From a55ab85f88fe77f9d6ac52c8adf6f4e89caf8740 Mon Sep 17 00:00:00 2001 From: AWS SDK For Ruby Date: Tue, 17 Sep 2024 18:15:22 +0000 Subject: [PATCH] Updated API models and rebuilt service gems. --- apis/codebuild/2016-10-06/api-2.json | 3 +- apis/codebuild/2016-10-06/docs-2.json | 6 +- apis/ecr/2015-09-21/api-2.json | 10 +- apis/ecr/2015-09-21/docs-2.json | 20 +- apis/ecs/2014-11-13/docs-2.json | 90 +++--- apis/lambda/2015-03-31/api-2.json | 219 +++++++++++++ apis/lambda/2015-03-31/docs-2.json | 99 ++++++ apis/rds/2014-10-31/docs-2.json | 6 +- apis/ssm/2014-11-06/api-2.json | 28 +- apis/ssm/2014-11-06/docs-2.json | 112 ++++--- gems/aws-sdk-codebuild/CHANGELOG.md | 5 + gems/aws-sdk-codebuild/VERSION | 2 +- .../lib/aws-sdk-codebuild.rb | 2 +- .../lib/aws-sdk-codebuild/client.rb | 14 +- .../lib/aws-sdk-codebuild/types.rb | 14 +- gems/aws-sdk-codebuild/sig/client.rbs | 2 +- gems/aws-sdk-codebuild/sig/types.rbs | 2 +- gems/aws-sdk-core/CHANGELOG.md | 3 + gems/aws-sdk-core/VERSION | 2 +- gems/aws-sdk-core/lib/aws-sdk-sso.rb | 2 +- gems/aws-sdk-core/lib/aws-sdk-sso/client.rb | 2 +- gems/aws-sdk-core/lib/aws-sdk-ssooidc.rb | 2 +- .../lib/aws-sdk-ssooidc/client.rb | 2 +- gems/aws-sdk-core/lib/aws-sdk-sts.rb | 2 +- gems/aws-sdk-core/lib/aws-sdk-sts/client.rb | 2 +- gems/aws-sdk-ecr/CHANGELOG.md | 5 + gems/aws-sdk-ecr/VERSION | 2 +- gems/aws-sdk-ecr/lib/aws-sdk-ecr.rb | 2 +- gems/aws-sdk-ecr/lib/aws-sdk-ecr/client.rb | 5 +- .../aws-sdk-ecr/lib/aws-sdk-ecr/client_api.rb | 6 + gems/aws-sdk-ecr/lib/aws-sdk-ecr/types.rb | 35 ++- gems/aws-sdk-ecr/sig/types.rbs | 3 + gems/aws-sdk-ecs/CHANGELOG.md | 5 + gems/aws-sdk-ecs/VERSION | 2 +- gems/aws-sdk-ecs/lib/aws-sdk-ecs.rb | 2 +- gems/aws-sdk-ecs/lib/aws-sdk-ecs/client.rb | 5 +- gems/aws-sdk-ecs/lib/aws-sdk-ecs/types.rb | 162 +++++----- gems/aws-sdk-lambda/CHANGELOG.md | 5 + gems/aws-sdk-lambda/VERSION | 2 +- gems/aws-sdk-lambda/lib/aws-sdk-lambda.rb | 2 +- .../lib/aws-sdk-lambda/client.rb | 233 +++++++++++++- .../lib/aws-sdk-lambda/client_api.rb | 123 ++++++++ .../lib/aws-sdk-lambda/endpoints.rb | 55 ++++ .../lib/aws-sdk-lambda/errors.rb | 21 ++ .../lib/aws-sdk-lambda/plugins/endpoints.rb | 10 + .../lib/aws-sdk-lambda/types.rb | 222 ++++++++++++++ gems/aws-sdk-lambda/sig/client.rbs | 55 ++++ gems/aws-sdk-lambda/sig/errors.rbs | 4 + gems/aws-sdk-lambda/sig/types.rbs | 63 ++++ gems/aws-sdk-rds/CHANGELOG.md | 5 + gems/aws-sdk-rds/VERSION | 2 +- gems/aws-sdk-rds/lib/aws-sdk-rds.rb | 2 +- gems/aws-sdk-rds/lib/aws-sdk-rds/client.rb | 32 +- .../lib/aws-sdk-rds/db_instance.rb | 20 +- .../lib/aws-sdk-rds/db_snapshot.rb | 10 +- gems/aws-sdk-rds/lib/aws-sdk-rds/resource.rb | 10 +- gems/aws-sdk-rds/lib/aws-sdk-rds/types.rb | 27 +- gems/aws-sdk-ssm/CHANGELOG.md | 5 + gems/aws-sdk-ssm/VERSION | 2 +- gems/aws-sdk-ssm/lib/aws-sdk-ssm.rb | 2 +- gems/aws-sdk-ssm/lib/aws-sdk-ssm/client.rb | 248 ++++++++++++--- .../aws-sdk-ssm/lib/aws-sdk-ssm/client_api.rb | 13 + gems/aws-sdk-ssm/lib/aws-sdk-ssm/types.rb | 289 +++++++++++------- gems/aws-sdk-ssm/sig/client.rbs | 63 +++- gems/aws-sdk-ssm/sig/types.rbs | 8 + gems/aws-sigv4/CHANGELOG.md | 3 + gems/aws-sigv4/VERSION | 2 +- 67 files changed, 2014 insertions(+), 409 deletions(-) diff --git a/apis/codebuild/2016-10-06/api-2.json b/apis/codebuild/2016-10-06/api-2.json index ec37192de83..58aa35bdf8b 100644 --- a/apis/codebuild/2016-10-06/api-2.json +++ b/apis/codebuild/2016-10-06/api-2.json @@ -2911,7 +2911,8 @@ "type":"string", "enum":[ "GITHUB_ORGANIZATION", - "GITHUB_GLOBAL" + "GITHUB_GLOBAL", + "GITLAB_GROUP" ] }, "WrapperBoolean":{"type":"boolean"}, diff --git a/apis/codebuild/2016-10-06/docs-2.json b/apis/codebuild/2016-10-06/docs-2.json index 9c165409e9c..cefb506ca73 100644 --- a/apis/codebuild/2016-10-06/docs-2.json +++ b/apis/codebuild/2016-10-06/docs-2.json @@ -1840,8 +1840,8 @@ "S3LogsConfig$location": "

The ARN of an S3 bucket and the path prefix for S3 logs. If your Amazon S3 bucket name is my-bucket, and your path prefix is build-log, then acceptable formats are my-bucket/build-log or arn:aws:s3:::my-bucket/build-log.

", "S3ReportExportConfig$bucketOwner": "

The Amazon Web Services account identifier of the owner of the Amazon S3 bucket. This allows report data to be exported to an Amazon S3 bucket that is owned by an account other than the account running the build.

", "S3ReportExportConfig$path": "

The path to the exported report's raw data results.

", - "ScopeConfiguration$name": "

The name of either the enterprise or organization that will send webhook events to CodeBuild, depending on if the webhook is a global or organization webhook respectively.

", - "ScopeConfiguration$domain": "

The domain of the GitHub Enterprise organization. Note that this parameter is only required if your project's source type is GITHUB_ENTERPRISE

", + "ScopeConfiguration$name": "

The name of either the group, enterprise, or organization that will send webhook events to CodeBuild, depending on the type of webhook.

", + "ScopeConfiguration$domain": "

The domain of the GitHub Enterprise organization or the GitLab Self Managed group. Note that this parameter is only required if your project's source type is GITHUB_ENTERPRISE or GITLAB_SELF_MANAGED.

", "SourceAuth$resource": "

The resource value that applies to the specified authorization type.

", "SourceCredentialsInfo$resource": "

The connection ARN if your authType is CODECONNECTIONS or SECRETS_MANAGER.

", "StartBuildBatchInput$sourceVersion": "

The version of the batch build input to be built, for this build only. If not specified, the latest version is used. If specified, the contents depends on the source provider:

CodeCommit

The commit ID, branch, or Git tag to use.

GitHub

The commit ID, pull request ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a pull request ID is specified, it must use the format pr/pull-request-ID (for example pr/25). If a branch name is specified, the branch's HEAD commit ID is used. If not specified, the default branch's HEAD commit ID is used.

Bitbucket

The commit ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a branch name is specified, the branch's HEAD commit ID is used. If not specified, the default branch's HEAD commit ID is used.

Amazon S3

The version ID of the object that represents the build input ZIP file to use.

If sourceVersion is specified at the project level, then this sourceVersion (at the build level) takes precedence.

For more information, see Source Version Sample with CodeBuild in the CodeBuild User Guide.

", @@ -2065,7 +2065,7 @@ "WebhookScopeType": { "base": null, "refs": { - "ScopeConfiguration$scope": "

The type of scope for a GitHub webhook.

" + "ScopeConfiguration$scope": "

The type of scope for a GitHub or GitLab webhook.

" } }, "WrapperBoolean": { diff --git a/apis/ecr/2015-09-21/api-2.json b/apis/ecr/2015-09-21/api-2.json index e7b69a39af4..b29ac6102c7 100644 --- a/apis/ecr/2015-09-21/api-2.json +++ b/apis/ecr/2015-09-21/api-2.json @@ -1333,7 +1333,9 @@ "status":{"shape":"Status"}, "title":{"shape":"Title"}, "type":{"shape":"Type"}, - "updatedAt":{"shape":"Date"} + "updatedAt":{"shape":"Date"}, + "fixAvailable":{"shape":"FixAvailable"}, + "exploitAvailable":{"shape":"ExploitAvailable"} } }, "EnhancedImageScanFindingList":{ @@ -1344,6 +1346,7 @@ "EvaluationTimestamp":{"type":"timestamp"}, "ExceptionMessage":{"type":"string"}, "ExpirationTimestamp":{"type":"timestamp"}, + "ExploitAvailable":{"type":"string"}, "FilePath":{"type":"string"}, "FindingArn":{"type":"string"}, "FindingDescription":{"type":"string"}, @@ -1364,6 +1367,8 @@ "key":{"shape":"FindingSeverity"}, "value":{"shape":"SeverityCount"} }, + "FixAvailable":{"type":"string"}, + "FixedInVersion":{"type":"string"}, "ForceFlag":{"type":"boolean"}, "GetAccountSettingRequest":{ "type":"structure", @@ -2931,7 +2936,8 @@ "packageManager":{"shape":"PackageManager"}, "release":{"shape":"Release"}, "sourceLayerHash":{"shape":"SourceLayerHash"}, - "version":{"shape":"Version"} + "version":{"shape":"Version"}, + "fixedInVersion":{"shape":"FixedInVersion"} } }, "VulnerablePackageName":{"type":"string"}, diff --git a/apis/ecr/2015-09-21/docs-2.json b/apis/ecr/2015-09-21/docs-2.json index 84d61d87bc7..8a79362c667 100644 --- a/apis/ecr/2015-09-21/docs-2.json +++ b/apis/ecr/2015-09-21/docs-2.json @@ -471,7 +471,7 @@ "EncryptionType": { "base": null, "refs": { - "EncryptionConfiguration$encryptionType": "

The encryption type to use.

If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created.

If you use the KMS_DSSE encryption type, the contents of the repository will be encrypted with two layers of encryption using server-side encryption with the KMS Management Service key stored in KMS. Similar to the KMS encryption type, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you've already created.

If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide.

", + "EncryptionConfiguration$encryptionType": "

The encryption type to use.

If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created.

If you use the KMS_DSSE encryption type, the contents of the repository will be encrypted with two layers of encryption using server-side encryption with the KMS Management Service key stored in KMS. Similar to the KMS encryption type, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you've already created.

If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm.

For more information, see Amazon ECR encryption at rest in the Amazon Elastic Container Registry User Guide.

", "EncryptionConfigurationForRepositoryCreationTemplate$encryptionType": "

The encryption type to use.

If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS) in the Amazon Simple Storage Service Console Developer Guide.

If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide.

" } }, @@ -551,6 +551,12 @@ "AuthorizationData$expiresAt": "

The Unix time in seconds and milliseconds when the authorization token expires. Authorization tokens are valid for 12 hours.

" } }, + "ExploitAvailable": { + "base": null, + "refs": { + "EnhancedImageScanFinding$exploitAvailable": "

If a finding discovered in your environment has an exploit available.

" + } + }, "FilePath": { "base": null, "refs": { @@ -590,6 +596,18 @@ "ImageScanFindingsSummary$findingSeverityCounts": "

The image vulnerability counts, sorted by severity.

" } }, + "FixAvailable": { + "base": null, + "refs": { + "EnhancedImageScanFinding$fixAvailable": "

Details on whether a fix is available through a version update. This value can be YES, NO, or PARTIAL. A PARTIAL fix means that some, but not all, of the packages identified in the finding have fixes available through updated versions.

" + } + }, + "FixedInVersion": { + "base": null, + "refs": { + "VulnerablePackage$fixedInVersion": "

The version of the package that contains the vulnerability fix.

" + } + }, "ForceFlag": { "base": null, "refs": { diff --git a/apis/ecs/2014-11-13/docs-2.json b/apis/ecs/2014-11-13/docs-2.json index 7cf79786034..dd0ac7d017b 100644 --- a/apis/ecs/2014-11-13/docs-2.json +++ b/apis/ecs/2014-11-13/docs-2.json @@ -197,11 +197,11 @@ "base": null, "refs": { "ContainerDefinition$essential": "

If the essential parameter of a container is marked as true, and that container fails or stops for any reason, all other containers that are part of the task are stopped. If the essential parameter of a container is marked as false, its failure doesn't affect the rest of the containers in a task. If this parameter is omitted, a container is assumed to be essential.

All tasks must have at least one essential container. If you have an application that's composed of multiple containers, group containers that are used for a common purpose into components, and separate the different components into multiple task definitions. For more information, see Application Architecture in the Amazon Elastic Container Service Developer Guide.

", - "ContainerDefinition$disableNetworking": "

When this parameter is true, networking is off within the container. This parameter maps to NetworkDisabled in the docker conainer create command.

This parameter is not supported for Windows containers.

", - "ContainerDefinition$privileged": "

When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user). This parameter maps to Privileged in the the docker conainer create command and the --privileged option to docker run

This parameter is not supported for Windows containers or tasks run on Fargate.

", - "ContainerDefinition$readonlyRootFilesystem": "

When this parameter is true, the container is given read-only access to its root file system. This parameter maps to ReadonlyRootfs in the docker conainer create command and the --read-only option to docker run.

This parameter is not supported for Windows containers.

", - "ContainerDefinition$interactive": "

When this parameter is true, you can deploy containerized applications that require stdin or a tty to be allocated. This parameter maps to OpenStdin in the docker conainer create command and the --interactive option to docker run.

", - "ContainerDefinition$pseudoTerminal": "

When this parameter is true, a TTY is allocated. This parameter maps to Tty in tthe docker conainer create command and the --tty option to docker run.

", + "ContainerDefinition$disableNetworking": "

When this parameter is true, networking is off within the container. This parameter maps to NetworkDisabled in the docker container create command.

This parameter is not supported for Windows containers.

", + "ContainerDefinition$privileged": "

When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user). This parameter maps to Privileged in the docker container create command and the --privileged option to docker run

This parameter is not supported for Windows containers or tasks run on Fargate.

", + "ContainerDefinition$readonlyRootFilesystem": "

When this parameter is true, the container is given read-only access to its root file system. This parameter maps to ReadonlyRootfs in the docker container create command and the --read-only option to docker run.

This parameter is not supported for Windows containers.

", + "ContainerDefinition$interactive": "

When this parameter is true, you can deploy containerized applications that require stdin or a tty to be allocated. This parameter maps to OpenStdin in the docker container create command and the --interactive option to docker run.

", + "ContainerDefinition$pseudoTerminal": "

When this parameter is true, a TTY is allocated. This parameter maps to Tty in the docker container create command and the --tty option to docker run.

", "ContainerRestartPolicy$enabled": "

Specifies whether a restart policy is enabled for the container.

", "DeleteServiceRequest$force": "

If true, allows you to delete a service even if it wasn't scaled down to zero tasks. It's only necessary to use this if the service uses the REPLICA scheduling strategy.

", "DeleteTaskSetRequest$force": "

If true, you can delete a task set even if it hasn't been scaled down to zero.

", @@ -222,10 +222,10 @@ "base": null, "refs": { "Container$exitCode": "

The exit code returned from the container.

", - "ContainerDefinition$memory": "

The amount (in MiB) of memory to present to the container. If your container attempts to exceed the memory specified here, the container is killed. The total amount of memory reserved for all containers within a task must be lower than the task memory value, if one is specified. This parameter maps to Memory in thethe docker conainer create command and the --memory option to docker run.

If using the Fargate launch type, this parameter is optional.

If using the EC2 launch type, you must specify either a task-level memory value or a container-level memory value. If you specify both a container-level memory and memoryReservation value, memory must be greater than memoryReservation. If you specify memoryReservation, then that value is subtracted from the available memory resources for the container instance where the container is placed. Otherwise, the value of memory is used.

The Docker 20.10.0 or later daemon reserves a minimum of 6 MiB of memory for a container. So, don't specify less than 6 MiB of memory for your containers.

The Docker 19.03.13-ce or earlier daemon reserves a minimum of 4 MiB of memory for a container. So, don't specify less than 4 MiB of memory for your containers.

", - "ContainerDefinition$memoryReservation": "

The soft limit (in MiB) of memory to reserve for the container. When system memory is under heavy contention, Docker attempts to keep the container memory to this soft limit. However, your container can consume more memory when it needs to, up to either the hard limit specified with the memory parameter (if applicable), or all of the available memory on the container instance, whichever comes first. This parameter maps to MemoryReservation in the the docker conainer create command and the --memory-reservation option to docker run.

If a task-level memory value is not specified, you must specify a non-zero integer for one or both of memory or memoryReservation in a container definition. If you specify both, memory must be greater than memoryReservation. If you specify memoryReservation, then that value is subtracted from the available memory resources for the container instance where the container is placed. Otherwise, the value of memory is used.

For example, if your container normally uses 128 MiB of memory, but occasionally bursts to 256 MiB of memory for short periods of time, you can set a memoryReservation of 128 MiB, and a memory hard limit of 300 MiB. This configuration would allow the container to only reserve 128 MiB of memory from the remaining resources on the container instance, but also allow the container to consume more memory resources when needed.

The Docker 20.10.0 or later daemon reserves a minimum of 6 MiB of memory for a container. So, don't specify less than 6 MiB of memory for your containers.

The Docker 19.03.13-ce or earlier daemon reserves a minimum of 4 MiB of memory for a container. So, don't specify less than 4 MiB of memory for your containers.

", + "ContainerDefinition$memory": "

The amount (in MiB) of memory to present to the container. If your container attempts to exceed the memory specified here, the container is killed. The total amount of memory reserved for all containers within a task must be lower than the task memory value, if one is specified. This parameter maps to Memory in the docker container create command and the --memory option to docker run.

If using the Fargate launch type, this parameter is optional.

If using the EC2 launch type, you must specify either a task-level memory value or a container-level memory value. If you specify both a container-level memory and memoryReservation value, memory must be greater than memoryReservation. If you specify memoryReservation, then that value is subtracted from the available memory resources for the container instance where the container is placed. Otherwise, the value of memory is used.

The Docker 20.10.0 or later daemon reserves a minimum of 6 MiB of memory for a container. So, don't specify less than 6 MiB of memory for your containers.

The Docker 19.03.13-ce or earlier daemon reserves a minimum of 4 MiB of memory for a container. So, don't specify less than 4 MiB of memory for your containers.

", + "ContainerDefinition$memoryReservation": "

The soft limit (in MiB) of memory to reserve for the container. When system memory is under heavy contention, Docker attempts to keep the container memory to this soft limit. However, your container can consume more memory when it needs to, up to either the hard limit specified with the memory parameter (if applicable), or all of the available memory on the container instance, whichever comes first. This parameter maps to MemoryReservation in the docker container create command and the --memory-reservation option to docker run.

If a task-level memory value is not specified, you must specify a non-zero integer for one or both of memory or memoryReservation in a container definition. If you specify both, memory must be greater than memoryReservation. If you specify memoryReservation, then that value is subtracted from the available memory resources for the container instance where the container is placed. Otherwise, the value of memory is used.

For example, if your container normally uses 128 MiB of memory, but occasionally bursts to 256 MiB of memory for short periods of time, you can set a memoryReservation of 128 MiB, and a memory hard limit of 300 MiB. This configuration would allow the container to only reserve 128 MiB of memory from the remaining resources on the container instance, but also allow the container to consume more memory resources when needed.

The Docker 20.10.0 or later daemon reserves a minimum of 6 MiB of memory for a container. So, don't specify less than 6 MiB of memory for your containers.

The Docker 19.03.13-ce or earlier daemon reserves a minimum of 4 MiB of memory for a container. So, don't specify less than 4 MiB of memory for your containers.

", "ContainerDefinition$startTimeout": "

Time duration (in seconds) to wait before giving up on resolving dependencies for a container. For example, you specify two containers in a task definition with containerA having a dependency on containerB reaching a COMPLETE, SUCCESS, or HEALTHY status. If a startTimeout value is specified for containerB and it doesn't reach the desired status within that time then containerA gives up and not start. This results in the task transitioning to a STOPPED state.

When the ECS_CONTAINER_START_TIMEOUT container agent configuration variable is used, it's enforced independently from this start timeout value.

For tasks using the Fargate launch type, the task or service requires the following platforms:

For tasks using the EC2 launch type, your container instances require at least version 1.26.0 of the container agent to use a container start timeout value. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see Updating the Amazon ECS Container Agent in the Amazon Elastic Container Service Developer Guide. If you're using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the ecs-init package. If your container instances are launched from version 20190301 or later, then they contain the required versions of the container agent and ecs-init. For more information, see Amazon ECS-optimized Linux AMI in the Amazon Elastic Container Service Developer Guide.

The valid values for Fargate are 2-120 seconds.

", - "ContainerDefinition$stopTimeout": "

Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own.

For tasks using the Fargate launch type, the task or service requires the following platforms:

The max stop timeout value is 120 seconds and if the parameter is not specified, the default value of 30 seconds is used.

For tasks that use the EC2 launch type, if the stopTimeout parameter isn't specified, the value set for the Amazon ECS container agent configuration variable ECS_CONTAINER_STOP_TIMEOUT is used. If neither the stopTimeout parameter or the ECS_CONTAINER_STOP_TIMEOUT agent configuration variable are set, then the default values of 30 seconds for Linux containers and 30 seconds on Windows containers are used. Your container instances require at least version 1.26.0 of the container agent to use a container stop timeout value. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see Updating the Amazon ECS Container Agent in the Amazon Elastic Container Service Developer Guide. If you're using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the ecs-init package. If your container instances are launched from version 20190301 or later, then they contain the required versions of the container agent and ecs-init. For more information, see Amazon ECS-optimized Linux AMI in the Amazon Elastic Container Service Developer Guide.

The valid values are 2-120 seconds.

", + "ContainerDefinition$stopTimeout": "

Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own.

For tasks using the Fargate launch type, the task or service requires the following platforms:

For tasks that use the Fargate launch type, the max stop timeout value is 120 seconds and if the parameter is not specified, the default value of 30 seconds is used.

For tasks that use the EC2 launch type, if the stopTimeout parameter isn't specified, the value set for the Amazon ECS container agent configuration variable ECS_CONTAINER_STOP_TIMEOUT is used. If neither the stopTimeout parameter or the ECS_CONTAINER_STOP_TIMEOUT agent configuration variable are set, then the default values of 30 seconds for Linux containers and 30 seconds on Windows containers are used. Your container instances require at least version 1.26.0 of the container agent to use a container stop timeout value. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see Updating the Amazon ECS Container Agent in the Amazon Elastic Container Service Developer Guide. If you're using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the ecs-init package. If your container instances are launched from version 20190301 or later, then they contain the required versions of the container agent and ecs-init. For more information, see Amazon ECS-optimized Linux AMI in the Amazon Elastic Container Service Developer Guide.

The valid values for Fargate are 2-120 seconds.

", "ContainerOverride$cpu": "

The number of cpu units reserved for the container, instead of the default value from the task definition. You must also specify a container name.

", "ContainerOverride$memory": "

The hard limit (in MiB) of memory to present to the container, instead of the default value from the task definition. If your container attempts to exceed the memory specified here, the container is killed. You must also specify a container name.

", "ContainerOverride$memoryReservation": "

The soft limit (in MiB) of memory to reserve for the container, instead of the default value from the task definition. You must also specify a container name.

", @@ -233,8 +233,8 @@ "ContainerStateChange$exitCode": "

The exit code for the container, if the state change is a result of the container exiting.

", "CreateServiceRequest$desiredCount": "

The number of instantiations of the specified task definition to place and keep running in your service.

This is required if schedulingStrategy is REPLICA or isn't specified. If schedulingStrategy is DAEMON then this isn't required.

", "CreateServiceRequest$healthCheckGracePeriodSeconds": "

The period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing target health checks after a task has first started. This is only used when your service is configured to use a load balancer. If your service has a load balancer defined and you don't specify a health check grace period value, the default value of 0 is used.

If you do not use an Elastic Load Balancing, we recommend that you use the startPeriod in the task definition health check parameters. For more information, see Health check.

If your service's tasks take a while to start and respond to Elastic Load Balancing health checks, you can specify a health check grace period of up to 2,147,483,647 seconds (about 69 years). During that time, the Amazon ECS service scheduler ignores health check status. This grace period can prevent the service scheduler from marking tasks as unhealthy and stopping them before they have time to come up.

", - "DeploymentConfiguration$maximumPercent": "

If a service is using the rolling update (ECS) deployment type, the maximumPercent parameter represents an upper limit on the number of your service's tasks that are allowed in the RUNNING or PENDING state during a deployment, as a percentage of the desiredCount (rounded down to the nearest integer). This parameter enables you to define the deployment batch size. For example, if your service is using the REPLICA service scheduler and has a desiredCount of four tasks and a maximumPercent value of 200%, the scheduler may start four new tasks before stopping the four older tasks (provided that the cluster resources required to do this are available). The default maximumPercent value for a service using the REPLICA service scheduler is 200%.

If a service is using either the blue/green (CODE_DEPLOY) or EXTERNAL deployment types and tasks that use the EC2 launch type, the maximum percent value is set to the default value and is used to define the upper limit on the number of the tasks in the service that remain in the RUNNING state while the container instances are in the DRAINING state. If the tasks in the service use the Fargate launch type, the maximum percent value is not used, although it is returned when describing your service.

", - "DeploymentConfiguration$minimumHealthyPercent": "

If a service is using the rolling update (ECS) deployment type, the minimumHealthyPercent represents a lower limit on the number of your service's tasks that must remain in the RUNNING state during a deployment, as a percentage of the desiredCount (rounded up to the nearest integer). This parameter enables you to deploy without using additional cluster capacity. For example, if your service has a desiredCount of four tasks and a minimumHealthyPercent of 50%, the service scheduler may stop two existing tasks to free up cluster capacity before starting two new tasks.

For services that do not use a load balancer, the following should be noted:

For services that do use a load balancer, the following should be noted:

The default value for a replica service for minimumHealthyPercent is 100%. The default minimumHealthyPercent value for a service using the DAEMON service schedule is 0% for the CLI, the Amazon Web Services SDKs, and the APIs and 50% for the Amazon Web Services Management Console.

The minimum number of healthy tasks during a deployment is the desiredCount multiplied by the minimumHealthyPercent/100, rounded up to the nearest integer value.

If a service is using either the blue/green (CODE_DEPLOY) or EXTERNAL deployment types and is running tasks that use the EC2 launch type, the minimum healthy percent value is set to the default value and is used to define the lower limit on the number of the tasks in the service that remain in the RUNNING state while the container instances are in the DRAINING state. If a service is using either the blue/green (CODE_DEPLOY) or EXTERNAL deployment types and is running tasks that use the Fargate launch type, the minimum healthy percent value is not used, although it is returned when describing your service.

", + "DeploymentConfiguration$maximumPercent": "

If a service is using the rolling update (ECS) deployment type, the maximumPercent parameter represents an upper limit on the number of your service's tasks that are allowed in the RUNNING or PENDING state during a deployment, as a percentage of the desiredCount (rounded down to the nearest integer). This parameter enables you to define the deployment batch size. For example, if your service is using the REPLICA service scheduler and has a desiredCount of four tasks and a maximumPercent value of 200%, the scheduler may start four new tasks before stopping the four older tasks (provided that the cluster resources required to do this are available). The default maximumPercent value for a service using the REPLICA service scheduler is 200%.

If a service is using either the blue/green (CODE_DEPLOY) or EXTERNAL deployment types, and tasks in the service use the EC2 launch type, the maximum percent value is set to the default value. The maximum percent value is used to define the upper limit on the number of the tasks in the service that remain in the RUNNING state while the container instances are in the DRAINING state.

You can't specify a custom maximumPercent value for a service that uses either the blue/green (CODE_DEPLOY) or EXTERNAL deployment types and has tasks that use the EC2 launch type.

If the tasks in the service use the Fargate launch type, the maximum percent value is not used, although it is returned when describing your service.

", + "DeploymentConfiguration$minimumHealthyPercent": "

If a service is using the rolling update (ECS) deployment type, the minimumHealthyPercent represents a lower limit on the number of your service's tasks that must remain in the RUNNING state during a deployment, as a percentage of the desiredCount (rounded up to the nearest integer). This parameter enables you to deploy without using additional cluster capacity. For example, if your service has a desiredCount of four tasks and a minimumHealthyPercent of 50%, the service scheduler may stop two existing tasks to free up cluster capacity before starting two new tasks.

For services that do not use a load balancer, the following should be noted:

For services that do use a load balancer, the following should be noted:

The default value for a replica service for minimumHealthyPercent is 100%. The default minimumHealthyPercent value for a service using the DAEMON service schedule is 0% for the CLI, the Amazon Web Services SDKs, and the APIs and 50% for the Amazon Web Services Management Console.

The minimum number of healthy tasks during a deployment is the desiredCount multiplied by the minimumHealthyPercent/100, rounded up to the nearest integer value.

If a service is using either the blue/green (CODE_DEPLOY) or EXTERNAL deployment types and is running tasks that use the EC2 launch type, the minimum healthy percent value is set to the default value. The minimum healthy percent value is used to define the lower limit on the number of the tasks in the service that remain in the RUNNING state while the container instances are in the DRAINING state.

You can't specify a custom minimumHealthyPercent value for a service that uses either the blue/green (CODE_DEPLOY) or EXTERNAL deployment types and has tasks that use the EC2 launch type.

If a service is using either the blue/green (CODE_DEPLOY) or EXTERNAL deployment types and is running tasks that use the Fargate launch type, the minimum healthy percent value is not used, although it is returned when describing your service.

", "DescribeCapacityProvidersRequest$maxResults": "

The maximum number of account setting results returned by DescribeCapacityProviders in paginated output. When this parameter is used, DescribeCapacityProviders only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another DescribeCapacityProviders request with the returned nextToken value. This value can be between 1 and 10. If this parameter is not used, then DescribeCapacityProviders returns up to 10 results and a nextToken value if applicable.

", "EFSVolumeConfiguration$transitEncryptionPort": "

The port to use when sending encrypted data between the Amazon ECS host and the Amazon EFS server. If you do not specify a transit encryption port, it will use the port selection strategy that the Amazon EFS mount helper uses. For more information, see EFS mount helper in the Amazon Elastic File System User Guide.

", "HealthCheck$interval": "

The time period in seconds between each health check execution. You may specify between 5 and 300 seconds. The default value is 30 seconds.

", @@ -458,7 +458,7 @@ "base": null, "refs": { "RegisterTaskDefinitionRequest$requiresCompatibilities": "

The task launch type that Amazon ECS validates the task definition against. A client exception is returned if the task definition doesn't validate against the compatibilities specified. If no value is specified, the parameter is omitted from the response.

", - "TaskDefinition$compatibilities": "

The task launch types the task definition validated against during task definition registration. For more information, see Amazon ECS launch types in the Amazon Elastic Container Service Developer Guide.

", + "TaskDefinition$compatibilities": "

Amazon ECS validates the task definition parameters with those supported by the launch type. For more information, see Amazon ECS launch types in the Amazon Elastic Container Service Developer Guide.

", "TaskDefinition$requiresCompatibilities": "

The task launch types the task definition was validated against. The valid values are EC2, FARGATE, and EXTERNAL. For more information, see Amazon ECS launch types in the Amazon Elastic Container Service Developer Guide.

" } }, @@ -872,7 +872,7 @@ "DevicesList": { "base": null, "refs": { - "LinuxParameters$devices": "

Any host devices to expose to the container. This parameter maps to Devices in tthe docker conainer create command and the --device option to docker run.

If you're using tasks that use the Fargate launch type, the devices parameter isn't supported.

" + "LinuxParameters$devices": "

Any host devices to expose to the container. This parameter maps to Devices in the docker container create command and the --device option to docker run.

If you're using tasks that use the Fargate launch type, the devices parameter isn't supported.

" } }, "DiscoverPollEndpointRequest": { @@ -888,7 +888,7 @@ "DockerLabelsMap": { "base": null, "refs": { - "ContainerDefinition$dockerLabels": "

A key/value map of labels to add to the container. This parameter maps to Labels in the docker conainer create command and the --label option to docker run. This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'

" + "ContainerDefinition$dockerLabels": "

A key/value map of labels to add to the container. This parameter maps to Labels in the docker container create command and the --label option to docker run. This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'

" } }, "DockerVolumeConfiguration": { @@ -1004,7 +1004,7 @@ "EnvironmentVariables": { "base": null, "refs": { - "ContainerDefinition$environment": "

The environment variables to pass to a container. This parameter maps to Env in the docker conainer create command and the --env option to docker run.

We don't recommend that you use plaintext environment variables for sensitive information, such as credential data.

", + "ContainerDefinition$environment": "

The environment variables to pass to a container. This parameter maps to Env in the docker container create command and the --env option to docker run.

We don't recommend that you use plaintext environment variables for sensitive information, such as credential data.

", "ContainerOverride$environment": "

The environment variables to send to the container. You can add new environment variables, which are added to the container at launch, or you can override the existing environment variables from the Docker image or the task definition. You must also specify a container name.

" } }, @@ -1117,7 +1117,7 @@ "HealthCheck": { "base": "

An object representing a container health check. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image (such as those specified in a parent image or from the image's Dockerfile). This configuration maps to the HEALTHCHECK parameter of docker run.

The Amazon ECS container agent only monitors and reports on the health checks specified in the task definition. Amazon ECS does not monitor Docker health checks that are embedded in a container image and not specified in the container definition. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image.

You can view the health status of both individual containers and a task with the DescribeTasks API operation or when viewing the task details in the console.

The health check is designed to make sure that your containers survive agent restarts, upgrades, or temporary unavailability.

Amazon ECS performs health checks on containers with the default that launched the container instance or the task.

The following describes the possible healthStatus values for a container:

The following describes the possible healthStatus values based on the container health checker status of essential containers in the task with the following priority order (high to low):

Consider the following task health example with 2 containers.

Consider the following task health example with 3 containers.

If a task is run manually, and not as part of a service, the task will continue its lifecycle regardless of its health status. For tasks that are part of a service, if the task reports as unhealthy then the task will be stopped and the service scheduler will replace it.

The following are notes about container health check support:

", "refs": { - "ContainerDefinition$healthCheck": "

The container health check command and associated configuration parameters for the container. This parameter maps to HealthCheck in the docker conainer create command and the HEALTHCHECK parameter of docker run.

" + "ContainerDefinition$healthCheck": "

The container health check command and associated configuration parameters for the container. This parameter maps to HealthCheck in the docker container create command and the HEALTHCHECK parameter of docker run.

" } }, "HealthStatus": { @@ -1136,7 +1136,7 @@ "HostEntryList": { "base": null, "refs": { - "ContainerDefinition$extraHosts": "

A list of hostnames and IP address mappings to append to the /etc/hosts file on the container. This parameter maps to ExtraHosts in the docker conainer create command and the --add-host option to docker run.

This parameter isn't supported for Windows containers or tasks that use the awsvpc network mode.

" + "ContainerDefinition$extraHosts": "

A list of hostnames and IP address mappings to append to the /etc/hosts file on the container. This parameter maps to ExtraHosts in the docker container create command and the --add-host option to docker run.

This parameter isn't supported for Windows containers or tasks that use the awsvpc network mode.

" } }, "HostVolumeProperties": { @@ -1210,7 +1210,7 @@ "Cluster$runningTasksCount": "

The number of tasks in the cluster that are in the RUNNING state.

", "Cluster$pendingTasksCount": "

The number of tasks in the cluster that are in the PENDING state.

", "Cluster$activeServicesCount": "

The number of services that are running on the cluster in an ACTIVE state. You can view these services with PListServices.

", - "ContainerDefinition$cpu": "

The number of cpu units reserved for the container. This parameter maps to CpuShares in the docker conainer create commandand the --cpu-shares option to docker run.

This field is optional for tasks using the Fargate launch type, and the only requirement is that the total amount of CPU reserved for all containers within a task be lower than the task-level cpu value.

You can determine the number of CPU units that are available per EC2 instance type by multiplying the vCPUs listed for that instance type on the Amazon EC2 Instances detail page by 1,024.

Linux containers share unallocated CPU units with other containers on the container instance with the same ratio as their allocated amount. For example, if you run a single-container task on a single-core instance type with 512 CPU units specified for that container, and that's the only task running on the container instance, that container could use the full 1,024 CPU unit share at any given time. However, if you launched another copy of the same task on that container instance, each task is guaranteed a minimum of 512 CPU units when needed. Moreover, each container could float to higher CPU usage if the other container was not using it. If both tasks were 100% active all of the time, they would be limited to 512 CPU units.

On Linux container instances, the Docker daemon on the container instance uses the CPU value to calculate the relative CPU share ratios for running containers. The minimum valid CPU share value that the Linux kernel allows is 2, and the maximum valid CPU share value that the Linux kernel allows is 262144. However, the CPU parameter isn't required, and you can use CPU values below 2 or above 262144 in your container definitions. For CPU values below 2 (including null) or above 262144, the behavior varies based on your Amazon ECS container agent version:

On Windows container instances, the CPU limit is enforced as an absolute limit, or a quota. Windows containers only have access to the specified amount of CPU that's described in the task definition. A null or zero CPU value is passed to Docker as 0, which Windows interprets as 1% of one CPU.

", + "ContainerDefinition$cpu": "

The number of cpu units reserved for the container. This parameter maps to CpuShares in the docker container create commandand the --cpu-shares option to docker run.

This field is optional for tasks using the Fargate launch type, and the only requirement is that the total amount of CPU reserved for all containers within a task be lower than the task-level cpu value.

You can determine the number of CPU units that are available per EC2 instance type by multiplying the vCPUs listed for that instance type on the Amazon EC2 Instances detail page by 1,024.

Linux containers share unallocated CPU units with other containers on the container instance with the same ratio as their allocated amount. For example, if you run a single-container task on a single-core instance type with 512 CPU units specified for that container, and that's the only task running on the container instance, that container could use the full 1,024 CPU unit share at any given time. However, if you launched another copy of the same task on that container instance, each task is guaranteed a minimum of 512 CPU units when needed. Moreover, each container could float to higher CPU usage if the other container was not using it. If both tasks were 100% active all of the time, they would be limited to 512 CPU units.

On Linux container instances, the Docker daemon on the container instance uses the CPU value to calculate the relative CPU share ratios for running containers. The minimum valid CPU share value that the Linux kernel allows is 2, and the maximum valid CPU share value that the Linux kernel allows is 262144. However, the CPU parameter isn't required, and you can use CPU values below 2 or above 262144 in your container definitions. For CPU values below 2 (including null) or above 262144, the behavior varies based on your Amazon ECS container agent version:

On Windows container instances, the CPU limit is enforced as an absolute limit, or a quota. Windows containers only have access to the specified amount of CPU that's described in the task definition. A null or zero CPU value is passed to Docker as 0, which Windows interprets as 1% of one CPU.

", "ContainerInstance$runningTasksCount": "

The number of tasks on the container instance that have a desired status (desiredStatus) of RUNNING.

", "ContainerInstance$pendingTasksCount": "

The number of tasks on the container instance that are in the PENDING status.

", "Deployment$desiredCount": "

The most recent desired count of tasks that was specified for the service to deploy or maintain.

", @@ -1229,8 +1229,8 @@ "TaskSet$pendingCount": "

The number of tasks in the task set that are in the PENDING status during a deployment. A task in the PENDING state is preparing to enter the RUNNING state. A task set enters the PENDING status when it launches for the first time or when it's restarted after being in the STOPPED state.

", "TaskSet$runningCount": "

The number of tasks in the task set that are in the RUNNING status during a deployment. A task in the RUNNING state is running and ready for use.

", "Tmpfs$size": "

The maximum size (in MiB) of the tmpfs volume.

", - "Ulimit$softLimit": "

The soft limit for the ulimit type.

", - "Ulimit$hardLimit": "

The hard limit for the ulimit type.

" + "Ulimit$softLimit": "

The soft limit for the ulimit type. The value can be specified in bytes, seconds, or as a count, depending on the type of the ulimit.

", + "Ulimit$hardLimit": "

The hard limit for the ulimit type. The value can be specified in bytes, seconds, or as a count, depending on the type of the ulimit.

" } }, "IntegerList": { @@ -1408,9 +1408,9 @@ } }, "LogConfiguration": { - "base": "

The log configuration for the container. This parameter maps to LogConfig in the docker conainer create command and the --log-driver option to docker run.

By default, containers use the same logging driver that the Docker daemon uses. However, the container might use a different logging driver than the Docker daemon by specifying a log driver configuration in the container definition.

Understand the following when specifying a log configuration for your containers.

", + "base": "

The log configuration for the container. This parameter maps to LogConfig in the docker container create command and the --log-driver option to docker run.

By default, containers use the same logging driver that the Docker daemon uses. However, the container might use a different logging driver than the Docker daemon by specifying a log driver configuration in the container definition.

Understand the following when specifying a log configuration for your containers.

", "refs": { - "ContainerDefinition$logConfiguration": "

The log configuration specification for the container.

This parameter maps to LogConfig in the docker conainer create command and the --log-driver option to docker run. By default, containers use the same logging driver that the Docker daemon uses. However the container can use a different logging driver than the Docker daemon by specifying a log driver with this parameter in the container definition. To use a different logging driver for a container, the log system must be configured properly on the container instance (or on a different log server for remote logging options).

Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon (shown in the LogConfiguration data type). Additional log drivers may be available in future releases of the Amazon ECS container agent.

This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'

The Amazon ECS container agent running on a container instance must register the logging drivers available on that instance with the ECS_AVAILABLE_LOGGING_DRIVERS environment variable before containers placed on that instance can use these log configuration options. For more information, see Amazon ECS Container Agent Configuration in the Amazon Elastic Container Service Developer Guide.

", + "ContainerDefinition$logConfiguration": "

The log configuration specification for the container.

This parameter maps to LogConfig in the docker container create command and the --log-driver option to docker run. By default, containers use the same logging driver that the Docker daemon uses. However the container can use a different logging driver than the Docker daemon by specifying a log driver with this parameter in the container definition. To use a different logging driver for a container, the log system must be configured properly on the container instance (or on a different log server for remote logging options).

Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon (shown in the LogConfiguration data type). Additional log drivers may be available in future releases of the Amazon ECS container agent.

This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'

The Amazon ECS container agent running on a container instance must register the logging drivers available on that instance with the ECS_AVAILABLE_LOGGING_DRIVERS environment variable before containers placed on that instance can use these log configuration options. For more information, see Amazon ECS Container Agent Configuration in the Amazon Elastic Container Service Developer Guide.

", "ServiceConnectConfiguration$logConfiguration": null } }, @@ -1531,7 +1531,7 @@ "MountPointList": { "base": null, "refs": { - "ContainerDefinition$mountPoints": "

The mount points for data volumes in your container.

This parameter maps to Volumes in the the docker conainer create command and the --volume option to docker run.

Windows containers can mount whole directories on the same drive as $env:ProgramData. Windows containers can't mount directories on a different drive, and mount point can't be across drives.

" + "ContainerDefinition$mountPoints": "

The mount points for data volumes in your container.

This parameter maps to Volumes in the docker container create command and the --volume option to docker run.

Windows containers can mount whole directories on the same drive as $env:ProgramData. Windows containers can't mount directories on a different drive, and mount point can't be across drives.

" } }, "NamespaceNotFoundException": { @@ -1674,7 +1674,7 @@ } }, "PortMapping": { - "base": "

Port mappings allow containers to access ports on the host container instance to send or receive traffic. Port mappings are specified as part of the container definition.

If you use containers in a task with the awsvpc or host network mode, specify the exposed ports using containerPort. The hostPort can be left blank or it must be the same value as the containerPort.

Most fields of this parameter (containerPort, hostPort, protocol) maps to PortBindings in the docker conainer create command and the --publish option to docker run. If the network mode of a task definition is set to host, host ports must either be undefined or match the container port in the port mapping.

You can't expose the same container port for multiple protocols. If you attempt this, an error is returned.

After a task reaches the RUNNING status, manual and automatic host and container port assignments are visible in the networkBindings section of DescribeTasks API responses.

", + "base": "

Port mappings allow containers to access ports on the host container instance to send or receive traffic. Port mappings are specified as part of the container definition.

If you use containers in a task with the awsvpc or host network mode, specify the exposed ports using containerPort. The hostPort can be left blank or it must be the same value as the containerPort.

Most fields of this parameter (containerPort, hostPort, protocol) maps to PortBindings in the docker container create command and the --publish option to docker run. If the network mode of a task definition is set to host, host ports must either be undefined or match the container port in the port mapping.

You can't expose the same container port for multiple protocols. If you attempt this, an error is returned.

After a task reaches the RUNNING status, manual and automatic host and container port assignments are visible in the networkBindings section of DescribeTasks API responses.

", "refs": { "PortMappingList$member": null } @@ -1682,7 +1682,7 @@ "PortMappingList": { "base": null, "refs": { - "ContainerDefinition$portMappings": "

The list of port mappings for the container. Port mappings allow containers to access ports on the host container instance to send or receive traffic.

For task definitions that use the awsvpc network mode, only specify the containerPort. The hostPort can be left blank or it must be the same value as the containerPort.

Port mappings on Windows use the NetNAT gateway address rather than localhost. There's no loopback for port mappings on Windows, so you can't access a container's mapped port from the host itself.

This parameter maps to PortBindings in the the docker conainer create command and the --publish option to docker run. If the network mode of a task definition is set to none, then you can't specify port mappings. If the network mode of a task definition is set to host, then host ports must either be undefined or they must match the container port in the port mapping.

After a task reaches the RUNNING status, manual and automatic host and container port assignments are visible in the Network Bindings section of a container description for a selected task in the Amazon ECS console. The assignments are also visible in the networkBindings section DescribeTasks responses.

" + "ContainerDefinition$portMappings": "

The list of port mappings for the container. Port mappings allow containers to access ports on the host container instance to send or receive traffic.

For task definitions that use the awsvpc network mode, only specify the containerPort. The hostPort can be left blank or it must be the same value as the containerPort.

Port mappings on Windows use the NetNAT gateway address rather than localhost. There's no loopback for port mappings on Windows, so you can't access a container's mapped port from the host itself.

This parameter maps to PortBindings in the the docker container create command and the --publish option to docker run. If the network mode of a task definition is set to none, then you can't specify port mappings. If the network mode of a task definition is set to host, then host ports must either be undefined or they must match the container port in the port mapping.

After a task reaches the RUNNING status, manual and automatic host and container port assignments are visible in the Network Bindings section of a container description for a selected task in the Amazon ECS console. The assignments are also visible in the networkBindings section DescribeTasks responses.

" } }, "PortNumber": { @@ -2087,7 +2087,7 @@ "DeleteAccountSettingRequest$name": "

The resource name to disable the account setting for. If serviceLongArnFormat is specified, the ARN for your Amazon ECS services is affected. If taskLongArnFormat is specified, the ARN and resource ID for your Amazon ECS tasks is affected. If containerInstanceLongArnFormat is specified, the ARN and resource ID for your Amazon ECS container instances is affected. If awsvpcTrunking is specified, the ENI limit for your Amazon ECS container instances is affected.

", "ListAccountSettingsRequest$name": "

The name of the account setting you want to list the settings for.

", "PutAccountSettingDefaultRequest$name": "

The resource name for which to modify the account setting.

The following are the valid values for the account setting name.

", - "PutAccountSettingRequest$name": "

The Amazon ECS account setting name to modify.

The following are the valid values for the account setting name.

", + "PutAccountSettingRequest$name": "

The Amazon ECS account setting name to modify.

The following are the valid values for the account setting name.

", "Setting$name": "

The Amazon ECS resource name.

" } }, @@ -2176,11 +2176,11 @@ "Container$cpu": "

The number of CPU units set for the container. The value is 0 if no value was specified in the container definition when the task definition was registered.

", "Container$memory": "

The hard limit (in MiB) of memory set for the container.

", "Container$memoryReservation": "

The soft limit (in MiB) of memory set for the container.

", - "ContainerDefinition$name": "

The name of a container. If you're linking multiple containers together in a task definition, the name of one container can be entered in the links of another container to connect the containers. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. This parameter maps to name in tthe docker conainer create command and the --name option to docker run.

", - "ContainerDefinition$image": "

The image used to start a container. This string is passed directly to the Docker daemon. By default, images in the Docker Hub registry are available. Other repositories are specified with either repository-url/image:tag or repository-url/image@digest . Up to 255 letters (uppercase and lowercase), numbers, hyphens, underscores, colons, periods, forward slashes, and number signs are allowed. This parameter maps to Image in the docker conainer create command and the IMAGE parameter of docker run.

", - "ContainerDefinition$hostname": "

The hostname to use for your container. This parameter maps to Hostname in thethe docker conainer create command and the --hostname option to docker run.

The hostname parameter is not supported if you're using the awsvpc network mode.

", - "ContainerDefinition$user": "

The user to use inside the container. This parameter maps to User in the docker conainer create command and the --user option to docker run.

When running tasks using the host network mode, don't run containers using the root user (UID 0). We recommend using a non-root user for better security.

You can specify the user using the following formats. If specifying a UID or GID, you must specify it as a positive integer.

This parameter is not supported for Windows containers.

", - "ContainerDefinition$workingDirectory": "

The working directory to run commands inside the container in. This parameter maps to WorkingDir in the docker conainer create command and the --workdir option to docker run.

", + "ContainerDefinition$name": "

The name of a container. If you're linking multiple containers together in a task definition, the name of one container can be entered in the links of another container to connect the containers. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. This parameter maps to name in the docker container create command and the --name option to docker run.

", + "ContainerDefinition$image": "

The image used to start a container. This string is passed directly to the Docker daemon. By default, images in the Docker Hub registry are available. Other repositories are specified with either repository-url/image:tag or repository-url/image@digest . Up to 255 letters (uppercase and lowercase), numbers, hyphens, underscores, colons, periods, forward slashes, and number signs are allowed. This parameter maps to Image in the docker container create command and the IMAGE parameter of docker run.

", + "ContainerDefinition$hostname": "

The hostname to use for your container. This parameter maps to Hostname in the docker container create command and the --hostname option to docker run.

The hostname parameter is not supported if you're using the awsvpc network mode.

", + "ContainerDefinition$user": "

The user to use inside the container. This parameter maps to User in the docker container create command and the --user option to docker run.

When running tasks using the host network mode, don't run containers using the root user (UID 0). We recommend using a non-root user for better security.

You can specify the user using the following formats. If specifying a UID or GID, you must specify it as a positive integer.

This parameter is not supported for Windows containers.

", + "ContainerDefinition$workingDirectory": "

The working directory to run commands inside the container in. This parameter maps to WorkingDir in the docker container create command and the --workdir option to docker run.

", "ContainerDependency$containerName": "

The name of a container.

", "ContainerInstance$containerInstanceArn": "

The Amazon Resource Name (ARN) of the container instance. For more information about the ARN format, see Amazon Resource Name (ARN) in the Amazon ECS Developer Guide.

", "ContainerInstance$ec2InstanceId": "

The ID of the container instance. For Amazon EC2 instances, this value is the Amazon EC2 instance ID. For external instances, this value is the Amazon Web Services Systems Manager managed instance ID.

", @@ -2243,7 +2243,7 @@ "DiscoverPollEndpointResponse$serviceConnectEndpoint": "

The endpoint for the Amazon ECS agent to poll for Service Connect configuration. For more information, see Service Connect in the Amazon Elastic Container Service Developer Guide.

", "DockerLabelsMap$key": null, "DockerLabelsMap$value": null, - "DockerVolumeConfiguration$driver": "

The Docker volume driver to use. The driver value must match the driver name provided by Docker because it is used for task placement. If the driver was installed using the Docker plugin CLI, use docker plugin ls to retrieve the driver name from your container instance. If the driver was installed using another method, use Docker plugin discovery to retrieve the driver name. This parameter maps to Driver in the docker conainer create command and the xxdriver option to docker volume create.

", + "DockerVolumeConfiguration$driver": "

The Docker volume driver to use. The driver value must match the driver name provided by Docker because it is used for task placement. If the driver was installed using the Docker plugin CLI, use docker plugin ls to retrieve the driver name from your container instance. If the driver was installed using another method, use Docker plugin discovery to retrieve the driver name. This parameter maps to Driver in the docker container create command and the xxdriver option to docker volume create.

", "EFSAuthorizationConfig$accessPointId": "

The Amazon EFS access point ID to use. If an access point is specified, the root directory value specified in the EFSVolumeConfiguration must either be omitted or set to / which will enforce the path set on the EFS access point. If an access point is used, transit encryption must be on in the EFSVolumeConfiguration. For more information, see Working with Amazon EFS access points in the Amazon Elastic File System User Guide.

", "EFSVolumeConfiguration$fileSystemId": "

The Amazon EFS file system ID to use.

", "EFSVolumeConfiguration$rootDirectory": "

The directory within the Amazon EFS file system to mount as the root directory inside the host. If this parameter is omitted, the root of the Amazon EFS volume will be used. Specifying / will have the same effect as omitting this parameter.

If an EFS access point is specified in the authorizationConfig, the root directory parameter must either be omitted or set to / which will enforce the path set on the EFS access point.

", @@ -2495,12 +2495,12 @@ "AwsVpcConfiguration$subnets": "

The IDs of the subnets associated with the task or service. There's a limit of 16 subnets that can be specified per awsvpcConfiguration.

All specified subnets must be from the same VPC.

", "AwsVpcConfiguration$securityGroups": "

The IDs of the security groups associated with the task or service. If you don't specify a security group, the default security group for the VPC is used. There's a limit of 5 security groups that can be specified per awsvpcConfiguration.

All specified security groups must be from the same VPC.

", "Cluster$capacityProviders": "

The capacity providers associated with the cluster.

", - "ContainerDefinition$links": "

The links parameter allows containers to communicate with each other without the need for port mappings. This parameter is only supported if the network mode of a task definition is bridge. The name:internalName construct is analogous to name:alias in Docker links. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed.. This parameter maps to Links in the docker conainer create command and the --link option to docker run.

This parameter is not supported for Windows containers.

Containers that are collocated on a single container instance may be able to communicate with each other without requiring links or host port mappings. Network isolation is achieved on the container instance using security groups and VPC settings.

", - "ContainerDefinition$entryPoint": "

Early versions of the Amazon ECS container agent don't properly handle entryPoint parameters. If you have problems using entryPoint, update your container agent or enter your commands and arguments as command array items instead.

The entry point that's passed to the container. This parameter maps to Entrypoint in tthe docker conainer create command and the --entrypoint option to docker run.

", - "ContainerDefinition$command": "

The command that's passed to the container. This parameter maps to Cmd in the docker conainer create command and the COMMAND parameter to docker run. If there are multiple arguments, each argument is a separated string in the array.

", - "ContainerDefinition$dnsServers": "

A list of DNS servers that are presented to the container. This parameter maps to Dns in the the docker conainer create command and the --dns option to docker run.

This parameter is not supported for Windows containers.

", - "ContainerDefinition$dnsSearchDomains": "

A list of DNS search domains that are presented to the container. This parameter maps to DnsSearch in the docker conainer create command and the --dns-search option to docker run.

This parameter is not supported for Windows containers.

", - "ContainerDefinition$dockerSecurityOptions": "

A list of strings to provide custom configuration for multiple security systems. This field isn't valid for containers in tasks using the Fargate launch type.

For Linux tasks on EC2, this parameter can be used to reference custom labels for SELinux and AppArmor multi-level security systems.

For any tasks on EC2, this parameter can be used to reference a credential spec file that configures a container for Active Directory authentication. For more information, see Using gMSAs for Windows Containers and Using gMSAs for Linux Containers in the Amazon Elastic Container Service Developer Guide.

This parameter maps to SecurityOpt in the docker conainer create command and the --security-opt option to docker run.

The Amazon ECS container agent running on a container instance must register with the ECS_SELINUX_CAPABLE=true or ECS_APPARMOR_CAPABLE=true environment variables before containers placed on that instance can use these security options. For more information, see Amazon ECS Container Agent Configuration in the Amazon Elastic Container Service Developer Guide.

Valid values: \"no-new-privileges\" | \"apparmor:PROFILE\" | \"label:value\" | \"credentialspec:CredentialSpecFilePath\"

", + "ContainerDefinition$links": "

The links parameter allows containers to communicate with each other without the need for port mappings. This parameter is only supported if the network mode of a task definition is bridge. The name:internalName construct is analogous to name:alias in Docker links. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed.. This parameter maps to Links in the docker container create command and the --link option to docker run.

This parameter is not supported for Windows containers.

Containers that are collocated on a single container instance may be able to communicate with each other without requiring links or host port mappings. Network isolation is achieved on the container instance using security groups and VPC settings.

", + "ContainerDefinition$entryPoint": "

Early versions of the Amazon ECS container agent don't properly handle entryPoint parameters. If you have problems using entryPoint, update your container agent or enter your commands and arguments as command array items instead.

The entry point that's passed to the container. This parameter maps to Entrypoint in the docker container create command and the --entrypoint option to docker run.

", + "ContainerDefinition$command": "

The command that's passed to the container. This parameter maps to Cmd in the docker container create command and the COMMAND parameter to docker run. If there are multiple arguments, each argument is a separated string in the array.

", + "ContainerDefinition$dnsServers": "

A list of DNS servers that are presented to the container. This parameter maps to Dns in the docker container create command and the --dns option to docker run.

This parameter is not supported for Windows containers.

", + "ContainerDefinition$dnsSearchDomains": "

A list of DNS search domains that are presented to the container. This parameter maps to DnsSearch in the docker container create command and the --dns-search option to docker run.

This parameter is not supported for Windows containers.

", + "ContainerDefinition$dockerSecurityOptions": "

A list of strings to provide custom configuration for multiple security systems. This field isn't valid for containers in tasks using the Fargate launch type.

For Linux tasks on EC2, this parameter can be used to reference custom labels for SELinux and AppArmor multi-level security systems.

For any tasks on EC2, this parameter can be used to reference a credential spec file that configures a container for Active Directory authentication. For more information, see Using gMSAs for Windows Containers and Using gMSAs for Linux Containers in the Amazon Elastic Container Service Developer Guide.

This parameter maps to SecurityOpt in the docker container create command and the --security-opt option to docker run.

The Amazon ECS container agent running on a container instance must register with the ECS_SELINUX_CAPABLE=true or ECS_APPARMOR_CAPABLE=true environment variables before containers placed on that instance can use these security options. For more information, see Amazon ECS Container Agent Configuration in the Amazon Elastic Container Service Developer Guide.

Valid values: \"no-new-privileges\" | \"apparmor:PROFILE\" | \"label:value\" | \"credentialspec:CredentialSpecFilePath\"

", "ContainerDefinition$credentialSpecs": "

A list of ARNs in SSM or Amazon S3 to a credential spec (CredSpec) file that configures the container for Active Directory authentication. We recommend that you use this parameter instead of the dockerSecurityOptions. The maximum number of ARNs is 1.

There are two formats for each ARN.

credentialspecdomainless:MyARN

You use credentialspecdomainless:MyARN to provide a CredSpec with an additional section for a secret in Secrets Manager. You provide the login credentials to the domain in the secret.

Each task that runs on any container instance can join different domains.

You can use this format without joining the container instance to a domain.

credentialspec:MyARN

You use credentialspec:MyARN to provide a CredSpec for a single domain.

You must join the container instance to the domain before you start any tasks that use this task definition.

In both formats, replace MyARN with the ARN in SSM or Amazon S3.

If you provide a credentialspecdomainless:MyARN, the credspec must provide a ARN in Secrets Manager for a secret containing the username, password, and the domain to connect to. For better security, the instance isn't joined to the domain for domainless authentication. Other applications on the instance can't use the domainless credentials. You can use this parameter to run tasks on the same instance, even it the tasks need to join different domains. For more information, see Using gMSAs for Windows Containers and Using gMSAs for Linux Containers.

", "ContainerOverride$command": "

The command to send to the container that overrides the default command from the Docker image or the task definition. You must also specify a container name.

", "CreateClusterRequest$capacityProviders": "

The short name of one or more capacity providers to associate with the cluster. A capacity provider must be associated with a cluster before it can be included as part of the default capacity provider strategy of the cluster or used in a capacity provider strategy when calling the CreateService or RunTask actions.

If specifying a capacity provider that uses an Auto Scaling group, the capacity provider must be created but not associated with another cluster. New Auto Scaling group capacity providers can be created with the CreateCapacityProvider API operation.

To use a Fargate capacity provider, specify either the FARGATE or FARGATE_SPOT capacity providers. The Fargate capacity providers are available to all accounts and only need to be associated with a cluster to be used.

The PutCapacityProvider API operation is used to update the list of available capacity providers for a cluster after the cluster is created.

", @@ -2513,9 +2513,9 @@ "DescribeTaskSetsRequest$taskSets": "

The ID or full Amazon Resource Name (ARN) of task sets to describe.

", "DescribeTasksRequest$tasks": "

A list of up to 100 task IDs or full ARN entries.

", "GetTaskProtectionRequest$tasks": "

A list of up to 100 task IDs or full ARN entries.

", - "HealthCheck$command": "

A string array representing the command that the container runs to determine if it is healthy. The string array must start with CMD to run the command arguments directly, or CMD-SHELL to run the command with the container's default shell.

When you use the Amazon Web Services Management Console JSON panel, the Command Line Interface, or the APIs, enclose the list of commands in double quotes and brackets.

[ \"CMD-SHELL\", \"curl -f http://localhost/ || exit 1\" ]

You don't include the double quotes and brackets when you use the Amazon Web Services Management Console.

CMD-SHELL, curl -f http://localhost/ || exit 1

An exit code of 0 indicates success, and non-zero exit code indicates failure. For more information, see HealthCheck in tthe docker conainer create command

", - "KernelCapabilities$add": "

The Linux capabilities for the container that have been added to the default configuration provided by Docker. This parameter maps to CapAdd in the docker conainer create command and the --cap-add option to docker run.

Tasks launched on Fargate only support adding the SYS_PTRACE kernel capability.

Valid values: \"ALL\" | \"AUDIT_CONTROL\" | \"AUDIT_WRITE\" | \"BLOCK_SUSPEND\" | \"CHOWN\" | \"DAC_OVERRIDE\" | \"DAC_READ_SEARCH\" | \"FOWNER\" | \"FSETID\" | \"IPC_LOCK\" | \"IPC_OWNER\" | \"KILL\" | \"LEASE\" | \"LINUX_IMMUTABLE\" | \"MAC_ADMIN\" | \"MAC_OVERRIDE\" | \"MKNOD\" | \"NET_ADMIN\" | \"NET_BIND_SERVICE\" | \"NET_BROADCAST\" | \"NET_RAW\" | \"SETFCAP\" | \"SETGID\" | \"SETPCAP\" | \"SETUID\" | \"SYS_ADMIN\" | \"SYS_BOOT\" | \"SYS_CHROOT\" | \"SYS_MODULE\" | \"SYS_NICE\" | \"SYS_PACCT\" | \"SYS_PTRACE\" | \"SYS_RAWIO\" | \"SYS_RESOURCE\" | \"SYS_TIME\" | \"SYS_TTY_CONFIG\" | \"SYSLOG\" | \"WAKE_ALARM\"

", - "KernelCapabilities$drop": "

The Linux capabilities for the container that have been removed from the default configuration provided by Docker. This parameter maps to CapDrop in the docker conainer create command and the --cap-drop option to docker run.

Valid values: \"ALL\" | \"AUDIT_CONTROL\" | \"AUDIT_WRITE\" | \"BLOCK_SUSPEND\" | \"CHOWN\" | \"DAC_OVERRIDE\" | \"DAC_READ_SEARCH\" | \"FOWNER\" | \"FSETID\" | \"IPC_LOCK\" | \"IPC_OWNER\" | \"KILL\" | \"LEASE\" | \"LINUX_IMMUTABLE\" | \"MAC_ADMIN\" | \"MAC_OVERRIDE\" | \"MKNOD\" | \"NET_ADMIN\" | \"NET_BIND_SERVICE\" | \"NET_BROADCAST\" | \"NET_RAW\" | \"SETFCAP\" | \"SETGID\" | \"SETPCAP\" | \"SETUID\" | \"SYS_ADMIN\" | \"SYS_BOOT\" | \"SYS_CHROOT\" | \"SYS_MODULE\" | \"SYS_NICE\" | \"SYS_PACCT\" | \"SYS_PTRACE\" | \"SYS_RAWIO\" | \"SYS_RESOURCE\" | \"SYS_TIME\" | \"SYS_TTY_CONFIG\" | \"SYSLOG\" | \"WAKE_ALARM\"

", + "HealthCheck$command": "

A string array representing the command that the container runs to determine if it is healthy. The string array must start with CMD to run the command arguments directly, or CMD-SHELL to run the command with the container's default shell.

When you use the Amazon Web Services Management Console JSON panel, the Command Line Interface, or the APIs, enclose the list of commands in double quotes and brackets.

[ \"CMD-SHELL\", \"curl -f http://localhost/ || exit 1\" ]

You don't include the double quotes and brackets when you use the Amazon Web Services Management Console.

CMD-SHELL, curl -f http://localhost/ || exit 1

An exit code of 0 indicates success, and non-zero exit code indicates failure. For more information, see HealthCheck in the docker container create command

", + "KernelCapabilities$add": "

The Linux capabilities for the container that have been added to the default configuration provided by Docker. This parameter maps to CapAdd in the docker container create command and the --cap-add option to docker run.

Tasks launched on Fargate only support adding the SYS_PTRACE kernel capability.

Valid values: \"ALL\" | \"AUDIT_CONTROL\" | \"AUDIT_WRITE\" | \"BLOCK_SUSPEND\" | \"CHOWN\" | \"DAC_OVERRIDE\" | \"DAC_READ_SEARCH\" | \"FOWNER\" | \"FSETID\" | \"IPC_LOCK\" | \"IPC_OWNER\" | \"KILL\" | \"LEASE\" | \"LINUX_IMMUTABLE\" | \"MAC_ADMIN\" | \"MAC_OVERRIDE\" | \"MKNOD\" | \"NET_ADMIN\" | \"NET_BIND_SERVICE\" | \"NET_BROADCAST\" | \"NET_RAW\" | \"SETFCAP\" | \"SETGID\" | \"SETPCAP\" | \"SETUID\" | \"SYS_ADMIN\" | \"SYS_BOOT\" | \"SYS_CHROOT\" | \"SYS_MODULE\" | \"SYS_NICE\" | \"SYS_PACCT\" | \"SYS_PTRACE\" | \"SYS_RAWIO\" | \"SYS_RESOURCE\" | \"SYS_TIME\" | \"SYS_TTY_CONFIG\" | \"SYSLOG\" | \"WAKE_ALARM\"

", + "KernelCapabilities$drop": "

The Linux capabilities for the container that have been removed from the default configuration provided by Docker. This parameter maps to CapDrop in the docker container create command and the --cap-drop option to docker run.

Valid values: \"ALL\" | \"AUDIT_CONTROL\" | \"AUDIT_WRITE\" | \"BLOCK_SUSPEND\" | \"CHOWN\" | \"DAC_OVERRIDE\" | \"DAC_READ_SEARCH\" | \"FOWNER\" | \"FSETID\" | \"IPC_LOCK\" | \"IPC_OWNER\" | \"KILL\" | \"LEASE\" | \"LINUX_IMMUTABLE\" | \"MAC_ADMIN\" | \"MAC_OVERRIDE\" | \"MKNOD\" | \"NET_ADMIN\" | \"NET_BIND_SERVICE\" | \"NET_BROADCAST\" | \"NET_RAW\" | \"SETFCAP\" | \"SETGID\" | \"SETPCAP\" | \"SETUID\" | \"SYS_ADMIN\" | \"SYS_BOOT\" | \"SYS_CHROOT\" | \"SYS_MODULE\" | \"SYS_NICE\" | \"SYS_PACCT\" | \"SYS_PTRACE\" | \"SYS_RAWIO\" | \"SYS_RESOURCE\" | \"SYS_TIME\" | \"SYS_TTY_CONFIG\" | \"SYSLOG\" | \"WAKE_ALARM\"

", "ListClustersResponse$clusterArns": "

The list of full Amazon Resource Name (ARN) entries for each cluster that's associated with your account.

", "ListContainerInstancesResponse$containerInstanceArns": "

The list of container instances with full ARN entries for each container instance associated with the specified cluster.

", "ListServicesByNamespaceResponse$serviceArns": "

The list of full ARN entries for each service that's associated with the specified namespace.

", @@ -2535,7 +2535,7 @@ "base": null, "refs": { "DockerVolumeConfiguration$driverOpts": "

A map of Docker driver-specific options passed through. This parameter maps to DriverOpts in the docker create-volume command and the xxopt option to docker volume create.

", - "DockerVolumeConfiguration$labels": "

Custom metadata to add to your Docker volume. This parameter maps to Labels in the docker conainer create command and the xxlabel option to docker volume create.

" + "DockerVolumeConfiguration$labels": "

Custom metadata to add to your Docker volume. This parameter maps to Labels in the docker container create command and the xxlabel option to docker volume create.

" } }, "SubmitAttachmentStateChangesRequest": { @@ -2569,7 +2569,7 @@ } }, "SystemControl": { - "base": "

A list of namespaced kernel parameters to set in the container. This parameter maps to Sysctls in tthe docker conainer create command and the --sysctl option to docker run. For example, you can configure net.ipv4.tcp_keepalive_time setting to maintain longer lived connections.

We don't recommend that you specify network-related systemControls parameters for multiple containers in a single task that also uses either the awsvpc or host network mode. Doing this has the following disadvantages:

If you're setting an IPC resource namespace to use for the containers in the task, the following conditions apply to your system controls. For more information, see IPC mode.

This parameter is not supported for Windows containers.

This parameter is only supported for tasks that are hosted on Fargate if the tasks are using platform version 1.4.0 or later (Linux). This isn't supported for Windows containers on Fargate.

", + "base": "

A list of namespaced kernel parameters to set in the container. This parameter maps to Sysctls in the docker container create command and the --sysctl option to docker run. For example, you can configure net.ipv4.tcp_keepalive_time setting to maintain longer lived connections.

We don't recommend that you specify network-related systemControls parameters for multiple containers in a single task that also uses either the awsvpc or host network mode. Doing this has the following disadvantages:

If you're setting an IPC resource namespace to use for the containers in the task, the following conditions apply to your system controls. For more information, see IPC mode.

This parameter is not supported for Windows containers.

This parameter is only supported for tasks that are hosted on Fargate if the tasks are using platform version 1.4.0 or later (Linux). This isn't supported for Windows containers on Fargate.

", "refs": { "SystemControls$member": null } @@ -2577,7 +2577,7 @@ "SystemControls": { "base": null, "refs": { - "ContainerDefinition$systemControls": "

A list of namespaced kernel parameters to set in the container. This parameter maps to Sysctls in tthe docker conainer create command and the --sysctl option to docker run. For example, you can configure net.ipv4.tcp_keepalive_time setting to maintain longer lived connections.

" + "ContainerDefinition$systemControls": "

A list of namespaced kernel parameters to set in the container. This parameter maps to Sysctls in the docker container create command and the --sysctl option to docker run. For example, you can configure net.ipv4.tcp_keepalive_time setting to maintain longer lived connections.

" } }, "Tag": { @@ -2892,7 +2892,7 @@ "UlimitList": { "base": null, "refs": { - "ContainerDefinition$ulimits": "

A list of ulimits to set in the container. If a ulimit value is specified in a task definition, it overrides the default values set by Docker. This parameter maps to Ulimits in tthe docker conainer create command and the --ulimit option to docker run. Valid naming values are displayed in the Ulimit data type.

Amazon ECS tasks hosted on Fargate use the default resource limit values set by the operating system with the exception of the nofile resource limit parameter which Fargate overrides. The nofile resource limit sets a restriction on the number of open files that a container can use. The default nofile soft limit is 65535 and the default hard limit is 65535.

This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'

This parameter is not supported for Windows containers.

" + "ContainerDefinition$ulimits": "

A list of ulimits to set in the container. If a ulimit value is specified in a task definition, it overrides the default values set by Docker. This parameter maps to Ulimits in the docker container create command and the --ulimit option to docker run. Valid naming values are displayed in the Ulimit data type.

Amazon ECS tasks hosted on Fargate use the default resource limit values set by the operating system with the exception of the nofile resource limit parameter which Fargate overrides. The nofile resource limit sets a restriction on the number of open files that a container can use. The default nofile soft limit is 65535 and the default hard limit is 65535.

This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'

This parameter is not supported for Windows containers.

" } }, "UlimitName": { @@ -3033,7 +3033,7 @@ "VolumeFromList": { "base": null, "refs": { - "ContainerDefinition$volumesFrom": "

Data volumes to mount from another container. This parameter maps to VolumesFrom in tthe docker conainer create command and the --volumes-from option to docker run.

" + "ContainerDefinition$volumesFrom": "

Data volumes to mount from another container. This parameter maps to VolumesFrom in the docker container create command and the --volumes-from option to docker run.

" } }, "VolumeList": { diff --git a/apis/lambda/2015-03-31/api-2.json b/apis/lambda/2015-03-31/api-2.json index ee07cb6f752..7abf99586d5 100644 --- a/apis/lambda/2015-03-31/api-2.json +++ b/apis/lambda/2015-03-31/api-2.json @@ -294,6 +294,23 @@ {"shape":"ServiceException"} ] }, + "DeleteResourcePolicy":{ + "name":"DeleteResourcePolicy", + "http":{ + "method":"DELETE", + "requestUri":"/2024-09-16/resource-policy/{ResourceArn}", + "responseCode":204 + }, + "input":{"shape":"DeleteResourcePolicyRequest"}, + "errors":[ + {"shape":"ServiceException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ResourceConflictException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"PreconditionFailedException"} + ] + }, "GetAccountSettings":{ "name":"GetAccountSettings", "http":{ @@ -548,6 +565,38 @@ {"shape":"ProvisionedConcurrencyConfigNotFoundException"} ] }, + "GetPublicAccessBlockConfig":{ + "name":"GetPublicAccessBlockConfig", + "http":{ + "method":"GET", + "requestUri":"/2024-09-16/public-access-block/{ResourceArn}", + "responseCode":200 + }, + "input":{"shape":"GetPublicAccessBlockConfigRequest"}, + "output":{"shape":"GetPublicAccessBlockConfigResponse"}, + "errors":[ + {"shape":"ServiceException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"InvalidParameterValueException"} + ] + }, + "GetResourcePolicy":{ + "name":"GetResourcePolicy", + "http":{ + "method":"GET", + "requestUri":"/2024-09-16/resource-policy/{ResourceArn}", + "responseCode":200 + }, + "input":{"shape":"GetResourcePolicyRequest"}, + "output":{"shape":"GetResourcePolicyResponse"}, + "errors":[ + {"shape":"ServiceException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"InvalidParameterValueException"} + ] + }, "GetRuntimeManagementConfig":{ "name":"GetRuntimeManagementConfig", "http":{ @@ -972,6 +1021,43 @@ {"shape":"ServiceException"} ] }, + "PutPublicAccessBlockConfig":{ + "name":"PutPublicAccessBlockConfig", + "http":{ + "method":"PUT", + "requestUri":"/2024-09-16/public-access-block/{ResourceArn}", + "responseCode":200 + }, + "input":{"shape":"PutPublicAccessBlockConfigRequest"}, + "output":{"shape":"PutPublicAccessBlockConfigResponse"}, + "errors":[ + {"shape":"ServiceException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ResourceConflictException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"TooManyRequestsException"} + ] + }, + "PutResourcePolicy":{ + "name":"PutResourcePolicy", + "http":{ + "method":"PUT", + "requestUri":"/2024-09-16/resource-policy/{ResourceArn}", + "responseCode":200 + }, + "input":{"shape":"PutResourcePolicyRequest"}, + "output":{"shape":"PutResourcePolicyResponse"}, + "errors":[ + {"shape":"ServiceException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ResourceConflictException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"PolicyLengthExceededException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"PreconditionFailedException"}, + {"shape":"PublicPolicyException"} + ] + }, "PutRuntimeManagementConfig":{ "name":"PutRuntimeManagementConfig", "http":{ @@ -1792,6 +1878,22 @@ } } }, + "DeleteResourcePolicyRequest":{ + "type":"structure", + "required":["ResourceArn"], + "members":{ + "ResourceArn":{ + "shape":"PolicyResourceArn", + "location":"uri", + "locationName":"ResourceArn" + }, + "RevisionId":{ + "shape":"RevisionId", + "location":"querystring", + "locationName":"RevisionId" + } + } + }, "Description":{ "type":"string", "max":256, @@ -2555,6 +2657,41 @@ "LastModified":{"shape":"Timestamp"} } }, + "GetPublicAccessBlockConfigRequest":{ + "type":"structure", + "required":["ResourceArn"], + "members":{ + "ResourceArn":{ + "shape":"PublicAccessBlockResourceArn", + "location":"uri", + "locationName":"ResourceArn" + } + } + }, + "GetPublicAccessBlockConfigResponse":{ + "type":"structure", + "members":{ + "PublicAccessBlockConfig":{"shape":"PublicAccessBlockConfig"} + } + }, + "GetResourcePolicyRequest":{ + "type":"structure", + "required":["ResourceArn"], + "members":{ + "ResourceArn":{ + "shape":"PolicyResourceArn", + "location":"uri", + "locationName":"ResourceArn" + } + } + }, + "GetResourcePolicyResponse":{ + "type":"structure", + "members":{ + "Policy":{"shape":"ResourcePolicy"}, + "RevisionId":{"shape":"RevisionId"} + } + }, "GetRuntimeManagementConfigRequest":{ "type":"structure", "required":["FunctionName"], @@ -3561,6 +3698,11 @@ "error":{"httpStatusCode":400}, "exception":true }, + "PolicyResourceArn":{ + "type":"string", + "max":256, + "pattern":"arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}:\\d{12}:function:[a-zA-Z0-9-_]+(:(\\$LATEST|[a-zA-Z0-9-_])+)?" + }, "PositiveInteger":{ "type":"integer", "min":1 @@ -3617,6 +3759,27 @@ "FAILED" ] }, + "PublicAccessBlockConfig":{ + "type":"structure", + "members":{ + "BlockPublicPolicy":{"shape":"NullableBoolean"}, + "RestrictPublicResource":{"shape":"NullableBoolean"} + } + }, + "PublicAccessBlockResourceArn":{ + "type":"string", + "max":170, + "pattern":"arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}:\\d{12}:function:[a-zA-Z0-9-_]+" + }, + "PublicPolicyException":{ + "type":"structure", + "members":{ + "Type":{"shape":"String"}, + "Message":{"shape":"String"} + }, + "error":{"httpStatusCode":400}, + "exception":true + }, "PublishLayerVersionRequest":{ "type":"structure", "required":[ @@ -3777,6 +3940,50 @@ "LastModified":{"shape":"Timestamp"} } }, + "PutPublicAccessBlockConfigRequest":{ + "type":"structure", + "required":[ + "ResourceArn", + "PublicAccessBlockConfig" + ], + "members":{ + "ResourceArn":{ + "shape":"PublicAccessBlockResourceArn", + "location":"uri", + "locationName":"ResourceArn" + }, + "PublicAccessBlockConfig":{"shape":"PublicAccessBlockConfig"} + } + }, + "PutPublicAccessBlockConfigResponse":{ + "type":"structure", + "members":{ + "PublicAccessBlockConfig":{"shape":"PublicAccessBlockConfig"} + } + }, + "PutResourcePolicyRequest":{ + "type":"structure", + "required":[ + "ResourceArn", + "Policy" + ], + "members":{ + "ResourceArn":{ + "shape":"PolicyResourceArn", + "location":"uri", + "locationName":"ResourceArn" + }, + "Policy":{"shape":"ResourcePolicy"}, + "RevisionId":{"shape":"RevisionId"} + } + }, + "PutResourcePolicyResponse":{ + "type":"structure", + "members":{ + "Policy":{"shape":"ResourcePolicy"}, + "RevisionId":{"shape":"RevisionId"} + } + }, "PutRuntimeManagementConfigRequest":{ "type":"structure", "required":[ @@ -3956,6 +4163,12 @@ "error":{"httpStatusCode":502}, "exception":true }, + "ResourcePolicy":{ + "type":"string", + "max":20480, + "min":1, + "pattern":"[\\s\\S]+" + }, "ResponseStreamingInvocationType":{ "type":"string", "enum":[ @@ -3963,6 +4176,12 @@ "DryRun" ] }, + "RevisionId":{ + "type":"string", + "max":36, + "min":36, + "pattern":"[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" + }, "RoleArn":{ "type":"string", "pattern":"arn:(aws[a-zA-Z-]*)?:iam::\\d{12}:role/?[a-zA-Z_0-9+=,.@\\-_/]+" diff --git a/apis/lambda/2015-03-31/docs-2.json b/apis/lambda/2015-03-31/docs-2.json index db95e19b364..30abbd340f9 100644 --- a/apis/lambda/2015-03-31/docs-2.json +++ b/apis/lambda/2015-03-31/docs-2.json @@ -19,6 +19,7 @@ "DeleteFunctionUrlConfig": "

Deletes a Lambda function URL. When you delete a function URL, you can't recover it. Creating a new function URL results in a different URL address.

", "DeleteLayerVersion": "

Deletes a version of an Lambda layer. Deleted versions can no longer be viewed or added to functions. To avoid breaking functions, a copy of the version remains in Lambda until no functions refer to it.

", "DeleteProvisionedConcurrencyConfig": "

Deletes the provisioned concurrency configuration for a function.

", + "DeleteResourcePolicy": "

Deletes a resource-based policy from a function.

", "GetAccountSettings": "

Retrieves details about your account's limits and usage in an Amazon Web Services Region.

", "GetAlias": "

Returns details about a Lambda function alias.

", "GetCodeSigningConfig": "

Returns information about the specified code signing configuration.

", @@ -35,6 +36,8 @@ "GetLayerVersionPolicy": "

Returns the permission policy for a version of an Lambda layer. For more information, see AddLayerVersionPermission.

", "GetPolicy": "

Returns the resource-based IAM policy for a function, version, or alias.

", "GetProvisionedConcurrencyConfig": "

Retrieves the provisioned concurrency configuration for a function's alias or version.

", + "GetPublicAccessBlockConfig": "

Retrieve the public-access settings for a function.

", + "GetResourcePolicy": "

Retrieves the resource-based policy attached to a function.

", "GetRuntimeManagementConfig": "

Retrieves the runtime management configuration for a function's version. If the runtime update mode is Manual, this includes the ARN of the runtime version and the runtime update mode. If the runtime update mode is Auto or Function update, this includes the runtime update mode and null is returned for the ARN. For more information, see Runtime updates.

", "Invoke": "

Invokes a Lambda function. You can invoke a function synchronously (and wait for the response), or asynchronously. By default, Lambda invokes your function synchronously (i.e. theInvocationType is RequestResponse). To invoke a function asynchronously, set InvocationType to Event. Lambda passes the ClientContext object to your function for synchronous invocations only.

For synchronous invocation, details about the function response, including errors, are included in the response body and headers. For either invocation type, you can find more information in the execution log and trace.

When an error occurs, your function may be invoked multiple times. Retry behavior varies by error type, client, event source, and invocation type. For example, if you invoke a function asynchronously and it returns an error, Lambda executes the function up to two more times. For more information, see Error handling and automatic retries in Lambda.

For asynchronous invocation, Lambda adds events to a queue before sending them to your function. If your function does not have enough capacity to keep up with the queue, events may be lost. Occasionally, your function may receive the same event multiple times, even if no error occurs. To retain events that were not processed, configure your function with a dead-letter queue.

The status code in the API response doesn't reflect function errors. Error codes are reserved for errors that prevent your function from executing, such as permissions errors, quota errors, or issues with your function's code and configuration. For example, Lambda returns TooManyRequestsException if running the function would cause you to exceed a concurrency limit at either the account level (ConcurrentInvocationLimitExceeded) or function level (ReservedFunctionConcurrentInvocationLimitExceeded).

For functions with a long timeout, your client might disconnect during synchronous invocation while it waits for a response. Configure your HTTP client, SDK, firewall, proxy, or operating system to allow for long connections with timeout or keep-alive settings.

This operation requires permission for the lambda:InvokeFunction action. For details on how to set up permissions for cross-account invocations, see Granting function access to other accounts.

", "InvokeAsync": "

For asynchronous function invocation, use Invoke.

Invokes a function asynchronously.

If you do use the InvokeAsync action, note that it doesn't support the use of X-Ray active tracing. Trace ID is not propagated to the function, even if X-Ray active tracing is turned on.

", @@ -58,6 +61,8 @@ "PutFunctionEventInvokeConfig": "

Configures options for asynchronous invocation on a function, version, or alias. If a configuration already exists for a function, version, or alias, this operation overwrites it. If you exclude any settings, they are removed. To set one option without affecting existing settings for other options, use UpdateFunctionEventInvokeConfig.

By default, Lambda retries an asynchronous invocation twice if the function returns an error. It retains events in a queue for up to six hours. When an event fails all processing attempts or stays in the asynchronous invocation queue for too long, Lambda discards it. To retain discarded events, configure a dead-letter queue with UpdateFunctionConfiguration.

To send an invocation record to a queue, topic, function, or event bus, specify a destination. You can configure separate destinations for successful invocations (on-success) and events that fail all processing attempts (on-failure). You can configure destinations in addition to or instead of a dead-letter queue.

", "PutFunctionRecursionConfig": "

Sets your function's recursive loop detection configuration.

When you configure a Lambda function to output to the same service or resource that invokes the function, it's possible to create an infinite recursive loop. For example, a Lambda function might write a message to an Amazon Simple Queue Service (Amazon SQS) queue, which then invokes the same function. This invocation causes the function to write another message to the queue, which in turn invokes the function again.

Lambda can detect certain types of recursive loops shortly after they occur. When Lambda detects a recursive loop and your function's recursive loop detection configuration is set to Terminate, it stops your function being invoked and notifies you.

", "PutProvisionedConcurrencyConfig": "

Adds a provisioned concurrency configuration to a function's alias or version.

", + "PutPublicAccessBlockConfig": "

Configure your function's public-access settings.

To control public access to a Lambda function, you can choose whether to allow the creation of resource-based policies that allow public access to that function. You can also block public access to a function, even if it has an existing resource-based policy that allows it.

", + "PutResourcePolicy": "

Adds a resource-based policy to a function. You can use resource-based policies to grant access to other Amazon Web Services accounts, organizations, or services. Resource-based policies apply to a single function, version, or alias.

Adding a resource-based policy using this API action replaces any existing policy you've previously created. This means that if you've previously added resource-based permissions to a function using the AddPermission action, those permissions will be overwritten by your new policy.

", "PutRuntimeManagementConfig": "

Sets the runtime management configuration for a function's version. For more information, see Runtime updates.

", "RemoveLayerVersionPermission": "

Removes a statement from the permissions policy for a version of an Lambda layer. For more information, see AddLayerVersionPermission.

", "RemovePermission": "

Revokes function-use permission from an Amazon Web Servicesservice or another Amazon Web Services account. You can get the ID of the statement from the output of GetPolicy.

", @@ -482,6 +487,11 @@ "refs": { } }, + "DeleteResourcePolicyRequest": { + "base": null, + "refs": { + } + }, "Description": { "base": null, "refs": { @@ -1042,6 +1052,26 @@ "refs": { } }, + "GetPublicAccessBlockConfigRequest": { + "base": null, + "refs": { + } + }, + "GetPublicAccessBlockConfigResponse": { + "base": null, + "refs": { + } + }, + "GetResourcePolicyRequest": { + "base": null, + "refs": { + } + }, + "GetResourcePolicyResponse": { + "base": null, + "refs": { + } + }, "GetRuntimeManagementConfigRequest": { "base": null, "refs": { @@ -1694,6 +1724,8 @@ "NullableBoolean": { "base": null, "refs": { + "PublicAccessBlockConfig$BlockPublicPolicy": "

To block the creation of resource-based policies that would grant public access to your function, set BlockPublicPolicy to true. To allow the creation of resource-based policies that would grant public access to your function, set BlockPublicPolicy to false.

", + "PublicAccessBlockConfig$RestrictPublicResource": "

To block public access to your function, even if its resource-based policy allows it, set RestrictPublicResource to true. To allow public access to a function with a resource-based policy that permits it, set RestrictPublicResource to false.

", "VpcConfig$Ipv6AllowedForDualStack": "

Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.

", "VpcConfigResponse$Ipv6AllowedForDualStack": "

Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.

" } @@ -1748,6 +1780,14 @@ "refs": { } }, + "PolicyResourceArn": { + "base": null, + "refs": { + "DeleteResourcePolicyRequest$ResourceArn": "

The Amazon Resource Name (ARN) of the function you want to delete the policy from. You can use either a qualified or an unqualified ARN, but the value you specify must be a complete ARN and wildcard characters are not accepted.

", + "GetResourcePolicyRequest$ResourceArn": "

The Amazon Resource Name (ARN) of the function you want to retrieve the policy for. You can use either a qualified or an unqualified ARN, but the value you specify must be a complete ARN and wildcard characters are not accepted.

", + "PutResourcePolicyRequest$ResourceArn": "

The Amazon Resource Name (ARN) of the function you want to add the policy to. You can use either a qualified or an unqualified ARN, but the value you specify must be a complete ARN and wildcard characters are not accepted.

" + } + }, "PositiveInteger": { "base": null, "refs": { @@ -1799,6 +1839,26 @@ "PutProvisionedConcurrencyConfigResponse$Status": "

The status of the allocation process.

" } }, + "PublicAccessBlockConfig": { + "base": "

An object that defines the public-access settings for a function.

", + "refs": { + "GetPublicAccessBlockConfigResponse$PublicAccessBlockConfig": "

The public-access settings configured for the function you specified

", + "PutPublicAccessBlockConfigRequest$PublicAccessBlockConfig": "

An object defining the public-access settings you want to apply.

To block the creation of resource-based policies that would grant public access to your function, set BlockPublicPolicy to true. To allow the creation of resource-based policies that would grant public access to your function, set BlockPublicPolicy to false.

To block public access to your function, even if its resource-based policy allows it, set RestrictPublicResource to true. To allow public access to a function with a resource-based policy that permits it, set RestrictPublicResource to false.

The default setting for both BlockPublicPolicy and RestrictPublicResource is true.

", + "PutPublicAccessBlockConfigResponse$PublicAccessBlockConfig": "

The public-access settings Lambda applied to your function.

" + } + }, + "PublicAccessBlockResourceArn": { + "base": null, + "refs": { + "GetPublicAccessBlockConfigRequest$ResourceArn": "

The Amazon Resource Name (ARN) of the function you want to retrieve public-access settings for.

", + "PutPublicAccessBlockConfigRequest$ResourceArn": "

The Amazon Resource Name (ARN) of the function you want to configure public-access settings for. Public-access settings are applied at the function level, so you can't apply different settings to function versions or aliases.

" + } + }, + "PublicPolicyException": { + "base": "

Lambda prevented your policy from being created because it would grant public access to your function. If you intended to create a public policy, use the PutPublicAccessBlockConfig API action to configure your function's public-access settings to allow public policies.

", + "refs": { + } + }, "PublishLayerVersionRequest": { "base": null, "refs": { @@ -1854,6 +1914,26 @@ "refs": { } }, + "PutPublicAccessBlockConfigRequest": { + "base": null, + "refs": { + } + }, + "PutPublicAccessBlockConfigResponse": { + "base": null, + "refs": { + } + }, + "PutResourcePolicyRequest": { + "base": null, + "refs": { + } + }, + "PutResourcePolicyResponse": { + "base": null, + "refs": { + } + }, "PutRuntimeManagementConfigRequest": { "base": null, "refs": { @@ -1961,12 +2041,29 @@ "refs": { } }, + "ResourcePolicy": { + "base": null, + "refs": { + "GetResourcePolicyResponse$Policy": "

The resource-based policy attached to the function you specified.

", + "PutResourcePolicyRequest$Policy": "

The JSON resource-based policy you want to add to your function.

To learn more about creating resource-based policies for controlling access to Lambda, see Working with resource-based IAM policies in Lambda in the Lambda Developer Guide.

", + "PutResourcePolicyResponse$Policy": "

The policy Lambda added to your function.

" + } + }, "ResponseStreamingInvocationType": { "base": null, "refs": { "InvokeWithResponseStreamRequest$InvocationType": "

Use one of the following options:

" } }, + "RevisionId": { + "base": null, + "refs": { + "DeleteResourcePolicyRequest$RevisionId": "

Delete the existing policy only if its revision ID matches the string you specify. To find the revision ID of the policy currently attached to your function, use the GetResourcePolicy action.

", + "GetResourcePolicyResponse$RevisionId": "

The revision ID of the policy.

", + "PutResourcePolicyRequest$RevisionId": "

Replace the existing policy only if its revision ID matches the string you specify. To find the revision ID of the policy currently attached to your function, use the GetResourcePolicy action.

", + "PutResourcePolicyResponse$RevisionId": "

The revision ID of the policy Lambda added to your function.

" + } + }, "RoleArn": { "base": null, "refs": { @@ -2293,6 +2390,8 @@ "ProvisionedConcurrencyConfigListItem$StatusReason": "

For failed allocations, the reason that provisioned concurrency could not be allocated.

", "ProvisionedConcurrencyConfigNotFoundException$Type": null, "ProvisionedConcurrencyConfigNotFoundException$message": null, + "PublicPolicyException$Type": "

The exception type.

", + "PublicPolicyException$Message": null, "PublishVersionRequest$CodeSha256": "

Only publish a version if the hash value matches the value that's specified. Use this option to avoid publishing a version if the function code has changed since you last updated it. You can get the hash for the version that you uploaded from the output of UpdateFunctionCode.

", "PublishVersionRequest$RevisionId": "

Only update the function if the revision ID matches the ID that's specified. Use this option to avoid publishing a version if the function configuration has changed since you last updated it.

", "PutProvisionedConcurrencyConfigResponse$StatusReason": "

For failed allocations, the reason that provisioned concurrency could not be allocated.

", diff --git a/apis/rds/2014-10-31/docs-2.json b/apis/rds/2014-10-31/docs-2.json index af07b428462..9efe4763781 100644 --- a/apis/rds/2014-10-31/docs-2.json +++ b/apis/rds/2014-10-31/docs-2.json @@ -4725,7 +4725,7 @@ "CreateDBInstanceMessage$DBParameterGroupName": "

The name of the DB parameter group to associate with this DB instance. If you don't specify a value, then Amazon RDS uses the default DB parameter group for the specified DB engine and version.

This setting doesn't apply to RDS Custom DB instances.

Constraints:

", "CreateDBInstanceMessage$PreferredBackupWindow": "

The daily time range during which automated backups are created if automated backups are enabled, using the BackupRetentionPeriod parameter. The default is a 30-minute window selected at random from an 8-hour block of time for each Amazon Web Services Region. For more information, see Backup window in the Amazon RDS User Guide.

This setting doesn't apply to Amazon Aurora DB instances. The daily time range for creating automated backups is managed by the DB cluster.

Constraints:

", "CreateDBInstanceMessage$EngineVersion": "

The version number of the database engine to use.

This setting doesn't apply to Amazon Aurora DB instances. The version number of the database engine the DB instance uses is managed by the DB cluster.

For a list of valid engine versions, use the DescribeDBEngineVersions operation.

The following are the database engines and links to information about the major and minor versions that are available with Amazon RDS. Not every database engine is available for every Amazon Web Services Region.

Amazon RDS Custom for Oracle

A custom engine version (CEV) that you have previously created. This setting is required for RDS Custom for Oracle. The CEV name has the following format: 19.customized_string. A valid CEV name is 19.my_cev1. For more information, see Creating an RDS Custom for Oracle DB instance in the Amazon RDS User Guide.

Amazon RDS Custom for SQL Server

See RDS Custom for SQL Server general requirements in the Amazon RDS User Guide.

RDS for Db2

For information, see Db2 on Amazon RDS versions in the Amazon RDS User Guide.

RDS for MariaDB

For information, see MariaDB on Amazon RDS versions in the Amazon RDS User Guide.

RDS for Microsoft SQL Server

For information, see Microsoft SQL Server versions on Amazon RDS in the Amazon RDS User Guide.

RDS for MySQL

For information, see MySQL on Amazon RDS versions in the Amazon RDS User Guide.

RDS for Oracle

For information, see Oracle Database Engine release notes in the Amazon RDS User Guide.

RDS for PostgreSQL

For information, see Amazon RDS for PostgreSQL versions and extensions in the Amazon RDS User Guide.

", - "CreateDBInstanceMessage$LicenseModel": "

The license model information for this DB instance.

License models for RDS for Db2 require additional configuration. The Bring Your Own License (BYOL) model requires a custom parameter group. The Db2 license through Amazon Web Services Marketplace model requires an Amazon Web Services Marketplace subscription. For more information, see RDS for Db2 licensing options in the Amazon RDS User Guide.

The default for RDS for Db2 is bring-your-own-license.

This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.

Valid Values:

", + "CreateDBInstanceMessage$LicenseModel": "

The license model information for this DB instance.

License models for RDS for Db2 require additional configuration. The Bring Your Own License (BYOL) model requires a custom parameter group and an Amazon Web Services License Manager self-managed license. The Db2 license through Amazon Web Services Marketplace model requires an Amazon Web Services Marketplace subscription. For more information, see Amazon RDS for Db2 licensing options in the Amazon RDS User Guide.

The default for RDS for Db2 is bring-your-own-license.

This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.

Valid Values:

", "CreateDBInstanceMessage$OptionGroupName": "

The option group to associate the DB instance with.

Permanent options, such as the TDE option for Oracle Advanced Security TDE, can't be removed from an option group. Also, that option group can't be removed from a DB instance after it is associated with a DB instance.

This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.

", "CreateDBInstanceMessage$CharacterSetName": "

For supported engines, the character set (CharacterSet) to associate the DB instance with.

This setting doesn't apply to the following DB instances:

", "CreateDBInstanceMessage$NcharCharacterSetName": "

The name of the NCHAR character set for the Oracle DB instance.

This setting doesn't apply to RDS Custom DB instances.

", @@ -5583,7 +5583,7 @@ "RestoreDBInstanceFromDBSnapshotMessage$DBInstanceClass": "

The compute and memory capacity of the Amazon RDS DB instance, for example db.m4.large. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see DB Instance Class in the Amazon RDS User Guide.

Default: The same DBInstanceClass as the original DB instance.

", "RestoreDBInstanceFromDBSnapshotMessage$AvailabilityZone": "

The Availability Zone (AZ) where the DB instance will be created.

Default: A random, system-chosen Availability Zone.

Constraint: You can't specify the AvailabilityZone parameter if the DB instance is a Multi-AZ deployment.

Example: us-east-1a

", "RestoreDBInstanceFromDBSnapshotMessage$DBSubnetGroupName": "

The name of the DB subnet group to use for the new instance.

Constraints:

Example: mydbsubnetgroup

", - "RestoreDBInstanceFromDBSnapshotMessage$LicenseModel": "

License model information for the restored DB instance.

License models for RDS for Db2 require additional configuration. The Bring Your Own License (BYOL) model requires a custom parameter group. The Db2 license through Amazon Web Services Marketplace model requires an Amazon Web Services Marketplace subscription. For more information, see RDS for Db2 licensing options in the Amazon RDS User Guide.

This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.

Valid Values:

Default: Same as the source.

", + "RestoreDBInstanceFromDBSnapshotMessage$LicenseModel": "

License model information for the restored DB instance.

License models for RDS for Db2 require additional configuration. The Bring Your Own License (BYOL) model requires a custom parameter group and an Amazon Web Services License Manager self-managed license. The Db2 license through Amazon Web Services Marketplace model requires an Amazon Web Services Marketplace subscription. For more information, see Amazon RDS for Db2 licensing options in the Amazon RDS User Guide.

This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.

Valid Values:

Default: Same as the source.

", "RestoreDBInstanceFromDBSnapshotMessage$DBName": "

The name of the database for the restored DB instance.

This parameter only applies to RDS for Oracle and RDS for SQL Server DB instances. It doesn't apply to the other engines or to RDS Custom DB instances.

", "RestoreDBInstanceFromDBSnapshotMessage$Engine": "

The database engine to use for the new instance.

This setting doesn't apply to RDS Custom.

Default: The same as source

Constraint: Must be compatible with the engine of the source. For example, you can restore a MariaDB 10.1 DB instance from a MySQL 5.6 snapshot.

Valid Values:

", "RestoreDBInstanceFromDBSnapshotMessage$OptionGroupName": "

The name of the option group to be used for the restored DB instance.

Permanent options, such as the TDE option for Oracle Advanced Security TDE, can't be removed from an option group, and that option group can't be removed from a DB instance after it is associated with a DB instance.

This setting doesn't apply to RDS Custom.

", @@ -5634,7 +5634,7 @@ "RestoreDBInstanceToPointInTimeMessage$DBInstanceClass": "

The compute and memory capacity of the Amazon RDS DB instance, for example db.m4.large. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see DB Instance Class in the Amazon RDS User Guide.

Default: The same DB instance class as the original DB instance.

", "RestoreDBInstanceToPointInTimeMessage$AvailabilityZone": "

The Availability Zone (AZ) where the DB instance will be created.

Default: A random, system-chosen Availability Zone.

Constraints:

Example: us-east-1a

", "RestoreDBInstanceToPointInTimeMessage$DBSubnetGroupName": "

The DB subnet group name to use for the new instance.

Constraints:

Example: mydbsubnetgroup

", - "RestoreDBInstanceToPointInTimeMessage$LicenseModel": "

The license model information for the restored DB instance.

License models for RDS for Db2 require additional configuration. The Bring Your Own License (BYOL) model requires a custom parameter group. The Db2 license through Amazon Web Services Marketplace model requires an Amazon Web Services Marketplace subscription. For more information, see RDS for Db2 licensing options in the Amazon RDS User Guide.

This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.

Valid Values:

Default: Same as the source.

", + "RestoreDBInstanceToPointInTimeMessage$LicenseModel": "

The license model information for the restored DB instance.

License models for RDS for Db2 require additional configuration. The Bring Your Own License (BYOL) model requires a custom parameter group and an Amazon Web Services License Manager self-managed license. The Db2 license through Amazon Web Services Marketplace model requires an Amazon Web Services Marketplace subscription. For more information, see Amazon RDS for Db2 licensing options in the Amazon RDS User Guide.

This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.

Valid Values:

Default: Same as the source.

", "RestoreDBInstanceToPointInTimeMessage$DBName": "

The database name for the restored DB instance.

This parameter doesn't apply to the following DB instances:

", "RestoreDBInstanceToPointInTimeMessage$Engine": "

The database engine to use for the new instance.

This setting doesn't apply to RDS Custom.

Valid Values:

Default: The same as source

Constraints:

", "RestoreDBInstanceToPointInTimeMessage$OptionGroupName": "

The name of the option group to use for the restored DB instance.

Permanent options, such as the TDE option for Oracle Advanced Security TDE, can't be removed from an option group, and that option group can't be removed from a DB instance after it is associated with a DB instance

This setting doesn't apply to RDS Custom.

", diff --git a/apis/ssm/2014-11-06/api-2.json b/apis/ssm/2014-11-06/api-2.json index 34b694fcea6..5b966fcaf46 100644 --- a/apis/ssm/2014-11-06/api-2.json +++ b/apis/ssm/2014-11-06/api-2.json @@ -2777,6 +2777,7 @@ "ProgressCounters":{"shape":"ProgressCounters"}, "AlarmConfiguration":{"shape":"AlarmConfiguration"}, "TriggeredAlarms":{"shape":"AlarmStateInformationList"}, + "TargetLocationsURL":{"shape":"TargetLocationsURL"}, "AutomationSubtype":{"shape":"AutomationSubtype"}, "ScheduledTime":{"shape":"DateTime"}, "Runbooks":{"shape":"Runbooks"}, @@ -2870,6 +2871,7 @@ "AutomationType":{"shape":"AutomationType"}, "AlarmConfiguration":{"shape":"AlarmConfiguration"}, "TriggeredAlarms":{"shape":"AlarmStateInformationList"}, + "TargetLocationsURL":{"shape":"TargetLocationsURL"}, "AutomationSubtype":{"shape":"AutomationSubtype"}, "ScheduledTime":{"shape":"DateTime"}, "Runbooks":{"shape":"Runbooks"}, @@ -5107,6 +5109,18 @@ "member":{"shape":"EffectivePatch"} }, "ErrorCount":{"type":"integer"}, + "ExcludeAccount":{ + "type":"string", + "max":68, + "min":6, + "pattern":"^(ou-[a-z0-9]{4,32}-[a-z0-9]{8,32})|(\\d{12})$" + }, + "ExcludeAccounts":{ + "type":"list", + "member":{"shape":"ExcludeAccount"}, + "max":5000, + "min":1 + }, "ExecutionMode":{ "type":"string", "enum":[ @@ -10283,7 +10297,8 @@ "box":true }, "Tags":{"shape":"TagList"}, - "AlarmConfiguration":{"shape":"AlarmConfiguration"} + "AlarmConfiguration":{"shape":"AlarmConfiguration"}, + "TargetLocationsURL":{"shape":"TargetLocationsURL"} } }, "StartAutomationExecutionResult":{ @@ -10562,7 +10577,12 @@ "TargetLocationAlarmConfiguration":{ "shape":"AlarmConfiguration", "box":true - } + }, + "IncludeChildOrganizationUnits":{"shape":"Boolean"}, + "ExcludeAccounts":{"shape":"ExcludeAccounts"}, + "Targets":{"shape":"Targets"}, + "TargetsMaxConcurrency":{"shape":"MaxConcurrency"}, + "TargetsMaxErrors":{"shape":"MaxErrors"} } }, "TargetLocations":{ @@ -10571,6 +10591,10 @@ "max":100, "min":1 }, + "TargetLocationsURL":{ + "type":"string", + "pattern":"^https:\\/\\/[-a-zA-Z0-9@:%._\\+~#=]{1,253}\\.s3(\\.[a-z\\d-]{9,16})?\\.amazonaws\\.com\\/.{1,2000}" + }, "TargetMap":{ "type":"map", "key":{"shape":"TargetMapKey"}, diff --git a/apis/ssm/2014-11-06/docs-2.json b/apis/ssm/2014-11-06/docs-2.json index 8ed18bd6250..350ec3fe428 100644 --- a/apis/ssm/2014-11-06/docs-2.json +++ b/apis/ssm/2014-11-06/docs-2.json @@ -6,15 +6,15 @@ "AssociateOpsItemRelatedItem": "

Associates a related item to a Systems Manager OpsCenter OpsItem. For example, you can associate an Incident Manager incident or analysis with an OpsItem. Incident Manager and OpsCenter are capabilities of Amazon Web Services Systems Manager.

", "CancelCommand": "

Attempts to cancel the command specified by the Command ID. There is no guarantee that the command will be terminated and the underlying process stopped.

", "CancelMaintenanceWindowExecution": "

Stops a maintenance window execution that is already in progress and cancels any tasks in the window that haven't already starting running. Tasks already in progress will continue to completion.

", - "CreateActivation": "

Generates an activation code and activation ID you can use to register your on-premises servers, edge devices, or virtual machine (VM) with Amazon Web Services Systems Manager. Registering these machines with Systems Manager makes it possible to manage them using Systems Manager capabilities. You use the activation code and ID when installing SSM Agent on machines in your hybrid environment. For more information about requirements for managing on-premises machines using Systems Manager, see Setting up Amazon Web Services Systems Manager for hybrid and multicloud environments in the Amazon Web Services Systems Manager User Guide.

Amazon Elastic Compute Cloud (Amazon EC2) instances, edge devices, and on-premises servers and VMs that are configured for Systems Manager are all called managed nodes.

", + "CreateActivation": "

Generates an activation code and activation ID you can use to register your on-premises servers, edge devices, or virtual machine (VM) with Amazon Web Services Systems Manager. Registering these machines with Systems Manager makes it possible to manage them using Systems Manager capabilities. You use the activation code and ID when installing SSM Agent on machines in your hybrid environment. For more information about requirements for managing on-premises machines using Systems Manager, see Using Amazon Web Services Systems Manager in hybrid and multicloud environments in the Amazon Web Services Systems Manager User Guide.

Amazon Elastic Compute Cloud (Amazon EC2) instances, edge devices, and on-premises servers and VMs that are configured for Systems Manager are all called managed nodes.

", "CreateAssociation": "

A State Manager association defines the state that you want to maintain on your managed nodes. For example, an association can specify that anti-virus software must be installed and running on your managed nodes, or that certain ports must be closed. For static targets, the association specifies a schedule for when the configuration is reapplied. For dynamic targets, such as an Amazon Web Services resource group or an Amazon Web Services autoscaling group, State Manager, a capability of Amazon Web Services Systems Manager applies the configuration when new managed nodes are added to the group. The association also specifies actions to take when applying the configuration. For example, an association for anti-virus software might run once a day. If the software isn't installed, then State Manager installs it. If the software is installed, but the service isn't running, then the association might instruct State Manager to start the service.

", "CreateAssociationBatch": "

Associates the specified Amazon Web Services Systems Manager document (SSM document) with the specified managed nodes or targets.

When you associate a document with one or more managed nodes using IDs or tags, Amazon Web Services Systems Manager Agent (SSM Agent) running on the managed node processes the document and configures the node as specified.

If you associate a document with a managed node that already has an associated document, the system returns the AssociationAlreadyExists exception.

", - "CreateDocument": "

Creates a Amazon Web Services Systems Manager (SSM document). An SSM document defines the actions that Systems Manager performs on your managed nodes. For more information about SSM documents, including information about supported schemas, features, and syntax, see Amazon Web Services Systems Manager Documents in the Amazon Web Services Systems Manager User Guide.

", + "CreateDocument": "

Creates a Amazon Web Services Systems Manager (SSM document). An SSM document defines the actions that Systems Manager performs on your managed nodes. For more information about SSM documents, including information about supported schemas, features, and syntax, see Amazon Web Services Systems Manager Documents in the Amazon Web Services Systems Manager User Guide.

", "CreateMaintenanceWindow": "

Creates a new maintenance window.

The value you specify for Duration determines the specific end time for the maintenance window based on the time it begins. No maintenance window tasks are permitted to start after the resulting endtime minus the number of hours you specify for Cutoff. For example, if the maintenance window starts at 3 PM, the duration is three hours, and the value you specify for Cutoff is one hour, no maintenance window tasks can start after 5 PM.

", "CreateOpsItem": "

Creates a new OpsItem. You must have permission in Identity and Access Management (IAM) to create a new OpsItem. For more information, see Set up OpsCenter in the Amazon Web Services Systems Manager User Guide.

Operations engineers and IT professionals use Amazon Web Services Systems Manager OpsCenter to view, investigate, and remediate operational issues impacting the performance and health of their Amazon Web Services resources. For more information, see Amazon Web Services Systems Manager OpsCenter in the Amazon Web Services Systems Manager User Guide.

", "CreateOpsMetadata": "

If you create a new application in Application Manager, Amazon Web Services Systems Manager calls this API operation to specify information about the new application, including the application type.

", "CreatePatchBaseline": "

Creates a patch baseline.

For information about valid key-value pairs in PatchFilters for each supported operating system type, see PatchFilter.

", - "CreateResourceDataSync": "

A resource data sync helps you view data from multiple sources in a single location. Amazon Web Services Systems Manager offers two types of resource data sync: SyncToDestination and SyncFromSource.

You can configure Systems Manager Inventory to use the SyncToDestination type to synchronize Inventory data from multiple Amazon Web Services Regions to a single Amazon Simple Storage Service (Amazon S3) bucket. For more information, see Configuring resource data sync for Inventory in the Amazon Web Services Systems Manager User Guide.

You can configure Systems Manager Explorer to use the SyncFromSource type to synchronize operational work items (OpsItems) and operational data (OpsData) from multiple Amazon Web Services Regions to a single Amazon S3 bucket. This type can synchronize OpsItems and OpsData from multiple Amazon Web Services accounts and Amazon Web Services Regions or EntireOrganization by using Organizations. For more information, see Setting up Systems Manager Explorer to display data from multiple accounts and Regions in the Amazon Web Services Systems Manager User Guide.

A resource data sync is an asynchronous operation that returns immediately. After a successful initial sync is completed, the system continuously syncs data. To check the status of a sync, use the ListResourceDataSync.

By default, data isn't encrypted in Amazon S3. We strongly recommend that you enable encryption in Amazon S3 to ensure secure data storage. We also recommend that you secure access to the Amazon S3 bucket by creating a restrictive bucket policy.

", + "CreateResourceDataSync": "

A resource data sync helps you view data from multiple sources in a single location. Amazon Web Services Systems Manager offers two types of resource data sync: SyncToDestination and SyncFromSource.

You can configure Systems Manager Inventory to use the SyncToDestination type to synchronize Inventory data from multiple Amazon Web Services Regions to a single Amazon Simple Storage Service (Amazon S3) bucket. For more information, see Creatinga a resource data sync for Inventory in the Amazon Web Services Systems Manager User Guide.

You can configure Systems Manager Explorer to use the SyncFromSource type to synchronize operational work items (OpsItems) and operational data (OpsData) from multiple Amazon Web Services Regions to a single Amazon S3 bucket. This type can synchronize OpsItems and OpsData from multiple Amazon Web Services accounts and Amazon Web Services Regions or EntireOrganization by using Organizations. For more information, see Setting up Systems Manager Explorer to display data from multiple accounts and Regions in the Amazon Web Services Systems Manager User Guide.

A resource data sync is an asynchronous operation that returns immediately. After a successful initial sync is completed, the system continuously syncs data. To check the status of a sync, use the ListResourceDataSync.

By default, data isn't encrypted in Amazon S3. We strongly recommend that you enable encryption in Amazon S3 to ensure secure data storage. We also recommend that you secure access to the Amazon S3 bucket by creating a restrictive bucket policy.

", "DeleteActivation": "

Deletes an activation. You aren't required to delete an activation. If you delete an activation, you can no longer use it to register additional managed nodes. Deleting an activation doesn't de-register managed nodes. You must manually de-register managed nodes.

", "DeleteAssociation": "

Disassociates the specified Amazon Web Services Systems Manager document (SSM document) from the specified managed node. If you created the association by using the Targets parameter, then you must delete the association by using the association ID.

When you disassociate a document from a managed node, it doesn't change the configuration of the node. To change the configuration state of a managed node after you disassociate a document, you must create a new document with the desired configuration and associate it with the node.

", "DeleteDocument": "

Deletes the Amazon Web Services Systems Manager document (SSM document) and all managed node associations to the document.

Before you delete the document, we recommend that you use DeleteAssociation to disassociate all managed nodes that are associated with the document.

", @@ -327,7 +327,7 @@ "ApproveAfterDays": { "base": null, "refs": { - "PatchRule$ApproveAfterDays": "

The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of 7 means that patches are approved seven days after they are released.

This parameter is marked as not required, but your request must include a value for either ApproveAfterDays or ApproveUntilDate.

Not supported for Debian Server or Ubuntu Server.

" + "PatchRule$ApproveAfterDays": "

The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of 7 means that patches are approved seven days after they are released.

This parameter is marked as Required: No, but your request must include a value for either ApproveAfterDays or ApproveUntilDate.

Not supported for Debian Server or Ubuntu Server.

Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the Amazon Web Services Systems Manager User Guide.

" } }, "Architecture": { @@ -718,7 +718,7 @@ "AttachmentsSourceValues": { "base": null, "refs": { - "AttachmentsSource$Values": "

The value of a key-value pair that identifies the location of an attachment to a document. The format for Value depends on the type of key you specify.

" + "AttachmentsSource$Values": "

The value of a key-value pair that identifies the location of an attachment to a document. The format for Value depends on the type of key you specify.

" } }, "AttributeName": { @@ -907,7 +907,7 @@ "AutomationType": { "base": null, "refs": { - "AutomationExecutionMetadata$AutomationType": "

Use this filter with DescribeAutomationExecutions. Specify either Local or CrossAccount. CrossAccount is an Automation that runs in multiple Amazon Web Services Regions and Amazon Web Services accounts. For more information, see Running Automation workflows in multiple Amazon Web Services Regions and accounts in the Amazon Web Services Systems Manager User Guide.

" + "AutomationExecutionMetadata$AutomationType": "

Use this filter with DescribeAutomationExecutions. Specify either Local or CrossAccount. CrossAccount is an Automation that runs in multiple Amazon Web Services Regions and Amazon Web Services accounts. For more information, see Running automations in multiple Amazon Web Services Regions and accounts in the Amazon Web Services Systems Manager User Guide.

" } }, "BaselineDescription": { @@ -992,6 +992,7 @@ "StartChangeRequestExecutionRequest$AutoApprove": "

Indicates whether the change request can be approved automatically without the need for manual approvals.

If AutoApprovable is enabled in a change template, then setting AutoApprove to true in StartChangeRequestExecution creates a change request that bypasses approver review.

Change Calendar restrictions are not bypassed in this scenario. If the state of an associated calendar is CLOSED, change freeze approvers must still grant permission for this change request to run. If they don't, the change won't be processed until the calendar state is again OPEN.

", "StepExecution$IsEnd": "

The flag which can be used to end automation no matter whether the step succeeds or fails.

", "StepExecution$IsCritical": "

The flag which can be used to help decide whether the failure of current step leads to the Automation failure.

", + "TargetLocation$IncludeChildOrganizationUnits": "

Indicates whether to include child organizational units (OUs) that are children of the targeted OUs. The default is false.

", "UpdateMaintenanceWindowRequest$Replace": "

If True, then all fields that are required by the CreateMaintenanceWindow operation are also required for this API request. Optional fields that aren't specified are set to null.

", "UpdateMaintenanceWindowTargetRequest$Replace": "

If True, then all fields that are required by the RegisterTargetWithMaintenanceWindow operation are also required for this API request. Optional fields that aren't specified are set to null.

", "UpdateMaintenanceWindowTaskRequest$Replace": "

If True, then all fields that are required by the RegisterTaskWithMaintenanceWindow operation are also required for this API request. Optional fields that aren't specified are set to null.

", @@ -1136,7 +1137,7 @@ "CommandFilterValue": { "base": null, "refs": { - "CommandFilter$value": "

The filter value. Valid values for each filter key are as follows:

" + "CommandFilter$value": "

The filter value. Valid values for each filter key are as follows:

" } }, "CommandId": { @@ -2739,6 +2740,18 @@ "Command$ErrorCount": "

The number of targets for which the status is Failed or Execution Timed Out.

" } }, + "ExcludeAccount": { + "base": null, + "refs": { + "ExcludeAccounts$member": null + } + }, + "ExcludeAccounts": { + "base": null, + "refs": { + "TargetLocation$ExcludeAccounts": "

Amazon Web Services accounts or organizational units to exclude as expanded targets.

" + } + }, "ExecutionMode": { "base": null, "refs": { @@ -2757,7 +2770,7 @@ "base": null, "refs": { "Activation$ExpirationDate": "

The date when this activation can no longer be used to register managed nodes.

", - "CreateActivationRequest$ExpirationDate": "

The date by which this activation request should expire, in timestamp format, such as \"2021-07-07T00:00:00\". You can specify a date up to 30 days in advance. If you don't provide an expiration date, the activation code expires in 24 hours.

" + "CreateActivationRequest$ExpirationDate": "

The date by which this activation request should expire, in timestamp format, such as \"2024-07-07T00:00:00\". You can specify a date up to 30 days in advance. If you don't provide an expiration date, the activation code expires in 24 hours.

" } }, "ExternalAlarmState": { @@ -3104,10 +3117,10 @@ "base": null, "refs": { "Activation$IamRole": "

The Identity and Access Management (IAM) role to assign to the managed node.

", - "CreateActivationRequest$IamRole": "

The name of the Identity and Access Management (IAM) role that you want to assign to the managed node. This IAM role must provide AssumeRole permissions for the Amazon Web Services Systems Manager service principal ssm.amazonaws.com. For more information, see Create an IAM service role for a hybrid and multicloud environment in the Amazon Web Services Systems Manager User Guide.

You can't specify an IAM service-linked role for this parameter. You must create a unique role.

", + "CreateActivationRequest$IamRole": "

The name of the Identity and Access Management (IAM) role that you want to assign to the managed node. This IAM role must provide AssumeRole permissions for the Amazon Web Services Systems Manager service principal ssm.amazonaws.com. For more information, see Create the IAM service role required for Systems Manager in a hybrid and multicloud environments in the Amazon Web Services Systems Manager User Guide.

You can't specify an IAM service-linked role for this parameter. You must create a unique role.

", "InstanceInformation$IamRole": "

The role assigned to an Amazon EC2 instance configured with a Systems Manager Quick Setup host management configuration or the role assigned to an on-premises managed node.

This call doesn't return the IAM role for unmanaged Amazon EC2 instances (instances not configured for Systems Manager). To retrieve the role for an unmanaged instance, use the Amazon EC2 DescribeInstances operation. For information, see DescribeInstances in the Amazon EC2 API Reference or describe-instances in the Amazon Web Services CLI Command Reference.

", "InstanceProperty$IamRole": "

The IAM role used in the hybrid activation to register the node with Systems Manager.

", - "UpdateManagedInstanceRoleRequest$IamRole": "

The name of the Identity and Access Management (IAM) role that you want to assign to the managed node. This IAM role must provide AssumeRole permissions for the Amazon Web Services Systems Manager service principal ssm.amazonaws.com. For more information, see Create an IAM service role for a hybrid and multicloud environment in the Amazon Web Services Systems Manager User Guide.

You can't specify an IAM service-linked role for this parameter. You must create a unique role.

" + "UpdateManagedInstanceRoleRequest$IamRole": "

The name of the Identity and Access Management (IAM) role that you want to assign to the managed node. This IAM role must provide AssumeRole permissions for the Amazon Web Services Systems Manager service principal ssm.amazonaws.com. For more information, see Create the IAM service role required for Systems Manager in hybrid and multicloud environments in the Amazon Web Services Systems Manager User Guide.

You can't specify an IAM service-linked role for this parameter. You must create a unique role.

" } }, "IdempotencyToken": { @@ -3130,7 +3143,7 @@ "InstallOverrideList": { "base": null, "refs": { - "InstancePatchState$InstallOverrideList": "

An https URL or an Amazon Simple Storage Service (Amazon S3) path-style URL to a list of patches to be installed. This patch installation list, which you maintain in an S3 bucket in YAML format and specify in the SSM document AWS-RunPatchBaseline, overrides the patches specified by the default patch baseline.

For more information about the InstallOverrideList parameter, see About the AWS-RunPatchBaseline SSM document in the Amazon Web Services Systems Manager User Guide.

" + "InstancePatchState$InstallOverrideList": "

An https URL or an Amazon Simple Storage Service (Amazon S3) path-style URL to a list of patches to be installed. This patch installation list, which you maintain in an S3 bucket in YAML format and specify in the SSM document AWS-RunPatchBaseline, overrides the patches specified by the default patch baseline.

For more information about the InstallOverrideList parameter, see SSM Command document for patching: AWS-RunPatchBaseline in the Amazon Web Services Systems Manager User Guide.

" } }, "InstanceAggregatedAssociationOverview": { @@ -3796,8 +3809,8 @@ "InventoryDeletionSummary": { "base": "

Information about the delete operation.

", "refs": { - "DeleteInventoryResult$DeletionSummary": "

A summary of the delete operation. For more information about this summary, see Understanding the delete inventory summary in the Amazon Web Services Systems Manager User Guide.

", - "InventoryDeletionStatusItem$DeletionSummary": "

Information about the delete operation. For more information about this summary, see Understanding the delete inventory summary in the Amazon Web Services Systems Manager User Guide.

" + "DeleteInventoryResult$DeletionSummary": "

A summary of the delete operation. For more information about this summary, see Deleting custom inventory in the Amazon Web Services Systems Manager User Guide.

", + "InventoryDeletionStatusItem$DeletionSummary": "

Information about the delete operation. For more information about this summary, see Understanding the delete inventory summary in the Amazon Web Services Systems Manager User Guide.

" } }, "InventoryDeletionSummaryItem": { @@ -3982,7 +3995,7 @@ "InventoryQueryOperatorType": { "base": null, "refs": { - "InventoryFilter$Type": "

The type of filter.

The Exists filter must be used with aggregators. For more information, see Aggregating inventory data in the Amazon Web Services Systems Manager User Guide.

" + "InventoryFilter$Type": "

The type of filter.

The Exists filter must be used with aggregators. For more information, see Aggregating inventory data in the Amazon Web Services Systems Manager User Guide.

" } }, "InventoryResultEntity": { @@ -4485,7 +4498,7 @@ "refs": { "DescribeMaintenanceWindowExecutionTaskInvocationsRequest$Filters": "

Optional filters used to scope down the returned task invocations. The supported filter key is STATUS with the corresponding values PENDING, IN_PROGRESS, SUCCESS, FAILED, TIMED_OUT, CANCELLING, and CANCELLED.

", "DescribeMaintenanceWindowExecutionTasksRequest$Filters": "

Optional filters used to scope down the returned tasks. The supported filter key is STATUS with the corresponding values PENDING, IN_PROGRESS, SUCCESS, FAILED, TIMED_OUT, CANCELLING, and CANCELLED.

", - "DescribeMaintenanceWindowExecutionsRequest$Filters": "

Each entry in the array is a structure containing:

", + "DescribeMaintenanceWindowExecutionsRequest$Filters": "

Each entry in the array is a structure containing:

", "DescribeMaintenanceWindowTargetsRequest$Filters": "

Optional filters that can be used to narrow down the scope of the returned window targets. The supported filter keys are Type, WindowTargetId, and OwnerInformation.

", "DescribeMaintenanceWindowTasksRequest$Filters": "

Optional filters used to narrow down the scope of the returned tasks. The supported filter keys are WindowTaskId, TaskArn, Priority, and TaskType.

", "DescribeMaintenanceWindowsRequest$Filters": "

Optional filters used to narrow down the scope of the returned maintenance windows. Supported filter keys are Name and Enabled. For example, Name=MyMaintenanceWindow and Enabled=True.

" @@ -4883,8 +4896,9 @@ "RegisterTaskWithMaintenanceWindowRequest$MaxConcurrency": "

The maximum number of targets this task can be run for, in parallel.

Although this element is listed as \"Required: No\", a value can be omitted only when you are registering or updating a targetless task You must provide a value in all other cases.

For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of 1. This value doesn't affect the running of your task.

", "Runbook$MaxConcurrency": "

The MaxConcurrency value specified by the user when the operation started, indicating the maximum number of resources that the runbook operation can run on at the same time.

", "SendCommandRequest$MaxConcurrency": "

(Optional) The maximum number of managed nodes that are allowed to run the command at the same time. You can specify a number such as 10 or a percentage such as 10%. The default value is 50. For more information about how to use MaxConcurrency, see Using concurrency controls in the Amazon Web Services Systems Manager User Guide.

", - "StartAutomationExecutionRequest$MaxConcurrency": "

The maximum number of targets allowed to run this task in parallel. You can specify a number, such as 10, or a percentage, such as 10%. The default value is 10.

", + "StartAutomationExecutionRequest$MaxConcurrency": "

The maximum number of targets allowed to run this task in parallel. You can specify a number, such as 10, or a percentage, such as 10%. The default value is 10.

If both this parameter and the TargetLocation:TargetsMaxConcurrency are supplied, TargetLocation:TargetsMaxConcurrency takes precedence.

", "TargetLocation$TargetLocationMaxConcurrency": "

The maximum number of Amazon Web Services Regions and Amazon Web Services accounts allowed to run the Automation concurrently.

", + "TargetLocation$TargetsMaxConcurrency": "

The maximum number of targets allowed to run this task in parallel. This TargetsMaxConcurrency takes precedence over the StartAutomationExecution:MaxConcurrency parameter if both are supplied.

", "UpdateAssociationRequest$MaxConcurrency": "

The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.

If a new managed node starts and attempts to run an association while Systems Manager is running MaxConcurrency associations, the association is allowed to run. During the next association interval, the new managed node will process its association within the limit specified for MaxConcurrency.

", "UpdateMaintenanceWindowTaskRequest$MaxConcurrency": "

The new MaxConcurrency value you want to specify. MaxConcurrency is the number of targets that are allowed to run this task, in parallel.

Although this element is listed as \"Required: No\", a value can be omitted only when you are registering or updating a targetless task You must provide a value in all other cases.

For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of 1. This value doesn't affect the running of your task.

", "UpdateMaintenanceWindowTaskResult$MaxConcurrency": "

The updated MaxConcurrency value.

" @@ -4911,8 +4925,9 @@ "RegisterTaskWithMaintenanceWindowRequest$MaxErrors": "

The maximum number of errors allowed before this task stops being scheduled.

Although this element is listed as \"Required: No\", a value can be omitted only when you are registering or updating a targetless task You must provide a value in all other cases.

For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of 1. This value doesn't affect the running of your task.

", "Runbook$MaxErrors": "

The MaxErrors value specified by the user when the execution started, indicating the maximum number of errors that can occur during the operation before the updates are stopped or rolled back.

", "SendCommandRequest$MaxErrors": "

The maximum number of errors allowed without the command failing. When the command fails one more time beyond the value of MaxErrors, the systems stops sending the command to additional targets. You can specify a number like 10 or a percentage like 10%. The default value is 0. For more information about how to use MaxErrors, see Using error controls in the Amazon Web Services Systems Manager User Guide.

", - "StartAutomationExecutionRequest$MaxErrors": "

The number of errors that are allowed before the system stops running the automation on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops running the automation when the fourth error is received. If you specify 0, then the system stops running the automation on additional targets after the first error result is returned. If you run an automation on 50 resources and set max-errors to 10%, then the system stops running the automation on additional targets when the sixth error is received.

Executions that are already running an automation when max-errors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set max-concurrency to 1 so the executions proceed one at a time.

", + "StartAutomationExecutionRequest$MaxErrors": "

The number of errors that are allowed before the system stops running the automation on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops running the automation when the fourth error is received. If you specify 0, then the system stops running the automation on additional targets after the first error result is returned. If you run an automation on 50 resources and set max-errors to 10%, then the system stops running the automation on additional targets when the sixth error is received.

Executions that are already running an automation when max-errors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set max-concurrency to 1 so the executions proceed one at a time.

If this parameter and the TargetLocation:TargetsMaxErrors parameter are both supplied, TargetLocation:TargetsMaxErrors takes precedence.

", "TargetLocation$TargetLocationMaxErrors": "

The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.

", + "TargetLocation$TargetsMaxErrors": "

The maximum number of errors that are allowed before the system stops running the automation on additional targets. This TargetsMaxErrors parameter takes precedence over the StartAutomationExecution:MaxErrors parameter if both are supplied.

", "UpdateAssociationRequest$MaxErrors": "

The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 managed nodes and set MaxError to 10%, then the system stops sending the request when the sixth error is received.

Executions that are already running an association when MaxErrors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set MaxConcurrency to 1 so that executions proceed one at a time.

", "UpdateMaintenanceWindowTaskRequest$MaxErrors": "

The new MaxErrors value to specify. MaxErrors is the maximum number of errors that are allowed before the task stops being scheduled.

Although this element is listed as \"Required: No\", a value can be omitted only when you are registering or updating a targetless task You must provide a value in all other cases.

For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of 1. This value doesn't affect the running of your task.

", "UpdateMaintenanceWindowTaskResult$MaxErrors": "

The updated MaxErrors value.

" @@ -5673,9 +5688,9 @@ "OpsItemStatus": { "base": null, "refs": { - "OpsItem$Status": "

The OpsItem status. Status can be Open, In Progress, or Resolved. For more information, see Editing OpsItem details in the Amazon Web Services Systems Manager User Guide.

", - "OpsItemSummary$Status": "

The OpsItem status. Status can be Open, In Progress, or Resolved.

", - "UpdateOpsItemRequest$Status": "

The OpsItem status. Status can be Open, In Progress, or Resolved. For more information, see Editing OpsItem details in the Amazon Web Services Systems Manager User Guide.

" + "OpsItem$Status": "

The OpsItem status. For more information, see Editing OpsItem details in the Amazon Web Services Systems Manager User Guide.

", + "OpsItemSummary$Status": "

The OpsItem status.

", + "UpdateOpsItemRequest$Status": "

The OpsItem status. For more information, see Editing OpsItem details in the Amazon Web Services Systems Manager User Guide.

" } }, "OpsItemSummaries": { @@ -5845,7 +5860,7 @@ "refs": { "DeleteParameterRequest$Name": "

The name of the parameter to delete.

You can't enter the Amazon Resource Name (ARN) for a parameter, only the parameter name itself.

", "GetParameterHistoryRequest$Name": "

The name or Amazon Resource Name (ARN) of the parameter for which you want to review history. For parameters shared with you from another account, you must use the full ARN.

", - "GetParameterRequest$Name": "

The name or Amazon Resource Name (ARN) of the parameter that you want to query. For parameters shared with you from another account, you must use the full ARN.

To query by parameter label, use \"Name\": \"name:label\". To query by parameter version, use \"Name\": \"name:version\".

For more information about shared parameters, see Working with shared parameters in the Amazon Web Services Systems Manager User Guide.

", + "GetParameterRequest$Name": "

The name or Amazon Resource Name (ARN) of the parameter that you want to query. For parameters shared with you from another account, you must use the full ARN.

To query by parameter label, use \"Name\": \"name:label\". To query by parameter version, use \"Name\": \"name:version\".

For more information about shared parameters, see Working with shared parameters in the Amazon Web Services Systems Manager User Guide.

", "GetParametersByPathRequest$Path": "

The hierarchy for the parameter. Hierarchies start with a forward slash (/). The hierarchy is the parameter name except the last part of the parameter. For the API call to succeed, the last part of the parameter name can't be in the path. A parameter name hierarchy can have a maximum of 15 levels. Here is an example of a hierarchy: /Finance/Prod/IAD/WinServ2016/license33

", "LabelParameterVersionRequest$Name": "

The parameter name on which you want to attach one or more labels.

You can't enter the Amazon Resource Name (ARN) for a parameter, only the parameter name itself.

", "Parameter$Name": "

The name of the parameter.

", @@ -6258,7 +6273,7 @@ "PatchComplianceDataState": { "base": null, "refs": { - "PatchComplianceData$State": "

The state of the patch on the managed node, such as INSTALLED or FAILED.

For descriptions of each patch state, see About patch compliance in the Amazon Web Services Systems Manager User Guide.

" + "PatchComplianceData$State": "

The state of the patch on the managed node, such as INSTALLED or FAILED.

For descriptions of each patch state, see About patch compliance in the Amazon Web Services Systems Manager User Guide.

" } }, "PatchComplianceLevel": { @@ -6402,14 +6417,14 @@ "PatchIdList": { "base": null, "refs": { - "BaselineOverride$ApprovedPatches": "

A list of explicitly approved patches for the baseline.

For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.

", - "BaselineOverride$RejectedPatches": "

A list of explicitly rejected patches for the baseline.

For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.

", - "CreatePatchBaselineRequest$ApprovedPatches": "

A list of explicitly approved patches for the baseline.

For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.

", - "CreatePatchBaselineRequest$RejectedPatches": "

A list of explicitly rejected patches for the baseline.

For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.

", + "BaselineOverride$ApprovedPatches": "

A list of explicitly approved patches for the baseline.

For information about accepted formats for lists of approved patches and rejected patches, see Package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.

", + "BaselineOverride$RejectedPatches": "

A list of explicitly rejected patches for the baseline.

For information about accepted formats for lists of approved patches and rejected patches, see Package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.

", + "CreatePatchBaselineRequest$ApprovedPatches": "

A list of explicitly approved patches for the baseline.

For information about accepted formats for lists of approved patches and rejected patches, see Package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.

", + "CreatePatchBaselineRequest$RejectedPatches": "

A list of explicitly rejected patches for the baseline.

For information about accepted formats for lists of approved patches and rejected patches, see Package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.

", "GetPatchBaselineResult$ApprovedPatches": "

A list of explicitly approved patches for the baseline.

", "GetPatchBaselineResult$RejectedPatches": "

A list of explicitly rejected patches for the baseline.

", - "UpdatePatchBaselineRequest$ApprovedPatches": "

A list of explicitly approved patches for the baseline.

For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.

", - "UpdatePatchBaselineRequest$RejectedPatches": "

A list of explicitly rejected patches for the baseline.

For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.

", + "UpdatePatchBaselineRequest$ApprovedPatches": "

A list of explicitly approved patches for the baseline.

For information about accepted formats for lists of approved patches and rejected patches, see Package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.

", + "UpdatePatchBaselineRequest$RejectedPatches": "

A list of explicitly rejected patches for the baseline.

For information about accepted formats for lists of approved patches and rejected patches, see Package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.

", "UpdatePatchBaselineResult$ApprovedPatches": "

A list of explicitly approved patches for the baseline.

", "UpdatePatchBaselineResult$RejectedPatches": "

A list of explicitly rejected patches for the baseline.

" } @@ -6509,7 +6524,7 @@ "base": null, "refs": { "DescribeAvailablePatchesRequest$Filters": "

Each element in the array is a structure containing a key-value pair.

Windows Server

Supported keys for Windows Server managed node patches include the following:

Linux

When specifying filters for Linux patches, you must specify a key-pair for PRODUCT. For example, using the Command Line Interface (CLI), the following command fails:

aws ssm describe-available-patches --filters Key=CVE_ID,Values=CVE-2018-3615

However, the following command succeeds:

aws ssm describe-available-patches --filters Key=PRODUCT,Values=AmazonLinux2018.03 Key=CVE_ID,Values=CVE-2018-3615

Supported keys for Linux managed node patches include the following:

", - "DescribeInstancePatchesRequest$Filters": "

Each element in the array is a structure containing a key-value pair.

Supported keys for DescribeInstancePatchesinclude the following:

", + "DescribeInstancePatchesRequest$Filters": "

Each element in the array is a structure containing a key-value pair.

Supported keys for DescribeInstancePatchesinclude the following:

", "DescribeMaintenanceWindowScheduleRequest$Filters": "

Filters used to limit the range of results. For example, you can limit maintenance window executions to only those scheduled before or after a certain date and time.

", "DescribePatchBaselinesRequest$Filters": "

Each element in the array is a structure containing a key-value pair.

Supported keys for DescribePatchBaselines include the following:

", "DescribePatchGroupsRequest$Filters": "

Each element in the array is a structure containing a key-value pair.

Supported keys for DescribePatchGroups include the following:

" @@ -6665,7 +6680,7 @@ "PatchStringDateTime": { "base": null, "refs": { - "PatchRule$ApproveUntilDate": "

The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.

Enter dates in the format YYYY-MM-DD. For example, 2021-12-31.

This parameter is marked as not required, but your request must include a value for either ApproveUntilDate or ApproveAfterDays.

Not supported for Debian Server or Ubuntu Server.

" + "PatchRule$ApproveUntilDate": "

The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.

Enter dates in the format YYYY-MM-DD. For example, 2024-12-31.

This parameter is marked as Required: No, but your request must include a value for either ApproveUntilDate or ApproveAfterDays.

Not supported for Debian Server or Ubuntu Server.

Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the Amazon Web Services Systems Manager User Guide.

" } }, "PatchTitle": { @@ -7347,7 +7362,7 @@ "base": null, "refs": { "Command$OutputS3BucketName": "

The S3 bucket where the responses to the command executions should be stored. This was requested when issuing the command.

", - "CommandPlugin$OutputS3BucketName": "

The S3 bucket where the responses to the command executions should be stored. This was requested when issuing the command. For example, in the following response:

doc-example-bucket/ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix/i-02573cafcfEXAMPLE/awsrunShellScript

doc-example-bucket is the name of the S3 bucket;

ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix is the name of the S3 prefix;

i-02573cafcfEXAMPLE is the managed node ID;

awsrunShellScript is the name of the plugin.

", + "CommandPlugin$OutputS3BucketName": "

The S3 bucket where the responses to the command executions should be stored. This was requested when issuing the command. For example, in the following response:

amzn-s3-demo-bucket/my-prefix/i-02573cafcfEXAMPLE/awsrunShellScript

amzn-s3-demo-bucket is the name of the S3 bucket;

my-prefix is the name of the S3 prefix;

i-02573cafcfEXAMPLE is the managed node ID;

awsrunShellScript is the name of the plugin.

", "LoggingInfo$S3BucketName": "

The name of an S3 bucket where execution logs are stored.

", "MaintenanceWindowRunCommandParameters$OutputS3BucketName": "

The name of the Amazon Simple Storage Service (Amazon S3) bucket.

", "S3OutputLocation$OutputS3BucketName": "

The name of the S3 bucket.

", @@ -7358,7 +7373,7 @@ "base": null, "refs": { "Command$OutputS3KeyPrefix": "

The S3 directory path inside the bucket where the responses to the command executions should be stored. This was requested when issuing the command.

", - "CommandPlugin$OutputS3KeyPrefix": "

The S3 directory path inside the bucket where the responses to the command executions should be stored. This was requested when issuing the command. For example, in the following response:

doc-example-bucket/ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix/i-02573cafcfEXAMPLE/awsrunShellScript

doc-example-bucket is the name of the S3 bucket;

ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix is the name of the S3 prefix;

i-02573cafcfEXAMPLE is the managed node ID;

awsrunShellScript is the name of the plugin.

", + "CommandPlugin$OutputS3KeyPrefix": "

The S3 directory path inside the bucket where the responses to the command executions should be stored. This was requested when issuing the command. For example, in the following response:

amzn-s3-demo-bucket/my-prefix/i-02573cafcfEXAMPLE/awsrunShellScript

amzn-s3-demo-bucket is the name of the S3 bucket;

my-prefix is the name of the S3 prefix;

i-02573cafcfEXAMPLE is the managed node ID;

awsrunShellScript is the name of the plugin.

", "LoggingInfo$S3KeyPrefix": "

(Optional) The S3 bucket subfolder.

", "MaintenanceWindowRunCommandParameters$OutputS3KeyPrefix": "

The S3 bucket subfolder.

", "S3OutputLocation$OutputS3KeyPrefix": "

The S3 bucket subfolder.

", @@ -7447,13 +7462,13 @@ "Command$ServiceRole": "

The Identity and Access Management (IAM) service role that Run Command, a capability of Amazon Web Services Systems Manager, uses to act on your behalf when sending notifications about command status changes.

", "CommandInvocation$ServiceRole": "

The Identity and Access Management (IAM) service role that Run Command, a capability of Amazon Web Services Systems Manager, uses to act on your behalf when sending notifications about command status changes on a per managed node basis.

", "GetMaintenanceWindowExecutionTaskResult$ServiceRole": "

The role that was assumed when running the task.

", - "GetMaintenanceWindowTaskResult$ServiceRoleArn": "

The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow.

However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up maintenance windows in the in the Amazon Web Services Systems Manager User Guide.

", - "MaintenanceWindowRunCommandParameters$ServiceRoleArn": "

The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow.

However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up maintenance windows in the in the Amazon Web Services Systems Manager User Guide.

", - "MaintenanceWindowTask$ServiceRoleArn": "

The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow.

However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up maintenance windows in the in the Amazon Web Services Systems Manager User Guide.

", - "RegisterTaskWithMaintenanceWindowRequest$ServiceRoleArn": "

The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow.

However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up maintenance windows in the in the Amazon Web Services Systems Manager User Guide.

", + "GetMaintenanceWindowTaskResult$ServiceRoleArn": "

The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow.

However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the Amazon Web Services Systems Manager User Guide.

", + "MaintenanceWindowRunCommandParameters$ServiceRoleArn": "

The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow.

However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the Amazon Web Services Systems Manager User Guide.

", + "MaintenanceWindowTask$ServiceRoleArn": "

The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow.

However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the Amazon Web Services Systems Manager User Guide.

", + "RegisterTaskWithMaintenanceWindowRequest$ServiceRoleArn": "

The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow.

However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the Amazon Web Services Systems Manager User Guide.

", "SendCommandRequest$ServiceRoleArn": "

The ARN of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for Run Command commands.

This role must provide the sns:Publish permission for your notification topic. For information about creating and using this service role, see Monitoring Systems Manager status changes using Amazon SNS notifications in the Amazon Web Services Systems Manager User Guide.

", - "UpdateMaintenanceWindowTaskRequest$ServiceRoleArn": "

The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow.

However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up maintenance windows in the in the Amazon Web Services Systems Manager User Guide.

", - "UpdateMaintenanceWindowTaskResult$ServiceRoleArn": "

The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow.

However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up maintenance windows in the in the Amazon Web Services Systems Manager User Guide.

" + "UpdateMaintenanceWindowTaskRequest$ServiceRoleArn": "

The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow.

However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the Amazon Web Services Systems Manager User Guide.

", + "UpdateMaintenanceWindowTaskResult$ServiceRoleArn": "

The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow.

However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the Amazon Web Services Systems Manager User Guide.

" } }, "ServiceSetting": { @@ -7517,7 +7532,7 @@ "SessionFilterValue": { "base": null, "refs": { - "SessionFilter$value": "

The filter value. Valid values for each filter key are as follows:

" + "SessionFilter$value": "

The filter value. Valid values for each filter key are as follows:

" } }, "SessionId": { @@ -7880,7 +7895,7 @@ "IncompatiblePolicyException$message": null, "InstanceInformation$PlatformName": "

The name of the operating system platform running on your managed node.

", "InstanceInformation$PlatformVersion": "

The version of the OS platform running on your managed node.

", - "InstanceInformation$Name": "

The name assigned to an on-premises server, edge device, or virtual machine (VM) when it is activated as a Systems Manager managed node. The name is specified as the DefaultInstanceName property using the CreateActivation command. It is applied to the managed node by specifying the Activation Code and Activation ID when you install SSM Agent on the node, as explained in Install SSM Agent for a hybrid and multicloud environment (Linux) and Install SSM Agent for a hybrid and multicloud environment (Windows). To retrieve the Name tag of an EC2 instance, use the Amazon EC2 DescribeInstances operation. For information, see DescribeInstances in the Amazon EC2 API Reference or describe-instances in the Amazon Web Services CLI Command Reference.

", + "InstanceInformation$Name": "

The name assigned to an on-premises server, edge device, or virtual machine (VM) when it is activated as a Systems Manager managed node. The name is specified as the DefaultInstanceName property using the CreateActivation command. It is applied to the managed node by specifying the Activation Code and Activation ID when you install SSM Agent on the node, as explained in How to install SSM Agent on hybrid Linux nodes and How to install SSM Agent on hybrid Windows Server nodes. To retrieve the Name tag of an EC2 instance, use the Amazon EC2 DescribeInstances operation. For information, see DescribeInstances in the Amazon EC2 API Reference or describe-instances in the Amazon Web Services CLI Command Reference.

", "InstanceProperty$ResourceType": "

The type of managed node.

", "InternalServerError$Message": null, "InvalidActivation$Message": null, @@ -8123,10 +8138,18 @@ "CreateAssociationBatchRequestEntry$TargetLocations": "

Use this action to create an association in multiple Regions and multiple accounts.

", "CreateAssociationRequest$TargetLocations": "

A location is a combination of Amazon Web Services Regions and Amazon Web Services accounts where you want to run the association. Use this action to create an association in multiple Regions and multiple accounts.

", "Runbook$TargetLocations": "

Information about the Amazon Web Services Regions and Amazon Web Services accounts targeted by the current Runbook operation.

", - "StartAutomationExecutionRequest$TargetLocations": "

A location is a combination of Amazon Web Services Regions and/or Amazon Web Services accounts where you want to run the automation. Use this operation to start an automation in multiple Amazon Web Services Regions and multiple Amazon Web Services accounts. For more information, see Running Automation workflows in multiple Amazon Web Services Regions and Amazon Web Services accounts in the Amazon Web Services Systems Manager User Guide.

", + "StartAutomationExecutionRequest$TargetLocations": "

A location is a combination of Amazon Web Services Regions and/or Amazon Web Services accounts where you want to run the automation. Use this operation to start an automation in multiple Amazon Web Services Regions and multiple Amazon Web Services accounts. For more information, see Running automations in multiple Amazon Web Services Regions and accounts in the Amazon Web Services Systems Manager User Guide.

", "UpdateAssociationRequest$TargetLocations": "

A location is a combination of Amazon Web Services Regions and Amazon Web Services accounts where you want to run the association. Use this action to update an association in multiple Regions and multiple accounts.

" } }, + "TargetLocationsURL": { + "base": null, + "refs": { + "AutomationExecution$TargetLocationsURL": "

A publicly accessible URL for a file that contains the TargetLocations body. Currently, only files in presigned Amazon S3 buckets are supported

", + "AutomationExecutionMetadata$TargetLocationsURL": "

A publicly accessible URL for a file that contains the TargetLocations body. Currently, only files in presigned Amazon S3 buckets are supported

", + "StartAutomationExecutionRequest$TargetLocationsURL": "

Specify a publicly accessible URL for a file that contains the TargetLocations body. Currently, only files in presigned Amazon S3 buckets are supported.

" + } + }, "TargetMap": { "base": null, "refs": { @@ -8167,7 +8190,7 @@ } }, "TargetNotConnected": { - "base": "

The specified target managed node for the session isn't fully configured for use with Session Manager. For more information, see Getting started with Session Manager in the Amazon Web Services Systems Manager User Guide. This error is also returned if you attempt to start a session on a managed node that is located in a different account or Region

", + "base": "

The specified target managed node for the session isn't fully configured for use with Session Manager. For more information, see Setting up Session Manager in the Amazon Web Services Systems Manager User Guide. This error is also returned if you attempt to start a session on a managed node that is located in a different account or Region

", "refs": { } }, @@ -8208,7 +8231,7 @@ "AutomationExecutionMetadata$Targets": "

The targets defined by the user when starting the automation.

", "Command$Targets": "

An array of search criteria that targets managed nodes using a Key,Value combination that you specify. Targets is required if you don't provide one or more managed node IDs in the call.

", "CreateAssociationBatchRequestEntry$Targets": "

The managed nodes targeted by the request.

", - "CreateAssociationRequest$Targets": "

The targets for the association. You can target managed nodes by using tags, Amazon Web Services resource groups, all managed nodes in an Amazon Web Services account, or individual managed node IDs. You can target all managed nodes in an Amazon Web Services account by specifying the InstanceIds key with a value of *. For more information about choosing targets for an association, see About targets and rate controls in State Manager associations in the Amazon Web Services Systems Manager User Guide.

", + "CreateAssociationRequest$Targets": "

The targets for the association. You can target managed nodes by using tags, Amazon Web Services resource groups, all managed nodes in an Amazon Web Services account, or individual managed node IDs. You can target all managed nodes in an Amazon Web Services account by specifying the InstanceIds key with a value of *. For more information about choosing targets for an association, see Understanding targets and rate controls in State Manager associations in the Amazon Web Services Systems Manager User Guide.

", "DescribeMaintenanceWindowScheduleRequest$Targets": "

The managed node ID or key-value pair to retrieve information about.

", "DescribeMaintenanceWindowsForTargetRequest$Targets": "

The managed node ID or key-value pair to retrieve information about.

", "GetMaintenanceWindowTaskResult$Targets": "

The targets where the task should run.

", @@ -8218,8 +8241,9 @@ "RegisterTaskWithMaintenanceWindowRequest$Targets": "

The targets (either managed nodes or maintenance window targets).

One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide.

Specify managed nodes using the following format:

Key=InstanceIds,Values=<instance-id-1>,<instance-id-2>

Specify maintenance window targets using the following format:

Key=WindowTargetIds,Values=<window-target-id-1>,<window-target-id-2>

", "Runbook$Targets": "

A key-value mapping to target resources that the runbook operation performs tasks on. Required if you specify TargetParameterName.

", "SendCommandRequest$Targets": "

An array of search criteria that targets managed nodes using a Key,Value combination that you specify. Specifying targets is most useful when you want to send a command to a large number of managed nodes at once. Using Targets, which accepts tag key-value pairs to identify managed nodes, you can send a command to tens, hundreds, or thousands of nodes at once.

To send a command to a smaller number of managed nodes, you can use the InstanceIds option instead.

For more information about how to use targets, see Run commands at scale in the Amazon Web Services Systems Manager User Guide.

", - "StartAutomationExecutionRequest$Targets": "

A key-value mapping to target resources. Required if you specify TargetParameterName.

", + "StartAutomationExecutionRequest$Targets": "

A key-value mapping to target resources. Required if you specify TargetParameterName.

If both this parameter and the TargetLocation:Targets parameter are supplied, TargetLocation:Targets takes precedence.

", "StepExecution$Targets": "

The targets for the step execution.

", + "TargetLocation$Targets": "

A list of key-value mappings to target resources. If you specify values for this data type, you must also specify a value for TargetParameterName.

This Targets parameter takes precedence over the StartAutomationExecution:Targets parameter if both are supplied.

", "UpdateAssociationRequest$Targets": "

The targets of the association.

", "UpdateMaintenanceWindowTargetRequest$Targets": "

The targets to add or replace.

", "UpdateMaintenanceWindowTargetResult$Targets": "

The updated targets.

", diff --git a/gems/aws-sdk-codebuild/CHANGELOG.md b/gems/aws-sdk-codebuild/CHANGELOG.md index f23f73bd443..ecee30ce966 100644 --- a/gems/aws-sdk-codebuild/CHANGELOG.md +++ b/gems/aws-sdk-codebuild/CHANGELOG.md @@ -1,6 +1,11 @@ Unreleased Changes ------------------ +1.129.0 (2024-09-17) +------------------ + +* Feature - GitLab Enhancements - Add support for Self-Hosted GitLab runners in CodeBuild. Add group webhooks + 1.128.0 (2024-09-11) ------------------ diff --git a/gems/aws-sdk-codebuild/VERSION b/gems/aws-sdk-codebuild/VERSION index a7063724533..365ef018e15 100644 --- a/gems/aws-sdk-codebuild/VERSION +++ b/gems/aws-sdk-codebuild/VERSION @@ -1 +1 @@ -1.128.0 +1.129.0 diff --git a/gems/aws-sdk-codebuild/lib/aws-sdk-codebuild.rb b/gems/aws-sdk-codebuild/lib/aws-sdk-codebuild.rb index d4477092236..5882db661e0 100644 --- a/gems/aws-sdk-codebuild/lib/aws-sdk-codebuild.rb +++ b/gems/aws-sdk-codebuild/lib/aws-sdk-codebuild.rb @@ -52,6 +52,6 @@ # @!group service module Aws::CodeBuild - GEM_VERSION = '1.128.0' + GEM_VERSION = '1.129.0' end diff --git a/gems/aws-sdk-codebuild/lib/aws-sdk-codebuild/client.rb b/gems/aws-sdk-codebuild/lib/aws-sdk-codebuild/client.rb index ec994e95bd4..af3ebfe8636 100644 --- a/gems/aws-sdk-codebuild/lib/aws-sdk-codebuild/client.rb +++ b/gems/aws-sdk-codebuild/lib/aws-sdk-codebuild/client.rb @@ -974,7 +974,7 @@ def batch_get_fleets(params = {}, options = {}) # resp.projects[0].webhook.last_modified_secret #=> Time # resp.projects[0].webhook.scope_configuration.name #=> String # resp.projects[0].webhook.scope_configuration.domain #=> String - # resp.projects[0].webhook.scope_configuration.scope #=> String, one of "GITHUB_ORGANIZATION", "GITHUB_GLOBAL" + # resp.projects[0].webhook.scope_configuration.scope #=> String, one of "GITHUB_ORGANIZATION", "GITHUB_GLOBAL", "GITLAB_GROUP" # resp.projects[0].vpc_config.vpc_id #=> String # resp.projects[0].vpc_config.subnets #=> Array # resp.projects[0].vpc_config.subnets[0] #=> String @@ -1741,7 +1741,7 @@ def create_fleet(params = {}, options = {}) # resp.project.webhook.last_modified_secret #=> Time # resp.project.webhook.scope_configuration.name #=> String # resp.project.webhook.scope_configuration.domain #=> String - # resp.project.webhook.scope_configuration.scope #=> String, one of "GITHUB_ORGANIZATION", "GITHUB_GLOBAL" + # resp.project.webhook.scope_configuration.scope #=> String, one of "GITHUB_ORGANIZATION", "GITHUB_GLOBAL", "GITLAB_GROUP" # resp.project.vpc_config.vpc_id #=> String # resp.project.vpc_config.subnets #=> Array # resp.project.vpc_config.subnets[0] #=> String @@ -1943,7 +1943,7 @@ def create_report_group(params = {}, options = {}) # scope_configuration: { # name: "String", # required # domain: "String", - # scope: "GITHUB_ORGANIZATION", # required, accepts GITHUB_ORGANIZATION, GITHUB_GLOBAL + # scope: "GITHUB_ORGANIZATION", # required, accepts GITHUB_ORGANIZATION, GITHUB_GLOBAL, GITLAB_GROUP # }, # }) # @@ -1963,7 +1963,7 @@ def create_report_group(params = {}, options = {}) # resp.webhook.last_modified_secret #=> Time # resp.webhook.scope_configuration.name #=> String # resp.webhook.scope_configuration.domain #=> String - # resp.webhook.scope_configuration.scope #=> String, one of "GITHUB_ORGANIZATION", "GITHUB_GLOBAL" + # resp.webhook.scope_configuration.scope #=> String, one of "GITHUB_ORGANIZATION", "GITHUB_GLOBAL", "GITLAB_GROUP" # # @see http://docs.aws.amazon.com/goto/WebAPI/codebuild-2016-10-06/CreateWebhook AWS API Documentation # @@ -5565,7 +5565,7 @@ def update_fleet(params = {}, options = {}) # resp.project.webhook.last_modified_secret #=> Time # resp.project.webhook.scope_configuration.name #=> String # resp.project.webhook.scope_configuration.domain #=> String - # resp.project.webhook.scope_configuration.scope #=> String, one of "GITHUB_ORGANIZATION", "GITHUB_GLOBAL" + # resp.project.webhook.scope_configuration.scope #=> String, one of "GITHUB_ORGANIZATION", "GITHUB_GLOBAL", "GITLAB_GROUP" # resp.project.vpc_config.vpc_id #=> String # resp.project.vpc_config.subnets #=> Array # resp.project.vpc_config.subnets[0] #=> String @@ -5837,7 +5837,7 @@ def update_report_group(params = {}, options = {}) # resp.webhook.last_modified_secret #=> Time # resp.webhook.scope_configuration.name #=> String # resp.webhook.scope_configuration.domain #=> String - # resp.webhook.scope_configuration.scope #=> String, one of "GITHUB_ORGANIZATION", "GITHUB_GLOBAL" + # resp.webhook.scope_configuration.scope #=> String, one of "GITHUB_ORGANIZATION", "GITHUB_GLOBAL", "GITLAB_GROUP" # # @see http://docs.aws.amazon.com/goto/WebAPI/codebuild-2016-10-06/UpdateWebhook AWS API Documentation # @@ -5866,7 +5866,7 @@ def build_request(operation_name, params = {}) tracer: tracer ) context[:gem_name] = 'aws-sdk-codebuild' - context[:gem_version] = '1.128.0' + context[:gem_version] = '1.129.0' Seahorse::Client::Request.new(handlers, context) end diff --git a/gems/aws-sdk-codebuild/lib/aws-sdk-codebuild/types.rb b/gems/aws-sdk-codebuild/lib/aws-sdk-codebuild/types.rb index 9d1007546e3..3f1efbaafd6 100644 --- a/gems/aws-sdk-codebuild/lib/aws-sdk-codebuild/types.rb +++ b/gems/aws-sdk-codebuild/lib/aws-sdk-codebuild/types.rb @@ -5486,19 +5486,19 @@ class ScalingConfigurationOutput < Struct.new( # Contains configuration information about the scope for a webhook. # # @!attribute [rw] name - # The name of either the enterprise or organization that will send - # webhook events to CodeBuild, depending on if the webhook is a global - # or organization webhook respectively. + # The name of either the group, enterprise, or organization that will + # send webhook events to CodeBuild, depending on the type of webhook. # @return [String] # # @!attribute [rw] domain - # The domain of the GitHub Enterprise organization. Note that this - # parameter is only required if your project's source type is - # GITHUB\_ENTERPRISE + # The domain of the GitHub Enterprise organization or the GitLab Self + # Managed group. Note that this parameter is only required if your + # project's source type is GITHUB\_ENTERPRISE or + # GITLAB\_SELF\_MANAGED. # @return [String] # # @!attribute [rw] scope - # The type of scope for a GitHub webhook. + # The type of scope for a GitHub or GitLab webhook. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/codebuild-2016-10-06/ScopeConfiguration AWS API Documentation diff --git a/gems/aws-sdk-codebuild/sig/client.rbs b/gems/aws-sdk-codebuild/sig/client.rbs index 92115c46250..ab63dcb02c2 100644 --- a/gems/aws-sdk-codebuild/sig/client.rbs +++ b/gems/aws-sdk-codebuild/sig/client.rbs @@ -401,7 +401,7 @@ module Aws ?scope_configuration: { name: ::String, domain: ::String?, - scope: ("GITHUB_ORGANIZATION" | "GITHUB_GLOBAL") + scope: ("GITHUB_ORGANIZATION" | "GITHUB_GLOBAL" | "GITLAB_GROUP") } ) -> _CreateWebhookResponseSuccess | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _CreateWebhookResponseSuccess diff --git a/gems/aws-sdk-codebuild/sig/types.rbs b/gems/aws-sdk-codebuild/sig/types.rbs index 59eea03a451..acde93bf268 100644 --- a/gems/aws-sdk-codebuild/sig/types.rbs +++ b/gems/aws-sdk-codebuild/sig/types.rbs @@ -1014,7 +1014,7 @@ module Aws::CodeBuild class ScopeConfiguration attr_accessor name: ::String attr_accessor domain: ::String - attr_accessor scope: ("GITHUB_ORGANIZATION" | "GITHUB_GLOBAL") + attr_accessor scope: ("GITHUB_ORGANIZATION" | "GITHUB_GLOBAL" | "GITLAB_GROUP") SENSITIVE: [] end diff --git a/gems/aws-sdk-core/CHANGELOG.md b/gems/aws-sdk-core/CHANGELOG.md index 6131b3863dc..06b11fe7bcd 100644 --- a/gems/aws-sdk-core/CHANGELOG.md +++ b/gems/aws-sdk-core/CHANGELOG.md @@ -1,6 +1,9 @@ Unreleased Changes ------------------ +3.206.0 (2024-09-17) +------------------ + * Feature - Support `sigv4a` endpoint auth without CRT. 3.205.0 (2024-09-11) diff --git a/gems/aws-sdk-core/VERSION b/gems/aws-sdk-core/VERSION index 5d9c2749905..46ab2e02764 100644 --- a/gems/aws-sdk-core/VERSION +++ b/gems/aws-sdk-core/VERSION @@ -1 +1 @@ -3.205.0 +3.206.0 diff --git a/gems/aws-sdk-core/lib/aws-sdk-sso.rb b/gems/aws-sdk-core/lib/aws-sdk-sso.rb index 21ab18392af..d4b8c65b6ef 100644 --- a/gems/aws-sdk-core/lib/aws-sdk-sso.rb +++ b/gems/aws-sdk-core/lib/aws-sdk-sso.rb @@ -54,6 +54,6 @@ # @!group service module Aws::SSO - GEM_VERSION = '3.205.0' + GEM_VERSION = '3.206.0' end diff --git a/gems/aws-sdk-core/lib/aws-sdk-sso/client.rb b/gems/aws-sdk-core/lib/aws-sdk-sso/client.rb index 54c8a7701a5..0a03de0dc3b 100644 --- a/gems/aws-sdk-core/lib/aws-sdk-sso/client.rb +++ b/gems/aws-sdk-core/lib/aws-sdk-sso/client.rb @@ -665,7 +665,7 @@ def build_request(operation_name, params = {}) tracer: tracer ) context[:gem_name] = 'aws-sdk-core' - context[:gem_version] = '3.205.0' + context[:gem_version] = '3.206.0' Seahorse::Client::Request.new(handlers, context) end diff --git a/gems/aws-sdk-core/lib/aws-sdk-ssooidc.rb b/gems/aws-sdk-core/lib/aws-sdk-ssooidc.rb index 2e203e31706..f2b6e153b19 100644 --- a/gems/aws-sdk-core/lib/aws-sdk-ssooidc.rb +++ b/gems/aws-sdk-core/lib/aws-sdk-ssooidc.rb @@ -54,6 +54,6 @@ # @!group service module Aws::SSOOIDC - GEM_VERSION = '3.205.0' + GEM_VERSION = '3.206.0' end diff --git a/gems/aws-sdk-core/lib/aws-sdk-ssooidc/client.rb b/gems/aws-sdk-core/lib/aws-sdk-ssooidc/client.rb index 93cf63b5100..8ff606262da 100644 --- a/gems/aws-sdk-core/lib/aws-sdk-ssooidc/client.rb +++ b/gems/aws-sdk-core/lib/aws-sdk-ssooidc/client.rb @@ -1018,7 +1018,7 @@ def build_request(operation_name, params = {}) tracer: tracer ) context[:gem_name] = 'aws-sdk-core' - context[:gem_version] = '3.205.0' + context[:gem_version] = '3.206.0' Seahorse::Client::Request.new(handlers, context) end diff --git a/gems/aws-sdk-core/lib/aws-sdk-sts.rb b/gems/aws-sdk-core/lib/aws-sdk-sts.rb index ce3e4f2a402..d5711f3300a 100644 --- a/gems/aws-sdk-core/lib/aws-sdk-sts.rb +++ b/gems/aws-sdk-core/lib/aws-sdk-sts.rb @@ -54,6 +54,6 @@ # @!group service module Aws::STS - GEM_VERSION = '3.205.0' + GEM_VERSION = '3.206.0' end diff --git a/gems/aws-sdk-core/lib/aws-sdk-sts/client.rb b/gems/aws-sdk-core/lib/aws-sdk-sts/client.rb index adb915222da..8c9d7d77912 100644 --- a/gems/aws-sdk-core/lib/aws-sdk-sts/client.rb +++ b/gems/aws-sdk-core/lib/aws-sdk-sts/client.rb @@ -2412,7 +2412,7 @@ def build_request(operation_name, params = {}) tracer: tracer ) context[:gem_name] = 'aws-sdk-core' - context[:gem_version] = '3.205.0' + context[:gem_version] = '3.206.0' Seahorse::Client::Request.new(handlers, context) end diff --git a/gems/aws-sdk-ecr/CHANGELOG.md b/gems/aws-sdk-ecr/CHANGELOG.md index 3a7ca380322..4c7f76a6560 100644 --- a/gems/aws-sdk-ecr/CHANGELOG.md +++ b/gems/aws-sdk-ecr/CHANGELOG.md @@ -1,6 +1,11 @@ Unreleased Changes ------------------ +1.84.0 (2024-09-17) +------------------ + +* Feature - The `DescribeImageScanning` API now includes `fixAvailable`, `exploitAvailable`, and `fixedInVersion` fields to provide more detailed information about the availability of fixes, exploits, and fixed versions for identified image vulnerabilities. + 1.83.0 (2024-09-11) ------------------ diff --git a/gems/aws-sdk-ecr/VERSION b/gems/aws-sdk-ecr/VERSION index 6b4de0a42b0..bd0f9e6c28f 100644 --- a/gems/aws-sdk-ecr/VERSION +++ b/gems/aws-sdk-ecr/VERSION @@ -1 +1 @@ -1.83.0 +1.84.0 diff --git a/gems/aws-sdk-ecr/lib/aws-sdk-ecr.rb b/gems/aws-sdk-ecr/lib/aws-sdk-ecr.rb index 21cc0ff30a6..38c9593e219 100644 --- a/gems/aws-sdk-ecr/lib/aws-sdk-ecr.rb +++ b/gems/aws-sdk-ecr/lib/aws-sdk-ecr.rb @@ -53,6 +53,6 @@ # @!group service module Aws::ECR - GEM_VERSION = '1.83.0' + GEM_VERSION = '1.84.0' end diff --git a/gems/aws-sdk-ecr/lib/aws-sdk-ecr/client.rb b/gems/aws-sdk-ecr/lib/aws-sdk-ecr/client.rb index 6a3a805d19e..b6c75bc878d 100644 --- a/gems/aws-sdk-ecr/lib/aws-sdk-ecr/client.rb +++ b/gems/aws-sdk-ecr/lib/aws-sdk-ecr/client.rb @@ -1623,6 +1623,7 @@ def describe_image_replication_status(params = {}, options = {}) # resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.vulnerable_packages[0].release #=> String # resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.vulnerable_packages[0].source_layer_hash #=> String # resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.vulnerable_packages[0].version #=> String + # resp.image_scan_findings.enhanced_findings[0].package_vulnerability_details.vulnerable_packages[0].fixed_in_version #=> String # resp.image_scan_findings.enhanced_findings[0].remediation.recommendation.url #=> String # resp.image_scan_findings.enhanced_findings[0].remediation.recommendation.text #=> String # resp.image_scan_findings.enhanced_findings[0].resources #=> Array @@ -1652,6 +1653,8 @@ def describe_image_replication_status(params = {}, options = {}) # resp.image_scan_findings.enhanced_findings[0].title #=> String # resp.image_scan_findings.enhanced_findings[0].type #=> String # resp.image_scan_findings.enhanced_findings[0].updated_at #=> Time + # resp.image_scan_findings.enhanced_findings[0].fix_available #=> String + # resp.image_scan_findings.enhanced_findings[0].exploit_available #=> String # resp.next_token #=> String # # @@ -3666,7 +3669,7 @@ def build_request(operation_name, params = {}) tracer: tracer ) context[:gem_name] = 'aws-sdk-ecr' - context[:gem_version] = '1.83.0' + context[:gem_version] = '1.84.0' Seahorse::Client::Request.new(handlers, context) end diff --git a/gems/aws-sdk-ecr/lib/aws-sdk-ecr/client_api.rb b/gems/aws-sdk-ecr/lib/aws-sdk-ecr/client_api.rb index 8d9a385eab7..38886c36aee 100644 --- a/gems/aws-sdk-ecr/lib/aws-sdk-ecr/client_api.rb +++ b/gems/aws-sdk-ecr/lib/aws-sdk-ecr/client_api.rb @@ -91,12 +91,15 @@ module ClientApi EvaluationTimestamp = Shapes::TimestampShape.new(name: 'EvaluationTimestamp') ExceptionMessage = Shapes::StringShape.new(name: 'ExceptionMessage') ExpirationTimestamp = Shapes::TimestampShape.new(name: 'ExpirationTimestamp') + ExploitAvailable = Shapes::StringShape.new(name: 'ExploitAvailable') FilePath = Shapes::StringShape.new(name: 'FilePath') FindingArn = Shapes::StringShape.new(name: 'FindingArn') FindingDescription = Shapes::StringShape.new(name: 'FindingDescription') FindingName = Shapes::StringShape.new(name: 'FindingName') FindingSeverity = Shapes::StringShape.new(name: 'FindingSeverity') FindingSeverityCounts = Shapes::MapShape.new(name: 'FindingSeverityCounts') + FixAvailable = Shapes::StringShape.new(name: 'FixAvailable') + FixedInVersion = Shapes::StringShape.new(name: 'FixedInVersion') ForceFlag = Shapes::BooleanShape.new(name: 'ForceFlag') GetAccountSettingRequest = Shapes::StructureShape.new(name: 'GetAccountSettingRequest') GetAccountSettingResponse = Shapes::StructureShape.new(name: 'GetAccountSettingResponse') @@ -637,6 +640,8 @@ module ClientApi EnhancedImageScanFinding.add_member(:title, Shapes::ShapeRef.new(shape: Title, location_name: "title")) EnhancedImageScanFinding.add_member(:type, Shapes::ShapeRef.new(shape: Type, location_name: "type")) EnhancedImageScanFinding.add_member(:updated_at, Shapes::ShapeRef.new(shape: Date, location_name: "updatedAt")) + EnhancedImageScanFinding.add_member(:fix_available, Shapes::ShapeRef.new(shape: FixAvailable, location_name: "fixAvailable")) + EnhancedImageScanFinding.add_member(:exploit_available, Shapes::ShapeRef.new(shape: ExploitAvailable, location_name: "exploitAvailable")) EnhancedImageScanFinding.struct_class = Types::EnhancedImageScanFinding EnhancedImageScanFindingList.member = Shapes::ShapeRef.new(shape: EnhancedImageScanFinding) @@ -1303,6 +1308,7 @@ module ClientApi VulnerablePackage.add_member(:release, Shapes::ShapeRef.new(shape: Release, location_name: "release")) VulnerablePackage.add_member(:source_layer_hash, Shapes::ShapeRef.new(shape: SourceLayerHash, location_name: "sourceLayerHash")) VulnerablePackage.add_member(:version, Shapes::ShapeRef.new(shape: Version, location_name: "version")) + VulnerablePackage.add_member(:fixed_in_version, Shapes::ShapeRef.new(shape: FixedInVersion, location_name: "fixedInVersion")) VulnerablePackage.struct_class = Types::VulnerablePackage VulnerablePackagesList.member = Shapes::ShapeRef.new(shape: VulnerablePackage) diff --git a/gems/aws-sdk-ecr/lib/aws-sdk-ecr/types.rb b/gems/aws-sdk-ecr/lib/aws-sdk-ecr/types.rb index fe0df4a2fbd..779ed01ac6f 100644 --- a/gems/aws-sdk-ecr/lib/aws-sdk-ecr/types.rb +++ b/gems/aws-sdk-ecr/lib/aws-sdk-ecr/types.rb @@ -1432,20 +1432,20 @@ class EmptyUploadException < Struct.new( # If you use the `KMS_DSSE` encryption type, the contents of the # repository will be encrypted with two layers of encryption using # server-side encryption with the KMS Management Service key stored in - # KMS. Similar to the KMS encryption type, you can either use the + # KMS. Similar to the `KMS` encryption type, you can either use the # default Amazon Web Services managed KMS key for Amazon ECR, or # specify your own KMS key, which you've already created. # # If you use the `AES256` encryption type, Amazon ECR uses server-side # encryption with Amazon S3-managed encryption keys which encrypts the - # images in the repository using an AES256 encryption algorithm. For - # more information, see [Protecting data using server-side encryption - # with Amazon S3-managed encryption keys (SSE-S3)][1] in the *Amazon - # Simple Storage Service Console Developer Guide*. + # images in the repository using an AES256 encryption algorithm. + # + # For more information, see [Amazon ECR encryption at rest][1] in the + # *Amazon Elastic Container Registry User Guide*. # # # - # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html + # [1]: https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html # @return [String] # # @!attribute [rw] kms_key @@ -1576,6 +1576,18 @@ class EncryptionConfigurationForRepositoryCreationTemplate < Struct.new( # The date and time the finding was last updated at. # @return [Time] # + # @!attribute [rw] fix_available + # Details on whether a fix is available through a version update. This + # value can be `YES`, `NO`, or `PARTIAL`. A `PARTIAL` fix means that + # some, but not all, of the packages identified in the finding have + # fixes available through updated versions. + # @return [String] + # + # @!attribute [rw] exploit_available + # If a finding discovered in your environment has an exploit + # available. + # @return [String] + # # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/EnhancedImageScanFinding AWS API Documentation # class EnhancedImageScanFinding < Struct.new( @@ -1593,7 +1605,9 @@ class EnhancedImageScanFinding < Struct.new( :status, :title, :type, - :updated_at) + :updated_at, + :fix_available, + :exploit_available) SENSITIVE = [] include Aws::Structure end @@ -4605,6 +4619,10 @@ class ValidationException < Struct.new( # The version of the vulnerable package. # @return [String] # + # @!attribute [rw] fixed_in_version + # The version of the package that contains the vulnerability fix. + # @return [String] + # # @see http://docs.aws.amazon.com/goto/WebAPI/ecr-2015-09-21/VulnerablePackage AWS API Documentation # class VulnerablePackage < Struct.new( @@ -4615,7 +4633,8 @@ class VulnerablePackage < Struct.new( :package_manager, :release, :source_layer_hash, - :version) + :version, + :fixed_in_version) SENSITIVE = [] include Aws::Structure end diff --git a/gems/aws-sdk-ecr/sig/types.rbs b/gems/aws-sdk-ecr/sig/types.rbs index cabf770afa7..8b0a34b23e0 100644 --- a/gems/aws-sdk-ecr/sig/types.rbs +++ b/gems/aws-sdk-ecr/sig/types.rbs @@ -388,6 +388,8 @@ module Aws::ECR attr_accessor title: ::String attr_accessor type: ::String attr_accessor updated_at: ::Time + attr_accessor fix_available: ::String + attr_accessor exploit_available: ::String SENSITIVE: [] end @@ -1238,6 +1240,7 @@ module Aws::ECR attr_accessor release: ::String attr_accessor source_layer_hash: ::String attr_accessor version: ::String + attr_accessor fixed_in_version: ::String SENSITIVE: [] end end diff --git a/gems/aws-sdk-ecs/CHANGELOG.md b/gems/aws-sdk-ecs/CHANGELOG.md index 24b18b211f3..c091b7a445f 100644 --- a/gems/aws-sdk-ecs/CHANGELOG.md +++ b/gems/aws-sdk-ecs/CHANGELOG.md @@ -1,6 +1,11 @@ Unreleased Changes ------------------ +1.158.0 (2024-09-17) +------------------ + +* Feature - This is a documentation only release to address various tickets. + 1.157.0 (2024-09-11) ------------------ diff --git a/gems/aws-sdk-ecs/VERSION b/gems/aws-sdk-ecs/VERSION index 36ebe49cbdd..fc8113ce413 100644 --- a/gems/aws-sdk-ecs/VERSION +++ b/gems/aws-sdk-ecs/VERSION @@ -1 +1 @@ -1.157.0 +1.158.0 diff --git a/gems/aws-sdk-ecs/lib/aws-sdk-ecs.rb b/gems/aws-sdk-ecs/lib/aws-sdk-ecs.rb index 5d5f765b557..59f88e2ecc0 100644 --- a/gems/aws-sdk-ecs/lib/aws-sdk-ecs.rb +++ b/gems/aws-sdk-ecs/lib/aws-sdk-ecs.rb @@ -53,6 +53,6 @@ # @!group service module Aws::ECS - GEM_VERSION = '1.157.0' + GEM_VERSION = '1.158.0' end diff --git a/gems/aws-sdk-ecs/lib/aws-sdk-ecs/client.rb b/gems/aws-sdk-ecs/lib/aws-sdk-ecs/client.rb index ef39915cef0..1a9fc206792 100644 --- a/gems/aws-sdk-ecs/lib/aws-sdk-ecs/client.rb +++ b/gems/aws-sdk-ecs/lib/aws-sdk-ecs/client.rb @@ -5785,9 +5785,6 @@ def list_tasks(params = {}, options = {}) # mode][3]. For more information on using IPv6 with tasks launched on # Fargate, see [Using a VPC in dual-stack mode][4]. # - # * `fargateFIPSMode` - If you specify `fargateFIPSMode`, Fargate FIPS - # 140 compliance is affected. - # # * `fargateTaskRetirementWaitPeriod` - When Amazon Web Services # determines that a security or infrastructure update is needed for an # Amazon ECS task hosted on Fargate, the tasks need to be stopped and @@ -10445,7 +10442,7 @@ def build_request(operation_name, params = {}) tracer: tracer ) context[:gem_name] = 'aws-sdk-ecs' - context[:gem_version] = '1.157.0' + context[:gem_version] = '1.158.0' Seahorse::Client::Request.new(handlers, context) end diff --git a/gems/aws-sdk-ecs/lib/aws-sdk-ecs/types.rb b/gems/aws-sdk-ecs/lib/aws-sdk-ecs/types.rb index e164bcbbd68..ab2d2c531e4 100644 --- a/gems/aws-sdk-ecs/lib/aws-sdk-ecs/types.rb +++ b/gems/aws-sdk-ecs/lib/aws-sdk-ecs/types.rb @@ -1035,7 +1035,7 @@ class Container < Struct.new( # entered in the `links` of another container to connect the # containers. Up to 255 letters (uppercase and lowercase), numbers, # underscores, and hyphens are allowed. This parameter maps to `name` - # in tthe docker conainer create command and the `--name` option to + # in the docker container create command and the `--name` option to # docker run. # @return [String] # @@ -1046,7 +1046,7 @@ class Container < Struct.new( # repository-url/image:tag ` or ` repository-url/image@digest `. Up to # 255 letters (uppercase and lowercase), numbers, hyphens, # underscores, colons, periods, forward slashes, and number signs are - # allowed. This parameter maps to `Image` in the docker conainer + # allowed. This parameter maps to `Image` in the docker container # create command and the `IMAGE` parameter of docker run. # # * When a new task starts, the Amazon ECS container agent pulls the @@ -1077,7 +1077,7 @@ class Container < Struct.new( # # @!attribute [rw] cpu # The number of `cpu` units reserved for the container. This parameter - # maps to `CpuShares` in the docker conainer create commandand the + # maps to `CpuShares` in the docker container create commandand the # `--cpu-shares` option to docker run. # # This field is optional for tasks using the Fargate launch type, and @@ -1142,9 +1142,8 @@ class Container < Struct.new( # container attempts to exceed the memory specified here, the # container is killed. The total amount of memory reserved for all # containers within a task must be lower than the task `memory` value, - # if one is specified. This parameter maps to `Memory` in thethe - # docker conainer create command and the `--memory` option to docker - # run. + # if one is specified. This parameter maps to `Memory` in the docker + # container create command and the `--memory` option to docker run. # # If using the Fargate launch type, this parameter is optional. # @@ -1172,9 +1171,8 @@ class Container < Struct.new( # consume more memory when it needs to, up to either the hard limit # specified with the `memory` parameter (if applicable), or all of the # available memory on the container instance, whichever comes first. - # This parameter maps to `MemoryReservation` in the the docker - # conainer create command and the `--memory-reservation` option to - # docker run. + # This parameter maps to `MemoryReservation` in the docker container + # create command and the `--memory-reservation` option to docker run. # # If a task-level memory value is not specified, you must specify a # non-zero integer for one or both of `memory` or `memoryReservation` @@ -1208,7 +1206,7 @@ class Container < Struct.new( # `name:internalName` construct is analogous to `name:alias` in Docker # links. Up to 255 letters (uppercase and lowercase), numbers, # underscores, and hyphens are allowed.. This parameter maps to - # `Links` in the docker conainer create command and the `--link` + # `Links` in the docker container create command and the `--link` # option to docker run. # # This parameter is not supported for Windows containers. @@ -1235,7 +1233,7 @@ class Container < Struct.new( # so you can't access a container's mapped port from the host # itself. # - # This parameter maps to `PortBindings` in the the docker conainer + # This parameter maps to `PortBindings` in the the docker container # create command and the `--publish` option to docker run. If the # network mode of a task definition is set to `none`, then you can't # specify port mappings. If the network mode of a task definition is @@ -1294,20 +1292,20 @@ class Container < Struct.new( # arguments as `command` array items instead. # # The entry point that's passed to the container. This parameter maps - # to `Entrypoint` in tthe docker conainer create command and the + # to `Entrypoint` in the docker container create command and the # `--entrypoint` option to docker run. # @return [Array] # # @!attribute [rw] command # The command that's passed to the container. This parameter maps to - # `Cmd` in the docker conainer create command and the `COMMAND` + # `Cmd` in the docker container create command and the `COMMAND` # parameter to docker run. If there are multiple arguments, each # argument is a separated string in the array. # @return [Array] # # @!attribute [rw] environment # The environment variables to pass to a container. This parameter - # maps to `Env` in the docker conainer create command and the `--env` + # maps to `Env` in the docker container create command and the `--env` # option to docker run. # # We don't recommend that you use plaintext environment variables for @@ -1341,7 +1339,7 @@ class Container < Struct.new( # @!attribute [rw] mount_points # The mount points for data volumes in your container. # - # This parameter maps to `Volumes` in the the docker conainer create + # This parameter maps to `Volumes` in the docker container create # command and the `--volume` option to docker run. # # Windows containers can mount whole directories on the same drive as @@ -1351,7 +1349,7 @@ class Container < Struct.new( # # @!attribute [rw] volumes_from # Data volumes to mount from another container. This parameter maps to - # `VolumesFrom` in tthe docker conainer create command and the + # `VolumesFrom` in the docker container create command and the # `--volumes-from` option to docker run. # @return [Array] # @@ -1468,8 +1466,9 @@ class Container < Struct.new( # # * Windows platform version `1.0.0` or later. # - # The max stop timeout value is 120 seconds and if the parameter is - # not specified, the default value of 30 seconds is used. + # For tasks that use the Fargate launch type, the max stop timeout + # value is 120 seconds and if the parameter is not specified, the + # default value of 30 seconds is used. # # For tasks that use the EC2 launch type, if the `stopTimeout` # parameter isn't specified, the value set for the Amazon ECS @@ -1491,7 +1490,7 @@ class Container < Struct.new( # ECS-optimized Linux AMI][2] in the *Amazon Elastic Container Service # Developer Guide*. # - # The valid values are 2-120 seconds. + # The valid values for Fargate are 2-120 seconds. # # # @@ -1501,7 +1500,7 @@ class Container < Struct.new( # # @!attribute [rw] hostname # The hostname to use for your container. This parameter maps to - # `Hostname` in thethe docker conainer create command and the + # `Hostname` in the docker container create command and the # `--hostname` option to docker run. # # The `hostname` parameter is not supported if you're using the @@ -1512,7 +1511,7 @@ class Container < Struct.new( # # @!attribute [rw] user # The user to use inside the container. This parameter maps to `User` - # in the docker conainer create command and the `--user` option to + # in the docker container create command and the `--user` option to # docker run. # # When running tasks using the `host` network mode, don't run @@ -1541,13 +1540,13 @@ class Container < Struct.new( # # @!attribute [rw] working_directory # The working directory to run commands inside the container in. This - # parameter maps to `WorkingDir` in the docker conainer create command - # and the `--workdir` option to docker run. + # parameter maps to `WorkingDir` in the docker container create + # command and the `--workdir` option to docker run. # @return [String] # # @!attribute [rw] disable_networking # When this parameter is true, networking is off within the container. - # This parameter maps to `NetworkDisabled` in the docker conainer + # This parameter maps to `NetworkDisabled` in the docker container # create command. # # This parameter is not supported for Windows containers. @@ -1558,8 +1557,8 @@ class Container < Struct.new( # @!attribute [rw] privileged # When this parameter is true, the container is given elevated # privileges on the host container instance (similar to the `root` - # user). This parameter maps to `Privileged` in the the docker - # conainer create command and the `--privileged` option to docker run + # user). This parameter maps to `Privileged` in the docker container + # create command and the `--privileged` option to docker run # # This parameter is not supported for Windows containers or tasks run # on Fargate. @@ -1570,7 +1569,7 @@ class Container < Struct.new( # @!attribute [rw] readonly_root_filesystem # When this parameter is true, the container is given read-only access # to its root file system. This parameter maps to `ReadonlyRootfs` in - # the docker conainer create command and the `--read-only` option to + # the docker container create command and the `--read-only` option to # docker run. # # This parameter is not supported for Windows containers. @@ -1580,8 +1579,8 @@ class Container < Struct.new( # # @!attribute [rw] dns_servers # A list of DNS servers that are presented to the container. This - # parameter maps to `Dns` in the the docker conainer create command - # and the `--dns` option to docker run. + # parameter maps to `Dns` in the docker container create command and + # the `--dns` option to docker run. # # This parameter is not supported for Windows containers. # @@ -1590,7 +1589,7 @@ class Container < Struct.new( # # @!attribute [rw] dns_search_domains # A list of DNS search domains that are presented to the container. - # This parameter maps to `DnsSearch` in the docker conainer create + # This parameter maps to `DnsSearch` in the docker container create # command and the `--dns-search` option to docker run. # # This parameter is not supported for Windows containers. @@ -1601,7 +1600,7 @@ class Container < Struct.new( # @!attribute [rw] extra_hosts # A list of hostnames and IP address mappings to append to the # `/etc/hosts` file on the container. This parameter maps to - # `ExtraHosts` in the docker conainer create command and the + # `ExtraHosts` in the docker container create command and the # `--add-host` option to docker run. # # This parameter isn't supported for Windows containers or tasks that @@ -1624,7 +1623,7 @@ class Container < Struct.new( # Windows Containers][1] and [Using gMSAs for Linux Containers][2] in # the *Amazon Elastic Container Service Developer Guide*. # - # This parameter maps to `SecurityOpt` in the docker conainer create + # This parameter maps to `SecurityOpt` in the docker container create # command and the `--security-opt` option to docker run. # # The Amazon ECS container agent running on a container instance must @@ -1649,19 +1648,19 @@ class Container < Struct.new( # @!attribute [rw] interactive # When this parameter is `true`, you can deploy containerized # applications that require `stdin` or a `tty` to be allocated. This - # parameter maps to `OpenStdin` in the docker conainer create command + # parameter maps to `OpenStdin` in the docker container create command # and the `--interactive` option to docker run. # @return [Boolean] # # @!attribute [rw] pseudo_terminal # When this parameter is `true`, a TTY is allocated. This parameter - # maps to `Tty` in tthe docker conainer create command and the `--tty` + # maps to `Tty` in the docker container create command and the `--tty` # option to docker run. # @return [Boolean] # # @!attribute [rw] docker_labels # A key/value map of labels to add to the container. This parameter - # maps to `Labels` in the docker conainer create command and the + # maps to `Labels` in the docker container create command and the # `--label` option to docker run. This parameter requires version 1.18 # of the Docker Remote API or greater on your container instance. To # check the Docker Remote API version on your container instance, log @@ -1672,7 +1671,7 @@ class Container < Struct.new( # @!attribute [rw] ulimits # A list of `ulimits` to set in the container. If a `ulimit` value is # specified in a task definition, it overrides the default values set - # by Docker. This parameter maps to `Ulimits` in tthe docker conainer + # by Docker. This parameter maps to `Ulimits` in the docker container # create command and the `--ulimit` option to docker run. Valid naming # values are displayed in the [Ulimit][1] data type. # @@ -1701,7 +1700,7 @@ class Container < Struct.new( # @!attribute [rw] log_configuration # The log configuration specification for the container. # - # This parameter maps to `LogConfig` in the docker conainer create + # This parameter maps to `LogConfig` in the docker container create # command and the `--log-driver` option to docker run. By default, # containers use the same logging driver that the Docker daemon uses. # However the container can use a different logging driver than the @@ -1743,13 +1742,13 @@ class Container < Struct.new( # @!attribute [rw] health_check # The container health check command and associated configuration # parameters for the container. This parameter maps to `HealthCheck` - # in the docker conainer create command and the `HEALTHCHECK` + # in the docker container create command and the `HEALTHCHECK` # parameter of docker run. # @return [Types::HealthCheck] # # @!attribute [rw] system_controls # A list of namespaced kernel parameters to set in the container. This - # parameter maps to `Sysctls` in tthe docker conainer create command + # parameter maps to `Sysctls` in the docker container create command # and the `--sysctl` option to docker run. For example, you can # configure `net.ipv4.tcp_keepalive_time` setting to maintain longer # lived connections. @@ -3733,13 +3732,22 @@ class DeploymentCircuitBreaker < Struct.new( # using the `REPLICA` service scheduler is 200%. # # If a service is using either the blue/green (`CODE_DEPLOY`) or - # `EXTERNAL` deployment types and tasks that use the EC2 launch type, - # the **maximum percent** value is set to the default value and is - # used to define the upper limit on the number of the tasks in the - # service that remain in the `RUNNING` state while the container - # instances are in the `DRAINING` state. If the tasks in the service - # use the Fargate launch type, the maximum percent value is not used, - # although it is returned when describing your service. + # `EXTERNAL` deployment types, and tasks in the service use the EC2 + # launch type, the **maximum percent** value is set to the default + # value. The **maximum percent** value is used to define the upper + # limit on the number of the tasks in the service that remain in the + # `RUNNING` state while the container instances are in the `DRAINING` + # state. + # + # You can't specify a custom `maximumPercent` value for a service + # that uses either the blue/green (`CODE_DEPLOY`) or `EXTERNAL` + # deployment types and has tasks that use the EC2 launch type. + # + # + # + # If the tasks in the service use the Fargate launch type, the maximum + # percent value is not used, although it is returned when describing + # your service. # @return [Integer] # # @!attribute [rw] minimum_healthy_percent @@ -3800,13 +3808,22 @@ class DeploymentCircuitBreaker < Struct.new( # If a service is using either the blue/green (`CODE_DEPLOY`) or # `EXTERNAL` deployment types and is running tasks that use the EC2 # launch type, the **minimum healthy percent** value is set to the - # default value and is used to define the lower limit on the number of - # the tasks in the service that remain in the `RUNNING` state while - # the container instances are in the `DRAINING` state. If a service is - # using either the blue/green (`CODE_DEPLOY`) or `EXTERNAL` deployment - # types and is running tasks that use the Fargate launch type, the - # minimum healthy percent value is not used, although it is returned - # when describing your service. + # default value. The **minimum healthy percent** value is used to + # define the lower limit on the number of the tasks in the service + # that remain in the `RUNNING` state while the container instances are + # in the `DRAINING` state. + # + # You can't specify a custom `minimumHealthyPercent` value for a + # service that uses either the blue/green (`CODE_DEPLOY`) or + # `EXTERNAL` deployment types and has tasks that use the EC2 launch + # type. + # + # + # + # If a service is using either the blue/green (`CODE_DEPLOY`) or + # `EXTERNAL` deployment types and is running tasks that use the + # Fargate launch type, the minimum healthy percent value is not used, + # although it is returned when describing your service. # @return [Integer] # # @!attribute [rw] alarms @@ -4461,7 +4478,7 @@ class DiscoverPollEndpointResponse < Struct.new( # use `docker plugin ls` to retrieve the driver name from your # container instance. If the driver was installed using another # method, use Docker plugin discovery to retrieve the driver name. - # This parameter maps to `Driver` in the docker conainer create + # This parameter maps to `Driver` in the docker container create # command and the `xxdriver` option to docker volume create. # @return [String] # @@ -4473,7 +4490,7 @@ class DiscoverPollEndpointResponse < Struct.new( # # @!attribute [rw] labels # Custom metadata to add to your Docker volume. This parameter maps to - # `Labels` in the docker conainer create command and the `xxlabel` + # `Labels` in the docker container create command and the `xxlabel` # option to docker volume create. # @return [Hash] # @@ -5202,8 +5219,8 @@ class GetTaskProtectionResponse < Struct.new( # ` CMD-SHELL, curl -f http://localhost/ || exit 1` # # An exit code of 0 indicates success, and non-zero exit code - # indicates failure. For more information, see `HealthCheck` in tthe - # docker conainer create command + # indicates failure. For more information, see `HealthCheck` in the + # docker container create command # @return [Array] # # @!attribute [rw] interval @@ -5410,7 +5427,7 @@ class InvalidParameterException < Aws::EmptyStructure; end # @!attribute [rw] add # The Linux capabilities for the container that have been added to the # default configuration provided by Docker. This parameter maps to - # `CapAdd` in the docker conainer create command and the `--cap-add` + # `CapAdd` in the docker container create command and the `--cap-add` # option to docker run. # # Tasks launched on Fargate only support adding the `SYS_PTRACE` @@ -5432,8 +5449,8 @@ class InvalidParameterException < Aws::EmptyStructure; end # @!attribute [rw] drop # The Linux capabilities for the container that have been removed from # the default configuration provided by Docker. This parameter maps to - # `CapDrop` in the docker conainer create command and the `--cap-drop` - # option to docker run. + # `CapDrop` in the docker container create command and the + # `--cap-drop` option to docker run. # # Valid values: `"ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" | # "BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | "DAC_READ_SEARCH" | @@ -5502,7 +5519,7 @@ class LimitExceededException < Aws::EmptyStructure; end # # @!attribute [rw] devices # Any host devices to expose to the container. This parameter maps to - # `Devices` in tthe docker conainer create command and the `--device` + # `Devices` in the docker container create command and the `--device` # option to docker run. # # If you're using tasks that use the Fargate launch type, the @@ -6433,7 +6450,7 @@ class LoadBalancer < Struct.new( end # The log configuration for the container. This parameter maps to - # `LogConfig` in the docker conainer create command and the + # `LogConfig` in the docker container create command and the # `--log-driver` option to docker run. # # By default, containers use the same logging driver that the Docker @@ -7022,7 +7039,7 @@ class PlatformUnknownException < Aws::EmptyStructure; end # can be left blank or it must be the same value as the `containerPort`. # # Most fields of this parameter (`containerPort`, `hostPort`, - # `protocol`) maps to `PortBindings` in the docker conainer create + # `protocol`) maps to `PortBindings` in the docker container create # command and the `--publish` option to `docker run`. If the network # mode of a task definition is set to `host`, host ports must either be # undefined or match the container port in the port mapping. @@ -7521,9 +7538,6 @@ class PutAccountSettingDefaultResponse < Struct.new( # mode][3]. For more information on using IPv6 with tasks launched # on Fargate, see [Using a VPC in dual-stack mode][4]. # - # * `fargateFIPSMode` - If you specify `fargateFIPSMode`, Fargate FIPS - # 140 compliance is affected. - # # * `fargateTaskRetirementWaitPeriod` - When Amazon Web Services # determines that a security or infrastructure update is needed for # an Amazon ECS task hosted on Fargate, the tasks need to be stopped @@ -9175,7 +9189,7 @@ class ServiceConnectClientAlias < Struct.new( # # @!attribute [rw] log_configuration # The log configuration for the container. This parameter maps to - # `LogConfig` in the docker conainer create command and the + # `LogConfig` in the docker container create command and the # `--log-driver` option to docker run. # # By default, containers use the same logging driver that the Docker @@ -10158,7 +10172,7 @@ class SubmitTaskStateChangeResponse < Struct.new( end # A list of namespaced kernel parameters to set in the container. This - # parameter maps to `Sysctls` in tthe docker conainer create command and + # parameter maps to `Sysctls` in the docker container create command and # the `--sysctl` option to docker run. For example, you can configure # `net.ipv4.tcp_keepalive_time` setting to maintain longer lived # connections. @@ -10888,8 +10902,8 @@ class Task < Struct.new( # @return [Array] # # @!attribute [rw] compatibilities - # The task launch types the task definition validated against during - # task definition registration. For more information, see [Amazon ECS + # Amazon ECS validates the task definition parameters with those + # supported by the launch type. For more information, see [Amazon ECS # launch types][1] in the *Amazon Elastic Container Service Developer # Guide*. # @@ -11849,11 +11863,15 @@ class Tmpfs < Struct.new( # @return [String] # # @!attribute [rw] soft_limit - # The soft limit for the `ulimit` type. + # The soft limit for the `ulimit` type. The value can be specified in + # bytes, seconds, or as a count, depending on the `type` of the + # `ulimit`. # @return [Integer] # # @!attribute [rw] hard_limit - # The hard limit for the `ulimit` type. + # The hard limit for the `ulimit` type. The value can be specified in + # bytes, seconds, or as a count, depending on the `type` of the + # `ulimit`. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/ecs-2014-11-13/Ulimit AWS API Documentation diff --git a/gems/aws-sdk-lambda/CHANGELOG.md b/gems/aws-sdk-lambda/CHANGELOG.md index 049de681091..115d4bc1114 100644 --- a/gems/aws-sdk-lambda/CHANGELOG.md +++ b/gems/aws-sdk-lambda/CHANGELOG.md @@ -1,6 +1,11 @@ Unreleased Changes ------------------ +1.131.0 (2024-09-17) +------------------ + +* Feature - Support for JSON resource-based policies and block public access + 1.130.0 (2024-09-11) ------------------ diff --git a/gems/aws-sdk-lambda/VERSION b/gems/aws-sdk-lambda/VERSION index e4861cbfb71..0f536b128cc 100644 --- a/gems/aws-sdk-lambda/VERSION +++ b/gems/aws-sdk-lambda/VERSION @@ -1 +1 @@ -1.130.0 +1.131.0 diff --git a/gems/aws-sdk-lambda/lib/aws-sdk-lambda.rb b/gems/aws-sdk-lambda/lib/aws-sdk-lambda.rb index cda722a99a3..e74599227e4 100644 --- a/gems/aws-sdk-lambda/lib/aws-sdk-lambda.rb +++ b/gems/aws-sdk-lambda/lib/aws-sdk-lambda.rb @@ -54,6 +54,6 @@ # @!group service module Aws::Lambda - GEM_VERSION = '1.130.0' + GEM_VERSION = '1.131.0' end diff --git a/gems/aws-sdk-lambda/lib/aws-sdk-lambda/client.rb b/gems/aws-sdk-lambda/lib/aws-sdk-lambda/client.rb index 201780e6919..fe455bf959d 100644 --- a/gems/aws-sdk-lambda/lib/aws-sdk-lambda/client.rb +++ b/gems/aws-sdk-lambda/lib/aws-sdk-lambda/client.rb @@ -2192,6 +2192,41 @@ def delete_provisioned_concurrency_config(params = {}, options = {}) req.send_request(options) end + # Deletes a [resource-based policy][1] from a function. + # + # + # + # [1]: https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html + # + # @option params [required, String] :resource_arn + # The Amazon Resource Name (ARN) of the function you want to delete the + # policy from. You can use either a qualified or an unqualified ARN, but + # the value you specify must be a complete ARN and wildcard characters + # are not accepted. + # + # @option params [String] :revision_id + # Delete the existing policy only if its revision ID matches the string + # you specify. To find the revision ID of the policy currently attached + # to your function, use the GetResourcePolicy action. + # + # @return [Struct] Returns an empty {Seahorse::Client::Response response}. + # + # @example Request syntax with placeholder values + # + # resp = client.delete_resource_policy({ + # resource_arn: "PolicyResourceArn", # required + # revision_id: "RevisionId", + # }) + # + # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/DeleteResourcePolicy AWS API Documentation + # + # @overload delete_resource_policy(params = {}) + # @param [Hash] params ({}) + def delete_resource_policy(params = {}, options = {}) + req = build_request(:delete_resource_policy, params) + req.send_request(options) + end + # Retrieves details about your account's [limits][1] and usage in an # Amazon Web Services Region. # @@ -3198,6 +3233,73 @@ def get_provisioned_concurrency_config(params = {}, options = {}) req.send_request(options) end + # Retrieve the public-access settings for a function. + # + # @option params [required, String] :resource_arn + # The Amazon Resource Name (ARN) of the function you want to retrieve + # public-access settings for. + # + # @return [Types::GetPublicAccessBlockConfigResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: + # + # * {Types::GetPublicAccessBlockConfigResponse#public_access_block_config #public_access_block_config} => Types::PublicAccessBlockConfig + # + # @example Request syntax with placeholder values + # + # resp = client.get_public_access_block_config({ + # resource_arn: "PublicAccessBlockResourceArn", # required + # }) + # + # @example Response structure + # + # resp.public_access_block_config.block_public_policy #=> Boolean + # resp.public_access_block_config.restrict_public_resource #=> Boolean + # + # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/GetPublicAccessBlockConfig AWS API Documentation + # + # @overload get_public_access_block_config(params = {}) + # @param [Hash] params ({}) + def get_public_access_block_config(params = {}, options = {}) + req = build_request(:get_public_access_block_config, params) + req.send_request(options) + end + + # Retrieves the [resource-based policy][1] attached to a function. + # + # + # + # [1]: https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html + # + # @option params [required, String] :resource_arn + # The Amazon Resource Name (ARN) of the function you want to retrieve + # the policy for. You can use either a qualified or an unqualified ARN, + # but the value you specify must be a complete ARN and wildcard + # characters are not accepted. + # + # @return [Types::GetResourcePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: + # + # * {Types::GetResourcePolicyResponse#policy #policy} => String + # * {Types::GetResourcePolicyResponse#revision_id #revision_id} => String + # + # @example Request syntax with placeholder values + # + # resp = client.get_resource_policy({ + # resource_arn: "PolicyResourceArn", # required + # }) + # + # @example Response structure + # + # resp.policy #=> String + # resp.revision_id #=> String + # + # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/GetResourcePolicy AWS API Documentation + # + # @overload get_resource_policy(params = {}) + # @param [Hash] params ({}) + def get_resource_policy(params = {}, options = {}) + req = build_request(:get_resource_policy, params) + req.send_request(options) + end + # Retrieves the runtime management configuration for a function's # version. If the runtime update mode is **Manual**, this includes the # ARN of the runtime version and the runtime update mode. If the runtime @@ -5235,6 +5337,135 @@ def put_provisioned_concurrency_config(params = {}, options = {}) req.send_request(options) end + # Configure your function's public-access settings. + # + # To control public access to a Lambda function, you can choose whether + # to allow the creation of [resource-based policies][1] that allow + # public access to that function. You can also block public access to a + # function, even if it has an existing resource-based policy that allows + # it. + # + # + # + # [1]: https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html + # + # @option params [required, String] :resource_arn + # The Amazon Resource Name (ARN) of the function you want to configure + # public-access settings for. Public-access settings are applied at the + # function level, so you can't apply different settings to function + # versions or aliases. + # + # @option params [required, Types::PublicAccessBlockConfig] :public_access_block_config + # An object defining the public-access settings you want to apply. + # + # To block the creation of resource-based policies that would grant + # public access to your function, set `BlockPublicPolicy` to `true`. To + # allow the creation of resource-based policies that would grant public + # access to your function, set `BlockPublicPolicy` to `false`. + # + # To block public access to your function, even if its resource-based + # policy allows it, set `RestrictPublicResource` to `true`. To allow + # public access to a function with a resource-based policy that permits + # it, set `RestrictPublicResource` to `false`. + # + # The default setting for both `BlockPublicPolicy` and + # `RestrictPublicResource` is `true`. + # + # @return [Types::PutPublicAccessBlockConfigResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: + # + # * {Types::PutPublicAccessBlockConfigResponse#public_access_block_config #public_access_block_config} => Types::PublicAccessBlockConfig + # + # @example Request syntax with placeholder values + # + # resp = client.put_public_access_block_config({ + # resource_arn: "PublicAccessBlockResourceArn", # required + # public_access_block_config: { # required + # block_public_policy: false, + # restrict_public_resource: false, + # }, + # }) + # + # @example Response structure + # + # resp.public_access_block_config.block_public_policy #=> Boolean + # resp.public_access_block_config.restrict_public_resource #=> Boolean + # + # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/PutPublicAccessBlockConfig AWS API Documentation + # + # @overload put_public_access_block_config(params = {}) + # @param [Hash] params ({}) + def put_public_access_block_config(params = {}, options = {}) + req = build_request(:put_public_access_block_config, params) + req.send_request(options) + end + + # Adds a [resource-based policy][1] to a function. You can use + # resource-based policies to grant access to other [Amazon Web Services + # accounts][2], [organizations][3], or [services][4]. Resource-based + # policies apply to a single function, version, or alias. + # + # Adding a resource-based policy using this API action replaces any + # existing policy you've previously created. This means that if you've + # previously added resource-based permissions to a function using the + # AddPermission action, those permissions will be overwritten by your + # new policy. + # + # + # + # [1]: https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html + # [2]: https://docs.aws.amazon.com/lambda/latest/dg/permissions-function-cross-account.html + # [3]: https://docs.aws.amazon.com/lambda/latest/dg/permissions-function-organization.html + # [4]: https://docs.aws.amazon.com/lambda/latest/dg/permissions-function-services.html + # + # @option params [required, String] :resource_arn + # The Amazon Resource Name (ARN) of the function you want to add the + # policy to. You can use either a qualified or an unqualified ARN, but + # the value you specify must be a complete ARN and wildcard characters + # are not accepted. + # + # @option params [required, String] :policy + # The JSON resource-based policy you want to add to your function. + # + # To learn more about creating resource-based policies for controlling + # access to Lambda, see [Working with resource-based IAM policies in + # Lambda][1] in the *Lambda Developer Guide*. + # + # + # + # [1]: https://docs.aws.amazon.com/ + # + # @option params [String] :revision_id + # Replace the existing policy only if its revision ID matches the string + # you specify. To find the revision ID of the policy currently attached + # to your function, use the GetResourcePolicy action. + # + # @return [Types::PutResourcePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: + # + # * {Types::PutResourcePolicyResponse#policy #policy} => String + # * {Types::PutResourcePolicyResponse#revision_id #revision_id} => String + # + # @example Request syntax with placeholder values + # + # resp = client.put_resource_policy({ + # resource_arn: "PolicyResourceArn", # required + # policy: "ResourcePolicy", # required + # revision_id: "RevisionId", + # }) + # + # @example Response structure + # + # resp.policy #=> String + # resp.revision_id #=> String + # + # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/PutResourcePolicy AWS API Documentation + # + # @overload put_resource_policy(params = {}) + # @param [Hash] params ({}) + def put_resource_policy(params = {}, options = {}) + req = build_request(:put_resource_policy, params) + req.send_request(options) + end + # Sets the runtime management configuration for a function's version. # For more information, see [Runtime updates][1]. # @@ -6755,7 +6986,7 @@ def build_request(operation_name, params = {}) tracer: tracer ) context[:gem_name] = 'aws-sdk-lambda' - context[:gem_version] = '1.130.0' + context[:gem_version] = '1.131.0' Seahorse::Client::Request.new(handlers, context) end diff --git a/gems/aws-sdk-lambda/lib/aws-sdk-lambda/client_api.rb b/gems/aws-sdk-lambda/lib/aws-sdk-lambda/client_api.rb index 4bb9b6dfc36..bc8296f9519 100644 --- a/gems/aws-sdk-lambda/lib/aws-sdk-lambda/client_api.rb +++ b/gems/aws-sdk-lambda/lib/aws-sdk-lambda/client_api.rb @@ -75,6 +75,7 @@ module ClientApi DeleteFunctionUrlConfigRequest = Shapes::StructureShape.new(name: 'DeleteFunctionUrlConfigRequest') DeleteLayerVersionRequest = Shapes::StructureShape.new(name: 'DeleteLayerVersionRequest') DeleteProvisionedConcurrencyConfigRequest = Shapes::StructureShape.new(name: 'DeleteProvisionedConcurrencyConfigRequest') + DeleteResourcePolicyRequest = Shapes::StructureShape.new(name: 'DeleteResourcePolicyRequest') Description = Shapes::StringShape.new(name: 'Description') DestinationArn = Shapes::StringShape.new(name: 'DestinationArn') DestinationConfig = Shapes::StructureShape.new(name: 'DestinationConfig') @@ -158,6 +159,10 @@ module ClientApi GetPolicyResponse = Shapes::StructureShape.new(name: 'GetPolicyResponse') GetProvisionedConcurrencyConfigRequest = Shapes::StructureShape.new(name: 'GetProvisionedConcurrencyConfigRequest') GetProvisionedConcurrencyConfigResponse = Shapes::StructureShape.new(name: 'GetProvisionedConcurrencyConfigResponse') + GetPublicAccessBlockConfigRequest = Shapes::StructureShape.new(name: 'GetPublicAccessBlockConfigRequest') + GetPublicAccessBlockConfigResponse = Shapes::StructureShape.new(name: 'GetPublicAccessBlockConfigResponse') + GetResourcePolicyRequest = Shapes::StructureShape.new(name: 'GetResourcePolicyRequest') + GetResourcePolicyResponse = Shapes::StructureShape.new(name: 'GetResourcePolicyResponse') GetRuntimeManagementConfigRequest = Shapes::StructureShape.new(name: 'GetRuntimeManagementConfigRequest') GetRuntimeManagementConfigResponse = Shapes::StructureShape.new(name: 'GetRuntimeManagementConfigResponse') Handler = Shapes::StringShape.new(name: 'Handler') @@ -268,6 +273,7 @@ module ClientApi ParallelizationFactor = Shapes::IntegerShape.new(name: 'ParallelizationFactor') Pattern = Shapes::StringShape.new(name: 'Pattern') PolicyLengthExceededException = Shapes::StructureShape.new(name: 'PolicyLengthExceededException') + PolicyResourceArn = Shapes::StringShape.new(name: 'PolicyResourceArn') PositiveInteger = Shapes::IntegerShape.new(name: 'PositiveInteger') PreconditionFailedException = Shapes::StructureShape.new(name: 'PreconditionFailedException') Principal = Shapes::StringShape.new(name: 'Principal') @@ -276,6 +282,9 @@ module ClientApi ProvisionedConcurrencyConfigListItem = Shapes::StructureShape.new(name: 'ProvisionedConcurrencyConfigListItem') ProvisionedConcurrencyConfigNotFoundException = Shapes::StructureShape.new(name: 'ProvisionedConcurrencyConfigNotFoundException') ProvisionedConcurrencyStatusEnum = Shapes::StringShape.new(name: 'ProvisionedConcurrencyStatusEnum') + PublicAccessBlockConfig = Shapes::StructureShape.new(name: 'PublicAccessBlockConfig') + PublicAccessBlockResourceArn = Shapes::StringShape.new(name: 'PublicAccessBlockResourceArn') + PublicPolicyException = Shapes::StructureShape.new(name: 'PublicPolicyException') PublishLayerVersionRequest = Shapes::StructureShape.new(name: 'PublishLayerVersionRequest') PublishLayerVersionResponse = Shapes::StructureShape.new(name: 'PublishLayerVersionResponse') PublishVersionRequest = Shapes::StructureShape.new(name: 'PublishVersionRequest') @@ -287,6 +296,10 @@ module ClientApi PutFunctionRecursionConfigResponse = Shapes::StructureShape.new(name: 'PutFunctionRecursionConfigResponse') PutProvisionedConcurrencyConfigRequest = Shapes::StructureShape.new(name: 'PutProvisionedConcurrencyConfigRequest') PutProvisionedConcurrencyConfigResponse = Shapes::StructureShape.new(name: 'PutProvisionedConcurrencyConfigResponse') + PutPublicAccessBlockConfigRequest = Shapes::StructureShape.new(name: 'PutPublicAccessBlockConfigRequest') + PutPublicAccessBlockConfigResponse = Shapes::StructureShape.new(name: 'PutPublicAccessBlockConfigResponse') + PutResourcePolicyRequest = Shapes::StructureShape.new(name: 'PutResourcePolicyRequest') + PutResourcePolicyResponse = Shapes::StructureShape.new(name: 'PutResourcePolicyResponse') PutRuntimeManagementConfigRequest = Shapes::StructureShape.new(name: 'PutRuntimeManagementConfigRequest') PutRuntimeManagementConfigResponse = Shapes::StructureShape.new(name: 'PutRuntimeManagementConfigResponse') Qualifier = Shapes::StringShape.new(name: 'Qualifier') @@ -303,7 +316,9 @@ module ClientApi ResourceInUseException = Shapes::StructureShape.new(name: 'ResourceInUseException') ResourceNotFoundException = Shapes::StructureShape.new(name: 'ResourceNotFoundException') ResourceNotReadyException = Shapes::StructureShape.new(name: 'ResourceNotReadyException') + ResourcePolicy = Shapes::StringShape.new(name: 'ResourcePolicy') ResponseStreamingInvocationType = Shapes::StringShape.new(name: 'ResponseStreamingInvocationType') + RevisionId = Shapes::StringShape.new(name: 'RevisionId') RoleArn = Shapes::StringShape.new(name: 'RoleArn') Runtime = Shapes::StringShape.new(name: 'Runtime') RuntimeVersionArn = Shapes::StringShape.new(name: 'RuntimeVersionArn') @@ -609,6 +624,10 @@ module ClientApi DeleteProvisionedConcurrencyConfigRequest.add_member(:qualifier, Shapes::ShapeRef.new(shape: Qualifier, required: true, location: "querystring", location_name: "Qualifier")) DeleteProvisionedConcurrencyConfigRequest.struct_class = Types::DeleteProvisionedConcurrencyConfigRequest + DeleteResourcePolicyRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: PolicyResourceArn, required: true, location: "uri", location_name: "ResourceArn")) + DeleteResourcePolicyRequest.add_member(:revision_id, Shapes::ShapeRef.new(shape: RevisionId, location: "querystring", location_name: "RevisionId")) + DeleteResourcePolicyRequest.struct_class = Types::DeleteResourcePolicyRequest + DestinationConfig.add_member(:on_success, Shapes::ShapeRef.new(shape: OnSuccess, location_name: "OnSuccess")) DestinationConfig.add_member(:on_failure, Shapes::ShapeRef.new(shape: OnFailure, location_name: "OnFailure")) DestinationConfig.struct_class = Types::DestinationConfig @@ -916,6 +935,19 @@ module ClientApi GetProvisionedConcurrencyConfigResponse.add_member(:last_modified, Shapes::ShapeRef.new(shape: Timestamp, location_name: "LastModified")) GetProvisionedConcurrencyConfigResponse.struct_class = Types::GetProvisionedConcurrencyConfigResponse + GetPublicAccessBlockConfigRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: PublicAccessBlockResourceArn, required: true, location: "uri", location_name: "ResourceArn")) + GetPublicAccessBlockConfigRequest.struct_class = Types::GetPublicAccessBlockConfigRequest + + GetPublicAccessBlockConfigResponse.add_member(:public_access_block_config, Shapes::ShapeRef.new(shape: PublicAccessBlockConfig, location_name: "PublicAccessBlockConfig")) + GetPublicAccessBlockConfigResponse.struct_class = Types::GetPublicAccessBlockConfigResponse + + GetResourcePolicyRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: PolicyResourceArn, required: true, location: "uri", location_name: "ResourceArn")) + GetResourcePolicyRequest.struct_class = Types::GetResourcePolicyRequest + + GetResourcePolicyResponse.add_member(:policy, Shapes::ShapeRef.new(shape: ResourcePolicy, location_name: "Policy")) + GetResourcePolicyResponse.add_member(:revision_id, Shapes::ShapeRef.new(shape: RevisionId, location_name: "RevisionId")) + GetResourcePolicyResponse.struct_class = Types::GetResourcePolicyResponse + GetRuntimeManagementConfigRequest.add_member(:function_name, Shapes::ShapeRef.new(shape: NamespacedFunctionName, required: true, location: "uri", location_name: "FunctionName")) GetRuntimeManagementConfigRequest.add_member(:qualifier, Shapes::ShapeRef.new(shape: Qualifier, location: "querystring", location_name: "Qualifier")) GetRuntimeManagementConfigRequest.struct_class = Types::GetRuntimeManagementConfigRequest @@ -1228,6 +1260,14 @@ module ClientApi ProvisionedConcurrencyConfigNotFoundException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "message")) ProvisionedConcurrencyConfigNotFoundException.struct_class = Types::ProvisionedConcurrencyConfigNotFoundException + PublicAccessBlockConfig.add_member(:block_public_policy, Shapes::ShapeRef.new(shape: NullableBoolean, location_name: "BlockPublicPolicy")) + PublicAccessBlockConfig.add_member(:restrict_public_resource, Shapes::ShapeRef.new(shape: NullableBoolean, location_name: "RestrictPublicResource")) + PublicAccessBlockConfig.struct_class = Types::PublicAccessBlockConfig + + PublicPolicyException.add_member(:type, Shapes::ShapeRef.new(shape: String, location_name: "Type")) + PublicPolicyException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "Message")) + PublicPolicyException.struct_class = Types::PublicPolicyException + PublishLayerVersionRequest.add_member(:layer_name, Shapes::ShapeRef.new(shape: LayerName, required: true, location: "uri", location_name: "LayerName")) PublishLayerVersionRequest.add_member(:description, Shapes::ShapeRef.new(shape: Description, location_name: "Description")) PublishLayerVersionRequest.add_member(:content, Shapes::ShapeRef.new(shape: LayerVersionContentInput, required: true, location_name: "Content")) @@ -1292,6 +1332,22 @@ module ClientApi PutProvisionedConcurrencyConfigResponse.add_member(:last_modified, Shapes::ShapeRef.new(shape: Timestamp, location_name: "LastModified")) PutProvisionedConcurrencyConfigResponse.struct_class = Types::PutProvisionedConcurrencyConfigResponse + PutPublicAccessBlockConfigRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: PublicAccessBlockResourceArn, required: true, location: "uri", location_name: "ResourceArn")) + PutPublicAccessBlockConfigRequest.add_member(:public_access_block_config, Shapes::ShapeRef.new(shape: PublicAccessBlockConfig, required: true, location_name: "PublicAccessBlockConfig")) + PutPublicAccessBlockConfigRequest.struct_class = Types::PutPublicAccessBlockConfigRequest + + PutPublicAccessBlockConfigResponse.add_member(:public_access_block_config, Shapes::ShapeRef.new(shape: PublicAccessBlockConfig, location_name: "PublicAccessBlockConfig")) + PutPublicAccessBlockConfigResponse.struct_class = Types::PutPublicAccessBlockConfigResponse + + PutResourcePolicyRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: PolicyResourceArn, required: true, location: "uri", location_name: "ResourceArn")) + PutResourcePolicyRequest.add_member(:policy, Shapes::ShapeRef.new(shape: ResourcePolicy, required: true, location_name: "Policy")) + PutResourcePolicyRequest.add_member(:revision_id, Shapes::ShapeRef.new(shape: RevisionId, location_name: "RevisionId")) + PutResourcePolicyRequest.struct_class = Types::PutResourcePolicyRequest + + PutResourcePolicyResponse.add_member(:policy, Shapes::ShapeRef.new(shape: ResourcePolicy, location_name: "Policy")) + PutResourcePolicyResponse.add_member(:revision_id, Shapes::ShapeRef.new(shape: RevisionId, location_name: "RevisionId")) + PutResourcePolicyResponse.struct_class = Types::PutResourcePolicyResponse + PutRuntimeManagementConfigRequest.add_member(:function_name, Shapes::ShapeRef.new(shape: FunctionName, required: true, location: "uri", location_name: "FunctionName")) PutRuntimeManagementConfigRequest.add_member(:qualifier, Shapes::ShapeRef.new(shape: Qualifier, location: "querystring", location_name: "Qualifier")) PutRuntimeManagementConfigRequest.add_member(:update_runtime_on, Shapes::ShapeRef.new(shape: UpdateRuntimeOn, required: true, location_name: "UpdateRuntimeOn")) @@ -1773,6 +1829,20 @@ module ClientApi o.errors << Shapes::ShapeRef.new(shape: ServiceException) end) + api.add_operation(:delete_resource_policy, Seahorse::Model::Operation.new.tap do |o| + o.name = "DeleteResourcePolicy" + o.http_method = "DELETE" + o.http_request_uri = "/2024-09-16/resource-policy/{ResourceArn}" + o.input = Shapes::ShapeRef.new(shape: DeleteResourcePolicyRequest) + o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure)) + o.errors << Shapes::ShapeRef.new(shape: ServiceException) + o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException) + o.errors << Shapes::ShapeRef.new(shape: ResourceConflictException) + o.errors << Shapes::ShapeRef.new(shape: InvalidParameterValueException) + o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException) + o.errors << Shapes::ShapeRef.new(shape: PreconditionFailedException) + end) + api.add_operation(:get_account_settings, Seahorse::Model::Operation.new.tap do |o| o.name = "GetAccountSettings" o.http_method = "GET" @@ -1963,6 +2033,30 @@ module ClientApi o.errors << Shapes::ShapeRef.new(shape: ProvisionedConcurrencyConfigNotFoundException) end) + api.add_operation(:get_public_access_block_config, Seahorse::Model::Operation.new.tap do |o| + o.name = "GetPublicAccessBlockConfig" + o.http_method = "GET" + o.http_request_uri = "/2024-09-16/public-access-block/{ResourceArn}" + o.input = Shapes::ShapeRef.new(shape: GetPublicAccessBlockConfigRequest) + o.output = Shapes::ShapeRef.new(shape: GetPublicAccessBlockConfigResponse) + o.errors << Shapes::ShapeRef.new(shape: ServiceException) + o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException) + o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException) + o.errors << Shapes::ShapeRef.new(shape: InvalidParameterValueException) + end) + + api.add_operation(:get_resource_policy, Seahorse::Model::Operation.new.tap do |o| + o.name = "GetResourcePolicy" + o.http_method = "GET" + o.http_request_uri = "/2024-09-16/resource-policy/{ResourceArn}" + o.input = Shapes::ShapeRef.new(shape: GetResourcePolicyRequest) + o.output = Shapes::ShapeRef.new(shape: GetResourcePolicyResponse) + o.errors << Shapes::ShapeRef.new(shape: ServiceException) + o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException) + o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException) + o.errors << Shapes::ShapeRef.new(shape: InvalidParameterValueException) + end) + api.add_operation(:get_runtime_management_config, Seahorse::Model::Operation.new.tap do |o| o.name = "GetRuntimeManagementConfig" o.http_method = "GET" @@ -2364,6 +2458,35 @@ module ClientApi o.errors << Shapes::ShapeRef.new(shape: ServiceException) end) + api.add_operation(:put_public_access_block_config, Seahorse::Model::Operation.new.tap do |o| + o.name = "PutPublicAccessBlockConfig" + o.http_method = "PUT" + o.http_request_uri = "/2024-09-16/public-access-block/{ResourceArn}" + o.input = Shapes::ShapeRef.new(shape: PutPublicAccessBlockConfigRequest) + o.output = Shapes::ShapeRef.new(shape: PutPublicAccessBlockConfigResponse) + o.errors << Shapes::ShapeRef.new(shape: ServiceException) + o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException) + o.errors << Shapes::ShapeRef.new(shape: ResourceConflictException) + o.errors << Shapes::ShapeRef.new(shape: InvalidParameterValueException) + o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException) + end) + + api.add_operation(:put_resource_policy, Seahorse::Model::Operation.new.tap do |o| + o.name = "PutResourcePolicy" + o.http_method = "PUT" + o.http_request_uri = "/2024-09-16/resource-policy/{ResourceArn}" + o.input = Shapes::ShapeRef.new(shape: PutResourcePolicyRequest) + o.output = Shapes::ShapeRef.new(shape: PutResourcePolicyResponse) + o.errors << Shapes::ShapeRef.new(shape: ServiceException) + o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException) + o.errors << Shapes::ShapeRef.new(shape: ResourceConflictException) + o.errors << Shapes::ShapeRef.new(shape: InvalidParameterValueException) + o.errors << Shapes::ShapeRef.new(shape: PolicyLengthExceededException) + o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException) + o.errors << Shapes::ShapeRef.new(shape: PreconditionFailedException) + o.errors << Shapes::ShapeRef.new(shape: PublicPolicyException) + end) + api.add_operation(:put_runtime_management_config, Seahorse::Model::Operation.new.tap do |o| o.name = "PutRuntimeManagementConfig" o.http_method = "PUT" diff --git a/gems/aws-sdk-lambda/lib/aws-sdk-lambda/endpoints.rb b/gems/aws-sdk-lambda/lib/aws-sdk-lambda/endpoints.rb index 9b0708cf7f6..7c179c3691c 100644 --- a/gems/aws-sdk-lambda/lib/aws-sdk-lambda/endpoints.rb +++ b/gems/aws-sdk-lambda/lib/aws-sdk-lambda/endpoints.rb @@ -199,6 +199,17 @@ def self.build(context) end end + class DeleteResourcePolicy + def self.build(context) + Aws::Lambda::EndpointParameters.new( + region: context.config.region, + use_dual_stack: context.config.use_dualstack_endpoint, + use_fips: context.config.use_fips_endpoint, + endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s, + ) + end + end + class GetAccountSettings def self.build(context) Aws::Lambda::EndpointParameters.new( @@ -375,6 +386,28 @@ def self.build(context) end end + class GetPublicAccessBlockConfig + def self.build(context) + Aws::Lambda::EndpointParameters.new( + region: context.config.region, + use_dual_stack: context.config.use_dualstack_endpoint, + use_fips: context.config.use_fips_endpoint, + endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s, + ) + end + end + + class GetResourcePolicy + def self.build(context) + Aws::Lambda::EndpointParameters.new( + region: context.config.region, + use_dual_stack: context.config.use_dualstack_endpoint, + use_fips: context.config.use_fips_endpoint, + endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s, + ) + end + end + class GetRuntimeManagementConfig def self.build(context) Aws::Lambda::EndpointParameters.new( @@ -628,6 +661,28 @@ def self.build(context) end end + class PutPublicAccessBlockConfig + def self.build(context) + Aws::Lambda::EndpointParameters.new( + region: context.config.region, + use_dual_stack: context.config.use_dualstack_endpoint, + use_fips: context.config.use_fips_endpoint, + endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s, + ) + end + end + + class PutResourcePolicy + def self.build(context) + Aws::Lambda::EndpointParameters.new( + region: context.config.region, + use_dual_stack: context.config.use_dualstack_endpoint, + use_fips: context.config.use_fips_endpoint, + endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s, + ) + end + end + class PutRuntimeManagementConfig def self.build(context) Aws::Lambda::EndpointParameters.new( diff --git a/gems/aws-sdk-lambda/lib/aws-sdk-lambda/errors.rb b/gems/aws-sdk-lambda/lib/aws-sdk-lambda/errors.rb index 9c5ec6ecb8a..5f9e691f7bb 100644 --- a/gems/aws-sdk-lambda/lib/aws-sdk-lambda/errors.rb +++ b/gems/aws-sdk-lambda/lib/aws-sdk-lambda/errors.rb @@ -52,6 +52,7 @@ module Aws::Lambda # * {PolicyLengthExceededException} # * {PreconditionFailedException} # * {ProvisionedConcurrencyConfigNotFoundException} + # * {PublicPolicyException} # * {RecursiveInvocationException} # * {RequestTooLargeException} # * {ResourceConflictException} @@ -577,6 +578,26 @@ def message end end + class PublicPolicyException < ServiceError + + # @param [Seahorse::Client::RequestContext] context + # @param [String] message + # @param [Aws::Lambda::Types::PublicPolicyException] data + def initialize(context, message, data = Aws::EmptyStructure.new) + super(context, message, data) + end + + # @return [String] + def type + @data[:type] + end + + # @return [String] + def message + @message || @data[:message] + end + end + class RecursiveInvocationException < ServiceError # @param [Seahorse::Client::RequestContext] context diff --git a/gems/aws-sdk-lambda/lib/aws-sdk-lambda/plugins/endpoints.rb b/gems/aws-sdk-lambda/lib/aws-sdk-lambda/plugins/endpoints.rb index 2af73a9146a..4a5dbc1e5cd 100644 --- a/gems/aws-sdk-lambda/lib/aws-sdk-lambda/plugins/endpoints.rb +++ b/gems/aws-sdk-lambda/lib/aws-sdk-lambda/plugins/endpoints.rb @@ -101,6 +101,8 @@ def parameters_for_operation(context) Aws::Lambda::Endpoints::DeleteLayerVersion.build(context) when :delete_provisioned_concurrency_config Aws::Lambda::Endpoints::DeleteProvisionedConcurrencyConfig.build(context) + when :delete_resource_policy + Aws::Lambda::Endpoints::DeleteResourcePolicy.build(context) when :get_account_settings Aws::Lambda::Endpoints::GetAccountSettings.build(context) when :get_alias @@ -133,6 +135,10 @@ def parameters_for_operation(context) Aws::Lambda::Endpoints::GetPolicy.build(context) when :get_provisioned_concurrency_config Aws::Lambda::Endpoints::GetProvisionedConcurrencyConfig.build(context) + when :get_public_access_block_config + Aws::Lambda::Endpoints::GetPublicAccessBlockConfig.build(context) + when :get_resource_policy + Aws::Lambda::Endpoints::GetResourcePolicy.build(context) when :get_runtime_management_config Aws::Lambda::Endpoints::GetRuntimeManagementConfig.build(context) when :invoke @@ -179,6 +185,10 @@ def parameters_for_operation(context) Aws::Lambda::Endpoints::PutFunctionRecursionConfig.build(context) when :put_provisioned_concurrency_config Aws::Lambda::Endpoints::PutProvisionedConcurrencyConfig.build(context) + when :put_public_access_block_config + Aws::Lambda::Endpoints::PutPublicAccessBlockConfig.build(context) + when :put_resource_policy + Aws::Lambda::Endpoints::PutResourcePolicy.build(context) when :put_runtime_management_config Aws::Lambda::Endpoints::PutRuntimeManagementConfig.build(context) when :remove_layer_version_permission diff --git a/gems/aws-sdk-lambda/lib/aws-sdk-lambda/types.rb b/gems/aws-sdk-lambda/lib/aws-sdk-lambda/types.rb index ffe9627a0ef..d692815ea23 100644 --- a/gems/aws-sdk-lambda/lib/aws-sdk-lambda/types.rb +++ b/gems/aws-sdk-lambda/lib/aws-sdk-lambda/types.rb @@ -1532,6 +1532,28 @@ class DeleteProvisionedConcurrencyConfigRequest < Struct.new( include Aws::Structure end + # @!attribute [rw] resource_arn + # The Amazon Resource Name (ARN) of the function you want to delete + # the policy from. You can use either a qualified or an unqualified + # ARN, but the value you specify must be a complete ARN and wildcard + # characters are not accepted. + # @return [String] + # + # @!attribute [rw] revision_id + # Delete the existing policy only if its revision ID matches the + # string you specify. To find the revision ID of the policy currently + # attached to your function, use the GetResourcePolicy action. + # @return [String] + # + # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/DeleteResourcePolicyRequest AWS API Documentation + # + class DeleteResourcePolicyRequest < Struct.new( + :resource_arn, + :revision_id) + SENSITIVE = [] + include Aws::Structure + end + # A configuration object that specifies the destination of an event # after Lambda processes it. # @@ -3300,6 +3322,63 @@ class GetProvisionedConcurrencyConfigResponse < Struct.new( include Aws::Structure end + # @!attribute [rw] resource_arn + # The Amazon Resource Name (ARN) of the function you want to retrieve + # public-access settings for. + # @return [String] + # + # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/GetPublicAccessBlockConfigRequest AWS API Documentation + # + class GetPublicAccessBlockConfigRequest < Struct.new( + :resource_arn) + SENSITIVE = [] + include Aws::Structure + end + + # @!attribute [rw] public_access_block_config + # The public-access settings configured for the function you specified + # @return [Types::PublicAccessBlockConfig] + # + # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/GetPublicAccessBlockConfigResponse AWS API Documentation + # + class GetPublicAccessBlockConfigResponse < Struct.new( + :public_access_block_config) + SENSITIVE = [] + include Aws::Structure + end + + # @!attribute [rw] resource_arn + # The Amazon Resource Name (ARN) of the function you want to retrieve + # the policy for. You can use either a qualified or an unqualified + # ARN, but the value you specify must be a complete ARN and wildcard + # characters are not accepted. + # @return [String] + # + # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/GetResourcePolicyRequest AWS API Documentation + # + class GetResourcePolicyRequest < Struct.new( + :resource_arn) + SENSITIVE = [] + include Aws::Structure + end + + # @!attribute [rw] policy + # The resource-based policy attached to the function you specified. + # @return [String] + # + # @!attribute [rw] revision_id + # The revision ID of the policy. + # @return [String] + # + # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/GetResourcePolicyResponse AWS API Documentation + # + class GetResourcePolicyResponse < Struct.new( + :policy, + :revision_id) + SENSITIVE = [] + include Aws::Structure + end + # @!attribute [rw] function_name # The name or ARN of the Lambda function. # @@ -4951,6 +5030,52 @@ class ProvisionedConcurrencyConfigNotFoundException < Struct.new( include Aws::Structure end + # An object that defines the public-access settings for a function. + # + # @!attribute [rw] block_public_policy + # To block the creation of resource-based policies that would grant + # public access to your function, set `BlockPublicPolicy` to `true`. + # To allow the creation of resource-based policies that would grant + # public access to your function, set `BlockPublicPolicy` to `false`. + # @return [Boolean] + # + # @!attribute [rw] restrict_public_resource + # To block public access to your function, even if its resource-based + # policy allows it, set `RestrictPublicResource` to `true`. To allow + # public access to a function with a resource-based policy that + # permits it, set `RestrictPublicResource` to `false`. + # @return [Boolean] + # + # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/PublicAccessBlockConfig AWS API Documentation + # + class PublicAccessBlockConfig < Struct.new( + :block_public_policy, + :restrict_public_resource) + SENSITIVE = [] + include Aws::Structure + end + + # Lambda prevented your policy from being created because it would grant + # public access to your function. If you intended to create a public + # policy, use the PutPublicAccessBlockConfig API action to configure + # your function's public-access settings to allow public policies. + # + # @!attribute [rw] type + # The exception type. + # @return [String] + # + # @!attribute [rw] message + # @return [String] + # + # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/PublicPolicyException AWS API Documentation + # + class PublicPolicyException < Struct.new( + :type, + :message) + SENSITIVE = [] + include Aws::Structure + end + # @!attribute [rw] layer_name # The name or Amazon Resource Name (ARN) of the layer. # @return [String] @@ -5435,6 +5560,103 @@ class PutProvisionedConcurrencyConfigResponse < Struct.new( include Aws::Structure end + # @!attribute [rw] resource_arn + # The Amazon Resource Name (ARN) of the function you want to configure + # public-access settings for. Public-access settings are applied at + # the function level, so you can't apply different settings to + # function versions or aliases. + # @return [String] + # + # @!attribute [rw] public_access_block_config + # An object defining the public-access settings you want to apply. + # + # To block the creation of resource-based policies that would grant + # public access to your function, set `BlockPublicPolicy` to `true`. + # To allow the creation of resource-based policies that would grant + # public access to your function, set `BlockPublicPolicy` to `false`. + # + # To block public access to your function, even if its resource-based + # policy allows it, set `RestrictPublicResource` to `true`. To allow + # public access to a function with a resource-based policy that + # permits it, set `RestrictPublicResource` to `false`. + # + # The default setting for both `BlockPublicPolicy` and + # `RestrictPublicResource` is `true`. + # @return [Types::PublicAccessBlockConfig] + # + # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/PutPublicAccessBlockConfigRequest AWS API Documentation + # + class PutPublicAccessBlockConfigRequest < Struct.new( + :resource_arn, + :public_access_block_config) + SENSITIVE = [] + include Aws::Structure + end + + # @!attribute [rw] public_access_block_config + # The public-access settings Lambda applied to your function. + # @return [Types::PublicAccessBlockConfig] + # + # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/PutPublicAccessBlockConfigResponse AWS API Documentation + # + class PutPublicAccessBlockConfigResponse < Struct.new( + :public_access_block_config) + SENSITIVE = [] + include Aws::Structure + end + + # @!attribute [rw] resource_arn + # The Amazon Resource Name (ARN) of the function you want to add the + # policy to. You can use either a qualified or an unqualified ARN, but + # the value you specify must be a complete ARN and wildcard characters + # are not accepted. + # @return [String] + # + # @!attribute [rw] policy + # The JSON resource-based policy you want to add to your function. + # + # To learn more about creating resource-based policies for controlling + # access to Lambda, see [Working with resource-based IAM policies in + # Lambda][1] in the *Lambda Developer Guide*. + # + # + # + # [1]: https://docs.aws.amazon.com/ + # @return [String] + # + # @!attribute [rw] revision_id + # Replace the existing policy only if its revision ID matches the + # string you specify. To find the revision ID of the policy currently + # attached to your function, use the GetResourcePolicy action. + # @return [String] + # + # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/PutResourcePolicyRequest AWS API Documentation + # + class PutResourcePolicyRequest < Struct.new( + :resource_arn, + :policy, + :revision_id) + SENSITIVE = [] + include Aws::Structure + end + + # @!attribute [rw] policy + # The policy Lambda added to your function. + # @return [String] + # + # @!attribute [rw] revision_id + # The revision ID of the policy Lambda added to your function. + # @return [String] + # + # @see http://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/PutResourcePolicyResponse AWS API Documentation + # + class PutResourcePolicyResponse < Struct.new( + :policy, + :revision_id) + SENSITIVE = [] + include Aws::Structure + end + # @!attribute [rw] function_name # The name or ARN of the Lambda function. # diff --git a/gems/aws-sdk-lambda/sig/client.rbs b/gems/aws-sdk-lambda/sig/client.rbs index 8c2537023cd..a021014ec01 100644 --- a/gems/aws-sdk-lambda/sig/client.rbs +++ b/gems/aws-sdk-lambda/sig/client.rbs @@ -471,6 +471,13 @@ module Aws ) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure] | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure] + # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/Lambda/Client.html#delete_resource_policy-instance_method + def delete_resource_policy: ( + resource_arn: ::String, + ?revision_id: ::String + ) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure] + | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure] + interface _GetAccountSettingsResponseSuccess include ::Seahorse::Client::_ResponseSuccess[Types::GetAccountSettingsResponse] def account_limit: () -> Types::AccountLimit @@ -745,6 +752,27 @@ module Aws ) -> _GetProvisionedConcurrencyConfigResponseSuccess | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _GetProvisionedConcurrencyConfigResponseSuccess + interface _GetPublicAccessBlockConfigResponseSuccess + include ::Seahorse::Client::_ResponseSuccess[Types::GetPublicAccessBlockConfigResponse] + def public_access_block_config: () -> Types::PublicAccessBlockConfig + end + # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/Lambda/Client.html#get_public_access_block_config-instance_method + def get_public_access_block_config: ( + resource_arn: ::String + ) -> _GetPublicAccessBlockConfigResponseSuccess + | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _GetPublicAccessBlockConfigResponseSuccess + + interface _GetResourcePolicyResponseSuccess + include ::Seahorse::Client::_ResponseSuccess[Types::GetResourcePolicyResponse] + def policy: () -> ::String + def revision_id: () -> ::String + end + # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/Lambda/Client.html#get_resource_policy-instance_method + def get_resource_policy: ( + resource_arn: ::String + ) -> _GetResourcePolicyResponseSuccess + | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _GetResourcePolicyResponseSuccess + interface _GetRuntimeManagementConfigResponseSuccess include ::Seahorse::Client::_ResponseSuccess[Types::GetRuntimeManagementConfigResponse] def update_runtime_on: () -> ("Auto" | "Manual" | "FunctionUpdate") @@ -1116,6 +1144,33 @@ module Aws ) -> _PutProvisionedConcurrencyConfigResponseSuccess | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _PutProvisionedConcurrencyConfigResponseSuccess + interface _PutPublicAccessBlockConfigResponseSuccess + include ::Seahorse::Client::_ResponseSuccess[Types::PutPublicAccessBlockConfigResponse] + def public_access_block_config: () -> Types::PublicAccessBlockConfig + end + # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/Lambda/Client.html#put_public_access_block_config-instance_method + def put_public_access_block_config: ( + resource_arn: ::String, + public_access_block_config: { + block_public_policy: bool?, + restrict_public_resource: bool? + } + ) -> _PutPublicAccessBlockConfigResponseSuccess + | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _PutPublicAccessBlockConfigResponseSuccess + + interface _PutResourcePolicyResponseSuccess + include ::Seahorse::Client::_ResponseSuccess[Types::PutResourcePolicyResponse] + def policy: () -> ::String + def revision_id: () -> ::String + end + # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/Lambda/Client.html#put_resource_policy-instance_method + def put_resource_policy: ( + resource_arn: ::String, + policy: ::String, + ?revision_id: ::String + ) -> _PutResourcePolicyResponseSuccess + | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _PutResourcePolicyResponseSuccess + interface _PutRuntimeManagementConfigResponseSuccess include ::Seahorse::Client::_ResponseSuccess[Types::PutRuntimeManagementConfigResponse] def update_runtime_on: () -> ("Auto" | "Manual" | "FunctionUpdate") diff --git a/gems/aws-sdk-lambda/sig/errors.rbs b/gems/aws-sdk-lambda/sig/errors.rbs index e08e0243b9b..0e00520a8a3 100644 --- a/gems/aws-sdk-lambda/sig/errors.rbs +++ b/gems/aws-sdk-lambda/sig/errors.rbs @@ -112,6 +112,10 @@ module Aws def type: () -> ::String def message: () -> ::String end + class PublicPolicyException < ::Aws::Errors::ServiceError + def type: () -> ::String + def message: () -> ::String + end class RecursiveInvocationException < ::Aws::Errors::ServiceError def type: () -> ::String def message: () -> ::String diff --git a/gems/aws-sdk-lambda/sig/types.rbs b/gems/aws-sdk-lambda/sig/types.rbs index c2a649f5a84..ba78fd6b80e 100644 --- a/gems/aws-sdk-lambda/sig/types.rbs +++ b/gems/aws-sdk-lambda/sig/types.rbs @@ -293,6 +293,12 @@ module Aws::Lambda SENSITIVE: [] end + class DeleteResourcePolicyRequest + attr_accessor resource_arn: ::String + attr_accessor revision_id: ::String + SENSITIVE: [] + end + class DestinationConfig attr_accessor on_success: Types::OnSuccess attr_accessor on_failure: Types::OnFailure @@ -677,6 +683,27 @@ module Aws::Lambda SENSITIVE: [] end + class GetPublicAccessBlockConfigRequest + attr_accessor resource_arn: ::String + SENSITIVE: [] + end + + class GetPublicAccessBlockConfigResponse + attr_accessor public_access_block_config: Types::PublicAccessBlockConfig + SENSITIVE: [] + end + + class GetResourcePolicyRequest + attr_accessor resource_arn: ::String + SENSITIVE: [] + end + + class GetResourcePolicyResponse + attr_accessor policy: ::String + attr_accessor revision_id: ::String + SENSITIVE: [] + end + class GetRuntimeManagementConfigRequest attr_accessor function_name: ::String attr_accessor qualifier: ::String @@ -1085,6 +1112,18 @@ module Aws::Lambda SENSITIVE: [] end + class PublicAccessBlockConfig + attr_accessor block_public_policy: bool + attr_accessor restrict_public_resource: bool + SENSITIVE: [] + end + + class PublicPolicyException + attr_accessor type: ::String + attr_accessor message: ::String + SENSITIVE: [] + end + class PublishLayerVersionRequest attr_accessor layer_name: ::String attr_accessor description: ::String @@ -1171,6 +1210,30 @@ module Aws::Lambda SENSITIVE: [] end + class PutPublicAccessBlockConfigRequest + attr_accessor resource_arn: ::String + attr_accessor public_access_block_config: Types::PublicAccessBlockConfig + SENSITIVE: [] + end + + class PutPublicAccessBlockConfigResponse + attr_accessor public_access_block_config: Types::PublicAccessBlockConfig + SENSITIVE: [] + end + + class PutResourcePolicyRequest + attr_accessor resource_arn: ::String + attr_accessor policy: ::String + attr_accessor revision_id: ::String + SENSITIVE: [] + end + + class PutResourcePolicyResponse + attr_accessor policy: ::String + attr_accessor revision_id: ::String + SENSITIVE: [] + end + class PutRuntimeManagementConfigRequest attr_accessor function_name: ::String attr_accessor qualifier: ::String diff --git a/gems/aws-sdk-rds/CHANGELOG.md b/gems/aws-sdk-rds/CHANGELOG.md index 84fec75706a..617007ce495 100644 --- a/gems/aws-sdk-rds/CHANGELOG.md +++ b/gems/aws-sdk-rds/CHANGELOG.md @@ -1,6 +1,11 @@ Unreleased Changes ------------------ +1.247.0 (2024-09-17) +------------------ + +* Feature - Updates Amazon RDS documentation with configuration information about the BYOL model for RDS for Db2. + 1.246.0 (2024-09-16) ------------------ diff --git a/gems/aws-sdk-rds/VERSION b/gems/aws-sdk-rds/VERSION index b563216e5c9..b68c3465bb1 100644 --- a/gems/aws-sdk-rds/VERSION +++ b/gems/aws-sdk-rds/VERSION @@ -1 +1 @@ -1.246.0 +1.247.0 diff --git a/gems/aws-sdk-rds/lib/aws-sdk-rds.rb b/gems/aws-sdk-rds/lib/aws-sdk-rds.rb index 985a23a908f..b759fc05df5 100644 --- a/gems/aws-sdk-rds/lib/aws-sdk-rds.rb +++ b/gems/aws-sdk-rds/lib/aws-sdk-rds.rb @@ -78,6 +78,6 @@ # @!group service module Aws::RDS - GEM_VERSION = '1.246.0' + GEM_VERSION = '1.247.0' end diff --git a/gems/aws-sdk-rds/lib/aws-sdk-rds/client.rb b/gems/aws-sdk-rds/lib/aws-sdk-rds/client.rb index c0ca7b16663..f64bd9ee9e9 100644 --- a/gems/aws-sdk-rds/lib/aws-sdk-rds/client.rb +++ b/gems/aws-sdk-rds/lib/aws-sdk-rds/client.rb @@ -4927,10 +4927,12 @@ def create_db_cluster_snapshot(params = {}, options = {}) # The license model information for this DB instance. # # License models for RDS for Db2 require additional configuration. The - # Bring Your Own License (BYOL) model requires a custom parameter group. - # The Db2 license through Amazon Web Services Marketplace model requires - # an Amazon Web Services Marketplace subscription. For more information, - # see [RDS for Db2 licensing options][1] in the *Amazon RDS User Guide*. + # Bring Your Own License (BYOL) model requires a custom parameter group + # and an Amazon Web Services License Manager self-managed license. The + # Db2 license through Amazon Web Services Marketplace model requires an + # Amazon Web Services Marketplace subscription. For more information, + # see [Amazon RDS for Db2 licensing options][1] in the *Amazon RDS User + # Guide*. # # The default for RDS for Db2 is `bring-your-own-license`. # @@ -26827,10 +26829,12 @@ def restore_db_cluster_to_point_in_time(params = {}, options = {}) # License model information for the restored DB instance. # # License models for RDS for Db2 require additional configuration. The - # Bring Your Own License (BYOL) model requires a custom parameter group. - # The Db2 license through Amazon Web Services Marketplace model requires - # an Amazon Web Services Marketplace subscription. For more information, - # see [RDS for Db2 licensing options][1] in the *Amazon RDS User Guide*. + # Bring Your Own License (BYOL) model requires a custom parameter group + # and an Amazon Web Services License Manager self-managed license. The + # Db2 license through Amazon Web Services Marketplace model requires an + # Amazon Web Services Marketplace subscription. For more information, + # see [Amazon RDS for Db2 licensing options][1] in the *Amazon RDS User + # Guide*. # # # @@ -28520,10 +28524,12 @@ def restore_db_instance_from_s3(params = {}, options = {}) # The license model information for the restored DB instance. # # License models for RDS for Db2 require additional configuration. The - # Bring Your Own License (BYOL) model requires a custom parameter group. - # The Db2 license through Amazon Web Services Marketplace model requires - # an Amazon Web Services Marketplace subscription. For more information, - # see [RDS for Db2 licensing options][1] in the *Amazon RDS User Guide*. + # Bring Your Own License (BYOL) model requires a custom parameter group + # and an Amazon Web Services License Manager self-managed license. The + # Db2 license through Amazon Web Services Marketplace model requires an + # Amazon Web Services Marketplace subscription. For more information, + # see [Amazon RDS for Db2 licensing options][1] in the *Amazon RDS User + # Guide*. # # # @@ -31414,7 +31420,7 @@ def build_request(operation_name, params = {}) tracer: tracer ) context[:gem_name] = 'aws-sdk-rds' - context[:gem_version] = '1.246.0' + context[:gem_version] = '1.247.0' Seahorse::Client::Request.new(handlers, context) end diff --git a/gems/aws-sdk-rds/lib/aws-sdk-rds/db_instance.rb b/gems/aws-sdk-rds/lib/aws-sdk-rds/db_instance.rb index 36203804b5d..3088f8991b7 100644 --- a/gems/aws-sdk-rds/lib/aws-sdk-rds/db_instance.rb +++ b/gems/aws-sdk-rds/lib/aws-sdk-rds/db_instance.rb @@ -1617,10 +1617,12 @@ def wait_until(options = {}, &block) # The license model information for this DB instance. # # License models for RDS for Db2 require additional configuration. The - # Bring Your Own License (BYOL) model requires a custom parameter group. - # The Db2 license through Amazon Web Services Marketplace model requires - # an Amazon Web Services Marketplace subscription. For more information, - # see [RDS for Db2 licensing options][1] in the *Amazon RDS User Guide*. + # Bring Your Own License (BYOL) model requires a custom parameter group + # and an Amazon Web Services License Manager self-managed license. The + # Db2 license through Amazon Web Services Marketplace model requires an + # Amazon Web Services Marketplace subscription. For more information, + # see [Amazon RDS for Db2 licensing options][1] in the *Amazon RDS User + # Guide*. # # The default for RDS for Db2 is `bring-your-own-license`. # @@ -4358,10 +4360,12 @@ def reboot(options = {}) # The license model information for the restored DB instance. # # License models for RDS for Db2 require additional configuration. The - # Bring Your Own License (BYOL) model requires a custom parameter group. - # The Db2 license through Amazon Web Services Marketplace model requires - # an Amazon Web Services Marketplace subscription. For more information, - # see [RDS for Db2 licensing options][1] in the *Amazon RDS User Guide*. + # Bring Your Own License (BYOL) model requires a custom parameter group + # and an Amazon Web Services License Manager self-managed license. The + # Db2 license through Amazon Web Services Marketplace model requires an + # Amazon Web Services Marketplace subscription. For more information, + # see [Amazon RDS for Db2 licensing options][1] in the *Amazon RDS User + # Guide*. # # # diff --git a/gems/aws-sdk-rds/lib/aws-sdk-rds/db_snapshot.rb b/gems/aws-sdk-rds/lib/aws-sdk-rds/db_snapshot.rb index a98f3693b42..2e21dd97b3a 100644 --- a/gems/aws-sdk-rds/lib/aws-sdk-rds/db_snapshot.rb +++ b/gems/aws-sdk-rds/lib/aws-sdk-rds/db_snapshot.rb @@ -804,10 +804,12 @@ def delete(options = {}) # License model information for the restored DB instance. # # License models for RDS for Db2 require additional configuration. The - # Bring Your Own License (BYOL) model requires a custom parameter group. - # The Db2 license through Amazon Web Services Marketplace model requires - # an Amazon Web Services Marketplace subscription. For more information, - # see [RDS for Db2 licensing options][1] in the *Amazon RDS User Guide*. + # Bring Your Own License (BYOL) model requires a custom parameter group + # and an Amazon Web Services License Manager self-managed license. The + # Db2 license through Amazon Web Services Marketplace model requires an + # Amazon Web Services Marketplace subscription. For more information, + # see [Amazon RDS for Db2 licensing options][1] in the *Amazon RDS User + # Guide*. # # # diff --git a/gems/aws-sdk-rds/lib/aws-sdk-rds/resource.rb b/gems/aws-sdk-rds/lib/aws-sdk-rds/resource.rb index fcc71e44bf4..0b430d472f9 100644 --- a/gems/aws-sdk-rds/lib/aws-sdk-rds/resource.rb +++ b/gems/aws-sdk-rds/lib/aws-sdk-rds/resource.rb @@ -1748,10 +1748,12 @@ def create_db_cluster_parameter_group(options = {}) # The license model information for this DB instance. # # License models for RDS for Db2 require additional configuration. The - # Bring Your Own License (BYOL) model requires a custom parameter group. - # The Db2 license through Amazon Web Services Marketplace model requires - # an Amazon Web Services Marketplace subscription. For more information, - # see [RDS for Db2 licensing options][1] in the *Amazon RDS User Guide*. + # Bring Your Own License (BYOL) model requires a custom parameter group + # and an Amazon Web Services License Manager self-managed license. The + # Db2 license through Amazon Web Services Marketplace model requires an + # Amazon Web Services Marketplace subscription. For more information, + # see [Amazon RDS for Db2 licensing options][1] in the *Amazon RDS User + # Guide*. # # The default for RDS for Db2 is `bring-your-own-license`. # diff --git a/gems/aws-sdk-rds/lib/aws-sdk-rds/types.rb b/gems/aws-sdk-rds/lib/aws-sdk-rds/types.rb index 87d1c71f5af..9bd3a7895fb 100644 --- a/gems/aws-sdk-rds/lib/aws-sdk-rds/types.rb +++ b/gems/aws-sdk-rds/lib/aws-sdk-rds/types.rb @@ -3953,10 +3953,11 @@ class CreateDBClusterSnapshotResult < Struct.new( # # License models for RDS for Db2 require additional configuration. The # Bring Your Own License (BYOL) model requires a custom parameter - # group. The Db2 license through Amazon Web Services Marketplace model - # requires an Amazon Web Services Marketplace subscription. For more - # information, see [RDS for Db2 licensing options][1] in the *Amazon - # RDS User Guide*. + # group and an Amazon Web Services License Manager self-managed + # license. The Db2 license through Amazon Web Services Marketplace + # model requires an Amazon Web Services Marketplace subscription. For + # more information, see [Amazon RDS for Db2 licensing options][1] in + # the *Amazon RDS User Guide*. # # The default for RDS for Db2 is `bring-your-own-license`. # @@ -24171,10 +24172,11 @@ class RestoreDBClusterToPointInTimeResult < Struct.new( # # License models for RDS for Db2 require additional configuration. The # Bring Your Own License (BYOL) model requires a custom parameter - # group. The Db2 license through Amazon Web Services Marketplace model - # requires an Amazon Web Services Marketplace subscription. For more - # information, see [RDS for Db2 licensing options][1] in the *Amazon - # RDS User Guide*. + # group and an Amazon Web Services License Manager self-managed + # license. The Db2 license through Amazon Web Services Marketplace + # model requires an Amazon Web Services Marketplace subscription. For + # more information, see [Amazon RDS for Db2 licensing options][1] in + # the *Amazon RDS User Guide*. # # # @@ -25577,10 +25579,11 @@ class RestoreDBInstanceFromS3Result < Struct.new( # # License models for RDS for Db2 require additional configuration. The # Bring Your Own License (BYOL) model requires a custom parameter - # group. The Db2 license through Amazon Web Services Marketplace model - # requires an Amazon Web Services Marketplace subscription. For more - # information, see [RDS for Db2 licensing options][1] in the *Amazon - # RDS User Guide*. + # group and an Amazon Web Services License Manager self-managed + # license. The Db2 license through Amazon Web Services Marketplace + # model requires an Amazon Web Services Marketplace subscription. For + # more information, see [Amazon RDS for Db2 licensing options][1] in + # the *Amazon RDS User Guide*. # # # diff --git a/gems/aws-sdk-ssm/CHANGELOG.md b/gems/aws-sdk-ssm/CHANGELOG.md index 9a6395ce749..6cd8d7c75ac 100644 --- a/gems/aws-sdk-ssm/CHANGELOG.md +++ b/gems/aws-sdk-ssm/CHANGELOG.md @@ -1,6 +1,11 @@ Unreleased Changes ------------------ +1.179.0 (2024-09-17) +------------------ + +* Feature - Support for additional levels of cross-account, cross-Region organizational units in Automation. Various documentation updates. + 1.178.0 (2024-09-11) ------------------ diff --git a/gems/aws-sdk-ssm/VERSION b/gems/aws-sdk-ssm/VERSION index ce71127a17e..396441d8423 100644 --- a/gems/aws-sdk-ssm/VERSION +++ b/gems/aws-sdk-ssm/VERSION @@ -1 +1 @@ -1.178.0 +1.179.0 diff --git a/gems/aws-sdk-ssm/lib/aws-sdk-ssm.rb b/gems/aws-sdk-ssm/lib/aws-sdk-ssm.rb index a1006c05500..9610935962b 100644 --- a/gems/aws-sdk-ssm/lib/aws-sdk-ssm.rb +++ b/gems/aws-sdk-ssm/lib/aws-sdk-ssm.rb @@ -53,6 +53,6 @@ # @!group service module Aws::SSM - GEM_VERSION = '1.178.0' + GEM_VERSION = '1.179.0' end diff --git a/gems/aws-sdk-ssm/lib/aws-sdk-ssm/client.rb b/gems/aws-sdk-ssm/lib/aws-sdk-ssm/client.rb index bcd068d34e8..1e3cfe1b1d5 100644 --- a/gems/aws-sdk-ssm/lib/aws-sdk-ssm/client.rb +++ b/gems/aws-sdk-ssm/lib/aws-sdk-ssm/client.rb @@ -678,9 +678,9 @@ def cancel_maintenance_window_execution(params = {}, options = {}) # capabilities. You use the activation code and ID when installing SSM # Agent on machines in your hybrid environment. For more information # about requirements for managing on-premises machines using Systems - # Manager, see [Setting up Amazon Web Services Systems Manager for - # hybrid and multicloud environments][1] in the *Amazon Web Services - # Systems Manager User Guide*. + # Manager, see [Using Amazon Web Services Systems Manager in hybrid and + # multicloud environments][1] in the *Amazon Web Services Systems + # Manager User Guide*. # # Amazon Elastic Compute Cloud (Amazon EC2) instances, edge devices, and # on-premises servers and VMs that are configured for Systems Manager @@ -690,7 +690,7 @@ def cancel_maintenance_window_execution(params = {}, options = {}) # # # - # [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-managedinstances.html + # [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-hybrid-multicloud.html # # @option params [String] :description # A user-defined description of the resource that you want to register @@ -710,9 +710,9 @@ def cancel_maintenance_window_execution(params = {}, options = {}) # want to assign to the managed node. This IAM role must provide # AssumeRole permissions for the Amazon Web Services Systems Manager # service principal `ssm.amazonaws.com`. For more information, see - # [Create an IAM service role for a hybrid and multicloud - # environment][1] in the *Amazon Web Services Systems Manager User - # Guide*. + # [Create the IAM service role required for Systems Manager in a hybrid + # and multicloud environments][1] in the *Amazon Web Services Systems + # Manager User Guide*. # # You can't specify an IAM service-linked role for this parameter. You # must create a unique role. @@ -721,7 +721,7 @@ def cancel_maintenance_window_execution(params = {}, options = {}) # # # - # [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-service-role.html + # [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/hybrid-multicloud-service-role.html # # @option params [Integer] :registration_limit # Specify the maximum number of managed nodes you want to register. The @@ -729,7 +729,7 @@ def cancel_maintenance_window_execution(params = {}, options = {}) # # @option params [Time,DateTime,Date,Integer,String] :expiration_date # The date by which this activation request should expire, in timestamp - # format, such as "2021-07-07T00:00:00". You can specify a date up to + # format, such as "2024-07-07T00:00:00". You can specify a date up to # 30 days in advance. If you don't provide an expiration date, the # activation code expires in 24 hours. # @@ -876,9 +876,10 @@ def create_activation(params = {}, options = {}) # Amazon Web Services account, or individual managed node IDs. You can # target all managed nodes in an Amazon Web Services account by # specifying the `InstanceIds` key with a value of `*`. For more - # information about choosing targets for an association, see [About - # targets and rate controls in State Manager associations][1] in the - # *Amazon Web Services Systems Manager User Guide*. + # information about choosing targets for an association, see + # [Understanding targets and rate controls in State Manager + # associations][1] in the *Amazon Web Services Systems Manager User + # Guide*. # # # @@ -1072,6 +1073,16 @@ def create_activation(params = {}, options = {}) # }, # ], # }, + # include_child_organization_units: false, + # exclude_accounts: ["ExcludeAccount"], + # targets: [ + # { + # key: "TargetKey", + # values: ["TargetValue"], + # }, + # ], + # targets_max_concurrency: "MaxConcurrency", + # targets_max_errors: "MaxErrors", # }, # ], # schedule_offset: 1, @@ -1147,6 +1158,15 @@ def create_activation(params = {}, options = {}) # resp.association_description.target_locations[0].target_location_alarm_configuration.ignore_poll_alarm_failure #=> Boolean # resp.association_description.target_locations[0].target_location_alarm_configuration.alarms #=> Array # resp.association_description.target_locations[0].target_location_alarm_configuration.alarms[0].name #=> String + # resp.association_description.target_locations[0].include_child_organization_units #=> Boolean + # resp.association_description.target_locations[0].exclude_accounts #=> Array + # resp.association_description.target_locations[0].exclude_accounts[0] #=> String + # resp.association_description.target_locations[0].targets #=> Array + # resp.association_description.target_locations[0].targets[0].key #=> String + # resp.association_description.target_locations[0].targets[0].values #=> Array + # resp.association_description.target_locations[0].targets[0].values[0] #=> String + # resp.association_description.target_locations[0].targets_max_concurrency #=> String + # resp.association_description.target_locations[0].targets_max_errors #=> String # resp.association_description.schedule_offset #=> Integer # resp.association_description.duration #=> Integer # resp.association_description.target_maps #=> Array @@ -1237,6 +1257,16 @@ def create_association(params = {}, options = {}) # }, # ], # }, + # include_child_organization_units: false, + # exclude_accounts: ["ExcludeAccount"], + # targets: [ + # { + # key: "TargetKey", + # values: ["TargetValue"], + # }, + # ], + # targets_max_concurrency: "MaxConcurrency", + # targets_max_errors: "MaxErrors", # }, # ], # schedule_offset: 1, @@ -1309,6 +1339,15 @@ def create_association(params = {}, options = {}) # resp.successful[0].target_locations[0].target_location_alarm_configuration.ignore_poll_alarm_failure #=> Boolean # resp.successful[0].target_locations[0].target_location_alarm_configuration.alarms #=> Array # resp.successful[0].target_locations[0].target_location_alarm_configuration.alarms[0].name #=> String + # resp.successful[0].target_locations[0].include_child_organization_units #=> Boolean + # resp.successful[0].target_locations[0].exclude_accounts #=> Array + # resp.successful[0].target_locations[0].exclude_accounts[0] #=> String + # resp.successful[0].target_locations[0].targets #=> Array + # resp.successful[0].target_locations[0].targets[0].key #=> String + # resp.successful[0].target_locations[0].targets[0].values #=> Array + # resp.successful[0].target_locations[0].targets[0].values[0] #=> String + # resp.successful[0].target_locations[0].targets_max_concurrency #=> String + # resp.successful[0].target_locations[0].targets_max_errors #=> String # resp.successful[0].schedule_offset #=> Integer # resp.successful[0].duration #=> Integer # resp.successful[0].target_maps #=> Array @@ -1356,6 +1395,15 @@ def create_association(params = {}, options = {}) # resp.failed[0].entry.target_locations[0].target_location_alarm_configuration.ignore_poll_alarm_failure #=> Boolean # resp.failed[0].entry.target_locations[0].target_location_alarm_configuration.alarms #=> Array # resp.failed[0].entry.target_locations[0].target_location_alarm_configuration.alarms[0].name #=> String + # resp.failed[0].entry.target_locations[0].include_child_organization_units #=> Boolean + # resp.failed[0].entry.target_locations[0].exclude_accounts #=> Array + # resp.failed[0].entry.target_locations[0].exclude_accounts[0] #=> String + # resp.failed[0].entry.target_locations[0].targets #=> Array + # resp.failed[0].entry.target_locations[0].targets[0].key #=> String + # resp.failed[0].entry.target_locations[0].targets[0].values #=> Array + # resp.failed[0].entry.target_locations[0].targets[0].values[0] #=> String + # resp.failed[0].entry.target_locations[0].targets_max_concurrency #=> String + # resp.failed[0].entry.target_locations[0].targets_max_errors #=> String # resp.failed[0].entry.schedule_offset #=> Integer # resp.failed[0].entry.duration #=> Integer # resp.failed[0].entry.target_maps #=> Array @@ -1386,7 +1434,7 @@ def create_association_batch(params = {}, options = {}) # # # - # [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-ssm-docs.html + # [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/documents.html # # @option params [required, String] :content # The content for the new SSM document in JSON or YAML format. The @@ -2021,7 +2069,7 @@ def create_ops_metadata(params = {}, options = {}) # A list of explicitly approved patches for the baseline. # # For information about accepted formats for lists of approved patches - # and rejected patches, see [About package name formats for approved and + # and rejected patches, see [Package name formats for approved and # rejected patch lists][1] in the *Amazon Web Services Systems Manager # User Guide*. # @@ -2043,7 +2091,7 @@ def create_ops_metadata(params = {}, options = {}) # A list of explicitly rejected patches for the baseline. # # For information about accepted formats for lists of approved patches - # and rejected patches, see [About package name formats for approved and + # and rejected patches, see [Package name formats for approved and # rejected patch lists][1] in the *Amazon Web Services Systems Manager # User Guide*. # @@ -2186,7 +2234,7 @@ def create_patch_baseline(params = {}, options = {}) # You can configure Systems Manager Inventory to use the # `SyncToDestination` type to synchronize Inventory data from multiple # Amazon Web Services Regions to a single Amazon Simple Storage Service - # (Amazon S3) bucket. For more information, see [Configuring resource + # (Amazon S3) bucket. For more information, see [Creatinga a resource # data sync for Inventory][1] in the *Amazon Web Services Systems # Manager User Guide*. # @@ -2214,7 +2262,7 @@ def create_patch_baseline(params = {}, options = {}) # # # - # [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-inventory-datasync.html + # [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/inventory-create-resource-data-sync.html # [2]: https://docs.aws.amazon.com/systems-manager/latest/userguide/Explorer-resource-data-sync.html # # @option params [required, String] :sync_name @@ -3022,6 +3070,15 @@ def describe_activations(params = {}, options = {}) # resp.association_description.target_locations[0].target_location_alarm_configuration.ignore_poll_alarm_failure #=> Boolean # resp.association_description.target_locations[0].target_location_alarm_configuration.alarms #=> Array # resp.association_description.target_locations[0].target_location_alarm_configuration.alarms[0].name #=> String + # resp.association_description.target_locations[0].include_child_organization_units #=> Boolean + # resp.association_description.target_locations[0].exclude_accounts #=> Array + # resp.association_description.target_locations[0].exclude_accounts[0] #=> String + # resp.association_description.target_locations[0].targets #=> Array + # resp.association_description.target_locations[0].targets[0].key #=> String + # resp.association_description.target_locations[0].targets[0].values #=> Array + # resp.association_description.target_locations[0].targets[0].values[0] #=> String + # resp.association_description.target_locations[0].targets_max_concurrency #=> String + # resp.association_description.target_locations[0].targets_max_errors #=> String # resp.association_description.schedule_offset #=> Integer # resp.association_description.duration #=> Integer # resp.association_description.target_maps #=> Array @@ -3270,6 +3327,7 @@ def describe_association_executions(params = {}, options = {}) # resp.automation_execution_metadata_list[0].triggered_alarms #=> Array # resp.automation_execution_metadata_list[0].triggered_alarms[0].name #=> String # resp.automation_execution_metadata_list[0].triggered_alarms[0].state #=> String, one of "UNKNOWN", "ALARM" + # resp.automation_execution_metadata_list[0].target_locations_url #=> String # resp.automation_execution_metadata_list[0].automation_subtype #=> String, one of "ChangeRequest" # resp.automation_execution_metadata_list[0].scheduled_time #=> Time # resp.automation_execution_metadata_list[0].runbooks #=> Array @@ -3300,6 +3358,15 @@ def describe_association_executions(params = {}, options = {}) # resp.automation_execution_metadata_list[0].runbooks[0].target_locations[0].target_location_alarm_configuration.ignore_poll_alarm_failure #=> Boolean # resp.automation_execution_metadata_list[0].runbooks[0].target_locations[0].target_location_alarm_configuration.alarms #=> Array # resp.automation_execution_metadata_list[0].runbooks[0].target_locations[0].target_location_alarm_configuration.alarms[0].name #=> String + # resp.automation_execution_metadata_list[0].runbooks[0].target_locations[0].include_child_organization_units #=> Boolean + # resp.automation_execution_metadata_list[0].runbooks[0].target_locations[0].exclude_accounts #=> Array + # resp.automation_execution_metadata_list[0].runbooks[0].target_locations[0].exclude_accounts[0] #=> String + # resp.automation_execution_metadata_list[0].runbooks[0].target_locations[0].targets #=> Array + # resp.automation_execution_metadata_list[0].runbooks[0].target_locations[0].targets[0].key #=> String + # resp.automation_execution_metadata_list[0].runbooks[0].target_locations[0].targets[0].values #=> Array + # resp.automation_execution_metadata_list[0].runbooks[0].target_locations[0].targets[0].values[0] #=> String + # resp.automation_execution_metadata_list[0].runbooks[0].target_locations[0].targets_max_concurrency #=> String + # resp.automation_execution_metadata_list[0].runbooks[0].target_locations[0].targets_max_errors #=> String # resp.automation_execution_metadata_list[0].ops_item_id #=> String # resp.automation_execution_metadata_list[0].association_id #=> String # resp.automation_execution_metadata_list[0].change_request_name #=> String @@ -3407,6 +3474,15 @@ def describe_automation_executions(params = {}, options = {}) # resp.step_executions[0].target_location.target_location_alarm_configuration.ignore_poll_alarm_failure #=> Boolean # resp.step_executions[0].target_location.target_location_alarm_configuration.alarms #=> Array # resp.step_executions[0].target_location.target_location_alarm_configuration.alarms[0].name #=> String + # resp.step_executions[0].target_location.include_child_organization_units #=> Boolean + # resp.step_executions[0].target_location.exclude_accounts #=> Array + # resp.step_executions[0].target_location.exclude_accounts[0] #=> String + # resp.step_executions[0].target_location.targets #=> Array + # resp.step_executions[0].target_location.targets[0].key #=> String + # resp.step_executions[0].target_location.targets[0].values #=> Array + # resp.step_executions[0].target_location.targets[0].values[0] #=> String + # resp.step_executions[0].target_location.targets_max_concurrency #=> String + # resp.step_executions[0].target_location.targets_max_errors #=> String # resp.step_executions[0].triggered_alarms #=> Array # resp.step_executions[0].triggered_alarms[0].name #=> String # resp.step_executions[0].triggered_alarms[0].state #=> String, one of "UNKNOWN", "ALARM" @@ -4191,9 +4267,8 @@ def describe_instance_patch_states_for_patch_group(params = {}, options = {}) # Sample values: `Installed` \| `InstalledOther` \| # `InstalledPendingReboot` # - # For lists of all `State` values, see [Understanding patch compliance - # state values][1] in the *Amazon Web Services Systems Manager User - # Guide*. + # For lists of all `State` values, see [Patch compliance state + # values][1] in the *Amazon Web Services Systems Manager User Guide*. # # # @@ -4551,7 +4626,7 @@ def describe_maintenance_window_execution_tasks(params = {}, options = {}) # # * Values. An array of strings, each between 1 and 256 characters. # Supported values are date/time strings in a valid ISO 8601 date/time - # format, such as `2021-11-04T05:00:00Z`. + # format, such as `2024-11-04T05:00:00Z`. # # @option params [Integer] :max_results # The maximum number of items to return for this call. The call also @@ -5659,6 +5734,15 @@ def disassociate_ops_item_related_item(params = {}, options = {}) # resp.automation_execution.step_executions[0].target_location.target_location_alarm_configuration.ignore_poll_alarm_failure #=> Boolean # resp.automation_execution.step_executions[0].target_location.target_location_alarm_configuration.alarms #=> Array # resp.automation_execution.step_executions[0].target_location.target_location_alarm_configuration.alarms[0].name #=> String + # resp.automation_execution.step_executions[0].target_location.include_child_organization_units #=> Boolean + # resp.automation_execution.step_executions[0].target_location.exclude_accounts #=> Array + # resp.automation_execution.step_executions[0].target_location.exclude_accounts[0] #=> String + # resp.automation_execution.step_executions[0].target_location.targets #=> Array + # resp.automation_execution.step_executions[0].target_location.targets[0].key #=> String + # resp.automation_execution.step_executions[0].target_location.targets[0].values #=> Array + # resp.automation_execution.step_executions[0].target_location.targets[0].values[0] #=> String + # resp.automation_execution.step_executions[0].target_location.targets_max_concurrency #=> String + # resp.automation_execution.step_executions[0].target_location.targets_max_errors #=> String # resp.automation_execution.step_executions[0].triggered_alarms #=> Array # resp.automation_execution.step_executions[0].triggered_alarms[0].name #=> String # resp.automation_execution.step_executions[0].triggered_alarms[0].state #=> String, one of "UNKNOWN", "ALARM" @@ -5706,6 +5790,15 @@ def disassociate_ops_item_related_item(params = {}, options = {}) # resp.automation_execution.target_locations[0].target_location_alarm_configuration.ignore_poll_alarm_failure #=> Boolean # resp.automation_execution.target_locations[0].target_location_alarm_configuration.alarms #=> Array # resp.automation_execution.target_locations[0].target_location_alarm_configuration.alarms[0].name #=> String + # resp.automation_execution.target_locations[0].include_child_organization_units #=> Boolean + # resp.automation_execution.target_locations[0].exclude_accounts #=> Array + # resp.automation_execution.target_locations[0].exclude_accounts[0] #=> String + # resp.automation_execution.target_locations[0].targets #=> Array + # resp.automation_execution.target_locations[0].targets[0].key #=> String + # resp.automation_execution.target_locations[0].targets[0].values #=> Array + # resp.automation_execution.target_locations[0].targets[0].values[0] #=> String + # resp.automation_execution.target_locations[0].targets_max_concurrency #=> String + # resp.automation_execution.target_locations[0].targets_max_errors #=> String # resp.automation_execution.progress_counters.total_steps #=> Integer # resp.automation_execution.progress_counters.success_steps #=> Integer # resp.automation_execution.progress_counters.failed_steps #=> Integer @@ -5717,6 +5810,7 @@ def disassociate_ops_item_related_item(params = {}, options = {}) # resp.automation_execution.triggered_alarms #=> Array # resp.automation_execution.triggered_alarms[0].name #=> String # resp.automation_execution.triggered_alarms[0].state #=> String, one of "UNKNOWN", "ALARM" + # resp.automation_execution.target_locations_url #=> String # resp.automation_execution.automation_subtype #=> String, one of "ChangeRequest" # resp.automation_execution.scheduled_time #=> Time # resp.automation_execution.runbooks #=> Array @@ -5747,6 +5841,15 @@ def disassociate_ops_item_related_item(params = {}, options = {}) # resp.automation_execution.runbooks[0].target_locations[0].target_location_alarm_configuration.ignore_poll_alarm_failure #=> Boolean # resp.automation_execution.runbooks[0].target_locations[0].target_location_alarm_configuration.alarms #=> Array # resp.automation_execution.runbooks[0].target_locations[0].target_location_alarm_configuration.alarms[0].name #=> String + # resp.automation_execution.runbooks[0].target_locations[0].include_child_organization_units #=> Boolean + # resp.automation_execution.runbooks[0].target_locations[0].exclude_accounts #=> Array + # resp.automation_execution.runbooks[0].target_locations[0].exclude_accounts[0] #=> String + # resp.automation_execution.runbooks[0].target_locations[0].targets #=> Array + # resp.automation_execution.runbooks[0].target_locations[0].targets[0].key #=> String + # resp.automation_execution.runbooks[0].target_locations[0].targets[0].values #=> Array + # resp.automation_execution.runbooks[0].target_locations[0].targets[0].values[0] #=> String + # resp.automation_execution.runbooks[0].target_locations[0].targets_max_concurrency #=> String + # resp.automation_execution.runbooks[0].target_locations[0].targets_max_errors #=> String # resp.automation_execution.ops_item_id #=> String # resp.automation_execution.association_id #=> String # resp.automation_execution.change_request_name #=> String @@ -6894,7 +6997,7 @@ def get_ops_summary(params = {}, options = {}) # # # - # [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/sharing.html + # [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-shared-parameters.html # # @option params [Boolean] :with_decryption # Return decrypted values for secure string parameters. This flag is @@ -7554,6 +7657,15 @@ def label_parameter_version(params = {}, options = {}) # resp.association_versions[0].target_locations[0].target_location_alarm_configuration.ignore_poll_alarm_failure #=> Boolean # resp.association_versions[0].target_locations[0].target_location_alarm_configuration.alarms #=> Array # resp.association_versions[0].target_locations[0].target_location_alarm_configuration.alarms[0].name #=> String + # resp.association_versions[0].target_locations[0].include_child_organization_units #=> Boolean + # resp.association_versions[0].target_locations[0].exclude_accounts #=> Array + # resp.association_versions[0].target_locations[0].exclude_accounts[0] #=> String + # resp.association_versions[0].target_locations[0].targets #=> Array + # resp.association_versions[0].target_locations[0].targets[0].key #=> String + # resp.association_versions[0].target_locations[0].targets[0].values #=> Array + # resp.association_versions[0].target_locations[0].targets[0].values[0] #=> String + # resp.association_versions[0].target_locations[0].targets_max_concurrency #=> String + # resp.association_versions[0].target_locations[0].targets_max_errors #=> String # resp.association_versions[0].schedule_offset #=> Integer # resp.association_versions[0].duration #=> Integer # resp.association_versions[0].target_maps #=> Array @@ -9500,7 +9612,7 @@ def register_target_with_maintenance_window(params = {}, options = {}) # creating a custom policy and custom service role for running your # maintenance window tasks. The policy can be crafted to provide only # the permissions needed for your particular maintenance window tasks. - # For more information, see [Setting up maintenance windows][1] in the + # For more information, see [Setting up Maintenance Windows][1] in the # in the *Amazon Web Services Systems Manager User Guide*. # # @@ -10254,6 +10366,9 @@ def start_associations_once(params = {}, options = {}) # A key-value mapping to target resources. Required if you specify # TargetParameterName. # + # If both this parameter and the `TargetLocation:Targets` parameter are + # supplied, `TargetLocation:Targets` takes precedence. + # # @option params [Array] :target_maps # A key-value mapping of document parameters to target resources. Both # Targets and TargetMaps can't be specified together. @@ -10263,6 +10378,9 @@ def start_associations_once(params = {}, options = {}) # You can specify a number, such as 10, or a percentage, such as 10%. # The default value is `10`. # + # If both this parameter and the `TargetLocation:TargetsMaxConcurrency` + # are supplied, `TargetLocation:TargetsMaxConcurrency` takes precedence. + # # @option params [String] :max_errors # The number of errors that are allowed before the system stops running # the automation on additional targets. You can specify either an @@ -10281,14 +10399,17 @@ def start_associations_once(params = {}, options = {}) # max-errors failed executions, set max-concurrency to 1 so the # executions proceed one at a time. # + # If this parameter and the `TargetLocation:TargetsMaxErrors` parameter + # are both supplied, `TargetLocation:TargetsMaxErrors` takes precedence. + # # @option params [Array] :target_locations # A location is a combination of Amazon Web Services Regions and/or # Amazon Web Services accounts where you want to run the automation. Use # this operation to start an automation in multiple Amazon Web Services # Regions and multiple Amazon Web Services accounts. For more - # information, see [Running Automation workflows in multiple Amazon Web - # Services Regions and Amazon Web Services accounts][1] in the *Amazon - # Web Services Systems Manager User Guide*. + # information, see [Running automations in multiple Amazon Web Services + # Regions and accounts][1] in the *Amazon Web Services Systems Manager + # User Guide*. # # # @@ -10314,6 +10435,11 @@ def start_associations_once(params = {}, options = {}) # @option params [Types::AlarmConfiguration] :alarm_configuration # The CloudWatch alarm you want to apply to your automation. # + # @option params [String] :target_locations_url + # Specify a publicly accessible URL for a file that contains the + # `TargetLocations` body. Currently, only files in presigned Amazon S3 + # buckets are supported. + # # @return [Types::StartAutomationExecutionResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::StartAutomationExecutionResult#automation_execution_id #automation_execution_id} => String @@ -10357,6 +10483,16 @@ def start_associations_once(params = {}, options = {}) # }, # ], # }, + # include_child_organization_units: false, + # exclude_accounts: ["ExcludeAccount"], + # targets: [ + # { + # key: "TargetKey", + # values: ["TargetValue"], + # }, + # ], + # targets_max_concurrency: "MaxConcurrency", + # targets_max_errors: "MaxErrors", # }, # ], # tags: [ @@ -10373,6 +10509,7 @@ def start_associations_once(params = {}, options = {}) # }, # ], # }, + # target_locations_url: "TargetLocationsURL", # }) # # @example Response structure @@ -10522,6 +10659,16 @@ def start_automation_execution(params = {}, options = {}) # }, # ], # }, + # include_child_organization_units: false, + # exclude_accounts: ["ExcludeAccount"], + # targets: [ + # { + # key: "TargetKey", + # values: ["TargetValue"], + # }, + # ], + # targets_max_concurrency: "MaxConcurrency", + # targets_max_errors: "MaxErrors", # }, # ], # }, @@ -11005,6 +11152,16 @@ def unlabel_parameter_version(params = {}, options = {}) # }, # ], # }, + # include_child_organization_units: false, + # exclude_accounts: ["ExcludeAccount"], + # targets: [ + # { + # key: "TargetKey", + # values: ["TargetValue"], + # }, + # ], + # targets_max_concurrency: "MaxConcurrency", + # targets_max_errors: "MaxErrors", # }, # ], # schedule_offset: 1, @@ -11074,6 +11231,15 @@ def unlabel_parameter_version(params = {}, options = {}) # resp.association_description.target_locations[0].target_location_alarm_configuration.ignore_poll_alarm_failure #=> Boolean # resp.association_description.target_locations[0].target_location_alarm_configuration.alarms #=> Array # resp.association_description.target_locations[0].target_location_alarm_configuration.alarms[0].name #=> String + # resp.association_description.target_locations[0].include_child_organization_units #=> Boolean + # resp.association_description.target_locations[0].exclude_accounts #=> Array + # resp.association_description.target_locations[0].exclude_accounts[0] #=> String + # resp.association_description.target_locations[0].targets #=> Array + # resp.association_description.target_locations[0].targets[0].key #=> String + # resp.association_description.target_locations[0].targets[0].values #=> Array + # resp.association_description.target_locations[0].targets[0].values[0] #=> String + # resp.association_description.target_locations[0].targets_max_concurrency #=> String + # resp.association_description.target_locations[0].targets_max_errors #=> String # resp.association_description.schedule_offset #=> Integer # resp.association_description.duration #=> Integer # resp.association_description.target_maps #=> Array @@ -11180,6 +11346,15 @@ def update_association(params = {}, options = {}) # resp.association_description.target_locations[0].target_location_alarm_configuration.ignore_poll_alarm_failure #=> Boolean # resp.association_description.target_locations[0].target_location_alarm_configuration.alarms #=> Array # resp.association_description.target_locations[0].target_location_alarm_configuration.alarms[0].name #=> String + # resp.association_description.target_locations[0].include_child_organization_units #=> Boolean + # resp.association_description.target_locations[0].exclude_accounts #=> Array + # resp.association_description.target_locations[0].exclude_accounts[0] #=> String + # resp.association_description.target_locations[0].targets #=> Array + # resp.association_description.target_locations[0].targets[0].key #=> String + # resp.association_description.target_locations[0].targets[0].values #=> Array + # resp.association_description.target_locations[0].targets[0].values[0] #=> String + # resp.association_description.target_locations[0].targets_max_concurrency #=> String + # resp.association_description.target_locations[0].targets_max_errors #=> String # resp.association_description.schedule_offset #=> Integer # resp.association_description.duration #=> Integer # resp.association_description.target_maps #=> Array @@ -11728,7 +11903,7 @@ def update_maintenance_window_target(params = {}, options = {}) # creating a custom policy and custom service role for running your # maintenance window tasks. The policy can be crafted to provide only # the permissions needed for your particular maintenance window tasks. - # For more information, see [Setting up maintenance windows][1] in the + # For more information, see [Setting up Maintenance Windows][1] in the # in the *Amazon Web Services Systems Manager User Guide*. # # @@ -12032,9 +12207,9 @@ def update_maintenance_window_task(params = {}, options = {}) # want to assign to the managed node. This IAM role must provide # AssumeRole permissions for the Amazon Web Services Systems Manager # service principal `ssm.amazonaws.com`. For more information, see - # [Create an IAM service role for a hybrid and multicloud - # environment][1] in the *Amazon Web Services Systems Manager User - # Guide*. + # [Create the IAM service role required for Systems Manager in hybrid + # and multicloud environments][1] in the *Amazon Web Services Systems + # Manager User Guide*. # # You can't specify an IAM service-linked role for this parameter. You # must create a unique role. @@ -12043,7 +12218,7 @@ def update_maintenance_window_task(params = {}, options = {}) # # # - # [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-service-role.html + # [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/hybrid-multicloud-service-role.html # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # @@ -12134,9 +12309,8 @@ def update_managed_instance_role(params = {}, options = {}) # impacted resource. # # @option params [String] :status - # The OpsItem status. Status can be `Open`, `In Progress`, or - # `Resolved`. For more information, see [Editing OpsItem details][1] in - # the *Amazon Web Services Systems Manager User Guide*. + # The OpsItem status. For more information, see [Editing OpsItem + # details][1] in the *Amazon Web Services Systems Manager User Guide*. # # # @@ -12285,7 +12459,7 @@ def update_ops_metadata(params = {}, options = {}) # A list of explicitly approved patches for the baseline. # # For information about accepted formats for lists of approved patches - # and rejected patches, see [About package name formats for approved and + # and rejected patches, see [Package name formats for approved and # rejected patch lists][1] in the *Amazon Web Services Systems Manager # User Guide*. # @@ -12305,7 +12479,7 @@ def update_ops_metadata(params = {}, options = {}) # A list of explicitly rejected patches for the baseline. # # For information about accepted formats for lists of approved patches - # and rejected patches, see [About package name formats for approved and + # and rejected patches, see [Package name formats for approved and # rejected patch lists][1] in the *Amazon Web Services Systems Manager # User Guide*. # @@ -12627,7 +12801,7 @@ def build_request(operation_name, params = {}) tracer: tracer ) context[:gem_name] = 'aws-sdk-ssm' - context[:gem_version] = '1.178.0' + context[:gem_version] = '1.179.0' Seahorse::Client::Request.new(handlers, context) end diff --git a/gems/aws-sdk-ssm/lib/aws-sdk-ssm/client_api.rb b/gems/aws-sdk-ssm/lib/aws-sdk-ssm/client_api.rb index a0a8d44fbc3..f58649a5201 100644 --- a/gems/aws-sdk-ssm/lib/aws-sdk-ssm/client_api.rb +++ b/gems/aws-sdk-ssm/lib/aws-sdk-ssm/client_api.rb @@ -394,6 +394,8 @@ module ClientApi EffectivePatch = Shapes::StructureShape.new(name: 'EffectivePatch') EffectivePatchList = Shapes::ListShape.new(name: 'EffectivePatchList') ErrorCount = Shapes::IntegerShape.new(name: 'ErrorCount') + ExcludeAccount = Shapes::StringShape.new(name: 'ExcludeAccount') + ExcludeAccounts = Shapes::ListShape.new(name: 'ExcludeAccounts') ExecutionMode = Shapes::StringShape.new(name: 'ExecutionMode') ExecutionRoleName = Shapes::StringShape.new(name: 'ExecutionRoleName') ExpirationDate = Shapes::TimestampShape.new(name: 'ExpirationDate') @@ -1170,6 +1172,7 @@ module ClientApi TargetKey = Shapes::StringShape.new(name: 'TargetKey') TargetLocation = Shapes::StructureShape.new(name: 'TargetLocation') TargetLocations = Shapes::ListShape.new(name: 'TargetLocations') + TargetLocationsURL = Shapes::StringShape.new(name: 'TargetLocationsURL') TargetMap = Shapes::MapShape.new(name: 'TargetMap') TargetMapKey = Shapes::StringShape.new(name: 'TargetMapKey') TargetMapValue = Shapes::StringShape.new(name: 'TargetMapValue') @@ -1500,6 +1503,7 @@ module ClientApi AutomationExecution.add_member(:progress_counters, Shapes::ShapeRef.new(shape: ProgressCounters, location_name: "ProgressCounters")) AutomationExecution.add_member(:alarm_configuration, Shapes::ShapeRef.new(shape: AlarmConfiguration, location_name: "AlarmConfiguration")) AutomationExecution.add_member(:triggered_alarms, Shapes::ShapeRef.new(shape: AlarmStateInformationList, location_name: "TriggeredAlarms")) + AutomationExecution.add_member(:target_locations_url, Shapes::ShapeRef.new(shape: TargetLocationsURL, location_name: "TargetLocationsURL")) AutomationExecution.add_member(:automation_subtype, Shapes::ShapeRef.new(shape: AutomationSubtype, location_name: "AutomationSubtype")) AutomationExecution.add_member(:scheduled_time, Shapes::ShapeRef.new(shape: DateTime, location_name: "ScheduledTime")) AutomationExecution.add_member(:runbooks, Shapes::ShapeRef.new(shape: Runbooks, location_name: "Runbooks")) @@ -1544,6 +1548,7 @@ module ClientApi AutomationExecutionMetadata.add_member(:automation_type, Shapes::ShapeRef.new(shape: AutomationType, location_name: "AutomationType")) AutomationExecutionMetadata.add_member(:alarm_configuration, Shapes::ShapeRef.new(shape: AlarmConfiguration, location_name: "AlarmConfiguration")) AutomationExecutionMetadata.add_member(:triggered_alarms, Shapes::ShapeRef.new(shape: AlarmStateInformationList, location_name: "TriggeredAlarms")) + AutomationExecutionMetadata.add_member(:target_locations_url, Shapes::ShapeRef.new(shape: TargetLocationsURL, location_name: "TargetLocationsURL")) AutomationExecutionMetadata.add_member(:automation_subtype, Shapes::ShapeRef.new(shape: AutomationSubtype, location_name: "AutomationSubtype")) AutomationExecutionMetadata.add_member(:scheduled_time, Shapes::ShapeRef.new(shape: DateTime, location_name: "ScheduledTime")) AutomationExecutionMetadata.add_member(:runbooks, Shapes::ShapeRef.new(shape: Runbooks, location_name: "Runbooks")) @@ -2489,6 +2494,8 @@ module ClientApi EffectivePatchList.member = Shapes::ShapeRef.new(shape: EffectivePatch) + ExcludeAccounts.member = Shapes::ShapeRef.new(shape: ExcludeAccount) + FailedCreateAssociation.add_member(:entry, Shapes::ShapeRef.new(shape: CreateAssociationBatchRequestEntry, location_name: "Entry")) FailedCreateAssociation.add_member(:message, Shapes::ShapeRef.new(shape: BatchErrorMessage, location_name: "Message")) FailedCreateAssociation.add_member(:fault, Shapes::ShapeRef.new(shape: Fault, location_name: "Fault")) @@ -4437,6 +4444,7 @@ module ClientApi StartAutomationExecutionRequest.add_member(:target_locations, Shapes::ShapeRef.new(shape: TargetLocations, location_name: "TargetLocations", metadata: {"box"=>true})) StartAutomationExecutionRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, location_name: "Tags")) StartAutomationExecutionRequest.add_member(:alarm_configuration, Shapes::ShapeRef.new(shape: AlarmConfiguration, location_name: "AlarmConfiguration")) + StartAutomationExecutionRequest.add_member(:target_locations_url, Shapes::ShapeRef.new(shape: TargetLocationsURL, location_name: "TargetLocationsURL")) StartAutomationExecutionRequest.struct_class = Types::StartAutomationExecutionRequest StartAutomationExecutionResult.add_member(:automation_execution_id, Shapes::ShapeRef.new(shape: AutomationExecutionId, location_name: "AutomationExecutionId")) @@ -4537,6 +4545,11 @@ module ClientApi TargetLocation.add_member(:target_location_max_errors, Shapes::ShapeRef.new(shape: MaxErrors, location_name: "TargetLocationMaxErrors", metadata: {"box"=>true})) TargetLocation.add_member(:execution_role_name, Shapes::ShapeRef.new(shape: ExecutionRoleName, location_name: "ExecutionRoleName", metadata: {"box"=>true})) TargetLocation.add_member(:target_location_alarm_configuration, Shapes::ShapeRef.new(shape: AlarmConfiguration, location_name: "TargetLocationAlarmConfiguration", metadata: {"box"=>true})) + TargetLocation.add_member(:include_child_organization_units, Shapes::ShapeRef.new(shape: Boolean, location_name: "IncludeChildOrganizationUnits")) + TargetLocation.add_member(:exclude_accounts, Shapes::ShapeRef.new(shape: ExcludeAccounts, location_name: "ExcludeAccounts")) + TargetLocation.add_member(:targets, Shapes::ShapeRef.new(shape: Targets, location_name: "Targets")) + TargetLocation.add_member(:targets_max_concurrency, Shapes::ShapeRef.new(shape: MaxConcurrency, location_name: "TargetsMaxConcurrency")) + TargetLocation.add_member(:targets_max_errors, Shapes::ShapeRef.new(shape: MaxErrors, location_name: "TargetsMaxErrors")) TargetLocation.struct_class = Types::TargetLocation TargetLocations.member = Shapes::ShapeRef.new(shape: TargetLocation) diff --git a/gems/aws-sdk-ssm/lib/aws-sdk-ssm/types.rb b/gems/aws-sdk-ssm/lib/aws-sdk-ssm/types.rb index 1d332784016..08a435024f8 100644 --- a/gems/aws-sdk-ssm/lib/aws-sdk-ssm/types.rb +++ b/gems/aws-sdk-ssm/lib/aws-sdk-ssm/types.rb @@ -1124,12 +1124,12 @@ class AttachmentInformation < Struct.new( # * For the key *SourceUrl*, the value is an S3 bucket location. For # example: # - # `"Values": [ "s3://doc-example-bucket/my-folder" ]` + # `"Values": [ "s3://amzn-s3-demo-bucket/my-prefix" ]` # # * For the key *S3FileUrl*, the value is a file in an S3 bucket. For # example: # - # `"Values": [ "s3://doc-example-bucket/my-folder/my-file.py" ]` + # `"Values": [ "s3://amzn-s3-demo-bucket/my-prefix/my-file.py" ]` # # * For the key *AttachmentReference*, the value is constructed from # the name of another SSM document in your account, a version number @@ -1326,6 +1326,12 @@ class AutomationDefinitionVersionNotFoundException < Struct.new( # The CloudWatch alarm that was invoked by the automation. # @return [Array] # + # @!attribute [rw] target_locations_url + # A publicly accessible URL for a file that contains the + # `TargetLocations` body. Currently, only files in presigned Amazon S3 + # buckets are supported + # @return [String] + # # @!attribute [rw] automation_subtype # The subtype of the Automation operation. Currently, the only # supported value is `ChangeRequest`. @@ -1394,6 +1400,7 @@ class AutomationExecution < Struct.new( :progress_counters, :alarm_configuration, :triggered_alarms, + :target_locations_url, :automation_subtype, :scheduled_time, :runbooks, @@ -1534,9 +1541,9 @@ class AutomationExecutionLimitExceededException < Struct.new( # Use this filter with DescribeAutomationExecutions. Specify either # Local or CrossAccount. CrossAccount is an Automation that runs in # multiple Amazon Web Services Regions and Amazon Web Services - # accounts. For more information, see [Running Automation workflows in - # multiple Amazon Web Services Regions and accounts][1] in the *Amazon - # Web Services Systems Manager User Guide*. + # accounts. For more information, see [Running automations in multiple + # Amazon Web Services Regions and accounts][1] in the *Amazon Web + # Services Systems Manager User Guide*. # # # @@ -1551,6 +1558,12 @@ class AutomationExecutionLimitExceededException < Struct.new( # The CloudWatch alarm that was invoked by the automation. # @return [Array] # + # @!attribute [rw] target_locations_url + # A publicly accessible URL for a file that contains the + # `TargetLocations` body. Currently, only files in presigned Amazon S3 + # buckets are supported + # @return [String] + # # @!attribute [rw] automation_subtype # The subtype of the Automation operation. Currently, the only # supported value is `ChangeRequest`. @@ -1612,6 +1625,7 @@ class AutomationExecutionMetadata < Struct.new( :automation_type, :alarm_configuration, :triggered_alarms, + :target_locations_url, :automation_subtype, :scheduled_time, :runbooks, @@ -1668,9 +1682,9 @@ class AutomationStepNotFoundException < Struct.new( # A list of explicitly approved patches for the baseline. # # For information about accepted formats for lists of approved patches - # and rejected patches, see [About package name formats for approved - # and rejected patch lists][1] in the *Amazon Web Services Systems - # Manager User Guide*. + # and rejected patches, see [Package name formats for approved and + # rejected patch lists][1] in the *Amazon Web Services Systems Manager + # User Guide*. # # # @@ -1687,9 +1701,9 @@ class AutomationStepNotFoundException < Struct.new( # A list of explicitly rejected patches for the baseline. # # For information about accepted formats for lists of approved patches - # and rejected patches, see [About package name formats for approved - # and rejected patch lists][1] in the *Amazon Web Services Systems - # Manager User Guide*. + # and rejected patches, see [Package name formats for approved and + # rejected patch lists][1] in the *Amazon Web Services Systems Manager + # User Guide*. # # # @@ -2055,11 +2069,11 @@ class Command < Struct.new( # The filter value. Valid values for each filter key are as follows: # # * **InvokedAfter**: Specify a timestamp to limit your results. For - # example, specify `2021-07-07T00:00:00Z` to see a list of command + # example, specify `2024-07-07T00:00:00Z` to see a list of command # executions occurring July 7, 2021, and later. # # * **InvokedBefore**: Specify a timestamp to limit your results. For - # example, specify `2021-07-07T00:00:00Z` to see a list of command + # example, specify `2024-07-07T00:00:00Z` to see a list of command # executions from before July 7, 2021. # # * **Status**: Specify a valid command status to see a list of all @@ -2413,12 +2427,11 @@ class CommandInvocation < Struct.new( # be stored. This was requested when issuing the command. For example, # in the following response: # - # `doc-example-bucket/ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix/i-02573cafcfEXAMPLE/awsrunShellScript` + # `amzn-s3-demo-bucket/my-prefix/i-02573cafcfEXAMPLE/awsrunShellScript` # - # `doc-example-bucket` is the name of the S3 bucket; + # `amzn-s3-demo-bucket` is the name of the S3 bucket; # - # `ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix` is the name of the S3 - # prefix; + # `my-prefix` is the name of the S3 prefix; # # `i-02573cafcfEXAMPLE` is the managed node ID; # @@ -2430,12 +2443,11 @@ class CommandInvocation < Struct.new( # command executions should be stored. This was requested when issuing # the command. For example, in the following response: # - # `doc-example-bucket/ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix/i-02573cafcfEXAMPLE/awsrunShellScript` + # `amzn-s3-demo-bucket/my-prefix/i-02573cafcfEXAMPLE/awsrunShellScript` # - # `doc-example-bucket` is the name of the S3 bucket; + # `amzn-s3-demo-bucket` is the name of the S3 bucket; # - # `ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix` is the name of the S3 - # prefix; + # `my-prefix` is the name of the S3 prefix; # # `i-02573cafcfEXAMPLE` is the managed node ID; # @@ -2707,9 +2719,9 @@ class CompliantSummary < Struct.new( # want to assign to the managed node. This IAM role must provide # AssumeRole permissions for the Amazon Web Services Systems Manager # service principal `ssm.amazonaws.com`. For more information, see - # [Create an IAM service role for a hybrid and multicloud - # environment][1] in the *Amazon Web Services Systems Manager User - # Guide*. + # [Create the IAM service role required for Systems Manager in a + # hybrid and multicloud environments][1] in the *Amazon Web Services + # Systems Manager User Guide*. # # You can't specify an IAM service-linked role for this parameter. # You must create a unique role. @@ -2718,7 +2730,7 @@ class CompliantSummary < Struct.new( # # # - # [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-service-role.html + # [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/hybrid-multicloud-service-role.html # @return [String] # # @!attribute [rw] registration_limit @@ -2728,7 +2740,7 @@ class CompliantSummary < Struct.new( # # @!attribute [rw] expiration_date # The date by which this activation request should expire, in - # timestamp format, such as "2021-07-07T00:00:00". You can specify a + # timestamp format, such as "2024-07-07T00:00:00". You can specify a # date up to 30 days in advance. If you don't provide an expiration # date, the activation code expires in 24 hours. # @return [Time] @@ -3099,9 +3111,10 @@ class CreateAssociationBatchResult < Struct.new( # in an Amazon Web Services account, or individual managed node IDs. # You can target all managed nodes in an Amazon Web Services account # by specifying the `InstanceIds` key with a value of `*`. For more - # information about choosing targets for an association, see [About - # targets and rate controls in State Manager associations][1] in the - # *Amazon Web Services Systems Manager User Guide*. + # information about choosing targets for an association, see + # [Understanding targets and rate controls in State Manager + # associations][1] in the *Amazon Web Services Systems Manager User + # Guide*. # # # @@ -3846,9 +3859,9 @@ class CreateOpsMetadataResult < Struct.new( # A list of explicitly approved patches for the baseline. # # For information about accepted formats for lists of approved patches - # and rejected patches, see [About package name formats for approved - # and rejected patch lists][1] in the *Amazon Web Services Systems - # Manager User Guide*. + # and rejected patches, see [Package name formats for approved and + # rejected patch lists][1] in the *Amazon Web Services Systems Manager + # User Guide*. # # # @@ -3871,9 +3884,9 @@ class CreateOpsMetadataResult < Struct.new( # A list of explicitly rejected patches for the baseline. # # For information about accepted formats for lists of approved patches - # and rejected patches, see [About package name formats for approved - # and rejected patch lists][1] in the *Amazon Web Services Systems - # Manager User Guide*. + # and rejected patches, see [Package name formats for approved and + # rejected patch lists][1] in the *Amazon Web Services Systems Manager + # User Guide*. # # # @@ -4178,12 +4191,12 @@ class DeleteInventoryRequest < Struct.new( # # @!attribute [rw] deletion_summary # A summary of the delete operation. For more information about this - # summary, see [Understanding the delete inventory summary][1] in the - # *Amazon Web Services Systems Manager User Guide*. + # summary, see [Deleting custom inventory][1] in the *Amazon Web + # Services Systems Manager User Guide*. # # # - # [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-inventory-custom.html#sysman-inventory-delete-summary + # [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/inventory-custom.html#delete-custom-inventory-summary # @return [Types::InventoryDeletionSummary] # # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/DeleteInventoryResult AWS API Documentation @@ -5372,9 +5385,9 @@ class DescribeInstancePatchStatesResult < Struct.new( # Sample values: `Installed` \| `InstalledOther` \| # `InstalledPendingReboot` # - # For lists of all `State` values, see [Understanding patch - # compliance state values][1] in the *Amazon Web Services Systems - # Manager User Guide*. + # For lists of all `State` values, see [Patch compliance state + # values][1] in the *Amazon Web Services Systems Manager User + # Guide*. # # # @@ -5647,7 +5660,7 @@ class DescribeMaintenanceWindowExecutionTasksResult < Struct.new( # # * Values. An array of strings, each between 1 and 256 characters. # Supported values are date/time strings in a valid ISO 8601 - # date/time format, such as `2021-11-04T05:00:00Z`. + # date/time format, such as `2024-11-04T05:00:00Z`. # @return [Array] # # @!attribute [rw] max_results @@ -8428,7 +8441,7 @@ class GetMaintenanceWindowTaskRequest < Struct.new( # creating a custom policy and custom service role for running your # maintenance window tasks. The policy can be crafted to provide only # the permissions needed for your particular maintenance window tasks. - # For more information, see [Setting up maintenance windows][1] in the + # For more information, see [Setting up Maintenance Windows][1] in the # in the *Amazon Web Services Systems Manager User Guide*. # # @@ -8749,7 +8762,7 @@ class GetParameterHistoryResult < Struct.new( # # # - # [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/sharing.html + # [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-shared-parameters.html # @return [String] # # @!attribute [rw] with_decryption @@ -9507,19 +9520,18 @@ class InstanceAssociationStatusInfo < Struct.new( # The name is specified as the `DefaultInstanceName` property using # the CreateActivation command. It is applied to the managed node by # specifying the Activation Code and Activation ID when you install - # SSM Agent on the node, as explained in [Install SSM Agent for a - # hybrid and multicloud environment (Linux)][1] and [Install SSM Agent - # for a hybrid and multicloud environment (Windows)][2]. To retrieve - # the `Name` tag of an EC2 instance, use the Amazon EC2 - # `DescribeInstances` operation. For information, see - # [DescribeInstances][3] in the *Amazon EC2 API Reference* or - # [describe-instances][4] in the *Amazon Web Services CLI Command - # Reference*. + # SSM Agent on the node, as explained in [How to install SSM Agent on + # hybrid Linux nodes][1] and [How to install SSM Agent on hybrid + # Windows Server nodes][2]. To retrieve the `Name` tag of an EC2 + # instance, use the Amazon EC2 `DescribeInstances` operation. For + # information, see [DescribeInstances][3] in the *Amazon EC2 API + # Reference* or [describe-instances][4] in the *Amazon Web Services + # CLI Command Reference*. # # # - # [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-install-managed-linux.html - # [2]: https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-install-managed-win.html + # [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/hybrid-multicloud-ssm-agent-install-linux.html + # [2]: https://docs.aws.amazon.com/systems-manager/latest/userguide/hybrid-multicloud-ssm-agent-install-windows.html # [3]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html # [4]: https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html # @return [String] @@ -9685,8 +9697,8 @@ class InstanceInformationStringFilter < Struct.new( # the patches specified by the default patch baseline. # # For more information about the `InstallOverrideList` parameter, see - # [About the `AWS-RunPatchBaseline SSM document` ][1] in the *Amazon - # Web Services Systems Manager User Guide*. + # [SSM Command document for patching: `AWS-RunPatchBaseline` ][1] in + # the *Amazon Web Services Systems Manager User Guide*. # # # @@ -10822,7 +10834,7 @@ class InventoryAggregator < Struct.new( # # # - # [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-inventory-custom.html#sysman-inventory-delete + # [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/inventory-custom.html#delete-custom-inventory # @return [Types::InventoryDeletionSummary] # # @!attribute [rw] last_status_update_time @@ -10918,7 +10930,7 @@ class InventoryDeletionSummaryItem < Struct.new( # # # - # [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-inventory-aggregate.html + # [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/inventory-aggregate.html # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/InventoryFilter AWS API Documentation @@ -12577,7 +12589,7 @@ class MaintenanceWindowLambdaParameters < Struct.new( # creating a custom policy and custom service role for running your # maintenance window tasks. The policy can be crafted to provide only # the permissions needed for your particular maintenance window tasks. - # For more information, see [Setting up maintenance windows][1] in the + # For more information, see [Setting up Maintenance Windows][1] in the # in the *Amazon Web Services Systems Manager User Guide*. # # @@ -12778,7 +12790,7 @@ class MaintenanceWindowTarget < Struct.new( # creating a custom policy and custom service role for running your # maintenance window tasks. The policy can be crafted to provide only # the permissions needed for your particular maintenance window tasks. - # For more information, see [Setting up maintenance windows][1] in the + # For more information, see [Setting up Maintenance Windows][1] in the # in the *Amazon Web Services Systems Manager User Guide*. # # @@ -13246,9 +13258,8 @@ class OpsFilter < Struct.new( # @return [Array] # # @!attribute [rw] status - # The OpsItem status. Status can be `Open`, `In Progress`, or - # `Resolved`. For more information, see [Editing OpsItem details][1] - # in the *Amazon Web Services Systems Manager User Guide*. + # The OpsItem status. For more information, see [Editing OpsItem + # details][1] in the *Amazon Web Services Systems Manager User Guide*. # # # @@ -13768,8 +13779,7 @@ class OpsItemRelatedItemsFilter < Struct.new( # @return [String] # # @!attribute [rw] status - # The OpsItem status. Status can be `Open`, `In Progress`, or - # `Resolved`. + # The OpsItem status. # @return [String] # # @!attribute [rw] ops_item_id @@ -14740,7 +14750,7 @@ class PatchBaselineIdentity < Struct.new( # # # - # [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-compliance-about.html#sysman-compliance-monitor-patch + # [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/compliance-about.html#compliance-monitor-patch # @return [String] # # @!attribute [rw] installed_time @@ -14896,26 +14906,46 @@ class PatchOrchestratorFilter < Struct.new( # For example, a value of `7` means that patches are approved seven # days after they are released. # - # This parameter is marked as not required, but your request must + # This parameter is marked as `Required: No`, but your request must # include a value for either `ApproveAfterDays` or `ApproveUntilDate`. # - # - # # Not supported for Debian Server or Ubuntu Server. + # + # Use caution when setting this value for Windows Server patch + # baselines. Because patch updates that are replaced by later updates + # are removed, setting too broad a value for this parameter can result + # in crucial patches not being installed. For more information, see + # the **Windows Server** tab in the topic [How security patches are + # selected][1] in the *Amazon Web Services Systems Manager User + # Guide*. + # + # + # + # [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-selecting-patches.html # @return [Integer] # # @!attribute [rw] approve_until_date # The cutoff date for auto approval of released patches. Any patches # released on or before this date are installed automatically. # - # Enter dates in the format `YYYY-MM-DD`. For example, `2021-12-31`. + # Enter dates in the format `YYYY-MM-DD`. For example, `2024-12-31`. # - # This parameter is marked as not required, but your request must + # This parameter is marked as `Required: No`, but your request must # include a value for either `ApproveUntilDate` or `ApproveAfterDays`. # - # - # # Not supported for Debian Server or Ubuntu Server. + # + # Use caution when setting this value for Windows Server patch + # baselines. Because patch updates that are replaced by later updates + # are removed, setting too broad a value for this parameter can result + # in crucial patches not being installed. For more information, see + # the **Windows Server** tab in the topic [How security patches are + # selected][1] in the *Amazon Web Services Systems Manager User + # Guide*. + # + # + # + # [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-selecting-patches.html # @return [String] # # @!attribute [rw] enable_non_security @@ -15772,7 +15802,7 @@ class RegisterTargetWithMaintenanceWindowResult < Struct.new( # creating a custom policy and custom service role for running your # maintenance window tasks. The policy can be crafted to provide only # the permissions needed for your particular maintenance window tasks. - # For more information, see [Setting up maintenance windows][1] in the + # For more information, see [Setting up Maintenance Windows][1] in the # in the *Amazon Web Services Systems Manager User Guide*. # # @@ -17289,12 +17319,12 @@ class Session < Struct.new( # The filter value. Valid values for each filter key are as follows: # # * InvokedAfter: Specify a timestamp to limit your results. For - # example, specify 2018-08-29T00:00:00Z to see sessions that started - # August 29, 2018, and later. + # example, specify 2024-08-29T00:00:00Z to see sessions that started + # August 29, 2024, and later. # # * InvokedBefore: Specify a timestamp to limit your results. For - # example, specify 2018-08-29T00:00:00Z to see sessions that started - # before August 29, 2018. + # example, specify 2024-08-29T00:00:00Z to see sessions that started + # before August 29, 2024. # # * Target: Specify a managed node to which session connections have # been made. @@ -17457,6 +17487,9 @@ class StartAssociationsOnceResult < Aws::EmptyStructure; end # @!attribute [rw] targets # A key-value mapping to target resources. Required if you specify # TargetParameterName. + # + # If both this parameter and the `TargetLocation:Targets` parameter + # are supplied, `TargetLocation:Targets` takes precedence. # @return [Array] # # @!attribute [rw] target_maps @@ -17468,6 +17501,10 @@ class StartAssociationsOnceResult < Aws::EmptyStructure; end # The maximum number of targets allowed to run this task in parallel. # You can specify a number, such as 10, or a percentage, such as 10%. # The default value is `10`. + # + # If both this parameter and the + # `TargetLocation:TargetsMaxConcurrency` are supplied, + # `TargetLocation:TargetsMaxConcurrency` takes precedence. # @return [String] # # @!attribute [rw] max_errors @@ -17487,6 +17524,10 @@ class StartAssociationsOnceResult < Aws::EmptyStructure; end # fail as well. If you need to ensure that there won't be more than # max-errors failed executions, set max-concurrency to 1 so the # executions proceed one at a time. + # + # If this parameter and the `TargetLocation:TargetsMaxErrors` + # parameter are both supplied, `TargetLocation:TargetsMaxErrors` takes + # precedence. # @return [String] # # @!attribute [rw] target_locations @@ -17494,9 +17535,9 @@ class StartAssociationsOnceResult < Aws::EmptyStructure; end # Amazon Web Services accounts where you want to run the automation. # Use this operation to start an automation in multiple Amazon Web # Services Regions and multiple Amazon Web Services accounts. For more - # information, see [Running Automation workflows in multiple Amazon - # Web Services Regions and Amazon Web Services accounts][1] in the - # *Amazon Web Services Systems Manager User Guide*. + # information, see [Running automations in multiple Amazon Web + # Services Regions and accounts][1] in the *Amazon Web Services + # Systems Manager User Guide*. # # # @@ -17525,6 +17566,12 @@ class StartAssociationsOnceResult < Aws::EmptyStructure; end # The CloudWatch alarm you want to apply to your automation. # @return [Types::AlarmConfiguration] # + # @!attribute [rw] target_locations_url + # Specify a publicly accessible URL for a file that contains the + # `TargetLocations` body. Currently, only files in presigned Amazon S3 + # buckets are supported. + # @return [String] + # # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/StartAutomationExecutionRequest AWS API Documentation # class StartAutomationExecutionRequest < Struct.new( @@ -17540,7 +17587,8 @@ class StartAutomationExecutionRequest < Struct.new( :max_errors, :target_locations, :tags, - :alarm_configuration) + :alarm_configuration, + :target_locations_url) SENSITIVE = [] include Aws::Structure end @@ -18130,6 +18178,39 @@ class TargetInUseException < Struct.new( # automation or command. # @return [Types::AlarmConfiguration] # + # @!attribute [rw] include_child_organization_units + # Indicates whether to include child organizational units (OUs) that + # are children of the targeted OUs. The default is `false`. + # @return [Boolean] + # + # @!attribute [rw] exclude_accounts + # Amazon Web Services accounts or organizational units to exclude as + # expanded targets. + # @return [Array] + # + # @!attribute [rw] targets + # A list of key-value mappings to target resources. If you specify + # values for this data type, you must also specify a value for + # `TargetParameterName`. + # + # This `Targets` parameter takes precedence over the + # `StartAutomationExecution:Targets` parameter if both are supplied. + # @return [Array] + # + # @!attribute [rw] targets_max_concurrency + # The maximum number of targets allowed to run this task in parallel. + # This `TargetsMaxConcurrency` takes precedence over the + # `StartAutomationExecution:MaxConcurrency` parameter if both are + # supplied. + # @return [String] + # + # @!attribute [rw] targets_max_errors + # The maximum number of errors that are allowed before the system + # stops running the automation on additional targets. This + # `TargetsMaxErrors` parameter takes precedence over the + # `StartAutomationExecution:MaxErrors` parameter if both are supplied. + # @return [String] + # # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/TargetLocation AWS API Documentation # class TargetLocation < Struct.new( @@ -18138,17 +18219,22 @@ class TargetLocation < Struct.new( :target_location_max_concurrency, :target_location_max_errors, :execution_role_name, - :target_location_alarm_configuration) + :target_location_alarm_configuration, + :include_child_organization_units, + :exclude_accounts, + :targets, + :targets_max_concurrency, + :targets_max_errors) SENSITIVE = [] include Aws::Structure end # The specified target managed node for the session isn't fully # configured for use with Session Manager. For more information, see - # [Getting started with Session Manager][1] in the *Amazon Web Services - # Systems Manager User Guide*. This error is also returned if you - # attempt to start a session on a managed node that is located in a - # different account or Region + # [Setting up Session Manager][1] in the *Amazon Web Services Systems + # Manager User Guide*. This error is also returned if you attempt to + # start a session on a managed node that is located in a different + # account or Region # # # @@ -19134,7 +19220,7 @@ class UpdateMaintenanceWindowTargetResult < Struct.new( # creating a custom policy and custom service role for running your # maintenance window tasks. The policy can be crafted to provide only # the permissions needed for your particular maintenance window tasks. - # For more information, see [Setting up maintenance windows][1] in the + # For more information, see [Setting up Maintenance Windows][1] in the # in the *Amazon Web Services Systems Manager User Guide*. # # @@ -19334,7 +19420,7 @@ class UpdateMaintenanceWindowTaskRequest < Struct.new( # creating a custom policy and custom service role for running your # maintenance window tasks. The policy can be crafted to provide only # the permissions needed for your particular maintenance window tasks. - # For more information, see [Setting up maintenance windows][1] in the + # For more information, see [Setting up Maintenance Windows][1] in the # in the *Amazon Web Services Systems Manager User Guide*. # # @@ -19433,9 +19519,9 @@ class UpdateMaintenanceWindowTaskResult < Struct.new( # want to assign to the managed node. This IAM role must provide # AssumeRole permissions for the Amazon Web Services Systems Manager # service principal `ssm.amazonaws.com`. For more information, see - # [Create an IAM service role for a hybrid and multicloud - # environment][1] in the *Amazon Web Services Systems Manager User - # Guide*. + # [Create the IAM service role required for Systems Manager in hybrid + # and multicloud environments][1] in the *Amazon Web Services Systems + # Manager User Guide*. # # You can't specify an IAM service-linked role for this parameter. # You must create a unique role. @@ -19444,7 +19530,7 @@ class UpdateMaintenanceWindowTaskResult < Struct.new( # # # - # [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-service-role.html + # [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/hybrid-multicloud-service-role.html # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/UpdateManagedInstanceRoleRequest AWS API Documentation @@ -19521,9 +19607,8 @@ class UpdateManagedInstanceRoleResult < Aws::EmptyStructure; end # @return [Array] # # @!attribute [rw] status - # The OpsItem status. Status can be `Open`, `In Progress`, or - # `Resolved`. For more information, see [Editing OpsItem details][1] - # in the *Amazon Web Services Systems Manager User Guide*. + # The OpsItem status. For more information, see [Editing OpsItem + # details][1] in the *Amazon Web Services Systems Manager User Guide*. # # # @@ -19655,9 +19740,9 @@ class UpdateOpsMetadataResult < Struct.new( # A list of explicitly approved patches for the baseline. # # For information about accepted formats for lists of approved patches - # and rejected patches, see [About package name formats for approved - # and rejected patch lists][1] in the *Amazon Web Services Systems - # Manager User Guide*. + # and rejected patches, see [Package name formats for approved and + # rejected patch lists][1] in the *Amazon Web Services Systems Manager + # User Guide*. # # # @@ -19679,9 +19764,9 @@ class UpdateOpsMetadataResult < Struct.new( # A list of explicitly rejected patches for the baseline. # # For information about accepted formats for lists of approved patches - # and rejected patches, see [About package name formats for approved - # and rejected patch lists][1] in the *Amazon Web Services Systems - # Manager User Guide*. + # and rejected patches, see [Package name formats for approved and + # rejected patch lists][1] in the *Amazon Web Services Systems Manager + # User Guide*. # # # diff --git a/gems/aws-sdk-ssm/sig/client.rbs b/gems/aws-sdk-ssm/sig/client.rbs index b1ef13b2258..e5b3fe48a70 100644 --- a/gems/aws-sdk-ssm/sig/client.rbs +++ b/gems/aws-sdk-ssm/sig/client.rbs @@ -197,7 +197,17 @@ module Aws name: ::String }, ] - }? + }?, + include_child_organization_units: bool?, + exclude_accounts: Array[::String]?, + targets: Array[ + { + key: ::String?, + values: Array[::String]? + }, + ]?, + targets_max_concurrency: ::String?, + targets_max_errors: ::String? }, ], ?schedule_offset: ::Integer, @@ -271,7 +281,17 @@ module Aws name: ::String }, ] - }? + }?, + include_child_organization_units: bool?, + exclude_accounts: Array[::String]?, + targets: Array[ + { + key: ::String?, + values: Array[::String]? + }, + ]?, + targets_max_concurrency: ::String?, + targets_max_errors: ::String? }, ]?, schedule_offset: ::Integer?, @@ -2462,7 +2482,17 @@ module Aws name: ::String }, ] - }? + }?, + include_child_organization_units: bool?, + exclude_accounts: Array[::String]?, + targets: Array[ + { + key: ::String?, + values: Array[::String]? + }, + ]?, + targets_max_concurrency: ::String?, + targets_max_errors: ::String? }, ], ?tags: Array[ @@ -2478,7 +2508,8 @@ module Aws name: ::String }, ] - } + }, + ?target_locations_url: ::String ) -> _StartAutomationExecutionResponseSuccess | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _StartAutomationExecutionResponseSuccess @@ -2526,7 +2557,17 @@ module Aws name: ::String }, ] - }? + }?, + include_child_organization_units: bool?, + exclude_accounts: Array[::String]?, + targets: Array[ + { + key: ::String?, + values: Array[::String]? + }, + ]?, + targets_max_concurrency: ::String?, + targets_max_errors: ::String? }, ]? }, @@ -2637,7 +2678,17 @@ module Aws name: ::String }, ] - }? + }?, + include_child_organization_units: bool?, + exclude_accounts: Array[::String]?, + targets: Array[ + { + key: ::String?, + values: Array[::String]? + }, + ]?, + targets_max_concurrency: ::String?, + targets_max_errors: ::String? }, ], ?schedule_offset: ::Integer, diff --git a/gems/aws-sdk-ssm/sig/types.rbs b/gems/aws-sdk-ssm/sig/types.rbs index 78fa887323a..f57b66d43fe 100644 --- a/gems/aws-sdk-ssm/sig/types.rbs +++ b/gems/aws-sdk-ssm/sig/types.rbs @@ -296,6 +296,7 @@ module Aws::SSM attr_accessor progress_counters: Types::ProgressCounters attr_accessor alarm_configuration: Types::AlarmConfiguration attr_accessor triggered_alarms: ::Array[Types::AlarmStateInformation] + attr_accessor target_locations_url: ::String attr_accessor automation_subtype: ("ChangeRequest") attr_accessor scheduled_time: ::Time attr_accessor runbooks: ::Array[Types::Runbook] @@ -342,6 +343,7 @@ module Aws::SSM attr_accessor automation_type: ("CrossAccount" | "Local") attr_accessor alarm_configuration: Types::AlarmConfiguration attr_accessor triggered_alarms: ::Array[Types::AlarmStateInformation] + attr_accessor target_locations_url: ::String attr_accessor automation_subtype: ("ChangeRequest") attr_accessor scheduled_time: ::Time attr_accessor runbooks: ::Array[Types::Runbook] @@ -3841,6 +3843,7 @@ module Aws::SSM attr_accessor target_locations: ::Array[Types::TargetLocation] attr_accessor tags: ::Array[Types::Tag] attr_accessor alarm_configuration: Types::AlarmConfiguration + attr_accessor target_locations_url: ::String SENSITIVE: [] end @@ -3959,6 +3962,11 @@ module Aws::SSM attr_accessor target_location_max_errors: ::String attr_accessor execution_role_name: ::String attr_accessor target_location_alarm_configuration: Types::AlarmConfiguration + attr_accessor include_child_organization_units: bool + attr_accessor exclude_accounts: ::Array[::String] + attr_accessor targets: ::Array[Types::Target] + attr_accessor targets_max_concurrency: ::String + attr_accessor targets_max_errors: ::String SENSITIVE: [] end diff --git a/gems/aws-sigv4/CHANGELOG.md b/gems/aws-sigv4/CHANGELOG.md index 5bf4c230cc2..2133ff93d88 100644 --- a/gems/aws-sigv4/CHANGELOG.md +++ b/gems/aws-sigv4/CHANGELOG.md @@ -1,6 +1,9 @@ Unreleased Changes ------------------ +1.10.0 (2024-09-17) +------------------ + * Feature - Remove CRT `sigv4a` signing capability. 1.9.1 (2024-07-29) diff --git a/gems/aws-sigv4/VERSION b/gems/aws-sigv4/VERSION index 9ab8337f396..81c871de46b 100644 --- a/gems/aws-sigv4/VERSION +++ b/gems/aws-sigv4/VERSION @@ -1 +1 @@ -1.9.1 +1.10.0