From f7d2cf6ed8b48b201c35341d0b6f58cf24caa983 Mon Sep 17 00:00:00 2001 From: AWS SDK for Go v2 automation user Date: Wed, 21 Aug 2024 18:13:35 +0000 Subject: [PATCH] Update API model --- codegen/sdk-codegen/aws-models/ec2.json | 105 +++++++++++++++--- .../aws-models/entityresolution.json | 2 +- codegen/sdk-codegen/aws-models/glue.json | 45 ++++++++ codegen/sdk-codegen/aws-models/lambda.json | 82 ++++++++++++-- .../sdk-codegen/aws-models/securityhub.json | 36 +++--- codegen/sdk-codegen/aws-models/ses.json | 21 +++- 6 files changed, 245 insertions(+), 46 deletions(-) diff --git a/codegen/sdk-codegen/aws-models/ec2.json b/codegen/sdk-codegen/aws-models/ec2.json index 7e0de0da2b2..d3e9270b228 100644 --- a/codegen/sdk-codegen/aws-models/ec2.json +++ b/codegen/sdk-codegen/aws-models/ec2.json @@ -13520,7 +13520,7 @@ "target": "com.amazonaws.ec2#CopyImageResult" }, "traits": { - "smithy.api#documentation": "

Initiates the copy of an AMI. You can copy an AMI from one Region to another, or from a\n Region to an Outpost. You can't copy an AMI from an Outpost to a Region, from one Outpost\n to another, or within the same Outpost. To copy an AMI to another partition, see CreateStoreImageTask.

\n

To copy an AMI from one Region to another, specify the source Region using the \n \t\tSourceRegion parameter, and specify the \n \t\tdestination Region using its endpoint. Copies of encrypted backing snapshots for\n \t\tthe AMI are encrypted. Copies of unencrypted backing snapshots remain unencrypted, \n \t\tunless you set Encrypted during the copy operation. You cannot \n \t\tcreate an unencrypted copy of an encrypted backing snapshot.

\n

To copy an AMI from a Region to an Outpost, specify the source Region using the \n \t\tSourceRegion parameter, and specify the \n \t\tARN of the destination Outpost using DestinationOutpostArn. \n \t\tBacking snapshots copied to an Outpost are encrypted by default using the default\n \t\tencryption key for the Region, or a different key that you specify in the request using \n \t\tKmsKeyId. Outposts do not support unencrypted \n \t snapshots. For more information, \n \t\t\tAmazon EBS local snapshots on Outposts in the Amazon EBS User Guide.

\n

For more information about the prerequisites and limits when copying an AMI, see Copy an AMI in the\n Amazon EC2 User Guide.

", + "smithy.api#documentation": "

Initiates an AMI copy operation. You can copy an AMI from one Region to another, or from a\n Region to an Outpost. You can't copy an AMI from an Outpost to a Region, from one Outpost to\n another, or within the same Outpost. To copy an AMI to another partition, see CreateStoreImageTask.

\n

When you copy an AMI from one Region to another, the destination Region is the \n \tcurrent Region.

\n

When you copy an AMI from a Region to an Outpost, specify the ARN of the Outpost as\n \t the destination. Backing snapshots copied to an Outpost are encrypted by default using \n \t the default encryption key for the Region or the key that you specify. Outposts do not \n \t support unencrypted snapshots.

\n

For information about the prerequisites when copying an AMI, see Copy an AMI in the Amazon EC2 User Guide.

", "smithy.api#examples": [ { "title": "To copy an AMI to another region", @@ -13557,7 +13557,7 @@ "target": "com.amazonaws.ec2#Boolean", "traits": { "aws.protocols#ec2QueryName": "Encrypted", - "smithy.api#documentation": "

Specifies whether the destination snapshots of the copied image should be encrypted. You\n can encrypt a copy of an unencrypted snapshot, but you cannot create an unencrypted copy of an\n encrypted snapshot. The default KMS key for Amazon EBS is used unless you specify a non-default\n Key Management Service (KMS) KMS key using KmsKeyId. For more information, see Amazon EBS encryption in the\n Amazon EBS User Guide.

", + "smithy.api#documentation": "

Specifies whether the destination snapshots of the copied image should be encrypted. You\n can encrypt a copy of an unencrypted snapshot, but you cannot create an unencrypted copy of an\n encrypted snapshot. The default KMS key for Amazon EBS is used unless you specify a non-default\n Key Management Service (KMS) KMS key using KmsKeyId. For more information, see Use encryption with \n EBS-backed AMIs in the Amazon EC2 User Guide.

", "smithy.api#xmlName": "encrypted" } }, @@ -22141,13 +22141,13 @@ "Metric": { "target": "com.amazonaws.ec2#MetricType", "traits": { - "smithy.api#documentation": "

The metric, aggregation-latency, indicating that network latency is aggregated for the query. This is the only supported metric.

" + "smithy.api#documentation": "

The metric used for the network performance request.

" } }, "Statistic": { "target": "com.amazonaws.ec2#StatisticType", "traits": { - "smithy.api#documentation": "

The metric data aggregation period, p50, between the specified startDate and endDate. For example, a metric of five_minutes is the median of all the data points gathered within those five minutes. p50 is the only supported metric.

" + "smithy.api#documentation": "

The metric data aggregation period, p50, between the specified startDate \n and endDate. For example, a metric of five_minutes is the median of all \n the data points gathered within those five minutes. p50 is the only supported metric.

" } }, "Period": { @@ -22192,7 +22192,7 @@ "target": "com.amazonaws.ec2#MetricType", "traits": { "aws.protocols#ec2QueryName": "Metric", - "smithy.api#documentation": "

The metric used for the network performance request. Only aggregate-latency is supported, which shows network latency during a specified period.

", + "smithy.api#documentation": "

The metric used for the network performance request.

", "smithy.api#xmlName": "metric" } }, @@ -24929,7 +24929,7 @@ "target": "smithy.api#Unit" }, "traits": { - "smithy.api#documentation": "

Deletes a security group.

\n

If you attempt to delete a security group that is associated with an instance or network interface or is\n\t\t\t referenced by another security group, the operation fails with\n\t\t\t\tDependencyViolation.

", + "smithy.api#documentation": "

Deletes a security group.

\n

If you attempt to delete a security group that is associated with an instance or network interface or is\n\t\t\t referenced by another security group in the same VPC, the operation fails with\n\t\t\t\tDependencyViolation.

", "smithy.api#examples": [ { "title": "To delete a security group", @@ -32014,7 +32014,7 @@ "Filters": { "target": "com.amazonaws.ec2#FilterList", "traits": { - "smithy.api#documentation": "

The filters.

\n ", + "smithy.api#documentation": "

The filters.

\n ", "smithy.api#xmlName": "Filter" } }, @@ -35789,7 +35789,7 @@ "target": "com.amazonaws.ec2#FilterList", "traits": { "aws.protocols#ec2QueryName": "Filter", - "smithy.api#documentation": "

One or more filters.

\n ", + "smithy.api#documentation": "

One or more filters.

\n ", "smithy.api#xmlName": "filter" } }, @@ -36810,7 +36810,7 @@ "Filters": { "target": "com.amazonaws.ec2#FilterList", "traits": { - "smithy.api#documentation": "

The filters.

\n ", + "smithy.api#documentation": "

The filters.

\n ", "smithy.api#xmlName": "Filter" } }, @@ -38610,7 +38610,7 @@ "target": "com.amazonaws.ec2#DescribeStaleSecurityGroupsResult" }, "traits": { - "smithy.api#documentation": "

Describes the stale security group rules for security groups in a specified VPC. \n Rules are stale when they reference a deleted security group in the same VPC or peered VPC. Rules can also be stale if they reference a security group in a peer VPC for which the VPC peering connection has \n been deleted.

", + "smithy.api#documentation": "

Describes the stale security group rules for security groups in a specified VPC. \n Rules are stale when they reference a deleted security group in a peered VPC. Rules can also be stale if they reference a security group in a peer VPC for which the VPC peering connection has \n been deleted.

", "smithy.api#paginated": { "inputToken": "NextToken", "outputToken": "NextToken", @@ -44023,7 +44023,7 @@ "target": "com.amazonaws.ec2#DisableSnapshotBlockPublicAccessResult" }, "traits": { - "smithy.api#documentation": "

Disables the block public access for snapshots setting at \n the account level for the specified Amazon Web Services Region. After you disable block public \n access for snapshots in a Region, users can publicly share snapshots in that Region.

\n

If block public access is enabled in block-all-sharing mode, and \n you disable block public access, all snapshots that were previously publicly shared \n are no longer treated as private and they become publicly accessible again.

\n

For more information, see \n Block public access for snapshots in the Amazon EBS User Guide .

\n

" + "smithy.api#documentation": "

Disables the block public access for snapshots setting at \n the account level for the specified Amazon Web Services Region. After you disable block public \n access for snapshots in a Region, users can publicly share snapshots in that Region.

\n \n

Enabling block public access for snapshots in block-all-sharing \n mode does not change the permissions for snapshots that are already publicly shared. \n Instead, it prevents these snapshots from be publicly visible and publicly accessible. \n Therefore, the attributes for these snapshots still indicate that they are publicly \n shared, even though they are not publicly available.

\n

If you disable block public access , these snapshots will become publicly available \n again.

\n \n

For more information, see \n Block public access for snapshots in the Amazon EBS User Guide .

\n

" } }, "com.amazonaws.ec2#DisableSnapshotBlockPublicAccessRequest": { @@ -45915,6 +45915,71 @@ } } }, + "com.amazonaws.ec2#EbsStatusDetails": { + "type": "structure", + "members": { + "ImpairedSince": { + "target": "com.amazonaws.ec2#MillisecondDateTime", + "traits": { + "aws.protocols#ec2QueryName": "ImpairedSince", + "smithy.api#documentation": "

The date and time when the attached EBS status check failed.

", + "smithy.api#xmlName": "impairedSince" + } + }, + "Name": { + "target": "com.amazonaws.ec2#StatusName", + "traits": { + "aws.protocols#ec2QueryName": "Name", + "smithy.api#documentation": "

The name of the attached EBS status check.

", + "smithy.api#xmlName": "name" + } + }, + "Status": { + "target": "com.amazonaws.ec2#StatusType", + "traits": { + "aws.protocols#ec2QueryName": "Status", + "smithy.api#documentation": "

The result of the attached EBS status check.

", + "smithy.api#xmlName": "status" + } + } + }, + "traits": { + "smithy.api#documentation": "

Describes the attached EBS status check for an instance.

" + } + }, + "com.amazonaws.ec2#EbsStatusDetailsList": { + "type": "list", + "member": { + "target": "com.amazonaws.ec2#EbsStatusDetails", + "traits": { + "smithy.api#xmlName": "item" + } + } + }, + "com.amazonaws.ec2#EbsStatusSummary": { + "type": "structure", + "members": { + "Details": { + "target": "com.amazonaws.ec2#EbsStatusDetailsList", + "traits": { + "aws.protocols#ec2QueryName": "Details", + "smithy.api#documentation": "

Details about the attached EBS status check for an instance.

", + "smithy.api#xmlName": "details" + } + }, + "Status": { + "target": "com.amazonaws.ec2#SummaryStatus", + "traits": { + "aws.protocols#ec2QueryName": "Status", + "smithy.api#documentation": "

The current status.

", + "smithy.api#xmlName": "status" + } + } + }, + "traits": { + "smithy.api#documentation": "

Provides a summary of the attached EBS volume status for an instance.

" + } + }, "com.amazonaws.ec2#Ec2InstanceConnectEndpoint": { "type": "structure", "members": { @@ -47554,7 +47619,7 @@ "target": "com.amazonaws.ec2#EnableSnapshotBlockPublicAccessResult" }, "traits": { - "smithy.api#documentation": "

Enables or modifies the block public access for snapshots \n setting at the account level for the specified Amazon Web Services Region. After you enable block \n public access for snapshots in a Region, users can no longer request public sharing \n for snapshots in that Region. Snapshots that are already publicly shared are either \n treated as private or they remain publicly shared, depending on the \n State that you specify.

\n

If block public access is enabled in block-all-sharing mode, and \n you change the mode to block-new-sharing, all snapshots that were \n previously publicly shared are no longer treated as private and they become publicly \n accessible again.

\n

For more information, see \n Block public access for snapshots in the Amazon EBS User Guide.

" + "smithy.api#documentation": "

Enables or modifies the block public access for snapshots \n setting at the account level for the specified Amazon Web Services Region. After you enable block \n public access for snapshots in a Region, users can no longer request public sharing \n for snapshots in that Region. Snapshots that are already publicly shared are either \n treated as private or they remain publicly shared, depending on the \n State that you specify.

\n \n

Enabling block public access for snapshots in block all sharing \n mode does not change the permissions for snapshots that are already publicly shared. \n Instead, it prevents these snapshots from be publicly visible and publicly accessible. \n Therefore, the attributes for these snapshots still indicate that they are publicly \n shared, even though they are not publicly available.

\n

If you later disable block public access or change the mode to block new \n sharing, these snapshots will become publicly available again.

\n \n

For more information, see \n Block public access for snapshots in the Amazon EBS User Guide.

" } }, "com.amazonaws.ec2#EnableSnapshotBlockPublicAccessRequest": { @@ -47564,7 +47629,7 @@ "target": "com.amazonaws.ec2#SnapshotBlockPublicAccessState", "traits": { "smithy.api#clientOptional": {}, - "smithy.api#documentation": "

The mode in which to enable block public access for snapshots for the Region. \n Specify one of the following values:

\n \n

\n unblocked is not a valid value for EnableSnapshotBlockPublicAccess.

", + "smithy.api#documentation": "

The mode in which to enable block public access for snapshots for the Region. \n Specify one of the following values:

\n \n

\n unblocked is not a valid value for EnableSnapshotBlockPublicAccess.

", "smithy.api#required": {} } }, @@ -61378,6 +61443,14 @@ "smithy.api#documentation": "

Reports impaired functionality that stems from issues related to the systems that\n support an instance, such as hardware failures and network connectivity problems.

", "smithy.api#xmlName": "systemStatus" } + }, + "AttachedEbsStatus": { + "target": "com.amazonaws.ec2#EbsStatusSummary", + "traits": { + "aws.protocols#ec2QueryName": "AttachedEbsStatus", + "smithy.api#documentation": "

Reports impaired functionality that stems from an attached Amazon EBS volume that is \n unreachable and unable to complete I/O operations.

", + "smithy.api#xmlName": "attachedEbsStatus" + } } }, "traits": { @@ -77899,7 +77972,7 @@ "EnableDns64": { "target": "com.amazonaws.ec2#AttributeBooleanValue", "traits": { - "smithy.api#documentation": "

Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet \n should return synthetic IPv6 addresses for IPv4-only destinations.

" + "smithy.api#documentation": "

Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet \n should return synthetic IPv6 addresses for IPv4-only destinations.

\n \n

You must first configure a NAT gateway in a public subnet (separate from the subnet containing the IPv6-only workloads). For example, the subnet containing the NAT gateway should have a 0.0.0.0/0 route pointing to the internet gateway. For more information, see Configure DNS64 and NAT64 in the Amazon VPC User Guide.

\n " } }, "PrivateDnsHostnameTypeOnLaunch": { @@ -78283,7 +78356,7 @@ "AmazonSideAsn": { "target": "com.amazonaws.ec2#Long", "traits": { - "smithy.api#documentation": "

A private Autonomous System Number (ASN) for the Amazon side of a BGP session. \n The range is 64512 to 65534 for 16-bit ASNs and 4200000000 to 4294967294 for 32-bit ASNs.

\n

The modify ASN operation is not allowed on a transit gateway with active BGP sessions. You must first delete all transit gateway attachments that have BGP configured prior to modifying the ASN on the transit gateway.

" + "smithy.api#documentation": "

A private Autonomous System Number (ASN) for the Amazon side of a BGP session. \n The range is 64512 to 65534 for 16-bit ASNs and 4200000000 to 4294967294 for 32-bit ASNs.

\n

The modify ASN operation is not allowed on a transit gateway if it has the following attachments:

\n \n

You must first delete all transit gateway attachments configured prior to modifying the ASN on\n the transit gateway.

" } } }, @@ -88806,7 +88879,7 @@ "ImageId": { "target": "com.amazonaws.ec2#ImageId", "traits": { - "smithy.api#documentation": "

The ID of the AMI in the format ami-17characters00000.

\n

Alternatively, you can specify a Systems Manager parameter, using one of the following\n formats. The Systems Manager parameter will resolve to an AMI ID on launch.

\n

To reference a public parameter:

\n \n

To reference a parameter stored in the same account:

\n \n

To reference a parameter shared from another Amazon Web Services account:

\n \n

For more information, see Use a Systems Manager parameter instead of an AMI ID in the Amazon EC2 User Guide.

\n \n

If the launch template will be used for an EC2 Fleet or Spot Fleet, note the\n following:

\n \n " + "smithy.api#documentation": "

The ID of the AMI in the format ami-0ac394d6a3example.

\n

Alternatively, you can specify a Systems Manager parameter, using one of the following\n formats. The Systems Manager parameter will resolve to an AMI ID on launch.

\n

To reference a public parameter:

\n \n

To reference a parameter stored in the same account:

\n \n

To reference a parameter shared from another Amazon Web Services account:

\n \n

For more information, see Use a Systems Manager parameter instead of an AMI ID in the Amazon EC2 User Guide.

\n \n

If the launch template will be used for an EC2 Fleet or Spot Fleet, note the\n following:

\n \n " } }, "InstanceType": { diff --git a/codegen/sdk-codegen/aws-models/entityresolution.json b/codegen/sdk-codegen/aws-models/entityresolution.json index 692e3eb224e..ef74bc38aef 100644 --- a/codegen/sdk-codegen/aws-models/entityresolution.json +++ b/codegen/sdk-codegen/aws-models/entityresolution.json @@ -5612,7 +5612,7 @@ "traits": { "smithy.api#length": { "min": 2, - "max": 25 + "max": 35 } } }, diff --git a/codegen/sdk-codegen/aws-models/glue.json b/codegen/sdk-codegen/aws-models/glue.json index c9055373e89..5871415f22a 100644 --- a/codegen/sdk-codegen/aws-models/glue.json +++ b/codegen/sdk-codegen/aws-models/glue.json @@ -9114,6 +9114,12 @@ "smithy.api#documentation": "

A mode that describes how a job was created. Valid values are:

\n \n

When the JobMode field is missing or null, SCRIPT is assigned as the default value.

" } }, + "JobRunQueuingEnabled": { + "target": "com.amazonaws.glue#NullableBoolean", + "traits": { + "smithy.api#documentation": "

Specifies whether job run queuing is enabled for the job runs for this job.

\n

A value of true means job run queuing is enabled for the job runs. If false or not populated, the job runs will not be considered for queueing.

\n

If this field does not match the value set in the job run, then the value from the job run field will be used.

" + } + }, "Description": { "target": "com.amazonaws.glue#DescriptionString", "traits": { @@ -22978,6 +22984,12 @@ "smithy.api#documentation": "

A mode that describes how a job was created. Valid values are:

\n \n

When the JobMode field is missing or null, SCRIPT is assigned as the default value.

" } }, + "JobRunQueuingEnabled": { + "target": "com.amazonaws.glue#NullableBoolean", + "traits": { + "smithy.api#documentation": "

Specifies whether job run queuing is enabled for the job runs for this job.

\n

A value of true means job run queuing is enabled for the job runs. If false or not populated, the job runs will not be considered for queueing.

\n

If this field does not match the value set in the job run, then the value from the job run field will be used.

" + } + }, "Description": { "target": "com.amazonaws.glue#DescriptionString", "traits": { @@ -23346,6 +23358,12 @@ "smithy.api#documentation": "

A mode that describes how a job was created. Valid values are:

\n \n

When the JobMode field is missing or null, SCRIPT is assigned as the default value.

" } }, + "JobRunQueuingEnabled": { + "target": "com.amazonaws.glue#NullableBoolean", + "traits": { + "smithy.api#documentation": "

Specifies whether job run queuing is enabled for the job run.

\n

A value of true means job run queuing is enabled for the job run. If false or not populated, the job run will not be considered for queueing.

" + } + }, "StartedOn": { "target": "com.amazonaws.glue#TimestampValue", "traits": { @@ -23476,6 +23494,12 @@ "traits": { "smithy.api#documentation": "

The name of an Glue usage profile associated with the job run.

" } + }, + "StateDetail": { + "target": "com.amazonaws.glue#OrchestrationMessageString", + "traits": { + "smithy.api#documentation": "

This field holds details that pertain to the state of a job run. The field is nullable.

\n

For example, when a job run is in a WAITING state as a result of job run queuing, the field has the reason why the job run is in that state.

" + } } }, "traits": { @@ -23562,6 +23586,12 @@ "smithy.api#documentation": "

A mode that describes how a job was created. Valid values are:

\n \n

When the JobMode field is missing or null, SCRIPT is assigned as the default value.

" } }, + "JobRunQueuingEnabled": { + "target": "com.amazonaws.glue#NullableBoolean", + "traits": { + "smithy.api#documentation": "

Specifies whether job run queuing is enabled for the job runs for this job.

\n

A value of true means job run queuing is enabled for the job runs. If false or not populated, the job runs will not be considered for queueing.

\n

If this field does not match the value set in the job run, then the value from the job run field will be used.

" + } + }, "Description": { "target": "com.amazonaws.glue#DescriptionString", "traits": { @@ -27596,6 +27626,15 @@ "smithy.api#pattern": "^arn:aws[^:]*:iam::[0-9]*:role/.+$" } }, + "com.amazonaws.glue#OrchestrationMessageString": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 0, + "max": 400000 + } + } + }, "com.amazonaws.glue#OrchestrationNameString": { "type": "string", "traits": { @@ -33569,6 +33608,12 @@ "smithy.api#required": {} } }, + "JobRunQueuingEnabled": { + "target": "com.amazonaws.glue#NullableBoolean", + "traits": { + "smithy.api#documentation": "

Specifies whether job run queuing is enabled for the job run.

\n

A value of true means job run queuing is enabled for the job run. If false or not populated, the job run will not be considered for queueing.

" + } + }, "JobRunId": { "target": "com.amazonaws.glue#IdString", "traits": { diff --git a/codegen/sdk-codegen/aws-models/lambda.json b/codegen/sdk-codegen/aws-models/lambda.json index 1a2a4476d7f..3a15790aada 100644 --- a/codegen/sdk-codegen/aws-models/lambda.json +++ b/codegen/sdk-codegen/aws-models/lambda.json @@ -1753,7 +1753,7 @@ } ], "traits": { - "smithy.api#documentation": "

Grants an Amazon Web Service, Amazon Web Services account, or Amazon Web Services organization\n permission to use a function. You can apply the policy at the function level, or specify a qualifier to restrict\n access to a single version or alias. If you use a qualifier, the invoker must use the full Amazon Resource Name\n (ARN) of that version or alias to invoke the function. Note: Lambda does not support adding policies\n to version $LATEST.

\n

To grant permission to another account, specify the account ID as the Principal. To grant\n permission to an organization defined in Organizations, specify the organization ID as the\n PrincipalOrgID. For Amazon Web Services, the principal is a domain-style identifier that\n the service defines, such as s3.amazonaws.com or sns.amazonaws.com. For Amazon Web Services, you can also specify the ARN of the associated resource as the SourceArn. If\n you grant permission to a service principal without specifying the source, other accounts could potentially\n configure resources in their account to invoke your Lambda function.

\n

This operation adds a statement to a resource-based permissions policy for the function. For more information\n about function policies, see Using resource-based policies for Lambda.

", + "smithy.api#documentation": "

Grants an Amazon Web Servicesservice, Amazon Web Services account, or Amazon Web Services organization\n permission to use a function. You can apply the policy at the function level, or specify a qualifier to restrict\n access to a single version or alias. If you use a qualifier, the invoker must use the full Amazon Resource Name\n (ARN) of that version or alias to invoke the function. Note: Lambda does not support adding policies\n to version $LATEST.

\n

To grant permission to another account, specify the account ID as the Principal. To grant\n permission to an organization defined in Organizations, specify the organization ID as the\n PrincipalOrgID. For Amazon Web Servicesservices, the principal is a domain-style identifier that\n the service defines, such as s3.amazonaws.com or sns.amazonaws.com. For Amazon Web Servicesservices, you can also specify the ARN of the associated resource as the SourceArn. If\n you grant permission to a service principal without specifying the source, other accounts could potentially\n configure resources in their account to invoke your Lambda function.

\n

This operation adds a statement to a resource-based permissions policy for the function. For more information\n about function policies, see Using resource-based policies for Lambda.

", "smithy.api#http": { "method": "POST", "uri": "/2015-03-31/functions/{FunctionName}/policy", @@ -1789,20 +1789,20 @@ "Principal": { "target": "com.amazonaws.lambda#Principal", "traits": { - "smithy.api#documentation": "

The Amazon Web Service or Amazon Web Services account that invokes the function. If you specify a\n service, use SourceArn or SourceAccount to limit who can invoke the function through\n that service.

", + "smithy.api#documentation": "

The Amazon Web Servicesservice or Amazon Web Services account that invokes the function. If you specify a\n service, use SourceArn or SourceAccount to limit who can invoke the function through\n that service.

", "smithy.api#required": {} } }, "SourceArn": { "target": "com.amazonaws.lambda#Arn", "traits": { - "smithy.api#documentation": "

For Amazon Web Services, the ARN of the Amazon Web Services resource that invokes the function. For\n example, an Amazon S3 bucket or Amazon SNS topic.

\n

Note that Lambda configures the comparison using the StringLike operator.

" + "smithy.api#documentation": "

For Amazon Web Servicesservices, the ARN of the Amazon Web Services resource that invokes the function. For\n example, an Amazon S3 bucket or Amazon SNS topic.

\n

Note that Lambda configures the comparison using the StringLike operator.

" } }, "SourceAccount": { "target": "com.amazonaws.lambda#SourceOwner", "traits": { - "smithy.api#documentation": "

For Amazon Web Service, the ID of the Amazon Web Services account that owns the resource. Use this\n together with SourceArn to ensure that the specified account owns the resource. It is possible for an\n Amazon S3 bucket to be deleted by its owner and recreated by another account.

" + "smithy.api#documentation": "

For Amazon Web Servicesservice, the ID of the Amazon Web Services account that owns the resource. Use this\n together with SourceArn to ensure that the specified account owns the resource. It is possible for an\n Amazon S3 bucket to be deleted by its owner and recreated by another account.

" } }, "EventSourceToken": { @@ -2670,6 +2670,12 @@ "traits": { "smithy.api#documentation": "

Specific configuration settings for a DocumentDB event source.

" } + }, + "KMSKeyArn": { + "target": "com.amazonaws.lambda#KMSKeyArn", + "traits": { + "smithy.api#documentation": "

\n The ARN of the Key Management Service (KMS) customer managed key that Lambda\n uses to encrypt your function's filter criteria.\n By default, Lambda does not encrypt your filter criteria object. Specify this\n property to encrypt data using your own customer managed key.\n

" + } } }, "traits": { @@ -2714,7 +2720,7 @@ } ], "traits": { - "smithy.api#documentation": "

Creates a Lambda function. To create a function, you need a deployment package and an execution role. The\n deployment package is a .zip file archive or container image that contains your function code. The execution role\n grants the function permission to use Amazon Web Services, such as Amazon CloudWatch Logs for log\n streaming and X-Ray for request tracing.

\n

If the deployment package is a container\n image, then you set the package type to Image. For a container image, the code property\n must include the URI of a container image in the Amazon ECR registry. You do not need to specify the\n handler and runtime properties.

\n

If the deployment package is a .zip file archive, then\n you set the package type to Zip. For a .zip file archive, the code property specifies the location of\n the .zip file. You must also specify the handler and runtime properties. The code in the deployment package must\n be compatible with the target instruction set architecture of the function (x86-64 or\n arm64). If you do not specify the architecture, then the default value is\n x86-64.

\n

When you create a function, Lambda provisions an instance of the function and its supporting\n resources. If your function connects to a VPC, this process can take a minute or so. During this time, you can't\n invoke or modify the function. The State, StateReason, and StateReasonCode\n fields in the response from GetFunctionConfiguration indicate when the function is ready to\n invoke. For more information, see Lambda function states.

\n

A function has an unpublished version, and can have published versions and aliases. The unpublished version\n changes when you update your function's code and configuration. A published version is a snapshot of your function\n code and configuration that can't be changed. An alias is a named resource that maps to a version, and can be\n changed to map to a different version. Use the Publish parameter to create version 1 of\n your function from its initial configuration.

\n

The other parameters let you configure version-specific and function-level settings. You can modify\n version-specific settings later with UpdateFunctionConfiguration. Function-level settings apply\n to both the unpublished and published versions of the function, and include tags (TagResource)\n and per-function concurrency limits (PutFunctionConcurrency).

\n

You can use code signing if your deployment package is a .zip file archive. To enable code signing for this\n function, specify the ARN of a code-signing configuration. When a user attempts to deploy a code package with\n UpdateFunctionCode, Lambda checks that the code package has a valid signature from\n a trusted publisher. The code-signing configuration includes set of signing profiles, which define the trusted\n publishers for this function.

\n

If another Amazon Web Services account or an Amazon Web Service invokes your function, use AddPermission to grant permission by creating a resource-based Identity and Access Management (IAM) policy. You can grant permissions at the function level, on a version, or on an alias.

\n

To invoke your function directly, use Invoke. To invoke your function in response to events\n in other Amazon Web Services, create an event source mapping (CreateEventSourceMapping),\n or configure a function trigger in the other service. For more information, see Invoking Lambda\n functions.

", + "smithy.api#documentation": "

Creates a Lambda function. To create a function, you need a deployment package and an execution role. The\n deployment package is a .zip file archive or container image that contains your function code. The execution role\n grants the function permission to use Amazon Web Servicesservices, such as Amazon CloudWatch Logs for log\n streaming and X-Ray for request tracing.

\n

If the deployment package is a container\n image, then you set the package type to Image. For a container image, the code property\n must include the URI of a container image in the Amazon ECR registry. You do not need to specify the\n handler and runtime properties.

\n

If the deployment package is a .zip file archive, then\n you set the package type to Zip. For a .zip file archive, the code property specifies the location of\n the .zip file. You must also specify the handler and runtime properties. The code in the deployment package must\n be compatible with the target instruction set architecture of the function (x86-64 or\n arm64). If you do not specify the architecture, then the default value is\n x86-64.

\n

When you create a function, Lambda provisions an instance of the function and its supporting\n resources. If your function connects to a VPC, this process can take a minute or so. During this time, you can't\n invoke or modify the function. The State, StateReason, and StateReasonCode\n fields in the response from GetFunctionConfiguration indicate when the function is ready to\n invoke. For more information, see Lambda function states.

\n

A function has an unpublished version, and can have published versions and aliases. The unpublished version\n changes when you update your function's code and configuration. A published version is a snapshot of your function\n code and configuration that can't be changed. An alias is a named resource that maps to a version, and can be\n changed to map to a different version. Use the Publish parameter to create version 1 of\n your function from its initial configuration.

\n

The other parameters let you configure version-specific and function-level settings. You can modify\n version-specific settings later with UpdateFunctionConfiguration. Function-level settings apply\n to both the unpublished and published versions of the function, and include tags (TagResource)\n and per-function concurrency limits (PutFunctionConcurrency).

\n

You can use code signing if your deployment package is a .zip file archive. To enable code signing for this\n function, specify the ARN of a code-signing configuration. When a user attempts to deploy a code package with\n UpdateFunctionCode, Lambda checks that the code package has a valid signature from\n a trusted publisher. The code-signing configuration includes set of signing profiles, which define the trusted\n publishers for this function.

\n

If another Amazon Web Services account or an Amazon Web Servicesservice invokes your function, use AddPermission to grant permission by creating a resource-based Identity and Access Management (IAM) policy. You can grant permissions at the function level, on a version, or on an alias.

\n

To invoke your function directly, use Invoke. To invoke your function in response to events\n in other Amazon Web Servicesservices, create an event source mapping (CreateEventSourceMapping),\n or configure a function trigger in the other service. For more information, see Invoking Lambda\n functions.

", "smithy.api#http": { "method": "POST", "uri": "/2015-03-31/functions", @@ -3217,7 +3223,7 @@ } ], "traits": { - "smithy.api#documentation": "

Deletes a Lambda function. To delete a specific function version, use the Qualifier parameter.\n Otherwise, all versions and aliases are deleted. This doesn't require the user to have explicit\n permissions for DeleteAlias.

\n

To delete Lambda event source mappings that invoke a function, use DeleteEventSourceMapping. For Amazon Web Services and resources that invoke your function\n directly, delete the trigger in the service where you originally configured it.

", + "smithy.api#documentation": "

Deletes a Lambda function. To delete a specific function version, use the Qualifier parameter.\n Otherwise, all versions and aliases are deleted. This doesn't require the user to have explicit\n permissions for DeleteAlias.

\n

To delete Lambda event source mappings that invoke a function, use DeleteEventSourceMapping. For Amazon Web Servicesservices and resources that invoke your function\n directly, delete the trigger in the service where you originally configured it.

", "smithy.api#http": { "method": "DELETE", "uri": "/2015-03-31/functions/{FunctionName}", @@ -3968,7 +3974,7 @@ "FilterCriteria": { "target": "com.amazonaws.lambda#FilterCriteria", "traits": { - "smithy.api#documentation": "

An object that defines the filter criteria that\n determine whether Lambda should process an event. For more information, see Lambda event filtering.

" + "smithy.api#documentation": "

An object that defines the filter criteria that\n determine whether Lambda should process an event. For more information, see Lambda event filtering.

\n

If filter criteria is encrypted, this field shows up as null in the response\n of ListEventSourceMapping API calls. You can view this field in plaintext in the response of\n GetEventSourceMapping and DeleteEventSourceMapping calls if you have\n kms:Decrypt permissions for the correct KMS key.

" } }, "FunctionArn": { @@ -4084,6 +4090,18 @@ "traits": { "smithy.api#documentation": "

Specific configuration settings for a DocumentDB event source.

" } + }, + "KMSKeyArn": { + "target": "com.amazonaws.lambda#KMSKeyArn", + "traits": { + "smithy.api#documentation": "

\n The ARN of the Key Management Service (KMS) customer managed key that Lambda\n uses to encrypt your function's filter criteria.

" + } + }, + "FilterCriteriaError": { + "target": "com.amazonaws.lambda#FilterCriteriaError", + "traits": { + "smithy.api#documentation": "

An object that contains details about an error related to filter criteria encryption.

" + } } }, "traits": { @@ -4201,6 +4219,46 @@ "smithy.api#documentation": "

\n An object that contains the filters for an event source.\n

" } }, + "com.amazonaws.lambda#FilterCriteriaError": { + "type": "structure", + "members": { + "ErrorCode": { + "target": "com.amazonaws.lambda#FilterCriteriaErrorCode", + "traits": { + "smithy.api#documentation": "

The KMS exception that resulted from filter criteria encryption or decryption.

" + } + }, + "Message": { + "target": "com.amazonaws.lambda#FilterCriteriaErrorMessage", + "traits": { + "smithy.api#documentation": "

The error message.

" + } + } + }, + "traits": { + "smithy.api#documentation": "

An object that contains details about an error related to filter criteria encryption.

" + } + }, + "com.amazonaws.lambda#FilterCriteriaErrorCode": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 10, + "max": 50 + }, + "smithy.api#pattern": "^[A-Za-z]+Exception$" + } + }, + "com.amazonaws.lambda#FilterCriteriaErrorMessage": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 10, + "max": 2048 + }, + "smithy.api#pattern": ".*" + } + }, "com.amazonaws.lambda#FilterList": { "type": "list", "member": { @@ -9850,7 +9908,7 @@ } ], "traits": { - "smithy.api#documentation": "

Revokes function-use permission from an Amazon Web Service or another Amazon Web Services account. You\n can get the ID of the statement from the output of GetPolicy.

", + "smithy.api#documentation": "

Revokes function-use permission from an Amazon Web Servicesservice or another Amazon Web Services account. You\n can get the ID of the statement from the output of GetPolicy.

", "smithy.api#http": { "method": "DELETE", "uri": "/2015-03-31/functions/{FunctionName}/policy/{StatementId}", @@ -11531,6 +11589,12 @@ "traits": { "smithy.api#documentation": "

Specific configuration settings for a DocumentDB event source.

" } + }, + "KMSKeyArn": { + "target": "com.amazonaws.lambda#KMSKeyArn", + "traits": { + "smithy.api#documentation": "

\n The ARN of the Key Management Service (KMS) customer managed key that Lambda\n uses to encrypt your function's filter criteria.\n By default, Lambda does not encrypt your filter criteria object. Specify this\n property to encrypt data using your own customer managed key.\n

" + } } }, "traits": { @@ -11696,7 +11760,7 @@ } ], "traits": { - "smithy.api#documentation": "

Modify the version-specific settings of a Lambda function.

\n

When you update a function, Lambda provisions an instance of the function and its supporting\n resources. If your function connects to a VPC, this process can take a minute. During this time, you can't modify\n the function, but you can still invoke it. The LastUpdateStatus, LastUpdateStatusReason,\n and LastUpdateStatusReasonCode fields in the response from GetFunctionConfiguration\n indicate when the update is complete and the function is processing events with the new configuration. For more\n information, see Lambda\n function states.

\n

These settings can vary between versions of a function and are locked when you publish a version. You can't\n modify the configuration of a published version, only the unpublished version.

\n

To configure function concurrency, use PutFunctionConcurrency. To grant invoke permissions\n to an Amazon Web Services account or Amazon Web Service, use AddPermission.

", + "smithy.api#documentation": "

Modify the version-specific settings of a Lambda function.

\n

When you update a function, Lambda provisions an instance of the function and its supporting\n resources. If your function connects to a VPC, this process can take a minute. During this time, you can't modify\n the function, but you can still invoke it. The LastUpdateStatus, LastUpdateStatusReason,\n and LastUpdateStatusReasonCode fields in the response from GetFunctionConfiguration\n indicate when the update is complete and the function is processing events with the new configuration. For more\n information, see Lambda\n function states.

\n

These settings can vary between versions of a function and are locked when you publish a version. You can't\n modify the configuration of a published version, only the unpublished version.

\n

To configure function concurrency, use PutFunctionConcurrency. To grant invoke permissions\n to an Amazon Web Services account or Amazon Web Servicesservice, use AddPermission.

", "smithy.api#http": { "method": "PUT", "uri": "/2015-03-31/functions/{FunctionName}/configuration", diff --git a/codegen/sdk-codegen/aws-models/securityhub.json b/codegen/sdk-codegen/aws-models/securityhub.json index e85e0d76284..cd074c914e4 100644 --- a/codegen/sdk-codegen/aws-models/securityhub.json +++ b/codegen/sdk-codegen/aws-models/securityhub.json @@ -958,7 +958,7 @@ "ResourceId": { "target": "com.amazonaws.securityhub#StringFilterList", "traits": { - "smithy.api#documentation": "

\n The identifier for the given resource type. For Amazon Web Services resources that are identified by \n Amazon Resource Names (ARNs), this is the ARN. For Amazon Web Services resources that lack ARNs, \n this is the identifier as defined by the Amazon Web Service that created the resource. \n For non-Amazon Web Services resources, this is a unique identifier that is associated with the \n resource.\n

\n

\n \t\tArray Members: Minimum number of 1 item. Maximum number of 100 items.\n \t

" + "smithy.api#documentation": "

\n The identifier for the given resource type. For Amazon Web Services resources that are identified by \n Amazon Resource Names (ARNs), this is the ARN. For Amazon Web Services resources that lack ARNs, \n this is the identifier as defined by the Amazon Web Servicesservice that created the resource. \n For non-Amazon Web Services resources, this is a unique identifier that is associated with the \n resource.\n

\n

\n \t\tArray Members: Minimum number of 1 item. Maximum number of 100 items.\n \t

" } }, "ResourcePartition": { @@ -19082,7 +19082,7 @@ "ComplianceSecurityControlId": { "target": "com.amazonaws.securityhub#StringFilterList", "traits": { - "smithy.api#documentation": "

\n The unique identifier of a control across standards. Values for this field typically consist of an \n Amazon Web Service and a number, such as APIGateway.5.\n

" + "smithy.api#documentation": "

\n The unique identifier of a control across standards. Values for this field typically consist of an \n Amazon Web Servicesservice and a number, such as APIGateway.5.\n

" } }, "ComplianceAssociatedStandardsId": { @@ -22198,7 +22198,7 @@ "SecurityControlId": { "target": "com.amazonaws.securityhub#NonEmptyString", "traits": { - "smithy.api#documentation": "

\n The unique identifier of a control across standards. Values for this field typically consist of an \n Amazon Web Service and a number, such as APIGateway.5.\n

" + "smithy.api#documentation": "

\n The unique identifier of a control across standards. Values for this field typically consist of an \n Amazon Web Servicesservice and a number, such as APIGateway.5.\n

" } }, "AssociatedStandards": { @@ -23095,14 +23095,14 @@ "target": "com.amazonaws.securityhub#NonEmptyString", "traits": { "smithy.api#clientOptional": {}, - "smithy.api#documentation": "

Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them.

\n

The selected option also determines how to use the Regions provided in the Regions list.

\n

The options are as follows:

\n ", + "smithy.api#documentation": "

Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them.

\n

The selected option also determines how to use the Regions provided in the Regions list.

\n

The options are as follows:

\n ", "smithy.api#required": {} } }, "Regions": { "target": "com.amazonaws.securityhub#StringList", "traits": { - "smithy.api#documentation": "

If RegionLinkingMode is ALL_REGIONS_EXCEPT_SPECIFIED, then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region.

\n

If RegionLinkingMode is SPECIFIED_REGIONS, then this is a space-separated list of Regions that do aggregate findings to the aggregation Region.\n

" + "smithy.api#documentation": "

If RegionLinkingMode is ALL_REGIONS_EXCEPT_SPECIFIED, then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region.

\n

If RegionLinkingMode is SPECIFIED_REGIONS, then this is a space-separated list of Regions that do aggregate findings to the aggregation Region.\n

\n

An InvalidInputException error results if you populate this field while RegionLinkingMode is \n NO_REGIONS.

" } } }, @@ -25458,7 +25458,7 @@ "UpdateSource": { "target": "com.amazonaws.securityhub#FindingHistoryUpdateSource", "traits": { - "smithy.api#documentation": "

Identifies the source of the event that changed the finding. For example, an integrated\n Amazon Web Service or third-party partner integration may call \n BatchImportFindings\n , or an Security Hub customer\n may call \n BatchUpdateFindings\n .

" + "smithy.api#documentation": "

Identifies the source of the event that changed the finding. For example, an integrated\n Amazon Web Servicesservice or third-party partner integration may call \n BatchImportFindings\n , or an Security Hub customer\n may call \n BatchUpdateFindings\n .

" } }, "Updates": { @@ -25516,7 +25516,7 @@ "Type": { "target": "com.amazonaws.securityhub#FindingHistoryUpdateSourceType", "traits": { - "smithy.api#documentation": "

\n Describes the type of finding change event, such as a call to \n BatchImportFindings\n (by an integrated Amazon Web Service or third party partner integration) or \n BatchUpdateFindings\n (by a Security Hub customer). \n

" + "smithy.api#documentation": "

\n Describes the type of finding change event, such as a call to \n BatchImportFindings\n (by an integrated Amazon Web Servicesservice or third party partner integration) or \n BatchUpdateFindings\n (by a Security Hub customer). \n

" } }, "Identity": { @@ -29732,7 +29732,7 @@ "SecurityHub": { "target": "com.amazonaws.securityhub#SecurityHubPolicy", "traits": { - "smithy.api#documentation": "

\n The Amazon Web Service that the configuration policy applies to.\n

" + "smithy.api#documentation": "

\n The Amazon Web Servicesservice that the configuration policy applies to.\n

" } } }, @@ -30927,7 +30927,7 @@ "DestinationPrefixListId": { "target": "com.amazonaws.securityhub#NonEmptyString", "traits": { - "smithy.api#documentation": "

\n The prefix of the destination Amazon Web Service.\n

" + "smithy.api#documentation": "

\n The prefix of the destination Amazon Web Servicesservice.\n

" } }, "EgressOnlyInternetGatewayId": { @@ -31534,7 +31534,7 @@ "target": "com.amazonaws.securityhub#NonEmptyString", "traits": { "smithy.api#clientOptional": {}, - "smithy.api#documentation": "

\n The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Service name and a \n number, such as APIGateway.3.\n

", + "smithy.api#documentation": "

\n The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Servicesservice name and a \n number, such as APIGateway.3.\n

", "smithy.api#required": {} } }, @@ -31589,7 +31589,7 @@ "UpdateStatus": { "target": "com.amazonaws.securityhub#UpdateStatus", "traits": { - "smithy.api#documentation": "

\n Identifies whether customizable properties of a security control are reflected in Security Hub findings. A status of \nREADY indicates findings include the current parameter values. A status of UPDATING indicates that \nall findings may not include the current parameter values.\n

" + "smithy.api#documentation": "

\n Identifies whether customizable properties of a security control are reflected in Security Hub findings. A status of \nREADY indicates that Security Hub uses the current control parameter values when running security checks of the control. \nA status of UPDATING indicates that all security checks might not use the current parameter values.\n

" } }, "Parameters": { @@ -31642,7 +31642,7 @@ "target": "com.amazonaws.securityhub#NonEmptyString", "traits": { "smithy.api#clientOptional": {}, - "smithy.api#documentation": "

\n The unique identifier of a security control across standards. Values for this field typically consist of an \n Amazon Web Service name and a number (for example, APIGateway.3). This parameter differs from \n SecurityControlArn, which is a unique Amazon Resource Name (ARN) assigned to a control. The \n ARN references the security control ID (for example, arn:aws:securityhub:eu-central-1:123456789012:security-control/APIGateway.3).\n

", + "smithy.api#documentation": "

\n The unique identifier of a security control across standards. Values for this field typically consist of an \n Amazon Web Servicesservice name and a number (for example, APIGateway.3). This parameter differs from \n SecurityControlArn, which is a unique Amazon Resource Name (ARN) assigned to a control. The \n ARN references the security control ID (for example, arn:aws:securityhub:eu-central-1:123456789012:security-control/APIGateway.3).\n

", "smithy.api#required": {} } }, @@ -32038,7 +32038,7 @@ "name": "securityhub" }, "aws.protocols#restJson1": {}, - "smithy.api#documentation": "

Security Hub provides you with a comprehensive view of your security state in Amazon Web Services and helps \n you assess your Amazon Web Services environment against security industry standards and best practices.

\n

Security Hub collects security data across Amazon Web Services accounts, Amazon Web Services, and \n supported third-party products and helps you analyze your security trends and identify the highest priority security \n issues.

\n

To help you manage the security state of your organization, Security Hub supports multiple security standards. \n These include the Amazon Web Services Foundational Security Best Practices (FSBP) standard developed by Amazon Web Services, \n and external compliance frameworks such as the Center for Internet Security (CIS), the Payment Card Industry Data \n Security Standard (PCI DSS), and the National Institute of Standards and Technology (NIST). Each standard includes \n several security controls, each of which represents a security best practice. Security Hub runs checks against \n security controls and generates control findings to help you assess your compliance against security best practices.

\n

In addition to generating control findings, Security Hub also receives findings from other Amazon Web Services, \n such as Amazon GuardDuty and Amazon Inspector, and \n supported third-party products. This gives you a single pane of glass into a variety of security-related issues. You \n can also send Security Hub findings to other Amazon Web Services and supported third-party products.

\n

Security Hub offers automation features that help you triage and remediate security issues. For example, \n you can use automation rules to automatically update critical findings when a security check fails. You can also leverage the integration with \n Amazon EventBridge to trigger automatic responses to specific findings.

\n

This guide, the Security Hub API Reference, provides\n information about the Security Hub API. This includes supported resources, HTTP methods, parameters,\n and schemas. If you're new to Security Hub, you might find it helpful to also review the \n Security Hub User Guide\n . The\n user guide explains key concepts and provides procedures\n that demonstrate how to use Security Hub features. It also provides information about topics such as\n integrating Security Hub with other Amazon Web Services.

\n

In addition to interacting with Security Hub by making calls to the Security Hub API, you can\n use a current version of an Amazon Web Services command line tool or SDK. Amazon Web Services provides tools \n and SDKs that consist of libraries and sample code for various languages and platforms, such as PowerShell,\n Java, Go, Python, C++, and .NET. These tools and SDKs provide convenient, programmatic access to\n Security Hub and other Amazon Web Services . They also handle tasks such as signing requests, \n managing errors, and retrying requests automatically. For information about installing and using the Amazon Web Services tools\n and SDKs, see Tools to Build on Amazon Web Services.

\n

With the exception of operations that are related to central configuration, Security Hub API requests are executed only in\n the Amazon Web Services Region that is currently active or in the specific Amazon Web Services Region that you specify in your request. Any configuration or settings change\n that results from the operation is applied only to that Region. To make the same change in\n other Regions, call the same API operation in each Region in which you want to apply the change. When you use central configuration, \nAPI requests for enabling Security Hub, standards, and controls are executed in the home Region and all linked Regions. For a list of \ncentral configuration operations, see the Central configuration \nterms and concepts section of the Security Hub User Guide.

\n

The following throttling limits apply to Security Hub API operations.

\n ", + "smithy.api#documentation": "

Security Hub provides you with a comprehensive view of your security state in Amazon Web Services and helps \n you assess your Amazon Web Services environment against security industry standards and best practices.

\n

Security Hub collects security data across Amazon Web Services accounts, Amazon Web Servicesservices, and \n supported third-party products and helps you analyze your security trends and identify the highest priority security \n issues.

\n

To help you manage the security state of your organization, Security Hub supports multiple security standards. \n These include the Amazon Web Services Foundational Security Best Practices (FSBP) standard developed by Amazon Web Services, \n and external compliance frameworks such as the Center for Internet Security (CIS), the Payment Card Industry Data \n Security Standard (PCI DSS), and the National Institute of Standards and Technology (NIST). Each standard includes \n several security controls, each of which represents a security best practice. Security Hub runs checks against \n security controls and generates control findings to help you assess your compliance against security best practices.

\n

In addition to generating control findings, Security Hub also receives findings from other Amazon Web Servicesservices, \n such as Amazon GuardDuty and Amazon Inspector, and \n supported third-party products. This gives you a single pane of glass into a variety of security-related issues. You \n can also send Security Hub findings to other Amazon Web Servicesservices and supported third-party products.

\n

Security Hub offers automation features that help you triage and remediate security issues. For example, \n you can use automation rules to automatically update critical findings when a security check fails. You can also leverage the integration with \n Amazon EventBridge to trigger automatic responses to specific findings.

\n

This guide, the Security Hub API Reference, provides\n information about the Security Hub API. This includes supported resources, HTTP methods, parameters,\n and schemas. If you're new to Security Hub, you might find it helpful to also review the \n Security Hub User Guide\n . The\n user guide explains key concepts and provides procedures\n that demonstrate how to use Security Hub features. It also provides information about topics such as\n integrating Security Hub with other Amazon Web Servicesservices.

\n

In addition to interacting with Security Hub by making calls to the Security Hub API, you can\n use a current version of an Amazon Web Services command line tool or SDK. Amazon Web Services provides tools \n and SDKs that consist of libraries and sample code for various languages and platforms, such as PowerShell,\n Java, Go, Python, C++, and .NET. These tools and SDKs provide convenient, programmatic access to\n Security Hub and other Amazon Web Servicesservices . They also handle tasks such as signing requests, \n managing errors, and retrying requests automatically. For information about installing and using the Amazon Web Services tools\n and SDKs, see Tools to Build on Amazon Web Services.

\n

With the exception of operations that are related to central configuration, Security Hub API requests are executed only in\n the Amazon Web Services Region that is currently active or in the specific Amazon Web Services Region that you specify in your request. Any configuration or settings change\n that results from the operation is applied only to that Region. To make the same change in\n other Regions, call the same API operation in each Region in which you want to apply the change. When you use central configuration, \nAPI requests for enabling Security Hub, standards, and controls are executed in the home Region and all linked Regions. For a list of \ncentral configuration operations, see the Central configuration \nterms and concepts section of the Security Hub User Guide.

\n

The following throttling limits apply to Security Hub API operations.

\n ", "smithy.api#title": "AWS SecurityHub", "smithy.rules#endpointRuleSet": { "version": "1.0", @@ -33492,7 +33492,7 @@ "target": "com.amazonaws.securityhub#NonEmptyString", "traits": { "smithy.api#clientOptional": {}, - "smithy.api#documentation": "

\n The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Service \n name and a number, such as APIGateway.3.\n

", + "smithy.api#documentation": "

\n The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Servicesservice \n name and a number, such as APIGateway.3.\n

", "smithy.api#required": {} } }, @@ -33610,7 +33610,7 @@ "target": "com.amazonaws.securityhub#NonEmptyString", "traits": { "smithy.api#clientOptional": {}, - "smithy.api#documentation": "

\n A unique standard-agnostic identifier for a control. Values for this field typically consist of an \n Amazon Web Service and a number, such as APIGateway.5. This field doesn't reference a specific standard.\n

", + "smithy.api#documentation": "

\n A unique standard-agnostic identifier for a control. Values for this field typically consist of an \n Amazon Web Servicesservice and a number, such as APIGateway.5. This field doesn't reference a specific standard.\n

", "smithy.api#required": {} } }, @@ -35407,14 +35407,14 @@ "target": "com.amazonaws.securityhub#NonEmptyString", "traits": { "smithy.api#clientOptional": {}, - "smithy.api#documentation": "

Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them.

\n

The selected option also determines how to use the Regions provided in the Regions list.

\n

The options are as follows:

\n ", + "smithy.api#documentation": "

Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them.

\n

The selected option also determines how to use the Regions provided in the Regions list.

\n

The options are as follows:

\n ", "smithy.api#required": {} } }, "Regions": { "target": "com.amazonaws.securityhub#StringList", "traits": { - "smithy.api#documentation": "

If RegionLinkingMode is ALL_REGIONS_EXCEPT_SPECIFIED, then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region.

\n

If RegionLinkingMode is SPECIFIED_REGIONS, then this is a space-separated list of Regions that do aggregate findings to the aggregation Region.

" + "smithy.api#documentation": "

If RegionLinkingMode is ALL_REGIONS_EXCEPT_SPECIFIED, then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region.

\n

If RegionLinkingMode is SPECIFIED_REGIONS, then this is a space-separated list of Regions that do aggregate findings to the aggregation Region.

\n

An InvalidInputException error results if you populate this field while RegionLinkingMode is \n NO_REGIONS.

" } } }, @@ -35480,7 +35480,7 @@ } ], "traits": { - "smithy.api#documentation": "

\n UpdateFindings is a deprecated operation. Instead of UpdateFindings, use\n the BatchUpdateFindings operation.

\n

Updates the Note and RecordState of the Security Hub-aggregated\n findings that the filter attributes specify. Any member account that can view the finding\n also sees the update to the finding.

\n

Finding updates made with UpdateFindings might not be persisted if the same finding is later updated by the \n finding provider through the BatchImportFindings operation.

", + "smithy.api#documentation": "

\n UpdateFindings is a deprecated operation. Instead of UpdateFindings, use\n the BatchUpdateFindings operation.

\n

The UpdateFindings operation updates the Note and RecordState of the Security Hub aggregated\n findings that the filter attributes specify. Any member account that can view the finding\n can also see the update to the finding.

\n

Finding updates made with UpdateFindings aren't persisted if the same finding is later updated by the \n finding provider through the BatchImportFindings operation. In addition, Security Hub doesn't \n record updates made with UpdateFindings in the finding history.

", "smithy.api#http": { "method": "PATCH", "uri": "/findings", diff --git a/codegen/sdk-codegen/aws-models/ses.json b/codegen/sdk-codegen/aws-models/ses.json index 7486984fefb..3ab6e7808ef 100644 --- a/codegen/sdk-codegen/aws-models/ses.json +++ b/codegen/sdk-codegen/aws-models/ses.json @@ -3161,6 +3161,16 @@ "com.amazonaws.ses#HtmlPart": { "type": "string" }, + "com.amazonaws.ses#IAMRoleARN": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 20, + "max": 2048 + }, + "smithy.api#pattern": "^arn:[\\w-]+:iam::[0-9]+:role/[\\w-]+$" + } + }, "com.amazonaws.ses#Identity": { "type": "string" }, @@ -5007,7 +5017,13 @@ "KmsKeyArn": { "target": "com.amazonaws.ses#AmazonResourceName", "traits": { - "smithy.api#documentation": "

The customer master key that Amazon SES should use to encrypt your emails before saving\n them to the Amazon S3 bucket. You can use the default master key or a custom master key that\n you created in Amazon Web Services KMS as follows:

\n \n

For more information about key policies, see the Amazon Web Services KMS Developer Guide. If\n you do not specify a master key, Amazon SES does not encrypt your emails.

\n \n

Your mail is encrypted by Amazon SES using the Amazon S3 encryption client before the mail\n is submitted to Amazon S3 for storage. It is not encrypted using Amazon S3 server-side\n encryption. This means that you must use the Amazon S3 encryption client to decrypt the\n email after retrieving it from Amazon S3, as the service has no access to use your\n Amazon Web Services KMS keys for decryption. This encryption client is currently available with\n the Amazon Web Services SDK for Java and\n Amazon Web Services SDK for Ruby only. For\n more information about client-side encryption using Amazon Web Services KMS master keys, see the\n Amazon S3 Developer Guide.

\n " + "smithy.api#documentation": "

The customer managed key that Amazon SES should use to encrypt your emails before saving\n them to the Amazon S3 bucket. You can use the default managed key or a custom managed key that\n you created in Amazon Web Services KMS as follows:

\n \n

For more information about key policies, see the Amazon Web Services KMS Developer Guide. If\n you do not specify a managed key, Amazon SES does not encrypt your emails.

\n \n

Your mail is encrypted by Amazon SES using the Amazon S3 encryption client before the mail\n is submitted to Amazon S3 for storage. It is not encrypted using Amazon S3 server-side\n encryption. This means that you must use the Amazon S3 encryption client to decrypt the\n email after retrieving it from Amazon S3, as the service has no access to use your\n Amazon Web Services KMS keys for decryption. This encryption client is currently available with\n the Amazon Web Services SDK for Java and\n Amazon Web Services SDK for Ruby only. For\n more information about client-side encryption using Amazon Web Services KMS managed keys, see the\n Amazon S3 Developer Guide.

\n " + } + }, + "IamRoleArn": { + "target": "com.amazonaws.ses#IAMRoleARN", + "traits": { + "smithy.api#documentation": "

The ARN of the IAM role to be used by Amazon Simple Email Service while writing to the Amazon S3 bucket,\n optionally encrypting your mail via the provided customer managed key, and publishing to\n the Amazon SNS topic.\n This role should have access to the following APIs:\n

\n \n \n

If an IAM role ARN is provided, the role (and only the role) is used to access all\n the given resources (Amazon S3 bucket, Amazon Web Services KMS customer managed key and Amazon SNS topic).\n Therefore, setting up individual resource access permissions is not required.

\n " } } }, @@ -5248,7 +5264,8 @@ "DefaultTemplateData": { "target": "com.amazonaws.ses#TemplateData", "traits": { - "smithy.api#documentation": "

A list of replacement values to apply to the template when replacement data is not\n specified in a Destination object. These values act as a default or fallback option when\n no other data is available.

\n

The template data is a JSON object, typically consisting of key-value pairs in which\n the keys correspond to replacement tags in the email template.

" + "smithy.api#documentation": "

A list of replacement values to apply to the template when replacement data is not\n specified in a Destination object. These values act as a default or fallback option when\n no other data is available.

\n

The template data is a JSON object, typically consisting of key-value pairs in which\n the keys correspond to replacement tags in the email template.

", + "smithy.api#required": {} } }, "Destinations": {