws-sdk-ec2/client.rb b/gems/aws-sdk-ec2/lib/aws-sdk-ec2/client.rb index f8986a3826e..4c7ee816d13 100644 --- a/gems/aws-sdk-ec2/lib/aws-sdk-ec2/client.rb +++ b/gems/aws-sdk-ec2/lib/aws-sdk-ec2/client.rb @@ -7357,6 +7357,9 @@ def create_key_pair(params = {}, options = {}) # enable_resource_name_dns_a_record: false, # enable_resource_name_dns_aaaa_record: false, # }, + # maintenance_options: { + # auto_recovery: "default", # accepts default, disabled + # }, # }, # tag_specifications: [ # { @@ -7709,6 +7712,9 @@ def create_launch_template(params = {}, options = {}) # enable_resource_name_dns_a_record: false, # enable_resource_name_dns_aaaa_record: false, # }, + # maintenance_options: { + # auto_recovery: "default", # accepts default, disabled + # }, # }, # }) # @@ -7854,6 +7860,7 @@ def create_launch_template(params = {}, options = {}) # resp.launch_template_version.launch_template_data.private_dns_name_options.hostname_type #=> String, one of "ip-name", "resource-name" # resp.launch_template_version.launch_template_data.private_dns_name_options.enable_resource_name_dns_a_record #=> Boolean # resp.launch_template_version.launch_template_data.private_dns_name_options.enable_resource_name_dns_aaaa_record #=> Boolean + # resp.launch_template_version.launch_template_data.maintenance_options.auto_recovery #=> String, one of "default", "disabled" # resp.warning.errors #=> Array # resp.warning.errors[0].code #=> String # resp.warning.errors[0].message #=> String @@ -22186,6 +22193,7 @@ def describe_instance_types(params = {}, options = {}) # resp.reservations[0].instances[0].private_dns_name_options.enable_resource_name_dns_a_record #=> Boolean # resp.reservations[0].instances[0].private_dns_name_options.enable_resource_name_dns_aaaa_record #=> Boolean # resp.reservations[0].instances[0].ipv_6_address #=> String + # resp.reservations[0].instances[0].maintenance_options.auto_recovery #=> String, one of "disabled", "default" # resp.reservations[0].owner_id #=> String # resp.reservations[0].requester_id #=> String # resp.reservations[0].reservation_id #=> String @@ -23077,6 +23085,7 @@ def describe_key_pairs(params = {}, options = {}) # resp.launch_template_versions[0].launch_template_data.private_dns_name_options.hostname_type #=> String, one of "ip-name", "resource-name" # resp.launch_template_versions[0].launch_template_data.private_dns_name_options.enable_resource_name_dns_a_record #=> Boolean # resp.launch_template_versions[0].launch_template_data.private_dns_name_options.enable_resource_name_dns_aaaa_record #=> Boolean + # resp.launch_template_versions[0].launch_template_data.maintenance_options.auto_recovery #=> String, one of "default", "disabled" # resp.next_token #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeLaunchTemplateVersions AWS API Documentation @@ -35806,6 +35815,7 @@ def get_ipam_resource_cidrs(params = {}, options = {}) # resp.launch_template_data.private_dns_name_options.hostname_type #=> String, one of "ip-name", "resource-name" # resp.launch_template_data.private_dns_name_options.enable_resource_name_dns_a_record #=> Boolean # resp.launch_template_data.private_dns_name_options.enable_resource_name_dns_aaaa_record #=> Boolean + # resp.launch_template_data.maintenance_options.auto_recovery #=> String, one of "default", "disabled" # # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetLaunchTemplateData AWS API Documentation # @@ -39638,6 +39648,56 @@ def modify_instance_event_window(params = {}, options = {}) req.send_request(options) end + # Modifies the recovery behavior of your instance to disable simplified + # automatic recovery or set the recovery behavior to default. The + # default configuration will not enable simplified automatic recovery + # for an unsupported instance type. For more information, see + # [Simplified automatic recovery][1]. + # + # + # + # [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-recover.html#instance-configuration-recovery + # + # @option params [required, String] :instance_id + # The ID of the instance. + # + # @option params [String] :auto_recovery + # Disables the automatic recovery behavior of your instance or sets it + # to default. + # + # @option params [Boolean] :dry_run + # Checks whether you have the required permissions for the action, + # without actually making the request, and provides an error response. + # If you have the required permissions, the error response is + # `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`. + # + # @return [Types::ModifyInstanceMaintenanceOptionsResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods: + # + # * {Types::ModifyInstanceMaintenanceOptionsResult#instance_id #instance_id} => String + # * {Types::ModifyInstanceMaintenanceOptionsResult#auto_recovery #auto_recovery} => String + # + # @example Request syntax with placeholder values + # + # resp = client.modify_instance_maintenance_options({ + # instance_id: "InstanceId", # required + # auto_recovery: "disabled", # accepts disabled, default + # dry_run: false, + # }) + # + # @example Response structure + # + # resp.instance_id #=> String + # resp.auto_recovery #=> String, one of "disabled", "default" + # + # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyInstanceMaintenanceOptions AWS API Documentation + # + # @overload modify_instance_maintenance_options(params = {}) + # @param [Hash] params ({}) + def modify_instance_maintenance_options(params = {}, options = {}) + req = build_request(:modify_instance_maintenance_options, params) + req.send_request(options) + end + # Modify the instance metadata parameters on a running or stopped # instance. When you modify the parameters on a stopped instance, they # are applied when the instance is started. When you modify the @@ -45973,8 +46033,7 @@ def reset_image_attribute(params = {}, options = {}) # The attribute to reset. # # You can only reset the following attributes: `kernel` \| `ramdisk` \| - # `sourceDestCheck`. To change an instance attribute, use - # ModifyInstanceAttribute. + # `sourceDestCheck`. # # @option params [Boolean] :dry_run # Checks whether you have the required permissions for the action, @@ -47171,6 +47230,9 @@ def revoke_security_group_ingress(params = {}, options = {}) # The options for the instance hostname. The default values are # inherited from the subnet. # + # @option params [Types::InstanceMaintenanceOptionsRequest] :maintenance_options + # The maintenance and recovery options for the instance. + # # @return [Types::Reservation] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::Reservation#groups #groups} => Array<Types::GroupIdentifier> @@ -47396,6 +47458,9 @@ def revoke_security_group_ingress(params = {}, options = {}) # enable_resource_name_dns_a_record: false, # enable_resource_name_dns_aaaa_record: false, # }, + # maintenance_options: { + # auto_recovery: "disabled", # accepts disabled, default + # }, # }) # # @example Response structure @@ -47538,6 +47603,7 @@ def revoke_security_group_ingress(params = {}, options = {}) # resp.instances[0].private_dns_name_options.enable_resource_name_dns_a_record #=> Boolean # resp.instances[0].private_dns_name_options.enable_resource_name_dns_aaaa_record #=> Boolean # resp.instances[0].ipv_6_address #=> String + # resp.instances[0].maintenance_options.auto_recovery #=> String, one of "disabled", "default" # resp.owner_id #=> String # resp.requester_id #=> String # resp.reservation_id #=> String @@ -49450,7 +49516,7 @@ def build_request(operation_name, params = {}) params: params, config: config) context[:gem_name] = 'aws-sdk-ec2' - context[:gem_version] = '1.304.0' + context[:gem_version] = '1.305.0' Seahorse::Client::Request.new(handlers, context) end diff --git a/gems/aws-sdk-ec2/lib/aws-sdk-ec2/client_api.rb b/gems/aws-sdk-ec2/lib/aws-sdk-ec2/client_api.rb index b5d468f1a7b..c3043befdff 100644 --- a/gems/aws-sdk-ec2/lib/aws-sdk-ec2/client_api.rb +++ b/gems/aws-sdk-ec2/lib/aws-sdk-ec2/client_api.rb @@ -1390,6 +1390,7 @@ module ClientApi Instance = Shapes::StructureShape.new(name: 'Instance') InstanceAttribute = Shapes::StructureShape.new(name: 'InstanceAttribute') InstanceAttributeName = Shapes::StringShape.new(name: 'InstanceAttributeName') + InstanceAutoRecoveryState = Shapes::StringShape.new(name: 'InstanceAutoRecoveryState') InstanceBlockDeviceMapping = Shapes::StructureShape.new(name: 'InstanceBlockDeviceMapping') InstanceBlockDeviceMappingList = Shapes::ListShape.new(name: 'InstanceBlockDeviceMappingList') InstanceBlockDeviceMappingSpecification = Shapes::StructureShape.new(name: 'InstanceBlockDeviceMappingSpecification') @@ -1438,6 +1439,8 @@ module ClientApi InstanceLifecycle = Shapes::StringShape.new(name: 'InstanceLifecycle') InstanceLifecycleType = Shapes::StringShape.new(name: 'InstanceLifecycleType') InstanceList = Shapes::ListShape.new(name: 'InstanceList') + InstanceMaintenanceOptions = Shapes::StructureShape.new(name: 'InstanceMaintenanceOptions') + InstanceMaintenanceOptionsRequest = Shapes::StructureShape.new(name: 'InstanceMaintenanceOptionsRequest') InstanceMarketOptionsRequest = Shapes::StructureShape.new(name: 'InstanceMarketOptionsRequest') InstanceMatchCriteria = Shapes::StringShape.new(name: 'InstanceMatchCriteria') InstanceMetadataEndpointState = Shapes::StringShape.new(name: 'InstanceMetadataEndpointState') @@ -1595,6 +1598,7 @@ module ClientApi LaunchSpecsList = Shapes::ListShape.new(name: 'LaunchSpecsList') LaunchTemplate = Shapes::StructureShape.new(name: 'LaunchTemplate') LaunchTemplateAndOverridesResponse = Shapes::StructureShape.new(name: 'LaunchTemplateAndOverridesResponse') + LaunchTemplateAutoRecoveryState = Shapes::StringShape.new(name: 'LaunchTemplateAutoRecoveryState') LaunchTemplateBlockDeviceMapping = Shapes::StructureShape.new(name: 'LaunchTemplateBlockDeviceMapping') LaunchTemplateBlockDeviceMappingList = Shapes::ListShape.new(name: 'LaunchTemplateBlockDeviceMappingList') LaunchTemplateBlockDeviceMappingRequest = Shapes::StructureShape.new(name: 'LaunchTemplateBlockDeviceMappingRequest') @@ -1622,6 +1626,8 @@ module ClientApi LaunchTemplateIamInstanceProfileSpecificationRequest = Shapes::StructureShape.new(name: 'LaunchTemplateIamInstanceProfileSpecificationRequest') LaunchTemplateId = Shapes::StringShape.new(name: 'LaunchTemplateId') LaunchTemplateIdStringList = Shapes::ListShape.new(name: 'LaunchTemplateIdStringList') + LaunchTemplateInstanceMaintenanceOptions = Shapes::StructureShape.new(name: 'LaunchTemplateInstanceMaintenanceOptions') + LaunchTemplateInstanceMaintenanceOptionsRequest = Shapes::StructureShape.new(name: 'LaunchTemplateInstanceMaintenanceOptionsRequest') LaunchTemplateInstanceMarketOptions = Shapes::StructureShape.new(name: 'LaunchTemplateInstanceMarketOptions') LaunchTemplateInstanceMarketOptionsRequest = Shapes::StructureShape.new(name: 'LaunchTemplateInstanceMarketOptionsRequest') LaunchTemplateInstanceMetadataEndpointState = Shapes::StringShape.new(name: 'LaunchTemplateInstanceMetadataEndpointState') @@ -1765,6 +1771,8 @@ module ClientApi ModifyInstanceEventStartTimeResult = Shapes::StructureShape.new(name: 'ModifyInstanceEventStartTimeResult') ModifyInstanceEventWindowRequest = Shapes::StructureShape.new(name: 'ModifyInstanceEventWindowRequest') ModifyInstanceEventWindowResult = Shapes::StructureShape.new(name: 'ModifyInstanceEventWindowResult') + ModifyInstanceMaintenanceOptionsRequest = Shapes::StructureShape.new(name: 'ModifyInstanceMaintenanceOptionsRequest') + ModifyInstanceMaintenanceOptionsResult = Shapes::StructureShape.new(name: 'ModifyInstanceMaintenanceOptionsResult') ModifyInstanceMetadataOptionsRequest = Shapes::StructureShape.new(name: 'ModifyInstanceMetadataOptionsRequest') ModifyInstanceMetadataOptionsResult = Shapes::StructureShape.new(name: 'ModifyInstanceMetadataOptionsResult') ModifyInstancePlacementRequest = Shapes::StructureShape.new(name: 'ModifyInstancePlacementRequest') @@ -8311,6 +8319,7 @@ module ClientApi Instance.add_member(:usage_operation_update_time, Shapes::ShapeRef.new(shape: MillisecondDateTime, location_name: "usageOperationUpdateTime")) Instance.add_member(:private_dns_name_options, Shapes::ShapeRef.new(shape: PrivateDnsNameOptionsResponse, location_name: "privateDnsNameOptions")) Instance.add_member(:ipv_6_address, Shapes::ShapeRef.new(shape: String, location_name: "ipv6Address")) + Instance.add_member(:maintenance_options, Shapes::ShapeRef.new(shape: InstanceMaintenanceOptions, location_name: "maintenanceOptions")) Instance.struct_class = Types::Instance InstanceAttribute.add_member(:groups, Shapes::ShapeRef.new(shape: GroupIdentifierList, location_name: "groupSet")) @@ -8456,6 +8465,12 @@ module ClientApi InstanceList.member = Shapes::ShapeRef.new(shape: Instance, location_name: "item") + InstanceMaintenanceOptions.add_member(:auto_recovery, Shapes::ShapeRef.new(shape: InstanceAutoRecoveryState, location_name: "autoRecovery")) + InstanceMaintenanceOptions.struct_class = Types::InstanceMaintenanceOptions + + InstanceMaintenanceOptionsRequest.add_member(:auto_recovery, Shapes::ShapeRef.new(shape: InstanceAutoRecoveryState, location_name: "AutoRecovery")) + InstanceMaintenanceOptionsRequest.struct_class = Types::InstanceMaintenanceOptionsRequest + InstanceMarketOptionsRequest.add_member(:market_type, Shapes::ShapeRef.new(shape: MarketType, location_name: "MarketType")) InstanceMarketOptionsRequest.add_member(:spot_options, Shapes::ShapeRef.new(shape: SpotMarketOptions, location_name: "SpotOptions")) InstanceMarketOptionsRequest.struct_class = Types::InstanceMarketOptionsRequest @@ -9099,6 +9114,12 @@ module ClientApi LaunchTemplateIdStringList.member = Shapes::ShapeRef.new(shape: LaunchTemplateId, location_name: "item") + LaunchTemplateInstanceMaintenanceOptions.add_member(:auto_recovery, Shapes::ShapeRef.new(shape: LaunchTemplateAutoRecoveryState, location_name: "autoRecovery")) + LaunchTemplateInstanceMaintenanceOptions.struct_class = Types::LaunchTemplateInstanceMaintenanceOptions + + LaunchTemplateInstanceMaintenanceOptionsRequest.add_member(:auto_recovery, Shapes::ShapeRef.new(shape: LaunchTemplateAutoRecoveryState, location_name: "AutoRecovery")) + LaunchTemplateInstanceMaintenanceOptionsRequest.struct_class = Types::LaunchTemplateInstanceMaintenanceOptionsRequest + LaunchTemplateInstanceMarketOptions.add_member(:market_type, Shapes::ShapeRef.new(shape: MarketType, location_name: "marketType")) LaunchTemplateInstanceMarketOptions.add_member(:spot_options, Shapes::ShapeRef.new(shape: LaunchTemplateSpotMarketOptions, location_name: "spotOptions")) LaunchTemplateInstanceMarketOptions.struct_class = Types::LaunchTemplateInstanceMarketOptions @@ -9632,6 +9653,15 @@ module ClientApi ModifyInstanceEventWindowResult.add_member(:instance_event_window, Shapes::ShapeRef.new(shape: InstanceEventWindow, location_name: "instanceEventWindow")) ModifyInstanceEventWindowResult.struct_class = Types::ModifyInstanceEventWindowResult + ModifyInstanceMaintenanceOptionsRequest.add_member(:instance_id, Shapes::ShapeRef.new(shape: InstanceId, required: true, location_name: "InstanceId")) + ModifyInstanceMaintenanceOptionsRequest.add_member(:auto_recovery, Shapes::ShapeRef.new(shape: InstanceAutoRecoveryState, location_name: "AutoRecovery")) + ModifyInstanceMaintenanceOptionsRequest.add_member(:dry_run, Shapes::ShapeRef.new(shape: Boolean, location_name: "DryRun")) + ModifyInstanceMaintenanceOptionsRequest.struct_class = Types::ModifyInstanceMaintenanceOptionsRequest + + ModifyInstanceMaintenanceOptionsResult.add_member(:instance_id, Shapes::ShapeRef.new(shape: String, location_name: "instanceId")) + ModifyInstanceMaintenanceOptionsResult.add_member(:auto_recovery, Shapes::ShapeRef.new(shape: InstanceAutoRecoveryState, location_name: "autoRecovery")) + ModifyInstanceMaintenanceOptionsResult.struct_class = Types::ModifyInstanceMaintenanceOptionsResult + ModifyInstanceMetadataOptionsRequest.add_member(:instance_id, Shapes::ShapeRef.new(shape: InstanceId, required: true, location_name: "InstanceId")) ModifyInstanceMetadataOptionsRequest.add_member(:http_tokens, Shapes::ShapeRef.new(shape: HttpTokensState, location_name: "HttpTokens")) ModifyInstanceMetadataOptionsRequest.add_member(:http_put_response_hop_limit, Shapes::ShapeRef.new(shape: Integer, location_name: "HttpPutResponseHopLimit")) @@ -11025,6 +11055,7 @@ module ClientApi RequestLaunchTemplateData.add_member(:enclave_options, Shapes::ShapeRef.new(shape: LaunchTemplateEnclaveOptionsRequest, location_name: "EnclaveOptions")) RequestLaunchTemplateData.add_member(:instance_requirements, Shapes::ShapeRef.new(shape: InstanceRequirementsRequest, location_name: "InstanceRequirements")) RequestLaunchTemplateData.add_member(:private_dns_name_options, Shapes::ShapeRef.new(shape: LaunchTemplatePrivateDnsNameOptionsRequest, location_name: "PrivateDnsNameOptions")) + RequestLaunchTemplateData.add_member(:maintenance_options, Shapes::ShapeRef.new(shape: LaunchTemplateInstanceMaintenanceOptionsRequest, location_name: "MaintenanceOptions")) RequestLaunchTemplateData.struct_class = Types::RequestLaunchTemplateData RequestSpotFleetRequest.add_member(:dry_run, Shapes::ShapeRef.new(shape: Boolean, location_name: "dryRun")) @@ -11296,6 +11327,7 @@ module ClientApi ResponseLaunchTemplateData.add_member(:enclave_options, Shapes::ShapeRef.new(shape: LaunchTemplateEnclaveOptions, location_name: "enclaveOptions")) ResponseLaunchTemplateData.add_member(:instance_requirements, Shapes::ShapeRef.new(shape: InstanceRequirements, location_name: "instanceRequirements")) ResponseLaunchTemplateData.add_member(:private_dns_name_options, Shapes::ShapeRef.new(shape: LaunchTemplatePrivateDnsNameOptions, location_name: "privateDnsNameOptions")) + ResponseLaunchTemplateData.add_member(:maintenance_options, Shapes::ShapeRef.new(shape: LaunchTemplateInstanceMaintenanceOptions, location_name: "maintenanceOptions")) ResponseLaunchTemplateData.struct_class = Types::ResponseLaunchTemplateData RestorableByStringList.member = Shapes::ShapeRef.new(shape: String) @@ -11485,6 +11517,7 @@ module ClientApi RunInstancesRequest.add_member(:metadata_options, Shapes::ShapeRef.new(shape: InstanceMetadataOptionsRequest, location_name: "MetadataOptions")) RunInstancesRequest.add_member(:enclave_options, Shapes::ShapeRef.new(shape: EnclaveOptionsRequest, location_name: "EnclaveOptions")) RunInstancesRequest.add_member(:private_dns_name_options, Shapes::ShapeRef.new(shape: PrivateDnsNameOptionsRequest, location_name: "PrivateDnsNameOptions")) + RunInstancesRequest.add_member(:maintenance_options, Shapes::ShapeRef.new(shape: InstanceMaintenanceOptionsRequest, location_name: "MaintenanceOptions")) RunInstancesRequest.struct_class = Types::RunInstancesRequest RunScheduledInstancesRequest.add_member(:client_token, Shapes::ShapeRef.new(shape: String, location_name: "ClientToken", metadata: {"idempotencyToken"=>true})) @@ -17247,6 +17280,14 @@ module ClientApi o.output = Shapes::ShapeRef.new(shape: ModifyInstanceEventWindowResult) end) + api.add_operation(:modify_instance_maintenance_options, Seahorse::Model::Operation.new.tap do |o| + o.name = "ModifyInstanceMaintenanceOptions" + o.http_method = "POST" + o.http_request_uri = "/" + o.input = Shapes::ShapeRef.new(shape: ModifyInstanceMaintenanceOptionsRequest) + o.output = Shapes::ShapeRef.new(shape: ModifyInstanceMaintenanceOptionsResult) + end) + api.add_operation(:modify_instance_metadata_options, Seahorse::Model::Operation.new.tap do |o| o.name = "ModifyInstanceMetadataOptions" o.http_method = "POST" diff --git a/gems/aws-sdk-ec2/lib/aws-sdk-ec2/instance.rb b/gems/aws-sdk-ec2/lib/aws-sdk-ec2/instance.rb index 30fdf4f68b5..92de024a42b 100644 --- a/gems/aws-sdk-ec2/lib/aws-sdk-ec2/instance.rb +++ b/gems/aws-sdk-ec2/lib/aws-sdk-ec2/instance.rb @@ -389,6 +389,13 @@ def ipv_6_address data[:ipv_6_address] end + # Provides information on the recovery and maintenance options of your + # instance. + # @return [Types::InstanceMaintenanceOptions] + def maintenance_options + data[:maintenance_options] + end + # @!endgroup # @return [Client] @@ -1199,8 +1206,7 @@ def report_status(options = {}) # The attribute to reset. # # You can only reset the following attributes: `kernel` \| `ramdisk` \| - # `sourceDestCheck`. To change an instance attribute, use - # ModifyInstanceAttribute. + # `sourceDestCheck`. # @option options [Boolean] :dry_run # Checks whether you have the required permissions for the action, # without actually making the request, and provides an error response. diff --git a/gems/aws-sdk-ec2/lib/aws-sdk-ec2/resource.rb b/gems/aws-sdk-ec2/lib/aws-sdk-ec2/resource.rb index 2d0f32044ef..bac4f8ddfb9 100644 --- a/gems/aws-sdk-ec2/lib/aws-sdk-ec2/resource.rb +++ b/gems/aws-sdk-ec2/lib/aws-sdk-ec2/resource.rb @@ -253,6 +253,9 @@ def create_dhcp_options(options = {}) # enable_resource_name_dns_a_record: false, # enable_resource_name_dns_aaaa_record: false, # }, + # maintenance_options: { + # auto_recovery: "disabled", # accepts disabled, default + # }, # }) # @param [Hash] options ({}) # @option options [Array] :block_device_mappings @@ -561,6 +564,8 @@ def create_dhcp_options(options = {}) # @option options [Types::PrivateDnsNameOptionsRequest] :private_dns_name_options # The options for the instance hostname. The default values are # inherited from the subnet. + # @option options [Types::InstanceMaintenanceOptionsRequest] :maintenance_options + # The maintenance and recovery options for the instance. # @return [Instance::Collection] def create_instances(options = {}) batch = [] diff --git a/gems/aws-sdk-ec2/lib/aws-sdk-ec2/subnet.rb b/gems/aws-sdk-ec2/lib/aws-sdk-ec2/subnet.rb index a8a26f329be..9db4f4fdf47 100644 --- a/gems/aws-sdk-ec2/lib/aws-sdk-ec2/subnet.rb +++ b/gems/aws-sdk-ec2/lib/aws-sdk-ec2/subnet.rb @@ -477,6 +477,9 @@ def wait_until(options = {}, &block) # enable_resource_name_dns_a_record: false, # enable_resource_name_dns_aaaa_record: false, # }, + # maintenance_options: { + # auto_recovery: "disabled", # accepts disabled, default + # }, # }) # @param [Hash] options ({}) # @option options [Array] :block_device_mappings @@ -780,6 +783,8 @@ def wait_until(options = {}, &block) # @option options [Types::PrivateDnsNameOptionsRequest] :private_dns_name_options # The options for the instance hostname. The default values are # inherited from the subnet. + # @option options [Types::InstanceMaintenanceOptionsRequest] :maintenance_options + # The maintenance and recovery options for the instance. # @return [Instance::Collection] def create_instances(options = {}) batch = [] diff --git a/gems/aws-sdk-ec2/lib/aws-sdk-ec2/types.rb b/gems/aws-sdk-ec2/lib/aws-sdk-ec2/types.rb index 82830236637..8903941aaad 100644 --- a/gems/aws-sdk-ec2/lib/aws-sdk-ec2/types.rb +++ b/gems/aws-sdk-ec2/lib/aws-sdk-ec2/types.rb @@ -9238,6 +9238,9 @@ class CreateKeyPairRequest < Struct.new( # enable_resource_name_dns_a_record: false, # enable_resource_name_dns_aaaa_record: false, # }, + # maintenance_options: { + # auto_recovery: "default", # accepts default, disabled + # }, # }, # tag_specifications: [ # { @@ -9531,6 +9534,9 @@ class CreateLaunchTemplateResult < Struct.new( # enable_resource_name_dns_a_record: false, # enable_resource_name_dns_aaaa_record: false, # }, + # maintenance_options: { + # auto_recovery: "default", # accepts default, disabled + # }, # }, # } # @@ -39476,6 +39482,11 @@ class InferenceDeviceInfo < Struct.new( # The IPv6 address assigned to the instance. # @return [String] # + # @!attribute [rw] maintenance_options + # Provides information on the recovery and maintenance options of your + # instance. + # @return [Types::InstanceMaintenanceOptions] + # # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/Instance AWS API Documentation # class Instance < Struct.new( @@ -39532,7 +39543,8 @@ class Instance < Struct.new( :usage_operation, :usage_operation_update_time, :private_dns_name_options, - :ipv_6_address) + :ipv_6_address, + :maintenance_options) SENSITIVE = [] include Aws::Structure end @@ -40152,6 +40164,48 @@ class InstanceIpv6Prefix < Struct.new( include Aws::Structure end + # The maintenance options for the instance. + # + # @!attribute [rw] auto_recovery + # Provides information on the current automatic recovery behavior of + # your instance. + # @return [String] + # + # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/InstanceMaintenanceOptions AWS API Documentation + # + class InstanceMaintenanceOptions < Struct.new( + :auto_recovery) + SENSITIVE = [] + include Aws::Structure + end + + # The maintenance options for the instance. + # + # @note When making an API call, you may pass InstanceMaintenanceOptionsRequest + # data as a hash: + # + # { + # auto_recovery: "disabled", # accepts disabled, default + # } + # + # @!attribute [rw] auto_recovery + # Disables the automatic recovery behavior of your instance or sets it + # to default. For more information, see [Simplified automatic + # recovery][1]. + # + # + # + # [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-recover.html#instance-configuration-recovery + # @return [String] + # + # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/InstanceMaintenanceOptionsRequest AWS API Documentation + # + class InstanceMaintenanceOptionsRequest < Struct.new( + :auto_recovery) + SENSITIVE = [] + include Aws::Structure + end + # Describes the market (purchasing) option for the instances. # # @note When making an API call, you may pass InstanceMarketOptionsRequest @@ -44269,6 +44323,48 @@ class LaunchTemplateIamInstanceProfileSpecificationRequest < Struct.new( include Aws::Structure end + # The maintenance options of your instance. + # + # @!attribute [rw] auto_recovery + # Disables the automatic recovery behavior of your instance or sets it + # to default. + # @return [String] + # + # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LaunchTemplateInstanceMaintenanceOptions AWS API Documentation + # + class LaunchTemplateInstanceMaintenanceOptions < Struct.new( + :auto_recovery) + SENSITIVE = [] + include Aws::Structure + end + + # The maintenance options of your instance. + # + # @note When making an API call, you may pass LaunchTemplateInstanceMaintenanceOptionsRequest + # data as a hash: + # + # { + # auto_recovery: "default", # accepts default, disabled + # } + # + # @!attribute [rw] auto_recovery + # Disables the automatic recovery behavior of your instance or sets it + # to default. For more information, see [Simplified automatic + # recovery][1]. + # + # + # + # [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-recover.html#instance-configuration-recovery + # @return [String] + # + # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LaunchTemplateInstanceMaintenanceOptionsRequest AWS API Documentation + # + class LaunchTemplateInstanceMaintenanceOptionsRequest < Struct.new( + :auto_recovery) + SENSITIVE = [] + include Aws::Structure + end + # The market (purchasing) option for the instances. # # @!attribute [rw] market_type @@ -46909,7 +47005,9 @@ class ModifyFleetRequest < Struct.new( end # @!attribute [rw] return - # Is `true` if the request succeeds, and an error otherwise. + # If the request succeeds, the response returns `true`. If the request + # fails, no response is returned, and instead an error message is + # returned. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyFleetResult AWS API Documentation @@ -47763,6 +47861,59 @@ class ModifyInstanceEventWindowResult < Struct.new( include Aws::Structure end + # @note When making an API call, you may pass ModifyInstanceMaintenanceOptionsRequest + # data as a hash: + # + # { + # instance_id: "InstanceId", # required + # auto_recovery: "disabled", # accepts disabled, default + # dry_run: false, + # } + # + # @!attribute [rw] instance_id + # The ID of the instance. + # @return [String] + # + # @!attribute [rw] auto_recovery + # Disables the automatic recovery behavior of your instance or sets it + # to default. + # @return [String] + # + # @!attribute [rw] dry_run + # Checks whether you have the required permissions for the action, + # without actually making the request, and provides an error response. + # If you have the required permissions, the error response is + # `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`. + # @return [Boolean] + # + # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyInstanceMaintenanceOptionsRequest AWS API Documentation + # + class ModifyInstanceMaintenanceOptionsRequest < Struct.new( + :instance_id, + :auto_recovery, + :dry_run) + SENSITIVE = [] + include Aws::Structure + end + + # @!attribute [rw] instance_id + # The ID of the instance. + # @return [String] + # + # @!attribute [rw] auto_recovery + # Provides information on the current automatic recovery behavior of + # your instance. + # @return [String] + # + # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyInstanceMaintenanceOptionsResult AWS API Documentation + # + class ModifyInstanceMaintenanceOptionsResult < Struct.new( + :instance_id, + :auto_recovery) + SENSITIVE = [] + include Aws::Structure + end + # @note When making an API call, you may pass ModifyInstanceMetadataOptionsRequest # data as a hash: # @@ -48924,7 +49075,9 @@ class ModifySpotFleetRequestRequest < Struct.new( # Contains the output of ModifySpotFleetRequest. # # @!attribute [rw] return - # Is `true` if the request succeeds, and an error otherwise. + # If the request succeeds, the response returns `true`. If the request + # fails, no response is returned, and instead an error message is + # returned. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifySpotFleetRequestResponse AWS API Documentation @@ -55886,6 +56039,9 @@ class RequestIpamResourceTag < Struct.new( # enable_resource_name_dns_a_record: false, # enable_resource_name_dns_aaaa_record: false, # }, + # maintenance_options: { + # auto_recovery: "default", # accepts default, disabled + # }, # } # # @!attribute [rw] kernel_id @@ -56131,6 +56287,10 @@ class RequestIpamResourceTag < Struct.new( # inherited from the subnet. # @return [Types::LaunchTemplatePrivateDnsNameOptionsRequest] # + # @!attribute [rw] maintenance_options + # The maintenance options for the instance. + # @return [Types::LaunchTemplateInstanceMaintenanceOptionsRequest] + # # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RequestLaunchTemplateData AWS API Documentation # class RequestLaunchTemplateData < Struct.new( @@ -56162,7 +56322,8 @@ class RequestLaunchTemplateData < Struct.new( :metadata_options, :enclave_options, :instance_requirements, - :private_dns_name_options) + :private_dns_name_options, + :maintenance_options) SENSITIVE = [] include Aws::Structure end @@ -57728,8 +57889,7 @@ class ResetImageAttributeRequest < Struct.new( # The attribute to reset. # # You can only reset the following attributes: `kernel` \| `ramdisk` - # \| `sourceDestCheck`. To change an instance attribute, use - # ModifyInstanceAttribute. + # \| `sourceDestCheck`. # @return [String] # # @!attribute [rw] dry_run @@ -58036,6 +58196,10 @@ class ResponseError < Struct.new( # The options for the instance hostname. # @return [Types::LaunchTemplatePrivateDnsNameOptions] # + # @!attribute [rw] maintenance_options + # The maintenance options for your instance. + # @return [Types::LaunchTemplateInstanceMaintenanceOptions] + # # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ResponseLaunchTemplateData AWS API Documentation # class ResponseLaunchTemplateData < Struct.new( @@ -58067,7 +58231,8 @@ class ResponseLaunchTemplateData < Struct.new( :metadata_options, :enclave_options, :instance_requirements, - :private_dns_name_options) + :private_dns_name_options, + :maintenance_options) SENSITIVE = [] include Aws::Structure end @@ -59143,6 +59308,9 @@ class RunInstancesMonitoringEnabled < Struct.new( # enable_resource_name_dns_a_record: false, # enable_resource_name_dns_aaaa_record: false, # }, + # maintenance_options: { + # auto_recovery: "disabled", # accepts disabled, default + # }, # } # # @!attribute [rw] block_device_mappings @@ -59534,6 +59702,10 @@ class RunInstancesMonitoringEnabled < Struct.new( # inherited from the subnet. # @return [Types::PrivateDnsNameOptionsRequest] # + # @!attribute [rw] maintenance_options + # The maintenance and recovery options for the instance. + # @return [Types::InstanceMaintenanceOptionsRequest] + # # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RunInstancesRequest AWS API Documentation # class RunInstancesRequest < Struct.new( @@ -59574,7 +59746,8 @@ class RunInstancesRequest < Struct.new( :license_specifications, :metadata_options, :enclave_options, - :private_dns_name_options) + :private_dns_name_options, + :maintenance_options) SENSITIVE = [] include Aws::Structure end diff --git a/gems/aws-sdk-fms/CHANGELOG.md b/gems/aws-sdk-fms/CHANGELOG.md index d49f1f0c118..6b9f354533a 100644 --- a/gems/aws-sdk-fms/CHANGELOG.md +++ b/gems/aws-sdk-fms/CHANGELOG.md @@ -1,6 +1,11 @@ Unreleased Changes ------------------ +1.49.0 (2022-03-30) +------------------ + +* Feature - AWS Firewall Manager now supports the configuration of third-party policies that can use either the centralized or distributed deployment models. + 1.48.0 (2022-02-24) ------------------ diff --git a/gems/aws-sdk-fms/VERSION b/gems/aws-sdk-fms/VERSION index 9db5ea12f52..7f3a46a841e 100644 --- a/gems/aws-sdk-fms/VERSION +++ b/gems/aws-sdk-fms/VERSION @@ -1 +1 @@ -1.48.0 +1.49.0 diff --git a/gems/aws-sdk-fms/lib/aws-sdk-fms.rb b/gems/aws-sdk-fms/lib/aws-sdk-fms.rb index 4a46c154c25..8d92d23fe5e 100644 --- a/gems/aws-sdk-fms/lib/aws-sdk-fms.rb +++ b/gems/aws-sdk-fms/lib/aws-sdk-fms.rb @@ -48,6 +48,6 @@ # @!group service module Aws::FMS - GEM_VERSION = '1.48.0' + GEM_VERSION = '1.49.0' end diff --git a/gems/aws-sdk-fms/lib/aws-sdk-fms/client.rb b/gems/aws-sdk-fms/lib/aws-sdk-fms/client.rb index 1218e0c4019..2799f5765c0 100644 --- a/gems/aws-sdk-fms/lib/aws-sdk-fms/client.rb +++ b/gems/aws-sdk-fms/lib/aws-sdk-fms/client.rb @@ -397,6 +397,37 @@ def associate_admin_account(params = {}, options = {}) req.send_request(options) end + # Sets the Firewall Manager policy administrator as a tenant + # administrator of a third-party firewall service. A tenant is an + # instance of the third-party firewall service that's associated with + # your Amazon Web Services customer account. + # + # @option params [required, String] :third_party_firewall + # The name of the third-party firewall vendor. + # + # @return [Types::AssociateThirdPartyFirewallResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: + # + # * {Types::AssociateThirdPartyFirewallResponse#third_party_firewall_status #third_party_firewall_status} => String + # + # @example Request syntax with placeholder values + # + # resp = client.associate_third_party_firewall({ + # third_party_firewall: "PALO_ALTO_NETWORKS_CLOUD_NGFW", # required, accepts PALO_ALTO_NETWORKS_CLOUD_NGFW + # }) + # + # @example Response structure + # + # resp.third_party_firewall_status #=> String, one of "ONBOARDING", "ONBOARD_COMPLETE", "OFFBOARDING", "OFFBOARD_COMPLETE", "NOT_EXIST" + # + # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AssociateThirdPartyFirewall AWS API Documentation + # + # @overload associate_third_party_firewall(params = {}) + # @param [Hash] params ({}) + def associate_third_party_firewall(params = {}, options = {}) + req = build_request(:associate_third_party_firewall, params) + req.send_request(options) + end + # Permanently deletes an Firewall Manager applications list. # # @option params [required, String] :list_id @@ -528,6 +559,37 @@ def disassociate_admin_account(params = {}, options = {}) req.send_request(options) end + # Disassociates a Firewall Manager policy administrator from a + # third-party firewall tenant. When you call + # `DisassociateThirdPartyFirewall`, the third-party firewall vendor + # deletes all of the firewalls that are associated with the account. + # + # @option params [required, String] :third_party_firewall + # The name of the third-party firewall vendor. + # + # @return [Types::DisassociateThirdPartyFirewallResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: + # + # * {Types::DisassociateThirdPartyFirewallResponse#third_party_firewall_status #third_party_firewall_status} => String + # + # @example Request syntax with placeholder values + # + # resp = client.disassociate_third_party_firewall({ + # third_party_firewall: "PALO_ALTO_NETWORKS_CLOUD_NGFW", # required, accepts PALO_ALTO_NETWORKS_CLOUD_NGFW + # }) + # + # @example Response structure + # + # resp.third_party_firewall_status #=> String, one of "ONBOARDING", "ONBOARD_COMPLETE", "OFFBOARDING", "OFFBOARD_COMPLETE", "NOT_EXIST" + # + # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DisassociateThirdPartyFirewall AWS API Documentation + # + # @overload disassociate_third_party_firewall(params = {}) + # @param [Hash] params ({}) + def disassociate_third_party_firewall(params = {}, options = {}) + req = build_request(:disassociate_third_party_firewall, params) + req.send_request(options) + end + # Returns the Organizations account that is associated with Firewall # Manager as the Firewall Manager administrator. # @@ -648,7 +710,7 @@ def get_apps_list(params = {}, options = {}) # resp.policy_compliance_detail.member_account #=> String # resp.policy_compliance_detail.violators #=> Array # resp.policy_compliance_detail.violators[0].resource_id #=> String - # resp.policy_compliance_detail.violators[0].violation_reason #=> String, one of "WEB_ACL_MISSING_RULE_GROUP", "RESOURCE_MISSING_WEB_ACL", "RESOURCE_INCORRECT_WEB_ACL", "RESOURCE_MISSING_SHIELD_PROTECTION", "RESOURCE_MISSING_WEB_ACL_OR_SHIELD_PROTECTION", "RESOURCE_MISSING_SECURITY_GROUP", "RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP", "SECURITY_GROUP_UNUSED", "SECURITY_GROUP_REDUNDANT", "FMS_CREATED_SECURITY_GROUP_EDITED", "MISSING_FIREWALL", "MISSING_FIREWALL_SUBNET_IN_AZ", "MISSING_EXPECTED_ROUTE_TABLE", "NETWORK_FIREWALL_POLICY_MODIFIED", "INTERNET_GATEWAY_MISSING_EXPECTED_ROUTE", "FIREWALL_SUBNET_MISSING_EXPECTED_ROUTE", "UNEXPECTED_FIREWALL_ROUTES", "UNEXPECTED_TARGET_GATEWAY_ROUTES", "TRAFFIC_INSPECTION_CROSSES_AZ_BOUNDARY", "INVALID_ROUTE_CONFIGURATION", "MISSING_TARGET_GATEWAY", "INTERNET_TRAFFIC_NOT_INSPECTED", "BLACK_HOLE_ROUTE_DETECTED", "BLACK_HOLE_ROUTE_DETECTED_IN_FIREWALL_SUBNET", "RESOURCE_MISSING_DNS_FIREWALL", "FIREWALL_SUBNET_IS_OUT_OF_SCOPE", "ROUTE_HAS_OUT_OF_SCOPE_ENDPOINT" + # resp.policy_compliance_detail.violators[0].violation_reason #=> String, one of "WEB_ACL_MISSING_RULE_GROUP", "RESOURCE_MISSING_WEB_ACL", "RESOURCE_INCORRECT_WEB_ACL", "RESOURCE_MISSING_SHIELD_PROTECTION", "RESOURCE_MISSING_WEB_ACL_OR_SHIELD_PROTECTION", "RESOURCE_MISSING_SECURITY_GROUP", "RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP", "SECURITY_GROUP_UNUSED", "SECURITY_GROUP_REDUNDANT", "FMS_CREATED_SECURITY_GROUP_EDITED", "MISSING_FIREWALL", "MISSING_FIREWALL_SUBNET_IN_AZ", "MISSING_EXPECTED_ROUTE_TABLE", "NETWORK_FIREWALL_POLICY_MODIFIED", "FIREWALL_SUBNET_IS_OUT_OF_SCOPE", "INTERNET_GATEWAY_MISSING_EXPECTED_ROUTE", "FIREWALL_SUBNET_MISSING_EXPECTED_ROUTE", "UNEXPECTED_FIREWALL_ROUTES", "UNEXPECTED_TARGET_GATEWAY_ROUTES", "TRAFFIC_INSPECTION_CROSSES_AZ_BOUNDARY", "INVALID_ROUTE_CONFIGURATION", "MISSING_TARGET_GATEWAY", "INTERNET_TRAFFIC_NOT_INSPECTED", "BLACK_HOLE_ROUTE_DETECTED", "BLACK_HOLE_ROUTE_DETECTED_IN_FIREWALL_SUBNET", "RESOURCE_MISSING_DNS_FIREWALL", "ROUTE_HAS_OUT_OF_SCOPE_ENDPOINT", "FIREWALL_SUBNET_MISSING_VPCE_ENDPOINT" # resp.policy_compliance_detail.violators[0].resource_type #=> String # resp.policy_compliance_detail.violators[0].metadata #=> Hash # resp.policy_compliance_detail.violators[0].metadata["LengthBoundedString"] #=> String @@ -709,9 +771,10 @@ def get_notification_channel(params = {}, options = {}) # resp.policy.policy_id #=> String # resp.policy.policy_name #=> String # resp.policy.policy_update_token #=> String - # resp.policy.security_service_policy_data.type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL" + # resp.policy.security_service_policy_data.type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL", "THIRD_PARTY_FIREWALL" # resp.policy.security_service_policy_data.managed_service_data #=> String - # resp.policy.security_service_policy_data.policy_option.network_firewall_policy.firewall_deployment_model #=> String, one of "CENTRALIZED" + # resp.policy.security_service_policy_data.policy_option.network_firewall_policy.firewall_deployment_model #=> String, one of "CENTRALIZED", "DISTRIBUTED" + # resp.policy.security_service_policy_data.policy_option.third_party_firewall_policy.firewall_deployment_model #=> String, one of "CENTRALIZED", "DISTRIBUTED" # resp.policy.resource_type #=> String # resp.policy.resource_type_list #=> Array # resp.policy.resource_type_list[0] #=> String @@ -797,7 +860,7 @@ def get_policy(params = {}, options = {}) # @example Response structure # # resp.admin_account_id #=> String - # resp.service_type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL" + # resp.service_type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL", "THIRD_PARTY_FIREWALL" # resp.data #=> String # resp.next_token #=> String # @@ -856,6 +919,37 @@ def get_protocols_list(params = {}, options = {}) req.send_request(options) end + # The onboarding status of a Firewall Manager admin account to + # third-party firewall vendor tenant. + # + # @option params [required, String] :third_party_firewall + # The name of the third-party firewall vendor. + # + # @return [Types::GetThirdPartyFirewallAssociationStatusResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: + # + # * {Types::GetThirdPartyFirewallAssociationStatusResponse#third_party_firewall_status #third_party_firewall_status} => String + # * {Types::GetThirdPartyFirewallAssociationStatusResponse#marketplace_onboarding_status #marketplace_onboarding_status} => String + # + # @example Request syntax with placeholder values + # + # resp = client.get_third_party_firewall_association_status({ + # third_party_firewall: "PALO_ALTO_NETWORKS_CLOUD_NGFW", # required, accepts PALO_ALTO_NETWORKS_CLOUD_NGFW + # }) + # + # @example Response structure + # + # resp.third_party_firewall_status #=> String, one of "ONBOARDING", "ONBOARD_COMPLETE", "OFFBOARDING", "OFFBOARD_COMPLETE", "NOT_EXIST" + # resp.marketplace_onboarding_status #=> String, one of "NO_SUBSCRIPTION", "NOT_COMPLETE", "COMPLETE" + # + # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetThirdPartyFirewallAssociationStatus AWS API Documentation + # + # @overload get_third_party_firewall_association_status(params = {}) + # @param [Hash] params ({}) + def get_third_party_firewall_association_status(params = {}, options = {}) + req = build_request(:get_third_party_firewall_association_status, params) + req.send_request(options) + end + # Retrieves violations for a resource based on the specified Firewall # Manager policy and Amazon Web Services account. # @@ -1180,6 +1274,23 @@ def get_protocols_list(params = {}, options = {}) # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.internet_gateway_routes[0].target_type #=> String, one of "GATEWAY", "CARRIER_GATEWAY", "INSTANCE", "LOCAL_GATEWAY", "NAT_GATEWAY", "NETWORK_INTERFACE", "VPC_ENDPOINT", "VPC_PEERING_CONNECTION", "EGRESS_ONLY_INTERNET_GATEWAY", "TRANSIT_GATEWAY" # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.internet_gateway_routes[0].destination #=> String # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.internet_gateway_routes[0].target #=> String + # resp.violation_detail.resource_violations[0].third_party_firewall_missing_firewall_violation.violation_target #=> String + # resp.violation_detail.resource_violations[0].third_party_firewall_missing_firewall_violation.vpc #=> String + # resp.violation_detail.resource_violations[0].third_party_firewall_missing_firewall_violation.availability_zone #=> String + # resp.violation_detail.resource_violations[0].third_party_firewall_missing_firewall_violation.target_violation_reason #=> String + # resp.violation_detail.resource_violations[0].third_party_firewall_missing_subnet_violation.violation_target #=> String + # resp.violation_detail.resource_violations[0].third_party_firewall_missing_subnet_violation.vpc #=> String + # resp.violation_detail.resource_violations[0].third_party_firewall_missing_subnet_violation.availability_zone #=> String + # resp.violation_detail.resource_violations[0].third_party_firewall_missing_subnet_violation.target_violation_reason #=> String + # resp.violation_detail.resource_violations[0].third_party_firewall_missing_expected_route_table_violation.violation_target #=> String + # resp.violation_detail.resource_violations[0].third_party_firewall_missing_expected_route_table_violation.vpc #=> String + # resp.violation_detail.resource_violations[0].third_party_firewall_missing_expected_route_table_violation.availability_zone #=> String + # resp.violation_detail.resource_violations[0].third_party_firewall_missing_expected_route_table_violation.current_route_table #=> String + # resp.violation_detail.resource_violations[0].third_party_firewall_missing_expected_route_table_violation.expected_route_table #=> String + # resp.violation_detail.resource_violations[0].firewall_subnet_missing_vpc_endpoint_violation.firewall_subnet_id #=> String + # resp.violation_detail.resource_violations[0].firewall_subnet_missing_vpc_endpoint_violation.vpc_id #=> String + # resp.violation_detail.resource_violations[0].firewall_subnet_missing_vpc_endpoint_violation.subnet_availability_zone #=> String + # resp.violation_detail.resource_violations[0].firewall_subnet_missing_vpc_endpoint_violation.subnet_availability_zone_id #=> String # resp.violation_detail.resource_tags #=> Array # resp.violation_detail.resource_tags[0].key #=> String # resp.violation_detail.resource_tags[0].value #=> String @@ -1406,7 +1517,7 @@ def list_member_accounts(params = {}, options = {}) # resp.policy_list[0].policy_id #=> String # resp.policy_list[0].policy_name #=> String # resp.policy_list[0].resource_type #=> String - # resp.policy_list[0].security_service_type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL" + # resp.policy_list[0].security_service_type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL", "THIRD_PARTY_FIREWALL" # resp.policy_list[0].remediation_enabled #=> Boolean # resp.policy_list[0].delete_unused_fm_managed_resources #=> Boolean # resp.next_token #=> String @@ -1509,6 +1620,63 @@ def list_tags_for_resource(params = {}, options = {}) req.send_request(options) end + # Retrieves a list of all of the third-party firewall policies that are + # associated with the third-party firewall administrator's account. + # + # @option params [required, String] :third_party_firewall + # The name of the third-party firewall vendor. + # + # @option params [String] :next_token + # If the previous response included a `NextToken` element, the specified + # third-party firewall vendor is associated with more third-party + # firewall policies. To get more third-party firewall policies, submit + # another `ListThirdPartyFirewallFirewallPoliciesRequest` request. + # + # For the value of `NextToken`, specify the value of `NextToken` from + # the previous response. If the previous response didn't include a + # `NextToken` element, there are no more third-party firewall policies + # to get. + # + # @option params [required, Integer] :max_results + # The maximum number of third-party firewall policies that you want + # Firewall Manager to return. If the specified third-party firewall + # vendor is associated with more than `MaxResults` firewall policies, + # the response includes a `NextToken` element. `NextToken` contains an + # encrypted token that identifies the first third-party firewall + # policies that Firewall Manager will return if you submit another + # request. + # + # @return [Types::ListThirdPartyFirewallFirewallPoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: + # + # * {Types::ListThirdPartyFirewallFirewallPoliciesResponse#third_party_firewall_firewall_policies #third_party_firewall_firewall_policies} => Array<Types::ThirdPartyFirewallFirewallPolicy> + # * {Types::ListThirdPartyFirewallFirewallPoliciesResponse#next_token #next_token} => String + # + # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}. + # + # @example Request syntax with placeholder values + # + # resp = client.list_third_party_firewall_firewall_policies({ + # third_party_firewall: "PALO_ALTO_NETWORKS_CLOUD_NGFW", # required, accepts PALO_ALTO_NETWORKS_CLOUD_NGFW + # next_token: "PaginationToken", + # max_results: 1, # required + # }) + # + # @example Response structure + # + # resp.third_party_firewall_firewall_policies #=> Array + # resp.third_party_firewall_firewall_policies[0].firewall_policy_id #=> String + # resp.third_party_firewall_firewall_policies[0].firewall_policy_name #=> String + # resp.next_token #=> String + # + # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListThirdPartyFirewallFirewallPolicies AWS API Documentation + # + # @overload list_third_party_firewall_firewall_policies(params = {}) + # @param [Hash] params ({}) + def list_third_party_firewall_firewall_policies(params = {}, options = {}) + req = build_request(:list_third_party_firewall_firewall_policies, params) + req.send_request(options) + end + # Creates an Firewall Manager applications list. # # @option params [required, Types::AppsListData] :apps_list @@ -1675,11 +1843,14 @@ def put_notification_channel(params = {}, options = {}) # policy_name: "ResourceName", # required # policy_update_token: "PolicyUpdateToken", # security_service_policy_data: { # required - # type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL + # type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL, THIRD_PARTY_FIREWALL # managed_service_data: "ManagedServiceData", # policy_option: { # network_firewall_policy: { - # firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED + # firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED + # }, + # third_party_firewall_policy: { + # firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED # }, # }, # }, @@ -1714,9 +1885,10 @@ def put_notification_channel(params = {}, options = {}) # resp.policy.policy_id #=> String # resp.policy.policy_name #=> String # resp.policy.policy_update_token #=> String - # resp.policy.security_service_policy_data.type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL" + # resp.policy.security_service_policy_data.type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL", "THIRD_PARTY_FIREWALL" # resp.policy.security_service_policy_data.managed_service_data #=> String - # resp.policy.security_service_policy_data.policy_option.network_firewall_policy.firewall_deployment_model #=> String, one of "CENTRALIZED" + # resp.policy.security_service_policy_data.policy_option.network_firewall_policy.firewall_deployment_model #=> String, one of "CENTRALIZED", "DISTRIBUTED" + # resp.policy.security_service_policy_data.policy_option.third_party_firewall_policy.firewall_deployment_model #=> String, one of "CENTRALIZED", "DISTRIBUTED" # resp.policy.resource_type #=> String # resp.policy.resource_type_list #=> Array # resp.policy.resource_type_list[0] #=> String @@ -1875,7 +2047,7 @@ def build_request(operation_name, params = {}) params: params, config: config) context[:gem_name] = 'aws-sdk-fms' - context[:gem_version] = '1.48.0' + context[:gem_version] = '1.49.0' Seahorse::Client::Request.new(handlers, context) end diff --git a/gems/aws-sdk-fms/lib/aws-sdk-fms/client_api.rb b/gems/aws-sdk-fms/lib/aws-sdk-fms/client_api.rb index 1f0f5b875de..3216a9a157e 100644 --- a/gems/aws-sdk-fms/lib/aws-sdk-fms/client_api.rb +++ b/gems/aws-sdk-fms/lib/aws-sdk-fms/client_api.rb @@ -22,6 +22,8 @@ module ClientApi AppsListDataSummary = Shapes::StructureShape.new(name: 'AppsListDataSummary') AppsListsData = Shapes::ListShape.new(name: 'AppsListsData') AssociateAdminAccountRequest = Shapes::StructureShape.new(name: 'AssociateAdminAccountRequest') + AssociateThirdPartyFirewallRequest = Shapes::StructureShape.new(name: 'AssociateThirdPartyFirewallRequest') + AssociateThirdPartyFirewallResponse = Shapes::StructureShape.new(name: 'AssociateThirdPartyFirewallResponse') AwsEc2InstanceViolation = Shapes::StructureShape.new(name: 'AwsEc2InstanceViolation') AwsEc2NetworkInterfaceViolation = Shapes::StructureShape.new(name: 'AwsEc2NetworkInterfaceViolation') AwsEc2NetworkInterfaceViolations = Shapes::ListShape.new(name: 'AwsEc2NetworkInterfaceViolations') @@ -44,6 +46,8 @@ module ClientApi DestinationType = Shapes::StringShape.new(name: 'DestinationType') DetailedInfo = Shapes::StringShape.new(name: 'DetailedInfo') DisassociateAdminAccountRequest = Shapes::StructureShape.new(name: 'DisassociateAdminAccountRequest') + DisassociateThirdPartyFirewallRequest = Shapes::StructureShape.new(name: 'DisassociateThirdPartyFirewallRequest') + DisassociateThirdPartyFirewallResponse = Shapes::StructureShape.new(name: 'DisassociateThirdPartyFirewallResponse') DnsDuplicateRuleGroupViolation = Shapes::StructureShape.new(name: 'DnsDuplicateRuleGroupViolation') DnsRuleGroupLimitExceededViolation = Shapes::StructureShape.new(name: 'DnsRuleGroupLimitExceededViolation') DnsRuleGroupPriorities = Shapes::ListShape.new(name: 'DnsRuleGroupPriorities') @@ -63,7 +67,10 @@ module ClientApi ExpectedRoutes = Shapes::ListShape.new(name: 'ExpectedRoutes') FMSPolicyUpdateFirewallCreationConfigAction = Shapes::StructureShape.new(name: 'FMSPolicyUpdateFirewallCreationConfigAction') FirewallDeploymentModel = Shapes::StringShape.new(name: 'FirewallDeploymentModel') + FirewallPolicyId = Shapes::StringShape.new(name: 'FirewallPolicyId') + FirewallPolicyName = Shapes::StringShape.new(name: 'FirewallPolicyName') FirewallSubnetIsOutOfScopeViolation = Shapes::StructureShape.new(name: 'FirewallSubnetIsOutOfScopeViolation') + FirewallSubnetMissingVPCEndpointViolation = Shapes::StructureShape.new(name: 'FirewallSubnetMissingVPCEndpointViolation') GetAdminAccountRequest = Shapes::StructureShape.new(name: 'GetAdminAccountRequest') GetAdminAccountResponse = Shapes::StructureShape.new(name: 'GetAdminAccountResponse') GetAppsListRequest = Shapes::StructureShape.new(name: 'GetAppsListRequest') @@ -78,6 +85,8 @@ module ClientApi GetProtectionStatusResponse = Shapes::StructureShape.new(name: 'GetProtectionStatusResponse') GetProtocolsListRequest = Shapes::StructureShape.new(name: 'GetProtocolsListRequest') GetProtocolsListResponse = Shapes::StructureShape.new(name: 'GetProtocolsListResponse') + GetThirdPartyFirewallAssociationStatusRequest = Shapes::StructureShape.new(name: 'GetThirdPartyFirewallAssociationStatusRequest') + GetThirdPartyFirewallAssociationStatusResponse = Shapes::StructureShape.new(name: 'GetThirdPartyFirewallAssociationStatusResponse') GetViolationDetailsRequest = Shapes::StructureShape.new(name: 'GetViolationDetailsRequest') GetViolationDetailsResponse = Shapes::StructureShape.new(name: 'GetViolationDetailsResponse') IPPortNumber = Shapes::IntegerShape.new(name: 'IPPortNumber') @@ -102,7 +111,10 @@ module ClientApi ListProtocolsListsResponse = Shapes::StructureShape.new(name: 'ListProtocolsListsResponse') ListTagsForResourceRequest = Shapes::StructureShape.new(name: 'ListTagsForResourceRequest') ListTagsForResourceResponse = Shapes::StructureShape.new(name: 'ListTagsForResourceResponse') + ListThirdPartyFirewallFirewallPoliciesRequest = Shapes::StructureShape.new(name: 'ListThirdPartyFirewallFirewallPoliciesRequest') + ListThirdPartyFirewallFirewallPoliciesResponse = Shapes::StructureShape.new(name: 'ListThirdPartyFirewallFirewallPoliciesResponse') ManagedServiceData = Shapes::StringShape.new(name: 'ManagedServiceData') + MarketplaceSubscriptionOnboardingStatus = Shapes::StringShape.new(name: 'MarketplaceSubscriptionOnboardingStatus') MemberAccounts = Shapes::ListShape.new(name: 'MemberAccounts') NetworkFirewallAction = Shapes::StringShape.new(name: 'NetworkFirewallAction') NetworkFirewallActionList = Shapes::ListShape.new(name: 'NetworkFirewallActionList') @@ -195,6 +207,14 @@ module ClientApi TargetType = Shapes::StringShape.new(name: 'TargetType') TargetViolationReason = Shapes::StringShape.new(name: 'TargetViolationReason') TargetViolationReasons = Shapes::ListShape.new(name: 'TargetViolationReasons') + ThirdPartyFirewall = Shapes::StringShape.new(name: 'ThirdPartyFirewall') + ThirdPartyFirewallAssociationStatus = Shapes::StringShape.new(name: 'ThirdPartyFirewallAssociationStatus') + ThirdPartyFirewallFirewallPolicies = Shapes::ListShape.new(name: 'ThirdPartyFirewallFirewallPolicies') + ThirdPartyFirewallFirewallPolicy = Shapes::StructureShape.new(name: 'ThirdPartyFirewallFirewallPolicy') + ThirdPartyFirewallMissingExpectedRouteTableViolation = Shapes::StructureShape.new(name: 'ThirdPartyFirewallMissingExpectedRouteTableViolation') + ThirdPartyFirewallMissingFirewallViolation = Shapes::StructureShape.new(name: 'ThirdPartyFirewallMissingFirewallViolation') + ThirdPartyFirewallMissingSubnetViolation = Shapes::StructureShape.new(name: 'ThirdPartyFirewallMissingSubnetViolation') + ThirdPartyFirewallPolicy = Shapes::StructureShape.new(name: 'ThirdPartyFirewallPolicy') TimeStamp = Shapes::TimestampShape.new(name: 'TimeStamp') UntagResourceRequest = Shapes::StructureShape.new(name: 'UntagResourceRequest') UntagResourceResponse = Shapes::StructureShape.new(name: 'UntagResourceResponse') @@ -234,6 +254,12 @@ module ClientApi AssociateAdminAccountRequest.add_member(:admin_account, Shapes::ShapeRef.new(shape: AWSAccountId, required: true, location_name: "AdminAccount")) AssociateAdminAccountRequest.struct_class = Types::AssociateAdminAccountRequest + AssociateThirdPartyFirewallRequest.add_member(:third_party_firewall, Shapes::ShapeRef.new(shape: ThirdPartyFirewall, required: true, location_name: "ThirdPartyFirewall")) + AssociateThirdPartyFirewallRequest.struct_class = Types::AssociateThirdPartyFirewallRequest + + AssociateThirdPartyFirewallResponse.add_member(:third_party_firewall_status, Shapes::ShapeRef.new(shape: ThirdPartyFirewallAssociationStatus, location_name: "ThirdPartyFirewallStatus")) + AssociateThirdPartyFirewallResponse.struct_class = Types::AssociateThirdPartyFirewallResponse + AwsEc2InstanceViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget")) AwsEc2InstanceViolation.add_member(:aws_ec2_network_interface_violations, Shapes::ShapeRef.new(shape: AwsEc2NetworkInterfaceViolations, location_name: "AwsEc2NetworkInterfaceViolations")) AwsEc2InstanceViolation.struct_class = Types::AwsEc2InstanceViolation @@ -280,6 +306,12 @@ module ClientApi DisassociateAdminAccountRequest.struct_class = Types::DisassociateAdminAccountRequest + DisassociateThirdPartyFirewallRequest.add_member(:third_party_firewall, Shapes::ShapeRef.new(shape: ThirdPartyFirewall, required: true, location_name: "ThirdPartyFirewall")) + DisassociateThirdPartyFirewallRequest.struct_class = Types::DisassociateThirdPartyFirewallRequest + + DisassociateThirdPartyFirewallResponse.add_member(:third_party_firewall_status, Shapes::ShapeRef.new(shape: ThirdPartyFirewallAssociationStatus, location_name: "ThirdPartyFirewallStatus")) + DisassociateThirdPartyFirewallResponse.struct_class = Types::DisassociateThirdPartyFirewallResponse + DnsDuplicateRuleGroupViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget")) DnsDuplicateRuleGroupViolation.add_member(:violation_target_description, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "ViolationTargetDescription")) DnsDuplicateRuleGroupViolation.struct_class = Types::DnsDuplicateRuleGroupViolation @@ -370,6 +402,12 @@ module ClientApi FirewallSubnetIsOutOfScopeViolation.add_member(:vpc_endpoint_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "VpcEndpointId")) FirewallSubnetIsOutOfScopeViolation.struct_class = Types::FirewallSubnetIsOutOfScopeViolation + FirewallSubnetMissingVPCEndpointViolation.add_member(:firewall_subnet_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "FirewallSubnetId")) + FirewallSubnetMissingVPCEndpointViolation.add_member(:vpc_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "VpcId")) + FirewallSubnetMissingVPCEndpointViolation.add_member(:subnet_availability_zone, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "SubnetAvailabilityZone")) + FirewallSubnetMissingVPCEndpointViolation.add_member(:subnet_availability_zone_id, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "SubnetAvailabilityZoneId")) + FirewallSubnetMissingVPCEndpointViolation.struct_class = Types::FirewallSubnetMissingVPCEndpointViolation + GetAdminAccountRequest.struct_class = Types::GetAdminAccountRequest GetAdminAccountResponse.add_member(:admin_account, Shapes::ShapeRef.new(shape: AWSAccountId, location_name: "AdminAccount")) @@ -426,6 +464,13 @@ module ClientApi GetProtocolsListResponse.add_member(:protocols_list_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "ProtocolsListArn")) GetProtocolsListResponse.struct_class = Types::GetProtocolsListResponse + GetThirdPartyFirewallAssociationStatusRequest.add_member(:third_party_firewall, Shapes::ShapeRef.new(shape: ThirdPartyFirewall, required: true, location_name: "ThirdPartyFirewall")) + GetThirdPartyFirewallAssociationStatusRequest.struct_class = Types::GetThirdPartyFirewallAssociationStatusRequest + + GetThirdPartyFirewallAssociationStatusResponse.add_member(:third_party_firewall_status, Shapes::ShapeRef.new(shape: ThirdPartyFirewallAssociationStatus, location_name: "ThirdPartyFirewallStatus")) + GetThirdPartyFirewallAssociationStatusResponse.add_member(:marketplace_onboarding_status, Shapes::ShapeRef.new(shape: MarketplaceSubscriptionOnboardingStatus, location_name: "MarketplaceOnboardingStatus")) + GetThirdPartyFirewallAssociationStatusResponse.struct_class = Types::GetThirdPartyFirewallAssociationStatusResponse + GetViolationDetailsRequest.add_member(:policy_id, Shapes::ShapeRef.new(shape: PolicyId, required: true, location_name: "PolicyId")) GetViolationDetailsRequest.add_member(:member_account, Shapes::ShapeRef.new(shape: AWSAccountId, required: true, location_name: "MemberAccount")) GetViolationDetailsRequest.add_member(:resource_id, Shapes::ShapeRef.new(shape: ResourceId, required: true, location_name: "ResourceId")) @@ -504,6 +549,15 @@ module ClientApi ListTagsForResourceResponse.add_member(:tag_list, Shapes::ShapeRef.new(shape: TagList, location_name: "TagList")) ListTagsForResourceResponse.struct_class = Types::ListTagsForResourceResponse + ListThirdPartyFirewallFirewallPoliciesRequest.add_member(:third_party_firewall, Shapes::ShapeRef.new(shape: ThirdPartyFirewall, required: true, location_name: "ThirdPartyFirewall")) + ListThirdPartyFirewallFirewallPoliciesRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: PaginationToken, location_name: "NextToken")) + ListThirdPartyFirewallFirewallPoliciesRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: PaginationMaxResults, required: true, location_name: "MaxResults")) + ListThirdPartyFirewallFirewallPoliciesRequest.struct_class = Types::ListThirdPartyFirewallFirewallPoliciesRequest + + ListThirdPartyFirewallFirewallPoliciesResponse.add_member(:third_party_firewall_firewall_policies, Shapes::ShapeRef.new(shape: ThirdPartyFirewallFirewallPolicies, location_name: "ThirdPartyFirewallFirewallPolicies")) + ListThirdPartyFirewallFirewallPoliciesResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: PaginationToken, location_name: "NextToken")) + ListThirdPartyFirewallFirewallPoliciesResponse.struct_class = Types::ListThirdPartyFirewallFirewallPoliciesResponse + MemberAccounts.member = Shapes::ShapeRef.new(shape: AWSAccountId) NetworkFirewallActionList.member = Shapes::ShapeRef.new(shape: NetworkFirewallAction) @@ -644,6 +698,7 @@ module ClientApi PolicyComplianceStatusList.member = Shapes::ShapeRef.new(shape: PolicyComplianceStatus) PolicyOption.add_member(:network_firewall_policy, Shapes::ShapeRef.new(shape: NetworkFirewallPolicy, location_name: "NetworkFirewallPolicy")) + PolicyOption.add_member(:third_party_firewall_policy, Shapes::ShapeRef.new(shape: ThirdPartyFirewallPolicy, location_name: "ThirdPartyFirewallPolicy")) PolicyOption.struct_class = Types::PolicyOption PolicySummary.add_member(:policy_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "PolicyArn")) @@ -768,6 +823,10 @@ module ClientApi ResourceViolation.add_member(:possible_remediation_actions, Shapes::ShapeRef.new(shape: PossibleRemediationActions, location_name: "PossibleRemediationActions")) ResourceViolation.add_member(:firewall_subnet_is_out_of_scope_violation, Shapes::ShapeRef.new(shape: FirewallSubnetIsOutOfScopeViolation, location_name: "FirewallSubnetIsOutOfScopeViolation")) ResourceViolation.add_member(:route_has_out_of_scope_endpoint_violation, Shapes::ShapeRef.new(shape: RouteHasOutOfScopeEndpointViolation, location_name: "RouteHasOutOfScopeEndpointViolation")) + ResourceViolation.add_member(:third_party_firewall_missing_firewall_violation, Shapes::ShapeRef.new(shape: ThirdPartyFirewallMissingFirewallViolation, location_name: "ThirdPartyFirewallMissingFirewallViolation")) + ResourceViolation.add_member(:third_party_firewall_missing_subnet_violation, Shapes::ShapeRef.new(shape: ThirdPartyFirewallMissingSubnetViolation, location_name: "ThirdPartyFirewallMissingSubnetViolation")) + ResourceViolation.add_member(:third_party_firewall_missing_expected_route_table_violation, Shapes::ShapeRef.new(shape: ThirdPartyFirewallMissingExpectedRouteTableViolation, location_name: "ThirdPartyFirewallMissingExpectedRouteTableViolation")) + ResourceViolation.add_member(:firewall_subnet_missing_vpc_endpoint_violation, Shapes::ShapeRef.new(shape: FirewallSubnetMissingVPCEndpointViolation, location_name: "FirewallSubnetMissingVPCEndpointViolation")) ResourceViolation.struct_class = Types::ResourceViolation ResourceViolations.member = Shapes::ShapeRef.new(shape: ResourceViolation) @@ -844,6 +903,34 @@ module ClientApi TargetViolationReasons.member = Shapes::ShapeRef.new(shape: TargetViolationReason) + ThirdPartyFirewallFirewallPolicies.member = Shapes::ShapeRef.new(shape: ThirdPartyFirewallFirewallPolicy) + + ThirdPartyFirewallFirewallPolicy.add_member(:firewall_policy_id, Shapes::ShapeRef.new(shape: FirewallPolicyId, location_name: "FirewallPolicyId")) + ThirdPartyFirewallFirewallPolicy.add_member(:firewall_policy_name, Shapes::ShapeRef.new(shape: FirewallPolicyName, location_name: "FirewallPolicyName")) + ThirdPartyFirewallFirewallPolicy.struct_class = Types::ThirdPartyFirewallFirewallPolicy + + ThirdPartyFirewallMissingExpectedRouteTableViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget")) + ThirdPartyFirewallMissingExpectedRouteTableViolation.add_member(:vpc, Shapes::ShapeRef.new(shape: ResourceId, location_name: "VPC")) + ThirdPartyFirewallMissingExpectedRouteTableViolation.add_member(:availability_zone, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "AvailabilityZone")) + ThirdPartyFirewallMissingExpectedRouteTableViolation.add_member(:current_route_table, Shapes::ShapeRef.new(shape: ResourceId, location_name: "CurrentRouteTable")) + ThirdPartyFirewallMissingExpectedRouteTableViolation.add_member(:expected_route_table, Shapes::ShapeRef.new(shape: ResourceId, location_name: "ExpectedRouteTable")) + ThirdPartyFirewallMissingExpectedRouteTableViolation.struct_class = Types::ThirdPartyFirewallMissingExpectedRouteTableViolation + + ThirdPartyFirewallMissingFirewallViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget")) + ThirdPartyFirewallMissingFirewallViolation.add_member(:vpc, Shapes::ShapeRef.new(shape: ResourceId, location_name: "VPC")) + ThirdPartyFirewallMissingFirewallViolation.add_member(:availability_zone, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "AvailabilityZone")) + ThirdPartyFirewallMissingFirewallViolation.add_member(:target_violation_reason, Shapes::ShapeRef.new(shape: TargetViolationReason, location_name: "TargetViolationReason")) + ThirdPartyFirewallMissingFirewallViolation.struct_class = Types::ThirdPartyFirewallMissingFirewallViolation + + ThirdPartyFirewallMissingSubnetViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget")) + ThirdPartyFirewallMissingSubnetViolation.add_member(:vpc, Shapes::ShapeRef.new(shape: ResourceId, location_name: "VPC")) + ThirdPartyFirewallMissingSubnetViolation.add_member(:availability_zone, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "AvailabilityZone")) + ThirdPartyFirewallMissingSubnetViolation.add_member(:target_violation_reason, Shapes::ShapeRef.new(shape: TargetViolationReason, location_name: "TargetViolationReason")) + ThirdPartyFirewallMissingSubnetViolation.struct_class = Types::ThirdPartyFirewallMissingSubnetViolation + + ThirdPartyFirewallPolicy.add_member(:firewall_deployment_model, Shapes::ShapeRef.new(shape: FirewallDeploymentModel, location_name: "FirewallDeploymentModel")) + ThirdPartyFirewallPolicy.struct_class = Types::ThirdPartyFirewallPolicy + UntagResourceRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: ResourceArn, required: true, location_name: "ResourceArn")) UntagResourceRequest.add_member(:tag_keys, Shapes::ShapeRef.new(shape: TagKeyList, required: true, location_name: "TagKeys")) UntagResourceRequest.struct_class = Types::UntagResourceRequest @@ -891,6 +978,18 @@ module ClientApi o.errors << Shapes::ShapeRef.new(shape: LimitExceededException) end) + api.add_operation(:associate_third_party_firewall, Seahorse::Model::Operation.new.tap do |o| + o.name = "AssociateThirdPartyFirewall" + o.http_method = "POST" + o.http_request_uri = "/" + o.input = Shapes::ShapeRef.new(shape: AssociateThirdPartyFirewallRequest) + o.output = Shapes::ShapeRef.new(shape: AssociateThirdPartyFirewallResponse) + o.errors << Shapes::ShapeRef.new(shape: InvalidOperationException) + o.errors << Shapes::ShapeRef.new(shape: InvalidInputException) + o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException) + o.errors << Shapes::ShapeRef.new(shape: InternalErrorException) + end) + api.add_operation(:delete_apps_list, Seahorse::Model::Operation.new.tap do |o| o.name = "DeleteAppsList" o.http_method = "POST" @@ -948,6 +1047,18 @@ module ClientApi o.errors << Shapes::ShapeRef.new(shape: InternalErrorException) end) + api.add_operation(:disassociate_third_party_firewall, Seahorse::Model::Operation.new.tap do |o| + o.name = "DisassociateThirdPartyFirewall" + o.http_method = "POST" + o.http_request_uri = "/" + o.input = Shapes::ShapeRef.new(shape: DisassociateThirdPartyFirewallRequest) + o.output = Shapes::ShapeRef.new(shape: DisassociateThirdPartyFirewallResponse) + o.errors << Shapes::ShapeRef.new(shape: InvalidOperationException) + o.errors << Shapes::ShapeRef.new(shape: InvalidInputException) + o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException) + o.errors << Shapes::ShapeRef.new(shape: InternalErrorException) + end) + api.add_operation(:get_admin_account, Seahorse::Model::Operation.new.tap do |o| o.name = "GetAdminAccount" o.http_method = "POST" @@ -1027,6 +1138,18 @@ module ClientApi o.errors << Shapes::ShapeRef.new(shape: InternalErrorException) end) + api.add_operation(:get_third_party_firewall_association_status, Seahorse::Model::Operation.new.tap do |o| + o.name = "GetThirdPartyFirewallAssociationStatus" + o.http_method = "POST" + o.http_request_uri = "/" + o.input = Shapes::ShapeRef.new(shape: GetThirdPartyFirewallAssociationStatusRequest) + o.output = Shapes::ShapeRef.new(shape: GetThirdPartyFirewallAssociationStatusResponse) + o.errors << Shapes::ShapeRef.new(shape: InvalidOperationException) + o.errors << Shapes::ShapeRef.new(shape: InvalidInputException) + o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException) + o.errors << Shapes::ShapeRef.new(shape: InternalErrorException) + end) + api.add_operation(:get_violation_details, Seahorse::Model::Operation.new.tap do |o| o.name = "GetViolationDetails" o.http_method = "POST" @@ -1135,6 +1258,24 @@ module ClientApi o.errors << Shapes::ShapeRef.new(shape: InvalidInputException) end) + api.add_operation(:list_third_party_firewall_firewall_policies, Seahorse::Model::Operation.new.tap do |o| + o.name = "ListThirdPartyFirewallFirewallPolicies" + o.http_method = "POST" + o.http_request_uri = "/" + o.input = Shapes::ShapeRef.new(shape: ListThirdPartyFirewallFirewallPoliciesRequest) + o.output = Shapes::ShapeRef.new(shape: ListThirdPartyFirewallFirewallPoliciesResponse) + o.errors << Shapes::ShapeRef.new(shape: InvalidOperationException) + o.errors << Shapes::ShapeRef.new(shape: InvalidInputException) + o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException) + o.errors << Shapes::ShapeRef.new(shape: InternalErrorException) + o[:pager] = Aws::Pager.new( + limit_key: "max_results", + tokens: { + "next_token" => "next_token" + } + ) + end) + api.add_operation(:put_apps_list, Seahorse::Model::Operation.new.tap do |o| o.name = "PutAppsList" o.http_method = "POST" diff --git a/gems/aws-sdk-fms/lib/aws-sdk-fms/types.rb b/gems/aws-sdk-fms/lib/aws-sdk-fms/types.rb index f1b964999db..bba84abbe0d 100644 --- a/gems/aws-sdk-fms/lib/aws-sdk-fms/types.rb +++ b/gems/aws-sdk-fms/lib/aws-sdk-fms/types.rb @@ -200,6 +200,54 @@ class AssociateAdminAccountRequest < Struct.new( include Aws::Structure end + # @note When making an API call, you may pass AssociateThirdPartyFirewallRequest + # data as a hash: + # + # { + # third_party_firewall: "PALO_ALTO_NETWORKS_CLOUD_NGFW", # required, accepts PALO_ALTO_NETWORKS_CLOUD_NGFW + # } + # + # @!attribute [rw] third_party_firewall + # The name of the third-party firewall vendor. + # @return [String] + # + # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AssociateThirdPartyFirewallRequest AWS API Documentation + # + class AssociateThirdPartyFirewallRequest < Struct.new( + :third_party_firewall) + SENSITIVE = [] + include Aws::Structure + end + + # @!attribute [rw] third_party_firewall_status + # The current status for setting a Firewall Manager policy + # administrator's account as an administrator of the third-party + # firewall tenant. + # + # * `ONBOARDING` - The Firewall Manager policy administrator is being + # designated as a tenant administrator. + # + # * `ONBOARD_COMPLETE` - The Firewall Manager policy administrator is + # designated as a tenant administrator. + # + # * `OFFBOARDING` - The Firewall Manager policy administrator is being + # removed as a tenant administrator. + # + # * `OFFBOARD_COMPLETE` - The Firewall Manager policy administrator + # has been removed as a tenant administrator. + # + # * `NOT_EXIST` - The Firewall Manager policy administrator doesn't + # exist as a tenant administrator. + # @return [String] + # + # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AssociateThirdPartyFirewallResponse AWS API Documentation + # + class AssociateThirdPartyFirewallResponse < Struct.new( + :third_party_firewall_status) + SENSITIVE = [] + include Aws::Structure + end + # Violation detail for an EC2 instance resource. # # @!attribute [rw] violation_target @@ -418,6 +466,38 @@ class DeleteProtocolsListRequest < Struct.new( # class DisassociateAdminAccountRequest < Aws::EmptyStructure; end + # @note When making an API call, you may pass DisassociateThirdPartyFirewallRequest + # data as a hash: + # + # { + # third_party_firewall: "PALO_ALTO_NETWORKS_CLOUD_NGFW", # required, accepts PALO_ALTO_NETWORKS_CLOUD_NGFW + # } + # + # @!attribute [rw] third_party_firewall + # The name of the third-party firewall vendor. + # @return [String] + # + # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DisassociateThirdPartyFirewallRequest AWS API Documentation + # + class DisassociateThirdPartyFirewallRequest < Struct.new( + :third_party_firewall) + SENSITIVE = [] + include Aws::Structure + end + + # @!attribute [rw] third_party_firewall_status + # The current status for the disassociation of a Firewall Manager + # administrators account with a third-party firewall. + # @return [String] + # + # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DisassociateThirdPartyFirewallResponse AWS API Documentation + # + class DisassociateThirdPartyFirewallResponse < Struct.new( + :third_party_firewall_status) + SENSITIVE = [] + include Aws::Structure + end + # A DNS Firewall rule group that Firewall Manager tried to associate # with a VPC is already associated with the VPC and can't be associated # again. @@ -883,6 +963,36 @@ class FirewallSubnetIsOutOfScopeViolation < Struct.new( include Aws::Structure end + # The violation details for a firewall subnet's VPC endpoint that's + # deleted or missing. + # + # @!attribute [rw] firewall_subnet_id + # The ID of the firewall that this VPC endpoint is associated with. + # @return [String] + # + # @!attribute [rw] vpc_id + # The resource ID of the VPC associated with the deleted VPC subnet. + # @return [String] + # + # @!attribute [rw] subnet_availability_zone + # The name of the Availability Zone of the deleted VPC subnet. + # @return [String] + # + # @!attribute [rw] subnet_availability_zone_id + # The ID of the Availability Zone of the deleted VPC subnet. + # @return [String] + # + # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/FirewallSubnetMissingVPCEndpointViolation AWS API Documentation + # + class FirewallSubnetMissingVPCEndpointViolation < Struct.new( + :firewall_subnet_id, + :vpc_id, + :subnet_availability_zone, + :subnet_availability_zone_id) + SENSITIVE = [] + include Aws::Structure + end + # @api private # # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetAdminAccountRequest AWS API Documentation @@ -1213,6 +1323,73 @@ class GetProtocolsListResponse < Struct.new( include Aws::Structure end + # @note When making an API call, you may pass GetThirdPartyFirewallAssociationStatusRequest + # data as a hash: + # + # { + # third_party_firewall: "PALO_ALTO_NETWORKS_CLOUD_NGFW", # required, accepts PALO_ALTO_NETWORKS_CLOUD_NGFW + # } + # + # @!attribute [rw] third_party_firewall + # The name of the third-party firewall vendor. + # @return [String] + # + # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetThirdPartyFirewallAssociationStatusRequest AWS API Documentation + # + class GetThirdPartyFirewallAssociationStatusRequest < Struct.new( + :third_party_firewall) + SENSITIVE = [] + include Aws::Structure + end + + # @!attribute [rw] third_party_firewall_status + # The current status for setting a Firewall Manager policy + # administrators account as an administrator of the third-party + # firewall tenant. + # + # * `ONBOARDING` - The Firewall Manager policy administrator is being + # designated as a tenant administrator. + # + # * `ONBOARD_COMPLETE` - The Firewall Manager policy administrator is + # designated as a tenant administrator. + # + # * `OFFBOARDING` - The Firewall Manager policy administrator is being + # removed as a tenant administrator. + # + # * `OFFBOARD_COMPLETE` - The Firewall Manager policy administrator + # has been removed as a tenant administrator. + # + # * `NOT_EXIST` - The Firewall Manager policy administrator doesn't + # exist as a tenant administrator. + # @return [String] + # + # @!attribute [rw] marketplace_onboarding_status + # The status for subscribing to the third-party firewall vendor in the + # AWS Marketplace. + # + # * `NO_SUBSCRIPTION` - The Firewall Manager policy administrator + # isn't subscribed to the third-party firewall service in the AWS + # Marketplace. + # + # * `NOT_COMPLETE` - The Firewall Manager policy administrator is in + # the process of subscribing to the third-party firewall service in + # the Amazon Web Services Marketplace, but doesn't yet have an + # active subscription. + # + # * `COMPLETE` - The Firewall Manager policy administrator has an + # active subscription to the third-party firewall service in the + # Amazon Web Services Marketplace. + # @return [String] + # + # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetThirdPartyFirewallAssociationStatusResponse AWS API Documentation + # + class GetThirdPartyFirewallAssociationStatusResponse < Struct.new( + :third_party_firewall_status, + :marketplace_onboarding_status) + SENSITIVE = [] + include Aws::Structure + end + # @note When making an API call, you may pass GetViolationDetailsRequest # data as a hash: # @@ -1683,6 +1860,74 @@ class ListTagsForResourceResponse < Struct.new( include Aws::Structure end + # @note When making an API call, you may pass ListThirdPartyFirewallFirewallPoliciesRequest + # data as a hash: + # + # { + # third_party_firewall: "PALO_ALTO_NETWORKS_CLOUD_NGFW", # required, accepts PALO_ALTO_NETWORKS_CLOUD_NGFW + # next_token: "PaginationToken", + # max_results: 1, # required + # } + # + # @!attribute [rw] third_party_firewall + # The name of the third-party firewall vendor. + # @return [String] + # + # @!attribute [rw] next_token + # If the previous response included a `NextToken` element, the + # specified third-party firewall vendor is associated with more + # third-party firewall policies. To get more third-party firewall + # policies, submit another + # `ListThirdPartyFirewallFirewallPoliciesRequest` request. + # + # For the value of `NextToken`, specify the value of `NextToken` from + # the previous response. If the previous response didn't include a + # `NextToken` element, there are no more third-party firewall policies + # to get. + # @return [String] + # + # @!attribute [rw] max_results + # The maximum number of third-party firewall policies that you want + # Firewall Manager to return. If the specified third-party firewall + # vendor is associated with more than `MaxResults` firewall policies, + # the response includes a `NextToken` element. `NextToken` contains an + # encrypted token that identifies the first third-party firewall + # policies that Firewall Manager will return if you submit another + # request. + # @return [Integer] + # + # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListThirdPartyFirewallFirewallPoliciesRequest AWS API Documentation + # + class ListThirdPartyFirewallFirewallPoliciesRequest < Struct.new( + :third_party_firewall, + :next_token, + :max_results) + SENSITIVE = [] + include Aws::Structure + end + + # @!attribute [rw] third_party_firewall_firewall_policies + # A list that contains one `ThirdPartyFirewallFirewallPolicies` + # element for each third-party firewall policies that the specified + # third-party firewall vendor is associated with. Each + # `ThirdPartyFirewallFirewallPolicies` element contains the firewall + # policy name and ID. + # @return [Array] + # + # @!attribute [rw] next_token + # The value that you will use for `NextToken` in the next + # `ListThirdPartyFirewallFirewallPolicies` request. + # @return [String] + # + # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListThirdPartyFirewallFirewallPoliciesResponse AWS API Documentation + # + class ListThirdPartyFirewallFirewallPoliciesResponse < Struct.new( + :third_party_firewall_firewall_policies, + :next_token) + SENSITIVE = [] + include Aws::Structure + end + # Violation detail for an internet gateway route with an inactive state # in the customer subnet route table or Network Firewall subnet route # table. @@ -2026,7 +2271,7 @@ class NetworkFirewallMissingSubnetViolation < Struct.new( # data as a hash: # # { - # firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED + # firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED # } # # @!attribute [rw] firewall_deployment_model @@ -2208,11 +2453,14 @@ class PartialMatch < Struct.new( # policy_name: "ResourceName", # required # policy_update_token: "PolicyUpdateToken", # security_service_policy_data: { # required - # type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL + # type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL, THIRD_PARTY_FIREWALL # managed_service_data: "ManagedServiceData", # policy_option: { # network_firewall_policy: { - # firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED + # firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED + # }, + # third_party_firewall_policy: { + # firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED # }, # }, # }, @@ -2295,9 +2543,6 @@ class PartialMatch < Struct.new( # `ResourceTag` array are not in scope of the policy. If set to # `False`, and the `ResourceTag` array is not null, only resources # with the specified tags are in scope of the policy. - # - # This option isn't available for the centralized deployment model - # when creating policies to configure Network Firewall. # @return [Boolean] # # @!attribute [rw] remediation_enabled @@ -2348,9 +2593,6 @@ class PartialMatch < Struct.new( # a comma. For example, the following is a valid map: `\{“ACCOUNT” : # [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, # “ouid112”]\}`. - # - # This option isn't available for the centralized deployment model - # when creating policies to configure Network Firewall. # @return [Hash>] # # @!attribute [rw] exclude_map @@ -2381,9 +2623,6 @@ class PartialMatch < Struct.new( # a comma. For example, the following is a valid map: `\{“ACCOUNT” : # [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, # “ouid112”]\}`. - # - # This option isn't available for the centralized deployment model - # when creating policies to configure Network Firewall. # @return [Hash>] # # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/Policy AWS API Documentation @@ -2517,7 +2756,10 @@ class PolicyComplianceStatus < Struct.new( # # { # network_firewall_policy: { - # firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED + # firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED + # }, + # third_party_firewall_policy: { + # firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED # }, # } # @@ -2525,10 +2767,15 @@ class PolicyComplianceStatus < Struct.new( # Defines the deployment model to use for the firewall policy. # @return [Types::NetworkFirewallPolicy] # + # @!attribute [rw] third_party_firewall_policy + # Defines the policy options for a third-party firewall policy. + # @return [Types::ThirdPartyFirewallPolicy] + # # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PolicyOption AWS API Documentation # class PolicyOption < Struct.new( - :network_firewall_policy) + :network_firewall_policy, + :third_party_firewall_policy) SENSITIVE = [] include Aws::Structure end @@ -2847,11 +3094,14 @@ class PutNotificationChannelRequest < Struct.new( # policy_name: "ResourceName", # required # policy_update_token: "PolicyUpdateToken", # security_service_policy_data: { # required - # type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL + # type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL, THIRD_PARTY_FIREWALL # managed_service_data: "ManagedServiceData", # policy_option: { # network_firewall_policy: { - # firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED + # firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED + # }, + # third_party_firewall_policy: { + # firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED # }, # }, # }, @@ -3201,6 +3451,27 @@ class ResourceTag < Struct.new( # scope. # @return [Types::RouteHasOutOfScopeEndpointViolation] # + # @!attribute [rw] third_party_firewall_missing_firewall_violation + # The violation details for a third-party firewall that's been + # deleted. + # @return [Types::ThirdPartyFirewallMissingFirewallViolation] + # + # @!attribute [rw] third_party_firewall_missing_subnet_violation + # The violation details for a third-party firewall's subnet that's + # been deleted. + # @return [Types::ThirdPartyFirewallMissingSubnetViolation] + # + # @!attribute [rw] third_party_firewall_missing_expected_route_table_violation + # The violation details for a third-party firewall that has the + # Firewall Manager managed route table that was associated with the + # third-party firewall has been deleted. + # @return [Types::ThirdPartyFirewallMissingExpectedRouteTableViolation] + # + # @!attribute [rw] firewall_subnet_missing_vpc_endpoint_violation + # The violation details for a third-party firewall's VPC endpoint + # subnet that was deleted. + # @return [Types::FirewallSubnetMissingVPCEndpointViolation] + # # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ResourceViolation AWS API Documentation # class ResourceViolation < Struct.new( @@ -3222,7 +3493,11 @@ class ResourceViolation < Struct.new( :dns_rule_group_limit_exceeded_violation, :possible_remediation_actions, :firewall_subnet_is_out_of_scope_violation, - :route_has_out_of_scope_endpoint_violation) + :route_has_out_of_scope_endpoint_violation, + :third_party_firewall_missing_firewall_violation, + :third_party_firewall_missing_subnet_violation, + :third_party_firewall_missing_expected_route_table_violation, + :firewall_subnet_missing_vpc_endpoint_violation) SENSITIVE = [] include Aws::Structure end @@ -3406,11 +3681,14 @@ class SecurityGroupRuleDescription < Struct.new( # data as a hash: # # { - # type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL + # type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL, THIRD_PARTY_FIREWALL # managed_service_data: "ManagedServiceData", # policy_option: { # network_firewall_policy: { - # firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED + # firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED + # }, + # third_party_firewall_policy: { + # firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED # }, # }, # } @@ -3439,12 +3717,15 @@ class SecurityGroupRuleDescription < Struct.new( # # # - # * Example: `NETWORK_FIREWALL` - Centralized deployment model. + # * Example: `DNS_FIREWALL` + # + # `"\{"type":"DNS_FIREWALL","preProcessRuleGroups":[\{"ruleGroupId":"rslvr-frg-1","priority":10\}],"postProcessRuleGroups":[\{"ruleGroupId":"rslvr-frg-2","priority":9911\}]\}"` # - # `"\{"type":"NETWORK_FIREWALL","awsNetworkFirewallConfig":\{"networkFirewallStatelessRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test","priority":1\}],"networkFirewallStatelessDefaultActions":["aws:forward_to_sfe","customActionName"],"networkFirewallStatelessFragmentDefaultActions":["aws:forward_to_sfe","customActionName"],"networkFirewallStatelessCustomActions":[\{"actionName":"customActionName","actionDefinition":\{"publishMetricAction":\{"dimensions":[\{"value":"metricdimensionvalue"\}]\}\}\}],"networkFirewallStatefulRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test"\}],"networkFirewallLoggingConfiguration":\{"logDestinationConfigs":[\{"logDestinationType":"S3","logType":"ALERT","logDestination":\{"bucketName":"s3-bucket-name"\}\},\{"logDestinationType":"S3","logType":"FLOW","logDestination":\{"bucketName":"s3-bucket-name"\}\}],"overrideExistingConfig":true\}\},"firewallDeploymentModel":\{"centralizedFirewallDeploymentModel":\{"centralizedFirewallOrchestrationConfig":\{"inspectionVpcIds":[\{"resourceId":"vpc-1234","accountId":"123456789011"\}],"firewallCreationConfig":\{"endpointLocation":\{"availabilityZoneConfigList":[\{"availabilityZoneId":null,"availabilityZoneName":"us-east-1a","allowedIPV4CidrList":["10.0.0.0/28"]\}]\}\},"allowedIPV4CidrList":[]\}\}\}\}"` + # Valid values for `preProcessRuleGroups` are between 1 and 99. + # Valid values for `postProcessRuleGroups` are between 9901 and + # 10000. # - # To use the centralized deployment model, you must set - # [PolicyOption][1] to `CENTRALIZED`. + # # # * Example: `NETWORK_FIREWALL` - Distributed deployment model with # automatic Availability Zone configuration. With automatic @@ -3588,6 +3869,10 @@ class SecurityGroupRuleDescription < Struct.new( # "logDestination":\{ "bucketName":"s3-bucket-name" \} \} ], # "overrideExistingConfig":boolean \} \}"` # + # * Example: `PARTNER_FIREWALL` for Firewall Manager + # + # `"\{"type":"THIRD_PARTY_FIREWALL","thirdPartyrFirewall":"PALO_ALTO_NETWORKS_CLOUD_NGFW","thirdPartyFirewallConfig":\{"thirdPartyFirewallPolicyList":["global-123456789012-1"],"networkFirewallLoggingConfiguration":null\},"firewallDeploymentModel":\{"distributedFirewallDeploymentModel":\{"distributedFirewallOrchestrationConfig":\{"firewallCreationConfig":\{"endpointLocation":\{"availabilityZoneConfigList":[\{"availabilityZoneId":null,"availabilityZoneName":"us-east-1a","allowedIPV4CidrList":["10.0.1.0/28"]\}]\}\},"allowedIPV4CidrList":null\},"distributedRouteManagementConfig":null\},"centralizedFirewallDeploymentModel":null\}\}""` + # # * Specification for `SHIELD_ADVANCED` for Amazon CloudFront # distributions # @@ -3626,6 +3911,18 @@ class SecurityGroupRuleDescription < Struct.new( # "overrideAction" : \{"type": "COUNT"\}\}], # "defaultAction": \{"type": "BLOCK"\}\}"` # + # * Example: `WAFV2` - Firewall Manager support for WAF managed rule + # group versioning + # + # `"\{"type":"WAFV2","preProcessRuleGroups":[\{"ruleGroupArn":null,"overrideAction":\{"type":"NONE"\},"managedRuleGroupIdentifier":\{"versionEnabled":true,"version":"Version_2.0","vendorName":"AWS","managedRuleGroupName":"AWSManagedRulesCommonRuleSet"\},"ruleGroupType":"ManagedRuleGroup","excludeRules":[\{"name":"NoUserAgent_HEADER"\}]\}],"postProcessRuleGroups":[],"defaultAction":\{"type":"ALLOW"\},"overrideCustomerWebACLAssociation":false,"loggingConfiguration":\{"logDestinationConfigs":["arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination"],"redactedFields":[\{"redactedFieldType":"SingleHeader","redactedFieldValue":"Cookies"\},\{"redactedFieldType":"Method"\}]\}\}"` + # + # To use a specific version of a WAF managed rule group in your + # Firewall Manager policy, you must set `versionEnabled` to `true`, + # and set `version` to the version you'd like to use. If you don't + # set `versionEnabled` to `true`, or if you omit `versionEnabled`, + # then Firewall Manager uses the default version of the WAF managed + # rule group. + # # * Example: `SECURITY_GROUPS_COMMON` # # `"\{"type":"SECURITY_GROUPS_COMMON","revertManualSecurityGroupChanges":false,"exclusiveResourceSecurityGroupManagement":false, @@ -3793,6 +4090,153 @@ class TagResourceRequest < Struct.new( # class TagResourceResponse < Aws::EmptyStructure; end + # Configures the firewall policy deployment model for a third-party + # firewall. The deployment model can either be distributed or + # centralized. + # + # @!attribute [rw] firewall_policy_id + # The ID of the specified firewall policy. + # @return [String] + # + # @!attribute [rw] firewall_policy_name + # The name of the specified firewall policy. + # @return [String] + # + # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ThirdPartyFirewallFirewallPolicy AWS API Documentation + # + class ThirdPartyFirewallFirewallPolicy < Struct.new( + :firewall_policy_id, + :firewall_policy_name) + SENSITIVE = [] + include Aws::Structure + end + + # The violation details for a third-party firewall that's not + # associated with an Firewall Manager managed route table. + # + # @!attribute [rw] violation_target + # The ID of the third-party firewall or VPC resource that's causing + # the violation. + # @return [String] + # + # @!attribute [rw] vpc + # The resource ID of the VPC associated with a fireawll subnet that's + # causing the violation. + # @return [String] + # + # @!attribute [rw] availability_zone + # The Availability Zone of the firewall subnet that's causing the + # violation. + # @return [String] + # + # @!attribute [rw] current_route_table + # The resource ID of the current route table that's associated with + # the subnet, if one is available. + # @return [String] + # + # @!attribute [rw] expected_route_table + # The resource ID of the route table that should be associated with + # the subnet. + # @return [String] + # + # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ThirdPartyFirewallMissingExpectedRouteTableViolation AWS API Documentation + # + class ThirdPartyFirewallMissingExpectedRouteTableViolation < Struct.new( + :violation_target, + :vpc, + :availability_zone, + :current_route_table, + :expected_route_table) + SENSITIVE = [] + include Aws::Structure + end + + # The violation details about a third-party firewall's subnet that + # doesn't have a Firewall Manager managed firewall in its VPC. + # + # @!attribute [rw] violation_target + # The ID of the third-party firewall that's causing the violation. + # @return [String] + # + # @!attribute [rw] vpc + # The resource ID of the VPC associated with a third-party firewall. + # @return [String] + # + # @!attribute [rw] availability_zone + # The Availability Zone of the third-party firewall that's causing + # the violation. + # @return [String] + # + # @!attribute [rw] target_violation_reason + # The reason the resource is causing this violation, if a reason is + # available. + # @return [String] + # + # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ThirdPartyFirewallMissingFirewallViolation AWS API Documentation + # + class ThirdPartyFirewallMissingFirewallViolation < Struct.new( + :violation_target, + :vpc, + :availability_zone, + :target_violation_reason) + SENSITIVE = [] + include Aws::Structure + end + + # The violation details for a third-party firewall for an Availability + # Zone that's missing the Firewall Manager managed subnet. + # + # @!attribute [rw] violation_target + # The ID of the third-party firewall or VPC resource that's causing + # the violation. + # @return [String] + # + # @!attribute [rw] vpc + # The resource ID of the VPC associated with a subnet that's causing + # the violation. + # @return [String] + # + # @!attribute [rw] availability_zone + # The Availability Zone of a subnet that's causing the violation. + # @return [String] + # + # @!attribute [rw] target_violation_reason + # The reason the resource is causing the violation, if a reason is + # available. + # @return [String] + # + # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ThirdPartyFirewallMissingSubnetViolation AWS API Documentation + # + class ThirdPartyFirewallMissingSubnetViolation < Struct.new( + :violation_target, + :vpc, + :availability_zone, + :target_violation_reason) + SENSITIVE = [] + include Aws::Structure + end + + # Configures the policy for the third-party firewall. + # + # @note When making an API call, you may pass ThirdPartyFirewallPolicy + # data as a hash: + # + # { + # firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED + # } + # + # @!attribute [rw] firewall_deployment_model + # Defines the deployment model to use for the third-party firewall. + # @return [String] + # + # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ThirdPartyFirewallPolicy AWS API Documentation + # + class ThirdPartyFirewallPolicy < Struct.new( + :firewall_deployment_model) + SENSITIVE = [] + include Aws::Structure + end + # @note When making an API call, you may pass UntagResourceRequest # data as a hash: # @@ -3851,9 +4295,6 @@ class UntagResourceResponse < Aws::EmptyStructure; end # # @!attribute [rw] resource_tags # The `ResourceTag` objects associated with the resource. - # - # This option isn't available for the centralized deployment model - # when creating policies to configure Network Firewall. # @return [Array] # # @!attribute [rw] resource_description diff --git a/gems/aws-sdk-fsx/CHANGELOG.md b/gems/aws-sdk-fsx/CHANGELOG.md index 17262b6c3c4..54c460f63be 100644 --- a/gems/aws-sdk-fsx/CHANGELOG.md +++ b/gems/aws-sdk-fsx/CHANGELOG.md @@ -1,6 +1,11 @@ Unreleased Changes ------------------ +1.53.0 (2022-03-30) +------------------ + +* Feature - This release adds support for modifying throughput capacity for FSx for ONTAP file systems. + 1.52.0 (2022-03-03) ------------------ diff --git a/gems/aws-sdk-fsx/VERSION b/gems/aws-sdk-fsx/VERSION index a63cb35e6f0..3f4830156cb 100644 --- a/gems/aws-sdk-fsx/VERSION +++ b/gems/aws-sdk-fsx/VERSION @@ -1 +1 @@ -1.52.0 +1.53.0 diff --git a/gems/aws-sdk-fsx/lib/aws-sdk-fsx.rb b/gems/aws-sdk-fsx/lib/aws-sdk-fsx.rb index 3c4a69d3759..aff94dad89b 100644 --- a/gems/aws-sdk-fsx/lib/aws-sdk-fsx.rb +++ b/gems/aws-sdk-fsx/lib/aws-sdk-fsx.rb @@ -48,6 +48,6 @@ # @!group service module Aws::FSx - GEM_VERSION = '1.52.0' + GEM_VERSION = '1.53.0' end diff --git a/gems/aws-sdk-fsx/lib/aws-sdk-fsx/client.rb b/gems/aws-sdk-fsx/lib/aws-sdk-fsx/client.rb index d6a01553b85..fe657e88d75 100644 --- a/gems/aws-sdk-fsx/lib/aws-sdk-fsx/client.rb +++ b/gems/aws-sdk-fsx/lib/aws-sdk-fsx/client.rb @@ -539,14 +539,24 @@ def cancel_data_repository_task(params = {}, options = {}) # the Region where the request is sent from (in-Region copy). # # @option params [String] :kms_key_id - # The ID of the Key Management Service (KMS) key used to encrypt the - # file system's data for Amazon FSx for Windows File Server file - # systems, Amazon FSx for NetApp ONTAP file systems, and Amazon FSx for - # Lustre `PERSISTENT_1` and `PERSISTENT_2` file systems at rest. If this - # ID isn't specified, the key managed by Amazon FSx is used. The Amazon - # FSx for Lustre `SCRATCH_1` and `SCRATCH_2` file systems are always - # encrypted at rest using Amazon FSx-managed keys. For more information, - # see [Encrypt][1] in the *Key Management Service API Reference*. + # Specifies the ID of the Key Management Service (KMS) key to use for + # encrypting data on Amazon FSx file systems, as follows: + # + # * Amazon FSx for Lustre `PERSISTENT_1` and `PERSISTENT_2` deployment + # types only. + # + # `SCRATCH_1` and `SCRATCH_2` types are encrypted using the Amazon FSx + # service KMS key for your account. + # + # * Amazon FSx for NetApp ONTAP + # + # * Amazon FSx for OpenZFS + # + # * Amazon FSx for Windows File Server + # + # If a `KmsKeyId` isn't specified, the Amazon FSx-managed KMS key for + # your account is used. For more information, see [Encrypt][1] in the + # *Key Management Service API Reference*. # # # @@ -1714,7 +1724,7 @@ def create_data_repository_task(params = {}, options = {}) # * Creates a new, empty Amazon FSx file system with an assigned ID, and # an initial lifecycle state of `CREATING`. # - # * Returns the description of the file system. + # * Returns the description of the file system in JSON format. # # This operation requires a client request token in the request that # Amazon FSx uses to ensure idempotent creation. This means that calling @@ -1838,14 +1848,24 @@ def create_data_repository_task(params = {}, options = {}) # name. # # @option params [String] :kms_key_id - # The ID of the Key Management Service (KMS) key used to encrypt the - # file system's data for Amazon FSx for Windows File Server file - # systems, Amazon FSx for NetApp ONTAP file systems, and Amazon FSx for - # Lustre `PERSISTENT_1` and `PERSISTENT_2` file systems at rest. If this - # ID isn't specified, the key managed by Amazon FSx is used. The Amazon - # FSx for Lustre `SCRATCH_1` and `SCRATCH_2` file systems are always - # encrypted at rest using Amazon FSx-managed keys. For more information, - # see [Encrypt][1] in the *Key Management Service API Reference*. + # Specifies the ID of the Key Management Service (KMS) key to use for + # encrypting data on Amazon FSx file systems, as follows: + # + # * Amazon FSx for Lustre `PERSISTENT_1` and `PERSISTENT_2` deployment + # types only. + # + # `SCRATCH_1` and `SCRATCH_2` types are encrypted using the Amazon FSx + # service KMS key for your account. + # + # * Amazon FSx for NetApp ONTAP + # + # * Amazon FSx for OpenZFS + # + # * Amazon FSx for Windows File Server + # + # If a `KmsKeyId` isn't specified, the Amazon FSx-managed KMS key for + # your account is used. For more information, see [Encrypt][1] in the + # *Key Management Service API Reference*. # # # @@ -2371,14 +2391,24 @@ def create_file_system(params = {}, options = {}) # # # @option params [String] :kms_key_id - # The ID of the Key Management Service (KMS) key used to encrypt the - # file system's data for Amazon FSx for Windows File Server file - # systems, Amazon FSx for NetApp ONTAP file systems, and Amazon FSx for - # Lustre `PERSISTENT_1` and `PERSISTENT_2` file systems at rest. If this - # ID isn't specified, the key managed by Amazon FSx is used. The Amazon - # FSx for Lustre `SCRATCH_1` and `SCRATCH_2` file systems are always - # encrypted at rest using Amazon FSx-managed keys. For more information, - # see [Encrypt][1] in the *Key Management Service API Reference*. + # Specifies the ID of the Key Management Service (KMS) key to use for + # encrypting data on Amazon FSx file systems, as follows: + # + # * Amazon FSx for Lustre `PERSISTENT_1` and `PERSISTENT_2` deployment + # types only. + # + # `SCRATCH_1` and `SCRATCH_2` types are encrypted using the Amazon FSx + # service KMS key for your account. + # + # * Amazon FSx for NetApp ONTAP + # + # * Amazon FSx for OpenZFS + # + # * Amazon FSx for Windows File Server + # + # If a `KmsKeyId` isn't specified, the Amazon FSx-managed KMS key for + # your account is used. For more information, see [Encrypt][1] in the + # *Key Management Service API Reference*. # # # @@ -6008,6 +6038,8 @@ def update_data_repository_association(params = {}, options = {}) # # * `StorageCapacity` # + # * `ThroughputCapacity` + # # * `WeeklyMaintenanceStartTime` # # For the Amazon FSx for OpenZFS file systems, you can update the @@ -6189,6 +6221,7 @@ def update_data_repository_association(params = {}, options = {}) # mode: "AUTOMATIC", # accepts AUTOMATIC, USER_PROVISIONED # iops: 1, # }, + # throughput_capacity: 1, # }, # open_zfs_configuration: { # automatic_backup_retention_days: 1, @@ -6886,7 +6919,7 @@ def build_request(operation_name, params = {}) params: params, config: config) context[:gem_name] = 'aws-sdk-fsx' - context[:gem_version] = '1.52.0' + context[:gem_version] = '1.53.0' Seahorse::Client::Request.new(handlers, context) end diff --git a/gems/aws-sdk-fsx/lib/aws-sdk-fsx/client_api.rb b/gems/aws-sdk-fsx/lib/aws-sdk-fsx/client_api.rb index 0860437fe0b..ae2ecaa73f3 100644 --- a/gems/aws-sdk-fsx/lib/aws-sdk-fsx/client_api.rb +++ b/gems/aws-sdk-fsx/lib/aws-sdk-fsx/client_api.rb @@ -1347,6 +1347,7 @@ module ClientApi UpdateFileSystemOntapConfiguration.add_member(:fsx_admin_password, Shapes::ShapeRef.new(shape: AdminPassword, location_name: "FsxAdminPassword")) UpdateFileSystemOntapConfiguration.add_member(:weekly_maintenance_start_time, Shapes::ShapeRef.new(shape: WeeklyTime, location_name: "WeeklyMaintenanceStartTime")) UpdateFileSystemOntapConfiguration.add_member(:disk_iops_configuration, Shapes::ShapeRef.new(shape: DiskIopsConfiguration, location_name: "DiskIopsConfiguration")) + UpdateFileSystemOntapConfiguration.add_member(:throughput_capacity, Shapes::ShapeRef.new(shape: MegabytesPerSecond, location_name: "ThroughputCapacity")) UpdateFileSystemOntapConfiguration.struct_class = Types::UpdateFileSystemOntapConfiguration UpdateFileSystemOpenZFSConfiguration.add_member(:automatic_backup_retention_days, Shapes::ShapeRef.new(shape: AutomaticBackupRetentionDays, location_name: "AutomaticBackupRetentionDays")) diff --git a/gems/aws-sdk-fsx/lib/aws-sdk-fsx/types.rb b/gems/aws-sdk-fsx/lib/aws-sdk-fsx/types.rb index 55197e63a88..7ea30b9ac7c 100644 --- a/gems/aws-sdk-fsx/lib/aws-sdk-fsx/types.rb +++ b/gems/aws-sdk-fsx/lib/aws-sdk-fsx/types.rb @@ -796,15 +796,24 @@ class CompletionReport < Struct.new( # @return [String] # # @!attribute [rw] kms_key_id - # The ID of the Key Management Service (KMS) key used to encrypt the - # file system's data for Amazon FSx for Windows File Server file - # systems, Amazon FSx for NetApp ONTAP file systems, and Amazon FSx - # for Lustre `PERSISTENT_1` and `PERSISTENT_2` file systems at rest. - # If this ID isn't specified, the key managed by Amazon FSx is used. - # The Amazon FSx for Lustre `SCRATCH_1` and `SCRATCH_2` file systems - # are always encrypted at rest using Amazon FSx-managed keys. For more - # information, see [Encrypt][1] in the *Key Management Service API - # Reference*. + # Specifies the ID of the Key Management Service (KMS) key to use for + # encrypting data on Amazon FSx file systems, as follows: + # + # * Amazon FSx for Lustre `PERSISTENT_1` and `PERSISTENT_2` deployment + # types only. + # + # `SCRATCH_1` and `SCRATCH_2` types are encrypted using the Amazon + # FSx service KMS key for your account. + # + # * Amazon FSx for NetApp ONTAP + # + # * Amazon FSx for OpenZFS + # + # * Amazon FSx for Windows File Server + # + # If a `KmsKeyId` isn't specified, the Amazon FSx-managed KMS key for + # your account is used. For more information, see [Encrypt][1] in the + # *Key Management Service API Reference*. # # # @@ -1330,15 +1339,24 @@ class CreateDataRepositoryTaskResponse < Struct.new( # @return [String] # # @!attribute [rw] kms_key_id - # The ID of the Key Management Service (KMS) key used to encrypt the - # file system's data for Amazon FSx for Windows File Server file - # systems, Amazon FSx for NetApp ONTAP file systems, and Amazon FSx - # for Lustre `PERSISTENT_1` and `PERSISTENT_2` file systems at rest. - # If this ID isn't specified, the key managed by Amazon FSx is used. - # The Amazon FSx for Lustre `SCRATCH_1` and `SCRATCH_2` file systems - # are always encrypted at rest using Amazon FSx-managed keys. For more - # information, see [Encrypt][1] in the *Key Management Service API - # Reference*. + # Specifies the ID of the Key Management Service (KMS) key to use for + # encrypting data on Amazon FSx file systems, as follows: + # + # * Amazon FSx for Lustre `PERSISTENT_1` and `PERSISTENT_2` deployment + # types only. + # + # `SCRATCH_1` and `SCRATCH_2` types are encrypted using the Amazon + # FSx service KMS key for your account. + # + # * Amazon FSx for NetApp ONTAP + # + # * Amazon FSx for OpenZFS + # + # * Amazon FSx for Windows File Server + # + # If a `KmsKeyId` isn't specified, the Amazon FSx-managed KMS key for + # your account is used. For more information, see [Encrypt][1] in the + # *Key Management Service API Reference*. # # # @@ -2166,15 +2184,24 @@ class CreateFileSystemOpenZFSConfiguration < Struct.new( # @return [Array] # # @!attribute [rw] kms_key_id - # The ID of the Key Management Service (KMS) key used to encrypt the - # file system's data for Amazon FSx for Windows File Server file - # systems, Amazon FSx for NetApp ONTAP file systems, and Amazon FSx - # for Lustre `PERSISTENT_1` and `PERSISTENT_2` file systems at rest. - # If this ID isn't specified, the key managed by Amazon FSx is used. - # The Amazon FSx for Lustre `SCRATCH_1` and `SCRATCH_2` file systems - # are always encrypted at rest using Amazon FSx-managed keys. For more - # information, see [Encrypt][1] in the *Key Management Service API - # Reference*. + # Specifies the ID of the Key Management Service (KMS) key to use for + # encrypting data on Amazon FSx file systems, as follows: + # + # * Amazon FSx for Lustre `PERSISTENT_1` and `PERSISTENT_2` deployment + # types only. + # + # `SCRATCH_1` and `SCRATCH_2` types are encrypted using the Amazon + # FSx service KMS key for your account. + # + # * Amazon FSx for NetApp ONTAP + # + # * Amazon FSx for OpenZFS + # + # * Amazon FSx for Windows File Server + # + # If a `KmsKeyId` isn't specified, the Amazon FSx-managed KMS key for + # your account is used. For more information, see [Encrypt][1] in the + # *Key Management Service API Reference*. # # # @@ -5137,23 +5164,25 @@ class DiskIopsConfiguration < Struct.new( # @return [String] # # @!attribute [rw] kms_key_id - # The ID of the Key Management Service (KMS) key used to encrypt the - # file system's data for Amazon FSx for Windows File Server file - # systems, Amazon FSx for NetApp ONTAP file systems, and `PERSISTENT` - # Amazon FSx for Lustre file systems at rest. If this ID isn't - # specified, the Amazon FSx-managed key for your account is used. The - # scratch Amazon FSx for Lustre file systems are always encrypted at - # rest using the Amazon FSx-managed key for your account. For more - # information, see [Encrypt][1] in the *Key Management Service API - # Reference*. + # The ID of the Key Management Service (KMS) key used to encrypt + # Amazon FSx file system data. Used as follows with Amazon FSx file + # system types: # + # * Amazon FSx for Lustre `PERSISTENT_1` and `PERSISTENT_2` deployment + # types only. # + # `SCRATCH_1` and `SCRATCH_2` types are encrypted using the Amazon + # FSx service KMS key for your account. # - # [1]: https://docs.aws.amazon.com/kms/latest/APIReference/API_Encrypt.html + # * Amazon FSx for NetApp ONTAP + # + # * Amazon FSx for OpenZFS + # + # * Amazon FSx for Windows File Server # @return [String] # # @!attribute [rw] resource_arn - # The Amazon Resource Name (ARN) for the file system resource. + # The Amazon Resource Name (ARN) of the file system resource. # @return [String] # # @!attribute [rw] tags @@ -5167,7 +5196,8 @@ class DiskIopsConfiguration < Struct.new( # @return [Array] # # @!attribute [rw] windows_configuration - # The configuration for this FSx for Windows File Server file system. + # The configuration for this Amazon FSx for Windows File Server file + # system. # @return [Types::WindowsFileSystemConfiguration] # # @!attribute [rw] lustre_configuration @@ -5182,7 +5212,7 @@ class DiskIopsConfiguration < Struct.new( # @return [Array] # # @!attribute [rw] ontap_configuration - # The configuration for this FSx for ONTAP file system. + # The configuration for this Amazon FSx for NetApp ONTAP file system. # @return [Types::OntapFileSystemConfiguration] # # @!attribute [rw] file_system_type_version @@ -5942,7 +5972,8 @@ class NotServiceResourceError < Struct.new( # @return [Array] # # @!attribute [rw] throughput_capacity - # The sustained throughput of an Amazon FSx file system in MBps. + # The sustained throughput of an Amazon FSx file system in Megabytes + # per second (MBps). # @return [Integer] # # @!attribute [rw] weekly_maintenance_start_time @@ -6073,8 +6104,8 @@ class OntapVolumeConfiguration < Struct.new( include Aws::Structure end - # Specifies who can mount the file system and the options that can be - # used while mounting the file system. + # Specifies who can mount an OpenZFS file system and the options + # available while mounting the file system. # # @note When making an API call, you may pass OpenZFSClientConfiguration # data as a hash: @@ -7030,7 +7061,7 @@ class SourceBackupUnavailable < Struct.new( end # Describes the Amazon FSx for NetApp ONTAP storage virtual machine - # (SVM) configuraton. + # (SVM) configuration. # # @!attribute [rw] active_directory_configuration # Describes the Microsoft Active Directory configuration to which the @@ -7644,6 +7675,7 @@ class UpdateFileSystemLustreConfiguration < Struct.new( # mode: "AUTOMATIC", # accepts AUTOMATIC, USER_PROVISIONED # iops: 1, # }, + # throughput_capacity: 1, # } # # @!attribute [rw] automatic_backup_retention_days @@ -7688,6 +7720,12 @@ class UpdateFileSystemLustreConfiguration < Struct.new( # `USER_PROVISIONED` IOPS, the total number of SSD IOPS provisioned. # @return [Types::DiskIopsConfiguration] # + # @!attribute [rw] throughput_capacity + # Specifies the throughput of an FSx for NetApp ONTAP file system, + # measured in megabytes per second (MBps). Valid values are 64, 128, + # 256, 512, 1024, 2048, 3072, or 4096 MB/s. + # @return [Integer] + # # @see http://docs.aws.amazon.com/goto/WebAPI/fsx-2018-03-01/UpdateFileSystemOntapConfiguration AWS API Documentation # class UpdateFileSystemOntapConfiguration < Struct.new( @@ -7695,7 +7733,8 @@ class UpdateFileSystemOntapConfiguration < Struct.new( :daily_automatic_backup_start_time, :fsx_admin_password, :weekly_maintenance_start_time, - :disk_iops_configuration) + :disk_iops_configuration, + :throughput_capacity) SENSITIVE = [:fsx_admin_password] include Aws::Structure end @@ -7842,6 +7881,7 @@ class UpdateFileSystemOpenZFSConfiguration < Struct.new( # mode: "AUTOMATIC", # accepts AUTOMATIC, USER_PROVISIONED # iops: 1, # }, + # throughput_capacity: 1, # }, # open_zfs_configuration: { # automatic_backup_retention_days: 1, @@ -8315,7 +8355,7 @@ class UpdateStorageVirtualMachineRequest < Struct.new( # @!attribute [rw] storage_virtual_machine # Describes the Amazon FSx for NetApp ONTAP storage virtual machine - # (SVM) configuraton. + # (SVM) configuration. # @return [Types::StorageVirtualMachine] # # @see http://docs.aws.amazon.com/goto/WebAPI/fsx-2018-03-01/UpdateStorageVirtualMachineResponse AWS API Documentation diff --git a/gems/aws-sdk-iot/CHANGELOG.md b/gems/aws-sdk-iot/CHANGELOG.md index 8f9f3b5acfa..1864931547f 100644 --- a/gems/aws-sdk-iot/CHANGELOG.md +++ b/gems/aws-sdk-iot/CHANGELOG.md @@ -1,6 +1,11 @@ Unreleased Changes ------------------ +1.87.0 (2022-03-30) +------------------ + +* Feature - Doc only update for IoT that fixes customer-reported issues. + 1.86.0 (2022-02-24) ------------------ diff --git a/gems/aws-sdk-iot/VERSION b/gems/aws-sdk-iot/VERSION index b7844a6ffdc..f6342716723 100644 --- a/gems/aws-sdk-iot/VERSION +++ b/gems/aws-sdk-iot/VERSION @@ -1 +1 @@ -1.86.0 +1.87.0 diff --git a/gems/aws-sdk-iot/lib/aws-sdk-iot.rb b/gems/aws-sdk-iot/lib/aws-sdk-iot.rb index 6ac81a7e9ff..1e19f40ad59 100644 --- a/gems/aws-sdk-iot/lib/aws-sdk-iot.rb +++ b/gems/aws-sdk-iot/lib/aws-sdk-iot.rb @@ -48,6 +48,6 @@ # @!group service module Aws::IoT - GEM_VERSION = '1.86.0' + GEM_VERSION = '1.87.0' end diff --git a/gems/aws-sdk-iot/lib/aws-sdk-iot/client.rb b/gems/aws-sdk-iot/lib/aws-sdk-iot/client.rb index 21423d99403..06cb14aaf27 100644 --- a/gems/aws-sdk-iot/lib/aws-sdk-iot/client.rb +++ b/gems/aws-sdk-iot/lib/aws-sdk-iot/client.rb @@ -1275,17 +1275,21 @@ def create_certificate_from_csr(params = {}, options = {}) # # @option params [required, String] :metric_name # The name of the custom metric. This will be used in the metric report - # submitted from the device/thing. Shouldn't begin with `aws:`. Cannot - # be updated once defined. + # submitted from the device/thing. The name can't begin with `aws:`. + # You can't change the name after you define it. # # @option params [String] :display_name - # Field represents a friendly name in the console for the custom metric; - # it doesn't have to be unique. Don't use this name as the metric - # identifier in the device metric report. Can be updated once defined. + # The friendly name in the console for the custom metric. This name + # doesn't have to be unique. Don't use this name as the metric + # identifier in the device metric report. You can update the friendly + # name after you define it. # # @option params [required, String] :metric_type - # The type of the custom metric. Types include `string-list`, - # `ip-address-list`, `number-list`, and `number`. + # The type of the custom metric. + # + # The type `number` only takes a single metric value as an input, but + # when you submit the metrics value in the DeviceMetrics report, you + # must pass it as an array with a single value. # # @option params [Array] :tags # Metadata that can be used to manage the custom metric. @@ -2575,6 +2579,9 @@ def create_provisioning_template_version(params = {}, options = {}) # How long (in seconds) the credentials will be valid. The default value # is 3,600 seconds. # + # This value must be less than or equal to the maximum session duration + # of the IAM role that the role alias references. + # # @option params [Array] :tags # Metadata which can be used to manage the role alias. # @@ -10559,6 +10566,8 @@ def put_verification_state_on_violation(params = {}, options = {}) # @option params [Boolean] :set_as_active # A boolean value that specifies if the CA certificate is set to active. # + # Valid values: `ACTIVE | INACTIVE` + # # @option params [Boolean] :allow_auto_registration # Allows this CA certificate to be used for auto registration of device # certificates. @@ -10637,8 +10646,11 @@ def register_ca_certificate(params = {}, options = {}) # @option params [Boolean] :set_as_active # A boolean value that specifies if the certificate is set to active. # + # Valid values: `ACTIVE | INACTIVE` + # # @option params [String] :status - # The status of the register certificate request. + # The status of the register certificate request. Valid values that you + # can use include `ACTIVE`, `INACTIVE`, and `REVOKED`. # # @return [Types::RegisterCertificateResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # @@ -12971,6 +12983,9 @@ def update_provisioning_template(params = {}, options = {}) # @option params [Integer] :credential_duration_seconds # The number of seconds the credential will be valid. # + # This value must be less than or equal to the maximum session duration + # of the IAM role that the role alias references. + # # @return [Types::UpdateRoleAliasResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::UpdateRoleAliasResponse#role_alias #role_alias} => String @@ -13585,7 +13600,7 @@ def build_request(operation_name, params = {}) params: params, config: config) context[:gem_name] = 'aws-sdk-iot' - context[:gem_version] = '1.86.0' + context[:gem_version] = '1.87.0' Seahorse::Client::Request.new(handlers, context) end diff --git a/gems/aws-sdk-iot/lib/aws-sdk-iot/types.rb b/gems/aws-sdk-iot/lib/aws-sdk-iot/types.rb index de2a20f4df1..d7ae41fcb28 100644 --- a/gems/aws-sdk-iot/lib/aws-sdk-iot/types.rb +++ b/gems/aws-sdk-iot/lib/aws-sdk-iot/types.rb @@ -3041,20 +3041,23 @@ class CreateCertificateFromCsrResponse < Struct.new( # # @!attribute [rw] metric_name # The name of the custom metric. This will be used in the metric - # report submitted from the device/thing. Shouldn't begin with - # `aws:`. Cannot be updated once defined. + # report submitted from the device/thing. The name can't begin with + # `aws:`. You can't change the name after you define it. # @return [String] # # @!attribute [rw] display_name - # Field represents a friendly name in the console for the custom - # metric; it doesn't have to be unique. Don't use this name as the - # metric identifier in the device metric report. Can be updated once - # defined. + # The friendly name in the console for the custom metric. This name + # doesn't have to be unique. Don't use this name as the metric + # identifier in the device metric report. You can update the friendly + # name after you define it. # @return [String] # # @!attribute [rw] metric_type - # The type of the custom metric. Types include `string-list`, - # `ip-address-list`, `number-list`, and `number`. + # The type of the custom metric. + # + # The type `number` only takes a single metric value as an input, but + # when you submit the metrics value in the DeviceMetrics report, you + # must pass it as an array with a single value. # @return [String] # # @!attribute [rw] tags @@ -3087,7 +3090,7 @@ class CreateCustomMetricRequest < Struct.new( # @return [String] # # @!attribute [rw] metric_arn - # The Amazon Resource Number (ARN) of the custom metric, e.g. + # The Amazon Resource Number (ARN) of the custom metric. For example, # `arn:aws-partition:iot:region:accountId:custommetric/metricName ` # @return [String] # @@ -4521,6 +4524,9 @@ class CreateProvisioningTemplateVersionResponse < Struct.new( # @!attribute [rw] credential_duration_seconds # How long (in seconds) the credentials will be valid. The default # value is 3,600 seconds. + # + # This value must be less than or equal to the maximum session + # duration of the IAM role that the role alias references. # @return [Integer] # # @!attribute [rw] tags @@ -5511,11 +5517,21 @@ class CreateTopicRuleRequest < Struct.new( # @return [Types::CodeSigningCertificateChain] # # @!attribute [rw] hash_algorithm - # The hash algorithm used to code sign the file. + # The hash algorithm used to code sign the file. You can use a string + # as the algorithm name if the target over-the-air (OTA) update + # devices are able to verify the signature that was generated using + # the same signature algorithm. For example, FreeRTOS uses `SHA256` or + # `SHA1`, so you can pass either of them based on which was used for + # generating the signature. # @return [String] # # @!attribute [rw] signature_algorithm - # The signature algorithm used to code sign the file. + # The signature algorithm used to code sign the file. You can use a + # string as the algorithm name if the target over-the-air (OTA) update + # devices are able to verify the signature that was generated using + # the same signature algorithm. For example, FreeRTOS uses `ECDSA` or + # `RSA`, so you can pass either of them based on which was used for + # generating the signature. # @return [String] # class CustomCodeSigning < Struct.new( @@ -6792,8 +6808,11 @@ class DescribeCustomMetricRequest < Struct.new( # @return [String] # # @!attribute [rw] metric_type - # The type of the custom metric. Types include `string-list`, - # `ip-address-list`, `number-list`, and `number`. + # The type of the custom metric. + # + # The type `number` only takes a single metric value as an input, but + # while submitting the metrics value in the DeviceMetrics report, it + # must be passed as an array with a single value. # @return [String] # # @!attribute [rw] display_name @@ -14764,6 +14783,8 @@ class RateIncreaseCriteria < Struct.new( # @!attribute [rw] set_as_active # A boolean value that specifies if the CA certificate is set to # active. + # + # Valid values: `ACTIVE | INACTIVE` # @return [Boolean] # # @!attribute [rw] allow_auto_registration @@ -14841,10 +14862,13 @@ class RegisterCACertificateResponse < Struct.new( # # @!attribute [rw] set_as_active # A boolean value that specifies if the certificate is set to active. + # + # Valid values: `ACTIVE | INACTIVE` # @return [Boolean] # # @!attribute [rw] status - # The status of the register certificate request. + # The status of the register certificate request. Valid values that + # you can use include `ACTIVE`, `INACTIVE`, and `REVOKED`. # @return [String] # class RegisterCertificateRequest < Struct.new( @@ -18984,8 +19008,11 @@ class UpdateCustomMetricRequest < Struct.new( # @return [String] # # @!attribute [rw] metric_type - # The type of the custom metric. Types include `string-list`, - # `ip-address-list`, `number-list`, and `number`. + # The type of the custom metric. + # + # The type `number` only takes a single metric value as an input, but + # while submitting the metrics value in the DeviceMetrics report, it + # must be passed as an array with a single value. # @return [String] # # @!attribute [rw] display_name @@ -19634,6 +19661,9 @@ class UpdateProvisioningTemplateResponse < Aws::EmptyStructure; end # # @!attribute [rw] credential_duration_seconds # The number of seconds the credential will be valid. + # + # This value must be less than or equal to the maximum session + # duration of the IAM role that the role alias references. # @return [Integer] # class UpdateRoleAliasRequest < Struct.new( diff --git a/gems/aws-sdk-iotdataplane/CHANGELOG.md b/gems/aws-sdk-iotdataplane/CHANGELOG.md index ce43488f8b4..a224a14bbb9 100644 --- a/gems/aws-sdk-iotdataplane/CHANGELOG.md +++ b/gems/aws-sdk-iotdataplane/CHANGELOG.md @@ -1,6 +1,11 @@ Unreleased Changes ------------------ +1.39.0 (2022-03-30) +------------------ + +* Feature - Update the default AWS IoT Core Data Plane endpoint from VeriSign signed to ATS signed. If you have firewalls with strict egress rules, configure the rules to grant you access to data-ats.iot.[region].amazonaws.com or data-ats.iot.[region].amazonaws.com.cn. + 1.38.0 (2022-02-24) ------------------ diff --git a/gems/aws-sdk-iotdataplane/VERSION b/gems/aws-sdk-iotdataplane/VERSION index ebeef2f2d61..5edffce6d57 100644 --- a/gems/aws-sdk-iotdataplane/VERSION +++ b/gems/aws-sdk-iotdataplane/VERSION @@ -1 +1 @@ -1.38.0 +1.39.0 diff --git a/gems/aws-sdk-iotdataplane/lib/aws-sdk-iotdataplane.rb b/gems/aws-sdk-iotdataplane/lib/aws-sdk-iotdataplane.rb index 74c1a70662b..c0058e1a078 100644 --- a/gems/aws-sdk-iotdataplane/lib/aws-sdk-iotdataplane.rb +++ b/gems/aws-sdk-iotdataplane/lib/aws-sdk-iotdataplane.rb @@ -48,6 +48,6 @@ # @!group service module Aws::IoTDataPlane - GEM_VERSION = '1.38.0' + GEM_VERSION = '1.39.0' end diff --git a/gems/aws-sdk-iotdataplane/lib/aws-sdk-iotdataplane/client.rb b/gems/aws-sdk-iotdataplane/lib/aws-sdk-iotdataplane/client.rb index 26fe99545f1..78fb47700b6 100644 --- a/gems/aws-sdk-iotdataplane/lib/aws-sdk-iotdataplane/client.rb +++ b/gems/aws-sdk-iotdataplane/lib/aws-sdk-iotdataplane/client.rb @@ -400,8 +400,8 @@ def delete_thing_shadow(params = {}, options = {}) # # Requires permission to access the [GetRetainedMessage][1] action. # - # For more information about messaging costs, see [IoT Core pricing - - # Messaging][2]. + # For more information about messaging costs, see [Amazon Web Services + # IoT Core pricing - Messaging][2]. # # # @@ -536,8 +536,8 @@ def list_named_shadows_for_thing(params = {}, options = {}) # # Requires permission to access the [ListRetainedMessages][2] action. # - # For more information about messaging costs, see [IoT Core pricing - - # Messaging][3]. + # For more information about messaging costs, see [Amazon Web Services + # IoT Core pricing - Messaging][3]. # # # @@ -590,8 +590,8 @@ def list_retained_messages(params = {}, options = {}) # For more information about MQTT messages, see [MQTT Protocol][2] in # the IoT Developer Guide. # - # For more information about messaging costs, see [IoT Core pricing - - # Messaging][3]. + # For more information about messaging costs, see [Amazon Web Services + # IoT Core pricing - Messaging][3]. # # # @@ -621,7 +621,8 @@ def list_retained_messages(params = {}, options = {}) # payloads. # # Publishing an empty (null) payload with **retain** = `true` deletes - # the retained message identified by **topic** from IoT Core. + # the retained message identified by **topic** from Amazon Web Services + # IoT Core. # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # @@ -698,7 +699,7 @@ def build_request(operation_name, params = {}) params: params, config: config) context[:gem_name] = 'aws-sdk-iotdataplane' - context[:gem_version] = '1.38.0' + context[:gem_version] = '1.39.0' Seahorse::Client::Request.new(handlers, context) end diff --git a/gems/aws-sdk-iotdataplane/lib/aws-sdk-iotdataplane/types.rb b/gems/aws-sdk-iotdataplane/lib/aws-sdk-iotdataplane/types.rb index b05ef862418..ecfd3846c6b 100644 --- a/gems/aws-sdk-iotdataplane/lib/aws-sdk-iotdataplane/types.rb +++ b/gems/aws-sdk-iotdataplane/lib/aws-sdk-iotdataplane/types.rb @@ -310,7 +310,8 @@ class MethodNotAllowedException < Struct.new( # message payloads. # # Publishing an empty (null) payload with **retain** = `true` deletes - # the retained message identified by **topic** from IoT Core. + # the retained message identified by **topic** from Amazon Web + # Services IoT Core. # @return [String] # class PublishRequest < Struct.new(