diff --git a/CHANGELOG.md b/CHANGELOG.md index 45b1177a42b..822aaf4d007 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,18 @@ +Release v1.44.125 (2022-10-27) +=== + +### Service Client Updates +* `service/ec2`: Updates service API and documentation + * Feature supports the replacement of instance root volume using an updated AMI without requiring customers to stop their instance. +* `service/fms`: Updates service API and documentation +* `service/glue`: Updates service API and documentation + * Added support for custom datatypes when using custom csv classifier. +* `service/redshift`: Updates service documentation + * This release clarifies use for the ElasticIp parameter of the CreateCluster and RestoreFromClusterSnapshot APIs. +* `service/sagemaker`: Updates service API and documentation + * This change allows customers to provide a custom entrypoint script for the docker container to be run while executing training jobs, and provide custom arguments to the entrypoint script. +* `service/wafv2`: Updates service API and documentation + Release v1.44.124 (2022-10-26) === diff --git a/aws/endpoints/defaults.go b/aws/endpoints/defaults.go index 6cdfc480244..cdd65b78071 100644 --- a/aws/endpoints/defaults.go +++ b/aws/endpoints/defaults.go @@ -3991,6 +3991,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -33286,6 +33289,9 @@ var awsisoPartition = partition{ endpointKey{ Region: "us-iso-east-1", }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "dynamodb": service{ diff --git a/aws/version.go b/aws/version.go index bfc107512fc..ce868d4a649 100644 --- a/aws/version.go +++ b/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.44.124" +const SDKVersion = "1.44.125" diff --git a/models/apis/ec2/2016-11-15/api-2.json b/models/apis/ec2/2016-11-15/api-2.json index 332bf268370..1853264f92b 100755 --- a/models/apis/ec2/2016-11-15/api-2.json +++ b/models/apis/ec2/2016-11-15/api-2.json @@ -10255,7 +10255,9 @@ "TagSpecifications":{ "shape":"TagSpecificationList", "locationName":"TagSpecification" - } + }, + "ImageId":{"shape":"ImageId"}, + "DeleteReplacedRootVolume":{"shape":"Boolean"} } }, "CreateReplaceRootVolumeTaskResult":{ @@ -32656,6 +32658,18 @@ "Tags":{ "shape":"TagList", "locationName":"tagSet" + }, + "ImageId":{ + "shape":"ImageId", + "locationName":"imageId" + }, + "SnapshotId":{ + "shape":"SnapshotId", + "locationName":"snapshotId" + }, + "DeleteReplacedRootVolume":{ + "shape":"Boolean", + "locationName":"deleteReplacedRootVolume" } } }, diff --git a/models/apis/ec2/2016-11-15/docs-2.json b/models/apis/ec2/2016-11-15/docs-2.json index 699af28ed91..2c9ffe7eb2d 100755 --- a/models/apis/ec2/2016-11-15/docs-2.json +++ b/models/apis/ec2/2016-11-15/docs-2.json @@ -89,7 +89,7 @@ "CreateNetworkInterfacePermission": "
Grants an Amazon Web Services-authorized account permission to attach the specified network interface to an instance in their account.
You can grant permission to a single Amazon Web Services account only, and only one account at a time.
", "CreatePlacementGroup": "Creates a placement group in which to launch instances. The strategy of the placement group determines how the instances are organized within the group.
A cluster
placement group is a logical grouping of instances within a single Availability Zone that benefit from low network latency, high network throughput. A spread
placement group places instances on distinct hardware. A partition
placement group places groups of instances in different partitions, where instances in one partition do not share the same hardware with instances in another partition.
For more information, see Placement groups in the Amazon EC2 User Guide.
", "CreatePublicIpv4Pool": "Creates a public IPv4 address pool. A public IPv4 pool is an EC2 IP address pool required for the public IPv4 CIDRs that you own and bring to Amazon Web Services to manage with IPAM. IPv6 addresses you bring to Amazon Web Services, however, use IPAM pools only. To monitor the status of pool creation, use DescribePublicIpv4Pools.
", - "CreateReplaceRootVolumeTask": "Creates a root volume replacement task for an Amazon EC2 instance. The root volume can either be restored to its initial launch state, or it can be restored using a specific snapshot.
For more information, see Replace a root volume in the Amazon Elastic Compute Cloud User Guide.
", + "CreateReplaceRootVolumeTask": "Replaces the EBS-backed root volume for a running
instance with a new volume that is restored to the original root volume's launch state, that is restored to a specific snapshot taken from the original root volume, or that is restored from an AMI that has the same key characteristics as that of the instance.
For more information, see Replace a root volume in the Amazon Elastic Compute Cloud User Guide.
", "CreateReservedInstancesListing": "Creates a listing for Amazon EC2 Standard Reserved Instances to be sold in the Reserved Instance Marketplace. You can submit one Standard Reserved Instance listing at a time. To get a list of your Standard Reserved Instances, you can use the DescribeReservedInstances operation.
Only Standard Reserved Instances can be sold in the Reserved Instance Marketplace. Convertible Reserved Instances cannot be sold.
The Reserved Instance Marketplace matches sellers who want to resell Standard Reserved Instance capacity that they no longer need with buyers who want to purchase additional capacity. Reserved Instances bought and sold through the Reserved Instance Marketplace work like any other Reserved Instances.
To sell your Standard Reserved Instances, you must first register as a seller in the Reserved Instance Marketplace. After completing the registration process, you can create a Reserved Instance Marketplace listing of some or all of your Standard Reserved Instances, and specify the upfront price to receive for them. Your Standard Reserved Instance listings then become available for purchase. To view the details of your Standard Reserved Instance listing, you can use the DescribeReservedInstancesListings operation.
For more information, see Reserved Instance Marketplace in the Amazon EC2 User Guide.
", "CreateRestoreImageTask": "Starts a task that restores an AMI from an Amazon S3 object that was previously created by using CreateStoreImageTask.
To use this API, you must have the required permissions. For more information, see Permissions for storing and restoring AMIs using Amazon S3 in the Amazon Elastic Compute Cloud User Guide.
For more information, see Store and restore an AMI using Amazon S3 in the Amazon Elastic Compute Cloud User Guide.
", "CreateRoute": "Creates a route in a route table within a VPC.
You must specify either a destination CIDR block or a prefix list ID. You must also specify exactly one of the resources from the parameter list.
When determining how to route traffic, we use the route with the most specific match. For example, traffic is destined for the IPv4 address 192.0.2.3
, and the route table includes the following two IPv4 routes:
192.0.2.0/24
(goes to some target A)
192.0.2.0/28
(goes to some target B)
Both routes apply to the traffic destined for 192.0.2.3
. However, the second route in the list covers a smaller number of IP addresses and is therefore more specific, so we use that route to determine where to target the traffic.
For more information about route tables, see Route tables in the Amazon Virtual Private Cloud User Guide.
", @@ -1807,6 +1807,7 @@ "CreatePlacementGroupRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
Indicates whether to automatically delete the original root volume after the root volume replacement task completes. To delete the original root volume, specify true
. If you choose to keep the original root volume after the replacement task completes, you must manually delete it when you no longer need it.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
Returns true
if the request succeeds; otherwise, it returns an error.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
Indicates whether to replace the egress rule.
Default: If no value is specified, we replace the ingress rule.
", + "ReplaceRootVolumeTask$DeleteReplacedRootVolume": "Indicates whether the original root volume is to be deleted after the root volume replacement task completes.
", "ReplaceRouteRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
Specifies whether to reset the local route to its default target (local
).
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
The ID of the AMI to use to restore the root volume. The specified AMI must have the same product code, billing information, architecture type, and virtualization type as that of the instance.
If you want to restore the replacement volume from a specific snapshot, or if you want to restore it to its launch state, omit this parameter.
", "CreateStoreImageTaskRequest$ImageId": "The ID of the AMI.
", "DeregisterImageRequest$ImageId": "The ID of the AMI.
", "DescribeFastLaunchImagesSuccessItem$ImageId": "The image ID that identifies the fast-launch enabled Windows image.
", @@ -9551,6 +9554,7 @@ "ImageIdList$member": null, "ImageIdStringList$member": null, "ModifyImageAttributeRequest$ImageId": "The ID of the AMI.
", + "ReplaceRootVolumeTask$ImageId": "The ID of the AMI used to create the replacement root volume.
", "RequestLaunchTemplateData$ImageId": "The ID of the AMI.
", "RequestSpotLaunchSpecification$ImageId": "The ID of the AMI.
", "ResetImageAttributeRequest$ImageId": "The ID of the AMI.
", @@ -16317,7 +16321,7 @@ "SnapshotId": { "base": null, "refs": { - "CreateReplaceRootVolumeTaskRequest$SnapshotId": "The ID of the snapshot from which to restore the replacement root volume. If you want to restore the volume to the initial launch state, omit this parameter.
", + "CreateReplaceRootVolumeTaskRequest$SnapshotId": "The ID of the snapshot from which to restore the replacement root volume. The specified snapshot must be a snapshot that you previously created from the original root volume.
If you want to restore the replacement root volume to the initial launch state, or if you want to restore the replacement root volume from an AMI, omit this parameter.
", "CreateVolumeRequest$SnapshotId": "The snapshot from which to create the volume. You must specify either a snapshot ID or a volume size.
", "DeleteSnapshotRequest$SnapshotId": "The ID of the EBS snapshot.
", "DescribeSnapshotAttributeRequest$SnapshotId": "The ID of the EBS snapshot.
", @@ -16327,6 +16331,7 @@ "LaunchTemplateEbsBlockDeviceRequest$SnapshotId": "The ID of the snapshot.
", "ModifySnapshotAttributeRequest$SnapshotId": "The ID of the snapshot.
", "ModifySnapshotTierRequest$SnapshotId": "The ID of the snapshot.
", + "ReplaceRootVolumeTask$SnapshotId": "The ID of the snapshot used to create the replacement root volume.
", "ResetSnapshotAttributeRequest$SnapshotId": "The ID of the snapshot.
", "RestoreSnapshotFromRecycleBinRequest$SnapshotId": "The ID of the snapshot to restore.
", "RestoreSnapshotTierRequest$SnapshotId": "The ID of the snapshot to restore.
", diff --git a/models/apis/ec2/2016-11-15/endpoint-rule-set-1.json b/models/apis/ec2/2016-11-15/endpoint-rule-set-1.json new file mode 100644 index 00000000000..cc324428d55 --- /dev/null +++ b/models/apis/ec2/2016-11-15/endpoint-rule-set-1.json @@ -0,0 +1,340 @@ +{ + "version": "1.0", + "parameters": { + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "String" + }, + "UseDualStack": { + "builtIn": "AWS::UseDualStack", + "required": true, + "default": false, + "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", + "type": "Boolean" + }, + "UseFIPS": { + "builtIn": "AWS::UseFIPS", + "required": true, + "default": false, + "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", + "type": "Boolean" + }, + "Endpoint": { + "builtIn": "SDK::Endpoint", + "required": false, + "documentation": "Override the endpoint used to send this request", + "type": "String" + } + }, + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + }, + { + "fn": "parseURL", + "argv": [ + { + "ref": "Endpoint" + } + ], + "assign": "url" + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://ec2-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + "aws-us-gov", + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + } + ] + } + ], + "endpoint": { + "url": "https://ec2.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [], + "endpoint": { + "url": "https://ec2-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://ec2.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" + } + ] + }, + { + "conditions": [], + "endpoint": { + "url": "https://ec2.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] +} \ No newline at end of file diff --git a/models/apis/ec2/2016-11-15/endpoint-tests-1.json b/models/apis/ec2/2016-11-15/endpoint-tests-1.json new file mode 100644 index 00000000000..96d0b0e0c6c --- /dev/null +++ b/models/apis/ec2/2016-11-15/endpoint-tests-1.json @@ -0,0 +1,1851 @@ +{ + "testCases": [ + { + "documentation": "For region ap-south-2 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.ap-south-2.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-south-2", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-south-2 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.ap-south-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-south-2", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-south-2 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2.ap-south-2.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-south-2", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-south-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2.ap-south-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-south-2", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-south-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.ap-south-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-south-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-south-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.ap-south-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-south-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-south-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2.ap-south-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-south-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-south-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2.ap-south-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-south-1", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-south-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.eu-south-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-south-1", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-south-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.eu-south-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-south-1", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-south-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2.eu-south-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-south-1", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-south-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2.eu-south-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-south-1", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-south-2 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.eu-south-2.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-south-2", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-south-2 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.eu-south-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-south-2", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-south-2 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2.eu-south-2.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-south-2", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-south-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2.eu-south-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-south-2", + "UseDualStack": false + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.us-gov-east-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-gov-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2.us-gov-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-gov-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2.us-gov-east-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-gov-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2.us-gov-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-gov-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region me-central-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.me-central-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "me-central-1", + "UseDualStack": true + } + }, + { + "documentation": "For region me-central-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.me-central-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "me-central-1", + "UseDualStack": false + } + }, + { + "documentation": "For region me-central-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2.me-central-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "me-central-1", + "UseDualStack": true + } + }, + { + "documentation": "For region me-central-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2.me-central-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "me-central-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ca-central-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.ca-central-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ca-central-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ca-central-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.ca-central-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ca-central-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ca-central-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2.ca-central-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ca-central-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ca-central-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2.ca-central-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ca-central-1", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-central-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.eu-central-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-central-1", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-central-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.eu-central-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-central-1", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-central-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2.eu-central-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-central-1", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-central-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2.eu-central-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-central-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-iso-west-1 with FIPS enabled and DualStack enabled", + "expect": { + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" + }, + "params": { + "UseFIPS": true, + "Region": "us-iso-west-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-iso-west-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.us-iso-west-1.c2s.ic.gov" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-iso-west-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-iso-west-1 with FIPS disabled and DualStack enabled", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "UseFIPS": false, + "Region": "us-iso-west-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-iso-west-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2.us-iso-west-1.c2s.ic.gov" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-iso-west-1", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-central-2 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.eu-central-2.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-central-2", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-central-2 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.eu-central-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-central-2", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-central-2 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2.eu-central-2.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-central-2", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-central-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2.eu-central-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-central-2", + "UseDualStack": false + } + }, + { + "documentation": "For region us-west-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.us-west-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-west-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-west-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.us-west-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-west-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-west-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2.us-west-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-west-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-west-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2.us-west-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-west-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-west-2 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.us-west-2.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-west-2", + "UseDualStack": true + } + }, + { + "documentation": "For region us-west-2 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.us-west-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-west-2", + "UseDualStack": false + } + }, + { + "documentation": "For region us-west-2 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2.us-west-2.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-west-2", + "UseDualStack": true + } + }, + { + "documentation": "For region us-west-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2.us-west-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-west-2", + "UseDualStack": false + } + }, + { + "documentation": "For region af-south-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.af-south-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "af-south-1", + "UseDualStack": true + } + }, + { + "documentation": "For region af-south-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.af-south-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "af-south-1", + "UseDualStack": false + } + }, + { + "documentation": "For region af-south-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2.af-south-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "af-south-1", + "UseDualStack": true + } + }, + { + "documentation": "For region af-south-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2.af-south-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "af-south-1", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-north-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.eu-north-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-north-1", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-north-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.eu-north-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-north-1", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-north-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2.eu-north-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-north-1", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-north-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2.eu-north-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-north-1", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-west-3 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.eu-west-3.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-west-3", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-west-3 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.eu-west-3.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-west-3", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-west-3 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2.eu-west-3.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-west-3", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-west-3 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2.eu-west-3.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-west-3", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-west-2 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.eu-west-2.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-west-2", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-west-2 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.eu-west-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-west-2", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-west-2 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2.eu-west-2.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-west-2", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-west-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2.eu-west-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-west-2", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-west-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.eu-west-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-west-1", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-west-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.eu-west-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-west-1", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-west-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2.eu-west-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-west-1", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-west-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2.eu-west-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-west-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-northeast-3 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.ap-northeast-3.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-northeast-3", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-northeast-3 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.ap-northeast-3.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-northeast-3", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-northeast-3 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2.ap-northeast-3.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-northeast-3", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-northeast-3 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2.ap-northeast-3.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-northeast-3", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-northeast-2 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.ap-northeast-2.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-northeast-2", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-northeast-2 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.ap-northeast-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-northeast-2", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2.ap-northeast-2.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-northeast-2", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2.ap-northeast-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-northeast-2", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-northeast-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.ap-northeast-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-northeast-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-northeast-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.ap-northeast-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-northeast-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2.ap-northeast-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-northeast-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2.ap-northeast-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-northeast-1", + "UseDualStack": false + } + }, + { + "documentation": "For region me-south-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.me-south-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "me-south-1", + "UseDualStack": true + } + }, + { + "documentation": "For region me-south-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.me-south-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "me-south-1", + "UseDualStack": false + } + }, + { + "documentation": "For region me-south-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2.me-south-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "me-south-1", + "UseDualStack": true + } + }, + { + "documentation": "For region me-south-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2.me-south-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "me-south-1", + "UseDualStack": false + } + }, + { + "documentation": "For region sa-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.sa-east-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "sa-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region sa-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.sa-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "sa-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region sa-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2.sa-east-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "sa-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region sa-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2.sa-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "sa-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.ap-east-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.ap-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2.ap-east-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2.ap-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.cn-north-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "UseFIPS": true, + "Region": "cn-north-1", + "UseDualStack": true + } + }, + { + "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.cn-north-1.amazonaws.com.cn" + } + }, + "params": { + "UseFIPS": true, + "Region": "cn-north-1", + "UseDualStack": false + } + }, + { + "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2.cn-north-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "UseFIPS": false, + "Region": "cn-north-1", + "UseDualStack": true + } + }, + { + "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2.cn-north-1.amazonaws.com.cn" + } + }, + "params": { + "UseFIPS": false, + "Region": "cn-north-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ca-west-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.ca-west-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ca-west-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ca-west-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.ca-west-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ca-west-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ca-west-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2.ca-west-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ca-west-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ca-west-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2.ca-west-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ca-west-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-gov-west-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.us-gov-west-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-gov-west-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-gov-west-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2.us-gov-west-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-gov-west-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-gov-west-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2.us-gov-west-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-gov-west-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-gov-west-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2.us-gov-west-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-gov-west-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-southeast-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.ap-southeast-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-southeast-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-southeast-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.ap-southeast-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-southeast-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2.ap-southeast-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-southeast-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2.ap-southeast-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-southeast-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-southeast-2 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.ap-southeast-2.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-southeast-2", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-southeast-2 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.ap-southeast-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-southeast-2", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2.ap-southeast-2.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-southeast-2", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2.ap-southeast-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-southeast-2", + "UseDualStack": false + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" + }, + "params": { + "UseFIPS": true, + "Region": "us-iso-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.us-iso-east-1.c2s.ic.gov" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-iso-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "UseFIPS": false, + "Region": "us-iso-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2.us-iso-east-1.c2s.ic.gov" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-iso-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-southeast-3 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.ap-southeast-3.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-southeast-3", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-southeast-3 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.ap-southeast-3.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-southeast-3", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-southeast-3 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2.ap-southeast-3.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-southeast-3", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-southeast-3 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2.ap-southeast-3.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-southeast-3", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-southeast-4 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.ap-southeast-4.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-southeast-4", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-southeast-4 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.ap-southeast-4.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-southeast-4", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-southeast-4 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2.ap-southeast-4.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-southeast-4", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-southeast-4 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2.ap-southeast-4.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-southeast-4", + "UseDualStack": false + } + }, + { + "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.us-east-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.us-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2.us-east-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2.us-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-east-2 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.us-east-2.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-east-2", + "UseDualStack": true + } + }, + { + "documentation": "For region us-east-2 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.us-east-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-east-2", + "UseDualStack": false + } + }, + { + "documentation": "For region us-east-2 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2.us-east-2.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-east-2", + "UseDualStack": true + } + }, + { + "documentation": "For region us-east-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2.us-east-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-east-2", + "UseDualStack": false + } + }, + { + "documentation": "For region cn-northwest-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.cn-northwest-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "UseFIPS": true, + "Region": "cn-northwest-1", + "UseDualStack": true + } + }, + { + "documentation": "For region cn-northwest-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.cn-northwest-1.amazonaws.com.cn" + } + }, + "params": { + "UseFIPS": true, + "Region": "cn-northwest-1", + "UseDualStack": false + } + }, + { + "documentation": "For region cn-northwest-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://ec2.cn-northwest-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "UseFIPS": false, + "Region": "cn-northwest-1", + "UseDualStack": true + } + }, + { + "documentation": "For region cn-northwest-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2.cn-northwest-1.amazonaws.com.cn" + } + }, + "params": { + "UseFIPS": false, + "Region": "cn-northwest-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" + }, + "params": { + "UseFIPS": true, + "Region": "us-isob-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2-fips.us-isob-east-1.sc2s.sgov.gov" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-isob-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "UseFIPS": false, + "Region": "us-isob-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://ec2.us-isob-east-1.sc2s.sgov.gov" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-isob-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For custom endpoint with fips disabled and dualstack disabled", + "expect": { + "endpoint": { + "url": "https://example.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-east-1", + "UseDualStack": false, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "For custom endpoint with fips enabled and dualstack disabled", + "expect": { + "error": "Invalid Configuration: FIPS and custom endpoint are not supported" + }, + "params": { + "UseFIPS": true, + "Region": "us-east-1", + "UseDualStack": false, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "For custom endpoint with fips disabled and dualstack enabled", + "expect": { + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported" + }, + "params": { + "UseFIPS": false, + "Region": "us-east-1", + "UseDualStack": true, + "Endpoint": "https://example.com" + } + } + ], + "version": "1.0" +} \ No newline at end of file diff --git a/models/apis/fms/2018-01-01/api-2.json b/models/apis/fms/2018-01-01/api-2.json index 09c593fbd6c..e118c7fa2d2 100644 --- a/models/apis/fms/2018-01-01/api-2.json +++ b/models/apis/fms/2018-01-01/api-2.json @@ -1293,6 +1293,10 @@ "TargetViolationReason":{"shape":"TargetViolationReason"} } }, + "NetworkFirewallOverrideAction":{ + "type":"string", + "enum":["DROP_TO_ALERT"] + }, "NetworkFirewallPolicy":{ "type":"structure", "members":{ @@ -1325,6 +1329,12 @@ "min":1, "pattern":"^[a-zA-Z0-9-]+$" }, + "NetworkFirewallStatefulRuleGroupOverride":{ + "type":"structure", + "members":{ + "Action":{"shape":"NetworkFirewallOverrideAction"} + } + }, "NetworkFirewallUnexpectedFirewallRoutesViolation":{ "type":"structure", "members":{ @@ -1827,7 +1837,8 @@ "members":{ "RuleGroupName":{"shape":"NetworkFirewallResourceName"}, "ResourceId":{"shape":"ResourceId"}, - "Priority":{"shape":"PriorityNumber"} + "Priority":{"shape":"PriorityNumber"}, + "Override":{"shape":"NetworkFirewallStatefulRuleGroupOverride"} } }, "StatefulRuleGroupList":{ diff --git a/models/apis/fms/2018-01-01/docs-2.json b/models/apis/fms/2018-01-01/docs-2.json index de87dba5e13..f3f94324590 100644 --- a/models/apis/fms/2018-01-01/docs-2.json +++ b/models/apis/fms/2018-01-01/docs-2.json @@ -703,7 +703,7 @@ "base": null, "refs": { "FMSPolicyUpdateFirewallCreationConfigAction$FirewallCreationConfig": "A FirewallCreationConfig
that you can copy into your current policy's SecurityServiceData in order to remedy scope violations.
Details about the service that are specific to the service type, in JSON format.
Example: DNS_FIREWALL
\"{\\\"type\\\":\\\"DNS_FIREWALL\\\",\\\"preProcessRuleGroups\\\":[{\\\"ruleGroupId\\\":\\\"rslvr-frg-1\\\",\\\"priority\\\":10}],\\\"postProcessRuleGroups\\\":[{\\\"ruleGroupId\\\":\\\"rslvr-frg-2\\\",\\\"priority\\\":9911}]}\"
Valid values for preProcessRuleGroups
are between 1 and 99. Valid values for postProcessRuleGroups
are between 9901 and 10000.
Example: NETWORK_FIREWALL
- Centralized deployment model
\"{\\\"type\\\":\\\"NETWORK_FIREWALL\\\",\\\"awsNetworkFirewallConfig\\\":{\\\"networkFirewallStatelessRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\\\",\\\"priority\\\":1}],\\\"networkFirewallStatelessDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"customActionName\\\"],\\\"networkFirewallStatelessFragmentDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"customActionName\\\"],\\\"networkFirewallStatelessCustomActions\\\":[{\\\"actionName\\\":\\\"customActionName\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"metricdimensionvalue\\\"}]}}}],\\\"networkFirewallStatefulRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\\\"}],\\\"networkFirewallLoggingConfiguration\\\":{\\\"logDestinationConfigs\\\":[{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\":\\\"ALERT\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}},{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\":\\\"FLOW\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}}],\\\"overrideExistingConfig\\\":true}},\\\"firewallDeploymentModel\\\":{\\\"centralizedFirewallDeploymentModel\\\":{\\\"centralizedFirewallOrchestrationConfig\\\":{\\\"inspectionVpcIds\\\":[{\\\"resourceId\\\":\\\"vpc-1234\\\",\\\"accountId\\\":\\\"123456789011\\\"}],\\\"firewallCreationConfig\\\":{\\\"endpointLocation\\\":{\\\"availabilityZoneConfigList\\\":[{\\\"availabilityZoneId\\\":null,\\\"availabilityZoneName\\\":\\\"us-east-1a\\\",\\\"allowedIPV4CidrList\\\":[\\\"10.0.0.0/28\\\"]}]}},\\\"allowedIPV4CidrList\\\":[]}}}}\"
To use the centralized deployment model, you must set PolicyOption to CENTRALIZED
.
Example: NETWORK_FIREWALL
- Distributed deployment model with automatic Availability Zone configuration
\"{\\\"type\\\":\\\"NETWORK_FIREWALL\\\",\\\"networkFirewallStatelessRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\\\",\\\"priority\\\":1}],\\\"networkFirewallStatelessDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"customActionName\\\"],\\\"networkFirewallStatelessFragmentDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"customActionName\\\"],\\\"networkFirewallStatelessCustomActions\\\":[{\\\"actionName\\\":\\\"customActionName\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"metricdimensionvalue\\\"}]}}}],\\\"networkFirewallStatefulRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\\\"}],\\\"networkFirewallOrchestrationConfig\\\":{\\\"singleFirewallEndpointPerVPC\\\":false,\\\"allowedIPV4CidrList\\\":[\\\"10.0.0.0/28\\\",\\\"192.168.0.0/28\\\"],\\\"routeManagementAction\\\":\\\"OFF\\\"},\\\"networkFirewallLoggingConfiguration\\\":{\\\"logDestinationConfigs\\\":[{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\":\\\"ALERT\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}},{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\":\\\"FLOW\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}}],\\\"overrideExistingConfig\\\":true}}\"
With automatic Availbility Zone configuration, Firewall Manager chooses which Availability Zones to create the endpoints in. To use the distributed deployment model, you must set PolicyOption to NULL
.
Example: NETWORK_FIREWALL
- Distributed deployment model with automatic Availability Zone configuration and route management
\"{\\\"type\\\":\\\"NETWORK_FIREWALL\\\",\\\"networkFirewallStatelessRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\\\",\\\"priority\\\":1}],\\\"networkFirewallStatelessDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"customActionName\\\"],\\\"networkFirewallStatelessFragmentDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"customActionName\\\"],\\\"networkFirewallStatelessCustomActions\\\":[{\\\"actionName\\\":\\\"customActionName\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"metricdimensionvalue\\\"}]}}}],\\\"networkFirewallStatefulRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\\\"}],\\\"networkFirewallOrchestrationConfig\\\":{\\\"singleFirewallEndpointPerVPC\\\":false,\\\"allowedIPV4CidrList\\\":[\\\"10.0.0.0/28\\\",\\\"192.168.0.0/28\\\"],\\\"routeManagementAction\\\":\\\"MONITOR\\\",\\\"routeManagementTargetTypes\\\":[\\\"InternetGateway\\\"]},\\\"networkFirewallLoggingConfiguration\\\":{\\\"logDestinationConfigs\\\":[{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\":\\\"ALERT\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}},{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\": \\\"FLOW\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}}],\\\"overrideExistingConfig\\\":true}}\"
To use the distributed deployment model, you must set PolicyOption to NULL
.
Example: NETWORK_FIREWALL
- Distributed deployment model with custom Availability Zone configuration
\"{\\\"type\\\":\\\"NETWORK_FIREWALL\\\",\\\"networkFirewallStatelessRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\\\",\\\"priority\\\":1}],\\\"networkFirewallStatelessDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"customActionName\\\"],\\\"networkFirewallStatelessFragmentDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"fragmentcustomactionname\\\"],\\\"networkFirewallStatelessCustomActions\\\":[{\\\"actionName\\\":\\\"customActionName\\\", \\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"metricdimensionvalue\\\"}]}}},{\\\"actionName\\\":\\\"fragmentcustomactionname\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"fragmentmetricdimensionvalue\\\"}]}}}],\\\"networkFirewallStatefulRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\\\"}],\\\"networkFirewallOrchestrationConfig\\\":{\\\"firewallCreationConfig\\\":{ \\\"endpointLocation\\\":{\\\"availabilityZoneConfigList\\\":[{\\\"availabilityZoneName\\\":\\\"us-east-1a\\\",\\\"allowedIPV4CidrList\\\":[\\\"10.0.0.0/28\\\"]},{\\\"availabilityZoneName\\\":\\\"us-east-1b\\\",\\\"allowedIPV4CidrList\\\":[ \\\"10.0.0.0/28\\\"]}]} },\\\"singleFirewallEndpointPerVPC\\\":false,\\\"allowedIPV4CidrList\\\":null,\\\"routeManagementAction\\\":\\\"OFF\\\",\\\"networkFirewallLoggingConfiguration\\\":{\\\"logDestinationConfigs\\\":[{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\":\\\"ALERT\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}},{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\":\\\"FLOW\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}}],\\\"overrideExistingConfig\\\":boolean}}\"
With custom Availability Zone configuration, you define which specific Availability Zones to create endpoints in by configuring firewallCreationConfig
. To configure the Availability Zones in firewallCreationConfig
, specify either the availabilityZoneName
or availabilityZoneId
parameter, not both parameters.
To use the distributed deployment model, you must set PolicyOption to NULL
.
Example: NETWORK_FIREWALL
- Distributed deployment model with custom Availability Zone configuration and route management
\"{\\\"type\\\":\\\"NETWORK_FIREWALL\\\",\\\"networkFirewallStatelessRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\\\",\\\"priority\\\":1}],\\\"networkFirewallStatelessDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"customActionName\\\"],\\\"networkFirewallStatelessFragmentDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"fragmentcustomactionname\\\"],\\\"networkFirewallStatelessCustomActions\\\":[{\\\"actionName\\\":\\\"customActionName\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"metricdimensionvalue\\\"}]}}},{\\\"actionName\\\":\\\"fragmentcustomactionname\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"fragmentmetricdimensionvalue\\\"}]}}}],\\\"networkFirewallStatefulRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\\\"}],\\\"networkFirewallOrchestrationConfig\\\":{\\\"firewallCreationConfig\\\":{\\\"endpointLocation\\\":{\\\"availabilityZoneConfigList\\\":[{\\\"availabilityZoneName\\\":\\\"us-east-1a\\\",\\\"allowedIPV4CidrList\\\":[\\\"10.0.0.0/28\\\"]},{\\\"availabilityZoneName\\\":\\\"us-east-1b\\\",\\\"allowedIPV4CidrList\\\":[\\\"10.0.0.0/28\\\"]}]}},\\\"singleFirewallEndpointPerVPC\\\":false,\\\"allowedIPV4CidrList\\\":null,\\\"routeManagementAction\\\":\\\"MONITOR\\\",\\\"routeManagementTargetTypes\\\":[\\\"InternetGateway\\\"],\\\"routeManagementConfig\\\":{\\\"allowCrossAZTrafficIfNoEndpoint\\\":true}},\\\"networkFirewallLoggingConfiguration\\\":{\\\"logDestinationConfigs\\\":[{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\":\\\"ALERT\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}},{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\":\\\"FLOW\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}}],\\\"overrideExistingConfig\\\":boolean}}\"
To use the distributed deployment model, you must set PolicyOption to NULL
.
Example: THIRD_PARTY_FIREWALL
\"{ \"type\":\"THIRD_PARTY_FIREWALL\", \"thirdPartyFirewall\":\"PALO_ALTO_NETWORKS_CLOUD_NGFW\", \"thirdPartyFirewallConfig\":{ \"thirdPartyFirewallPolicyList\":[\"global-1\"] }, \"firewallDeploymentModel\":{ \"distributedFirewallDeploymentModel\":{ \"distributedFirewallOrchestrationConfig\":{ \"firewallCreationConfig\":{ \"endpointLocation\":{ \"availabilityZoneConfigList\":[ { \"availabilityZoneName\":\"${AvailabilityZone}\" } ] } }, \"allowedIPV4CidrList\":[ ] } } } }\"
Specification for SHIELD_ADVANCED
for Amazon CloudFront distributions
\"{\\\"type\\\":\\\"SHIELD_ADVANCED\\\",\\\"automaticResponseConfiguration\\\": {\\\"automaticResponseStatus\\\":\\\"ENABLED|IGNORED|DISABLED\\\", \\\"automaticResponseAction\\\":\\\"BLOCK|COUNT\\\"}, \\\"overrideCustomerWebaclClassic\\\":true|false}\"
For example: \"{\\\"type\\\":\\\"SHIELD_ADVANCED\\\",\\\"automaticResponseConfiguration\\\": {\\\"automaticResponseStatus\\\":\\\"ENABLED\\\", \\\"automaticResponseAction\\\":\\\"COUNT\\\"}}\"
The default value for automaticResponseStatus
is IGNORED
. The value for automaticResponseAction
is only required when automaticResponseStatus
is set to ENABLED
. The default value for overrideCustomerWebaclClassic
is false
.
For other resource types that you can protect with a Shield Advanced policy, this ManagedServiceData
configuration is an empty string.
Example: WAFV2
\"{\\\"type\\\":\\\"WAFV2\\\",\\\"preProcessRuleGroups\\\":[{\\\"ruleGroupArn\\\":null,\\\"overrideAction\\\":{\\\"type\\\":\\\"NONE\\\"},\\\"managedRuleGroupIdentifier\\\":{\\\"version\\\":null,\\\"vendorName\\\":\\\"AWS\\\",\\\"managedRuleGroupName\\\":\\\"AWSManagedRulesAmazonIpReputationList\\\"},\\\"ruleGroupType\\\":\\\"ManagedRuleGroup\\\",\\\"excludeRules\\\":[{\\\"name\\\":\\\"NoUserAgent_HEADER\\\"}]}],\\\"postProcessRuleGroups\\\":[],\\\"defaultAction\\\":{\\\"type\\\":\\\"ALLOW\\\"},\\\"overrideCustomerWebACLAssociation\\\":false,\\\"loggingConfiguration\\\":{\\\"logDestinationConfigs\\\":[\\\"arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination\\\"],\\\"redactedFields\\\":[{\\\"redactedFieldType\\\":\\\"SingleHeader\\\",\\\"redactedFieldValue\\\":\\\"Cookies\\\"},{\\\"redactedFieldType\\\":\\\"Method\\\"}]}}\"
In the loggingConfiguration
, you can specify one logDestinationConfigs
, you can optionally provide up to 20 redactedFields
, and the RedactedFieldType
must be one of URI
, QUERY_STRING
, HEADER
, or METHOD
.
Example: WAF Classic
\"{\\\"type\\\": \\\"WAF\\\", \\\"ruleGroups\\\": [{\\\"id\\\":\\\"12345678-1bcd-9012-efga-0987654321ab\\\", \\\"overrideAction\\\" : {\\\"type\\\": \\\"COUNT\\\"}}], \\\"defaultAction\\\": {\\\"type\\\": \\\"BLOCK\\\"}}\"
Example: WAFV2
- Firewall Manager support for WAF managed rule group versioning
\"{\\\"type\\\":\\\"WAFV2\\\",\\\"preProcessRuleGroups\\\":[{\\\"ruleGroupArn\\\":null,\\\"overrideAction\\\":{\\\"type\\\":\\\"NONE\\\"},\\\"managedRuleGroupIdentifier\\\":{\\\"versionEnabled\\\":true,\\\"version\\\":\\\"Version_2.0\\\",\\\"vendorName\\\":\\\"AWS\\\",\\\"managedRuleGroupName\\\":\\\"AWSManagedRulesCommonRuleSet\\\"},\\\"ruleGroupType\\\":\\\"ManagedRuleGroup\\\",\\\"excludeRules\\\":[{\\\"name\\\":\\\"NoUserAgent_HEADER\\\"}]}],\\\"postProcessRuleGroups\\\":[],\\\"defaultAction\\\":{\\\"type\\\":\\\"ALLOW\\\"},\\\"overrideCustomerWebACLAssociation\\\":false,\\\"loggingConfiguration\\\":{\\\"logDestinationConfigs\\\":[\\\"arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination\\\"],\\\"redactedFields\\\":[{\\\"redactedFieldType\\\":\\\"SingleHeader\\\",\\\"redactedFieldValue\\\":\\\"Cookies\\\"},{\\\"redactedFieldType\\\":\\\"Method\\\"}]}}\"
To use a specific version of a WAF managed rule group in your Firewall Manager policy, you must set versionEnabled
to true
, and set version
to the version you'd like to use. If you don't set versionEnabled
to true
, or if you omit versionEnabled
, then Firewall Manager uses the default version of the WAF managed rule group.
Example: SECURITY_GROUPS_COMMON
\"{\\\"type\\\":\\\"SECURITY_GROUPS_COMMON\\\",\\\"revertManualSecurityGroupChanges\\\":false,\\\"exclusiveResourceSecurityGroupManagement\\\":false, \\\"applyToAllEC2InstanceENIs\\\":false,\\\"securityGroups\\\":[{\\\"id\\\":\\\" sg-000e55995d61a06bd\\\"}]}\"
Example: SECURITY_GROUPS_COMMON
- Security group tag distribution
\"\"{\\\"type\\\":\\\"SECURITY_GROUPS_COMMON\\\",\\\"securityGroups\\\":[{\\\"id\\\":\\\"sg-000e55995d61a06bd\\\"}],\\\"revertManualSecurityGroupChanges\\\":true,\\\"exclusiveResourceSecurityGroupManagement\\\":false,\\\"applyToAllEC2InstanceENIs\\\":false,\\\"includeSharedVPC\\\":false,\\\"enableTagDistribution\\\":true}\"\"
Firewall Manager automatically distributes tags from the primary group to the security groups created by this policy. To use security group tag distribution, you must also set revertManualSecurityGroupChanges
to true
, otherwise Firewall Manager won't be able to create the policy. When you enable revertManualSecurityGroupChanges
, Firewall Manager identifies and reports when the security groups created by this policy become non-compliant.
Firewall Manager won't distrubute system tags added by Amazon Web Services services into the replica security groups. System tags begin with the aws:
prefix.
Example: Shared VPCs. Apply the preceding policy to resources in shared VPCs as well as to those in VPCs that the account owns
\"{\\\"type\\\":\\\"SECURITY_GROUPS_COMMON\\\",\\\"revertManualSecurityGroupChanges\\\":false,\\\"exclusiveResourceSecurityGroupManagement\\\":false, \\\"applyToAllEC2InstanceENIs\\\":false,\\\"includeSharedVPC\\\":true,\\\"securityGroups\\\":[{\\\"id\\\":\\\" sg-000e55995d61a06bd\\\"}]}\"
Example: SECURITY_GROUPS_CONTENT_AUDIT
\"{\\\"type\\\":\\\"SECURITY_GROUPS_CONTENT_AUDIT\\\",\\\"securityGroups\\\":[{\\\"id\\\":\\\"sg-000e55995d61a06bd\\\"}],\\\"securityGroupAction\\\":{\\\"type\\\":\\\"ALLOW\\\"}}\"
The security group action for content audit can be ALLOW
or DENY
. For ALLOW
, all in-scope security group rules must be within the allowed range of the policy's security group rules. For DENY
, all in-scope security group rules must not contain a value or a range that matches a rule value or range in the policy security group.
Example: SECURITY_GROUPS_USAGE_AUDIT
\"{\\\"type\\\":\\\"SECURITY_GROUPS_USAGE_AUDIT\\\",\\\"deleteUnusedSecurityGroups\\\":true,\\\"coalesceRedundantSecurityGroups\\\":true}\"
Details about the service that are specific to the service type, in JSON format.
Example: DNS_FIREWALL
\"{\\\"type\\\":\\\"DNS_FIREWALL\\\",\\\"preProcessRuleGroups\\\":[{\\\"ruleGroupId\\\":\\\"rslvr-frg-1\\\",\\\"priority\\\":10}],\\\"postProcessRuleGroups\\\":[{\\\"ruleGroupId\\\":\\\"rslvr-frg-2\\\",\\\"priority\\\":9911}]}\"
Valid values for preProcessRuleGroups
are between 1 and 99. Valid values for postProcessRuleGroups
are between 9901 and 10000.
Example: NETWORK_FIREWALL
- Centralized deployment model
\"{\\\"type\\\":\\\"NETWORK_FIREWALL\\\",\\\"awsNetworkFirewallConfig\\\":{\\\"networkFirewallStatelessRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\\\",\\\"priority\\\":1}],\\\"networkFirewallStatelessDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"customActionName\\\"],\\\"networkFirewallStatelessFragmentDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"customActionName\\\"],\\\"networkFirewallStatelessCustomActions\\\":[{\\\"actionName\\\":\\\"customActionName\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"metricdimensionvalue\\\"}]}}}],\\\"networkFirewallStatefulRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\\\"}],\\\"networkFirewallLoggingConfiguration\\\":{\\\"logDestinationConfigs\\\":[{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\":\\\"ALERT\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}},{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\":\\\"FLOW\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}}],\\\"overrideExistingConfig\\\":true}},\\\"firewallDeploymentModel\\\":{\\\"centralizedFirewallDeploymentModel\\\":{\\\"centralizedFirewallOrchestrationConfig\\\":{\\\"inspectionVpcIds\\\":[{\\\"resourceId\\\":\\\"vpc-1234\\\",\\\"accountId\\\":\\\"123456789011\\\"}],\\\"firewallCreationConfig\\\":{\\\"endpointLocation\\\":{\\\"availabilityZoneConfigList\\\":[{\\\"availabilityZoneId\\\":null,\\\"availabilityZoneName\\\":\\\"us-east-1a\\\",\\\"allowedIPV4CidrList\\\":[\\\"10.0.0.0/28\\\"]}]}},\\\"allowedIPV4CidrList\\\":[]}}}}\"
To use the centralized deployment model, you must set PolicyOption to CENTRALIZED
.
Example: NETWORK_FIREWALL
- Distributed deployment model with automatic Availability Zone configuration
\"{\\\"type\\\":\\\"NETWORK_FIREWALL\\\",\\\"networkFirewallStatelessRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\\\",\\\"priority\\\":1}],\\\"networkFirewallStatelessDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"customActionName\\\"],\\\"networkFirewallStatelessFragmentDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"customActionName\\\"],\\\"networkFirewallStatelessCustomActions\\\":[{\\\"actionName\\\":\\\"customActionName\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"metricdimensionvalue\\\"}]}}}],\\\"networkFirewallStatefulRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\\\"}],\\\"networkFirewallOrchestrationConfig\\\":{\\\"singleFirewallEndpointPerVPC\\\":false,\\\"allowedIPV4CidrList\\\":[\\\"10.0.0.0/28\\\",\\\"192.168.0.0/28\\\"],\\\"routeManagementAction\\\":\\\"OFF\\\"},\\\"networkFirewallLoggingConfiguration\\\":{\\\"logDestinationConfigs\\\":[{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\":\\\"ALERT\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}},{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\":\\\"FLOW\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}}],\\\"overrideExistingConfig\\\":true}}\"
With automatic Availbility Zone configuration, Firewall Manager chooses which Availability Zones to create the endpoints in. To use the distributed deployment model, you must set PolicyOption to NULL
.
Example: NETWORK_FIREWALL
- Distributed deployment model with automatic Availability Zone configuration and route management
\"{\\\"type\\\":\\\"NETWORK_FIREWALL\\\",\\\"networkFirewallStatelessRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\\\",\\\"priority\\\":1}],\\\"networkFirewallStatelessDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"customActionName\\\"],\\\"networkFirewallStatelessFragmentDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"customActionName\\\"],\\\"networkFirewallStatelessCustomActions\\\":[{\\\"actionName\\\":\\\"customActionName\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"metricdimensionvalue\\\"}]}}}],\\\"networkFirewallStatefulRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\\\"}],\\\"networkFirewallOrchestrationConfig\\\":{\\\"singleFirewallEndpointPerVPC\\\":false,\\\"allowedIPV4CidrList\\\":[\\\"10.0.0.0/28\\\",\\\"192.168.0.0/28\\\"],\\\"routeManagementAction\\\":\\\"MONITOR\\\",\\\"routeManagementTargetTypes\\\":[\\\"InternetGateway\\\"]},\\\"networkFirewallLoggingConfiguration\\\":{\\\"logDestinationConfigs\\\":[{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\":\\\"ALERT\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}},{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\": \\\"FLOW\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}}],\\\"overrideExistingConfig\\\":true}}\"
To use the distributed deployment model, you must set PolicyOption to NULL
.
Example: NETWORK_FIREWALL
- Distributed deployment model with custom Availability Zone configuration
\"{\\\"type\\\":\\\"NETWORK_FIREWALL\\\",\\\"networkFirewallStatelessRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\\\",\\\"priority\\\":1}],\\\"networkFirewallStatelessDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"customActionName\\\"],\\\"networkFirewallStatelessFragmentDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"fragmentcustomactionname\\\"],\\\"networkFirewallStatelessCustomActions\\\":[{\\\"actionName\\\":\\\"customActionName\\\", \\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"metricdimensionvalue\\\"}]}}},{\\\"actionName\\\":\\\"fragmentcustomactionname\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"fragmentmetricdimensionvalue\\\"}]}}}],\\\"networkFirewallStatefulRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\\\"}],\\\"networkFirewallOrchestrationConfig\\\":{\\\"firewallCreationConfig\\\":{ \\\"endpointLocation\\\":{\\\"availabilityZoneConfigList\\\":[{\\\"availabilityZoneName\\\":\\\"us-east-1a\\\",\\\"allowedIPV4CidrList\\\":[\\\"10.0.0.0/28\\\"]},{\\\"availabilityZoneName\\\":\\\"us-east-1b\\\",\\\"allowedIPV4CidrList\\\":[ \\\"10.0.0.0/28\\\"]}]} },\\\"singleFirewallEndpointPerVPC\\\":false,\\\"allowedIPV4CidrList\\\":null,\\\"routeManagementAction\\\":\\\"OFF\\\",\\\"networkFirewallLoggingConfiguration\\\":{\\\"logDestinationConfigs\\\":[{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\":\\\"ALERT\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}},{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\":\\\"FLOW\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}}],\\\"overrideExistingConfig\\\":boolean}}\"
With custom Availability Zone configuration, you define which specific Availability Zones to create endpoints in by configuring firewallCreationConfig
. To configure the Availability Zones in firewallCreationConfig
, specify either the availabilityZoneName
or availabilityZoneId
parameter, not both parameters.
To use the distributed deployment model, you must set PolicyOption to NULL
.
Example: NETWORK_FIREWALL
- Distributed deployment model with custom Availability Zone configuration and route management
\"{\\\"type\\\":\\\"NETWORK_FIREWALL\\\",\\\"networkFirewallStatelessRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\\\",\\\"priority\\\":1}],\\\"networkFirewallStatelessDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"customActionName\\\"],\\\"networkFirewallStatelessFragmentDefaultActions\\\":[\\\"aws:forward_to_sfe\\\",\\\"fragmentcustomactionname\\\"],\\\"networkFirewallStatelessCustomActions\\\":[{\\\"actionName\\\":\\\"customActionName\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"metricdimensionvalue\\\"}]}}},{\\\"actionName\\\":\\\"fragmentcustomactionname\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"fragmentmetricdimensionvalue\\\"}]}}}],\\\"networkFirewallStatefulRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\\\"}],\\\"networkFirewallOrchestrationConfig\\\":{\\\"firewallCreationConfig\\\":{\\\"endpointLocation\\\":{\\\"availabilityZoneConfigList\\\":[{\\\"availabilityZoneName\\\":\\\"us-east-1a\\\",\\\"allowedIPV4CidrList\\\":[\\\"10.0.0.0/28\\\"]},{\\\"availabilityZoneName\\\":\\\"us-east-1b\\\",\\\"allowedIPV4CidrList\\\":[\\\"10.0.0.0/28\\\"]}]}},\\\"singleFirewallEndpointPerVPC\\\":false,\\\"allowedIPV4CidrList\\\":null,\\\"routeManagementAction\\\":\\\"MONITOR\\\",\\\"routeManagementTargetTypes\\\":[\\\"InternetGateway\\\"],\\\"routeManagementConfig\\\":{\\\"allowCrossAZTrafficIfNoEndpoint\\\":true}},\\\"networkFirewallLoggingConfiguration\\\":{\\\"logDestinationConfigs\\\":[{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\":\\\"ALERT\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}},{\\\"logDestinationType\\\":\\\"S3\\\",\\\"logType\\\":\\\"FLOW\\\",\\\"logDestination\\\":{\\\"bucketName\\\":\\\"s3-bucket-name\\\"}}],\\\"overrideExistingConfig\\\":boolean}}\"
To use the distributed deployment model, you must set PolicyOption to NULL
.
Example: THIRD_PARTY_FIREWALL
\"{ \"type\":\"THIRD_PARTY_FIREWALL\", \"thirdPartyFirewall\":\"PALO_ALTO_NETWORKS_CLOUD_NGFW\", \"thirdPartyFirewallConfig\":{ \"thirdPartyFirewallPolicyList\":[\"global-1\"] }, \"firewallDeploymentModel\":{ \"distributedFirewallDeploymentModel\":{ \"distributedFirewallOrchestrationConfig\":{ \"firewallCreationConfig\":{ \"endpointLocation\":{ \"availabilityZoneConfigList\":[ { \"availabilityZoneName\":\"${AvailabilityZone}\" } ] } }, \"allowedIPV4CidrList\":[ ] } } } }\"
Example: SECURITY_GROUPS_COMMON
\"{\\\"type\\\":\\\"SECURITY_GROUPS_COMMON\\\",\\\"revertManualSecurityGroupChanges\\\":false,\\\"exclusiveResourceSecurityGroupManagement\\\":false, \\\"applyToAllEC2InstanceENIs\\\":false,\\\"securityGroups\\\":[{\\\"id\\\":\\\" sg-000e55995d61a06bd\\\"}]}\"
Example: SECURITY_GROUPS_COMMON
- Security group tag distribution
\"\"{\\\"type\\\":\\\"SECURITY_GROUPS_COMMON\\\",\\\"securityGroups\\\":[{\\\"id\\\":\\\"sg-000e55995d61a06bd\\\"}],\\\"revertManualSecurityGroupChanges\\\":true,\\\"exclusiveResourceSecurityGroupManagement\\\":false,\\\"applyToAllEC2InstanceENIs\\\":false,\\\"includeSharedVPC\\\":false,\\\"enableTagDistribution\\\":true}\"\"
Firewall Manager automatically distributes tags from the primary group to the security groups created by this policy. To use security group tag distribution, you must also set revertManualSecurityGroupChanges
to true
, otherwise Firewall Manager won't be able to create the policy. When you enable revertManualSecurityGroupChanges
, Firewall Manager identifies and reports when the security groups created by this policy become non-compliant.
Firewall Manager won't distrubute system tags added by Amazon Web Services services into the replica security groups. System tags begin with the aws:
prefix.
Example: Shared VPCs. Apply the preceding policy to resources in shared VPCs as well as to those in VPCs that the account owns
\"{\\\"type\\\":\\\"SECURITY_GROUPS_COMMON\\\",\\\"revertManualSecurityGroupChanges\\\":false,\\\"exclusiveResourceSecurityGroupManagement\\\":false, \\\"applyToAllEC2InstanceENIs\\\":false,\\\"includeSharedVPC\\\":true,\\\"securityGroups\\\":[{\\\"id\\\":\\\" sg-000e55995d61a06bd\\\"}]}\"
Example: SECURITY_GROUPS_CONTENT_AUDIT
\"{\\\"type\\\":\\\"SECURITY_GROUPS_CONTENT_AUDIT\\\",\\\"securityGroups\\\":[{\\\"id\\\":\\\"sg-000e55995d61a06bd\\\"}],\\\"securityGroupAction\\\":{\\\"type\\\":\\\"ALLOW\\\"}}\"
The security group action for content audit can be ALLOW
or DENY
. For ALLOW
, all in-scope security group rules must be within the allowed range of the policy's security group rules. For DENY
, all in-scope security group rules must not contain a value or a range that matches a rule value or range in the policy security group.
Example: SECURITY_GROUPS_USAGE_AUDIT
\"{\\\"type\\\":\\\"SECURITY_GROUPS_USAGE_AUDIT\\\",\\\"deleteUnusedSecurityGroups\\\":true,\\\"coalesceRedundantSecurityGroups\\\":true}\"
Specification for SHIELD_ADVANCED
for Amazon CloudFront distributions
\"{\\\"type\\\":\\\"SHIELD_ADVANCED\\\",\\\"automaticResponseConfiguration\\\": {\\\"automaticResponseStatus\\\":\\\"ENABLED|IGNORED|DISABLED\\\", \\\"automaticResponseAction\\\":\\\"BLOCK|COUNT\\\"}, \\\"overrideCustomerWebaclClassic\\\":true|false}\"
For example: \"{\\\"type\\\":\\\"SHIELD_ADVANCED\\\",\\\"automaticResponseConfiguration\\\": {\\\"automaticResponseStatus\\\":\\\"ENABLED\\\", \\\"automaticResponseAction\\\":\\\"COUNT\\\"}}\"
The default value for automaticResponseStatus
is IGNORED
. The value for automaticResponseAction
is only required when automaticResponseStatus
is set to ENABLED
. The default value for overrideCustomerWebaclClassic
is false
.
For other resource types that you can protect with a Shield Advanced policy, this ManagedServiceData
configuration is an empty string.
Example: WAFV2
\"{\\\"type\\\":\\\"WAFV2\\\",\\\"preProcessRuleGroups\\\":[{\\\"ruleGroupArn\\\":null,\\\"overrideAction\\\":{\\\"type\\\":\\\"NONE\\\"},\\\"managedRuleGroupIdentifier\\\":{\\\"version\\\":null,\\\"vendorName\\\":\\\"AWS\\\",\\\"managedRuleGroupName\\\":\\\"AWSManagedRulesAmazonIpReputationList\\\"},\\\"ruleGroupType\\\":\\\"ManagedRuleGroup\\\",\\\"excludeRules\\\":[{\\\"name\\\":\\\"NoUserAgent_HEADER\\\"}]}],\\\"postProcessRuleGroups\\\":[],\\\"defaultAction\\\":{\\\"type\\\":\\\"ALLOW\\\"},\\\"overrideCustomerWebACLAssociation\\\":false,\\\"loggingConfiguration\\\":{\\\"logDestinationConfigs\\\":[\\\"arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination\\\"],\\\"redactedFields\\\":[{\\\"redactedFieldType\\\":\\\"SingleHeader\\\",\\\"redactedFieldValue\\\":\\\"Cookies\\\"},{\\\"redactedFieldType\\\":\\\"Method\\\"}]}}\"
In the loggingConfiguration
, you can specify one logDestinationConfigs
, you can optionally provide up to 20 redactedFields
, and the RedactedFieldType
must be one of URI
, QUERY_STRING
, HEADER
, or METHOD
.
Example: WAFV2
- Firewall Manager support for WAF managed rule group versioning
\"{\\\"type\\\":\\\"WAFV2\\\",\\\"preProcessRuleGroups\\\":[{\\\"ruleGroupArn\\\":null,\\\"overrideAction\\\":{\\\"type\\\":\\\"NONE\\\"},\\\"managedRuleGroupIdentifier\\\":{\\\"versionEnabled\\\":true,\\\"version\\\":\\\"Version_2.0\\\",\\\"vendorName\\\":\\\"AWS\\\",\\\"managedRuleGroupName\\\":\\\"AWSManagedRulesCommonRuleSet\\\"},\\\"ruleGroupType\\\":\\\"ManagedRuleGroup\\\",\\\"excludeRules\\\":[{\\\"name\\\":\\\"NoUserAgent_HEADER\\\"}]}],\\\"postProcessRuleGroups\\\":[],\\\"defaultAction\\\":{\\\"type\\\":\\\"ALLOW\\\"},\\\"overrideCustomerWebACLAssociation\\\":false,\\\"loggingConfiguration\\\":{\\\"logDestinationConfigs\\\":[\\\"arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination\\\"],\\\"redactedFields\\\":[{\\\"redactedFieldType\\\":\\\"SingleHeader\\\",\\\"redactedFieldValue\\\":\\\"Cookies\\\"},{\\\"redactedFieldType\\\":\\\"Method\\\"}]}}\"
To use a specific version of a WAF managed rule group in your Firewall Manager policy, you must set versionEnabled
to true
, and set version
to the version you'd like to use. If you don't set versionEnabled
to true
, or if you omit versionEnabled
, then Firewall Manager uses the default version of the WAF managed rule group.
Example: WAF Classic
\"{\\\"type\\\": \\\"WAF\\\", \\\"ruleGroups\\\": [{\\\"id\\\":\\\"12345678-1bcd-9012-efga-0987654321ab\\\", \\\"overrideAction\\\" : {\\\"type\\\": \\\"COUNT\\\"}}], \\\"defaultAction\\\": {\\\"type\\\": \\\"BLOCK\\\"}}\"
Violation detail for an Network Firewall policy that indicates that an Availability Zone is missing the expected Firewall Manager managed subnet.
" } }, + "NetworkFirewallOverrideAction": { + "base": null, + "refs": { + "NetworkFirewallStatefulRuleGroupOverride$Action": "The action that changes the rule group from DROP
to ALERT
. This only applies to managed rule groups.
Configures the firewall policy deployment model of Network Firewall. For information about Network Firewall deployment models, see Network Firewall example architectures with routing in the Network Firewall Developer Guide.
", "refs": { @@ -801,6 +807,12 @@ "StatelessRuleGroup$RuleGroupName": "The name of the rule group.
" } }, + "NetworkFirewallStatefulRuleGroupOverride": { + "base": "The setting that allows the policy owner to change the behavior of the rule group within a policy.
", + "refs": { + "StatefulRuleGroup$Override": "The action that allows the policy owner to override the behavior of the rule group within a policy.
" + } + }, "NetworkFirewallUnexpectedFirewallRoutesViolation": { "base": "Violation detail for an unexpected route that's present in a route table.
", "refs": { diff --git a/models/apis/fms/2018-01-01/endpoint-rule-set-1.json b/models/apis/fms/2018-01-01/endpoint-rule-set-1.json new file mode 100644 index 00000000000..ca31f741d6a --- /dev/null +++ b/models/apis/fms/2018-01-01/endpoint-rule-set-1.json @@ -0,0 +1,315 @@ +{ + "version": "1.0", + "parameters": { + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "String" + }, + "UseDualStack": { + "builtIn": "AWS::UseDualStack", + "required": true, + "default": false, + "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", + "type": "Boolean" + }, + "UseFIPS": { + "builtIn": "AWS::UseFIPS", + "required": true, + "default": false, + "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", + "type": "Boolean" + }, + "Endpoint": { + "builtIn": "SDK::Endpoint", + "required": false, + "documentation": "Override the endpoint used to send this request", + "type": "String" + } + }, + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + }, + { + "fn": "parseURL", + "argv": [ + { + "ref": "Endpoint" + } + ], + "assign": "url" + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://fms-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://fms-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://fms.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" + } + ] + }, + { + "conditions": [], + "endpoint": { + "url": "https://fms.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] +} \ No newline at end of file diff --git a/models/apis/fms/2018-01-01/endpoint-tests-1.json b/models/apis/fms/2018-01-01/endpoint-tests-1.json new file mode 100644 index 00000000000..86ce25f2cf4 --- /dev/null +++ b/models/apis/fms/2018-01-01/endpoint-tests-1.json @@ -0,0 +1,1343 @@ +{ + "testCases": [ + { + "documentation": "For region ap-south-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.ap-south-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-south-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-south-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.ap-south-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-south-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-south-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms.ap-south-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-south-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-south-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms.ap-south-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-south-1", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-south-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.eu-south-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-south-1", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-south-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.eu-south-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-south-1", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-south-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms.eu-south-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-south-1", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-south-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms.eu-south-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-south-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.us-gov-east-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-gov-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.us-gov-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-gov-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms.us-gov-east-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-gov-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms.us-gov-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-gov-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ca-central-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.ca-central-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ca-central-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ca-central-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.ca-central-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ca-central-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ca-central-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms.ca-central-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ca-central-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ca-central-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms.ca-central-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ca-central-1", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-central-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.eu-central-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-central-1", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-central-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.eu-central-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-central-1", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-central-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms.eu-central-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-central-1", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-central-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms.eu-central-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-central-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-west-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.us-west-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-west-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-west-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.us-west-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-west-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-west-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms.us-west-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-west-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-west-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms.us-west-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-west-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-west-2 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.us-west-2.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-west-2", + "UseDualStack": true + } + }, + { + "documentation": "For region us-west-2 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.us-west-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-west-2", + "UseDualStack": false + } + }, + { + "documentation": "For region us-west-2 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms.us-west-2.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-west-2", + "UseDualStack": true + } + }, + { + "documentation": "For region us-west-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms.us-west-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-west-2", + "UseDualStack": false + } + }, + { + "documentation": "For region af-south-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.af-south-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "af-south-1", + "UseDualStack": true + } + }, + { + "documentation": "For region af-south-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.af-south-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "af-south-1", + "UseDualStack": false + } + }, + { + "documentation": "For region af-south-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms.af-south-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "af-south-1", + "UseDualStack": true + } + }, + { + "documentation": "For region af-south-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms.af-south-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "af-south-1", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-north-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.eu-north-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-north-1", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-north-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.eu-north-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-north-1", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-north-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms.eu-north-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-north-1", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-north-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms.eu-north-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-north-1", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-west-3 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.eu-west-3.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-west-3", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-west-3 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.eu-west-3.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-west-3", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-west-3 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms.eu-west-3.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-west-3", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-west-3 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms.eu-west-3.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-west-3", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-west-2 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.eu-west-2.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-west-2", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-west-2 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.eu-west-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-west-2", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-west-2 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms.eu-west-2.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-west-2", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-west-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms.eu-west-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-west-2", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-west-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.eu-west-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-west-1", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-west-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.eu-west-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-west-1", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-west-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms.eu-west-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-west-1", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-west-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms.eu-west-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-west-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-northeast-3 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.ap-northeast-3.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-northeast-3", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-northeast-3 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.ap-northeast-3.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-northeast-3", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-northeast-3 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms.ap-northeast-3.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-northeast-3", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-northeast-3 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms.ap-northeast-3.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-northeast-3", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-northeast-2 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.ap-northeast-2.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-northeast-2", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-northeast-2 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.ap-northeast-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-northeast-2", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms.ap-northeast-2.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-northeast-2", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms.ap-northeast-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-northeast-2", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-northeast-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.ap-northeast-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-northeast-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-northeast-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.ap-northeast-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-northeast-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms.ap-northeast-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-northeast-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms.ap-northeast-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-northeast-1", + "UseDualStack": false + } + }, + { + "documentation": "For region me-south-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.me-south-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "me-south-1", + "UseDualStack": true + } + }, + { + "documentation": "For region me-south-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.me-south-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "me-south-1", + "UseDualStack": false + } + }, + { + "documentation": "For region me-south-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms.me-south-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "me-south-1", + "UseDualStack": true + } + }, + { + "documentation": "For region me-south-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms.me-south-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "me-south-1", + "UseDualStack": false + } + }, + { + "documentation": "For region sa-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.sa-east-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "sa-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region sa-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.sa-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "sa-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region sa-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms.sa-east-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "sa-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region sa-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms.sa-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "sa-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.ap-east-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.ap-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms.ap-east-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms.ap-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.cn-north-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "UseFIPS": true, + "Region": "cn-north-1", + "UseDualStack": true + } + }, + { + "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.cn-north-1.amazonaws.com.cn" + } + }, + "params": { + "UseFIPS": true, + "Region": "cn-north-1", + "UseDualStack": false + } + }, + { + "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms.cn-north-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "UseFIPS": false, + "Region": "cn-north-1", + "UseDualStack": true + } + }, + { + "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms.cn-north-1.amazonaws.com.cn" + } + }, + "params": { + "UseFIPS": false, + "Region": "cn-north-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-gov-west-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.us-gov-west-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-gov-west-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-gov-west-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.us-gov-west-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-gov-west-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-gov-west-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms.us-gov-west-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-gov-west-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-gov-west-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms.us-gov-west-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-gov-west-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-southeast-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.ap-southeast-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-southeast-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-southeast-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.ap-southeast-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-southeast-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms.ap-southeast-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-southeast-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms.ap-southeast-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-southeast-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-southeast-2 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.ap-southeast-2.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-southeast-2", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-southeast-2 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.ap-southeast-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-southeast-2", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms.ap-southeast-2.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-southeast-2", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms.ap-southeast-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-southeast-2", + "UseDualStack": false + } + }, + { + "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.us-east-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.us-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms.us-east-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms.us-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-east-2 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.us-east-2.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-east-2", + "UseDualStack": true + } + }, + { + "documentation": "For region us-east-2 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.us-east-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-east-2", + "UseDualStack": false + } + }, + { + "documentation": "For region us-east-2 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms.us-east-2.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-east-2", + "UseDualStack": true + } + }, + { + "documentation": "For region us-east-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms.us-east-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-east-2", + "UseDualStack": false + } + }, + { + "documentation": "For region cn-northwest-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.cn-northwest-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "UseFIPS": true, + "Region": "cn-northwest-1", + "UseDualStack": true + } + }, + { + "documentation": "For region cn-northwest-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms-fips.cn-northwest-1.amazonaws.com.cn" + } + }, + "params": { + "UseFIPS": true, + "Region": "cn-northwest-1", + "UseDualStack": false + } + }, + { + "documentation": "For region cn-northwest-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://fms.cn-northwest-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "UseFIPS": false, + "Region": "cn-northwest-1", + "UseDualStack": true + } + }, + { + "documentation": "For region cn-northwest-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://fms.cn-northwest-1.amazonaws.com.cn" + } + }, + "params": { + "UseFIPS": false, + "Region": "cn-northwest-1", + "UseDualStack": false + } + }, + { + "documentation": "For custom endpoint with fips disabled and dualstack disabled", + "expect": { + "endpoint": { + "url": "https://example.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-east-1", + "UseDualStack": false, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "For custom endpoint with fips enabled and dualstack disabled", + "expect": { + "error": "Invalid Configuration: FIPS and custom endpoint are not supported" + }, + "params": { + "UseFIPS": true, + "Region": "us-east-1", + "UseDualStack": false, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "For custom endpoint with fips disabled and dualstack enabled", + "expect": { + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported" + }, + "params": { + "UseFIPS": false, + "Region": "us-east-1", + "UseDualStack": true, + "Endpoint": "https://example.com" + } + } + ], + "version": "1.0" +} \ No newline at end of file diff --git a/models/apis/glue/2017-03-31/api-2.json b/models/apis/glue/2017-03-31/api-2.json index fe4c488864e..3bd05d12f1d 100644 --- a/models/apis/glue/2017-03-31/api-2.json +++ b/models/apis/glue/2017-03-31/api-2.json @@ -4509,7 +4509,9 @@ "ContainsHeader":{"shape":"CsvHeaderOption"}, "Header":{"shape":"CsvHeader"}, "DisableValueTrimming":{"shape":"NullableBoolean"}, - "AllowSingleColumn":{"shape":"NullableBoolean"} + "AllowSingleColumn":{"shape":"NullableBoolean"}, + "CustomDatatypeConfigured":{"shape":"NullableBoolean"}, + "CustomDatatypes":{"shape":"CustomDatatypes"} } }, "CreateCustomEntityTypeRequest":{ @@ -4950,7 +4952,9 @@ "ContainsHeader":{"shape":"CsvHeaderOption"}, "Header":{"shape":"CsvHeader"}, "DisableValueTrimming":{"shape":"NullableBoolean"}, - "AllowSingleColumn":{"shape":"NullableBoolean"} + "AllowSingleColumn":{"shape":"NullableBoolean"}, + "CustomDatatypeConfigured":{"shape":"NullableBoolean"}, + "CustomDatatypes":{"shape":"CustomDatatypes"} } }, "CsvColumnDelimiter":{ @@ -4993,6 +4997,10 @@ "OutputSchemas":{"shape":"GlueSchemas"} } }, + "CustomDatatypes":{ + "type":"list", + "member":{"shape":"NameString"} + }, "CustomEntityType":{ "type":"structure", "required":[ @@ -10826,7 +10834,9 @@ "ContainsHeader":{"shape":"CsvHeaderOption"}, "Header":{"shape":"CsvHeader"}, "DisableValueTrimming":{"shape":"NullableBoolean"}, - "AllowSingleColumn":{"shape":"NullableBoolean"} + "AllowSingleColumn":{"shape":"NullableBoolean"}, + "CustomDatatypeConfigured":{"shape":"NullableBoolean"}, + "CustomDatatypes":{"shape":"CustomDatatypes"} } }, "UpdateDatabaseRequest":{ diff --git a/models/apis/glue/2017-03-31/docs-2.json b/models/apis/glue/2017-03-31/docs-2.json index 668320281ed..b38a242338b 100644 --- a/models/apis/glue/2017-03-31/docs-2.json +++ b/models/apis/glue/2017-03-31/docs-2.json @@ -1780,6 +1780,14 @@ "CodeGenConfigurationNode$CustomCode": "Specifies a transform that uses custom code you provide to perform the data transformation. The output is a collection of DynamicFrames.
" } }, + "CustomDatatypes": { + "base": null, + "refs": { + "CreateCsvClassifierRequest$CustomDatatypes": "Creates a list of supported custom datatypes.
", + "CsvClassifier$CustomDatatypes": "A list of custom datatypes including \"BINARY\", \"BOOLEAN\", \"DATE\", \"DECIMAL\", \"DOUBLE\", \"FLOAT\", \"INT\", \"LONG\", \"SHORT\", \"STRING\", \"TIMESTAMP\".
", + "UpdateCsvClassifierRequest$CustomDatatypes": "Specifies a list of supported custom datatypes.
" + } + }, "CustomEntityType": { "base": "An object representing a custom pattern for detecting sensitive data across the columns and rows of your structured data.
", "refs": { @@ -4667,6 +4675,7 @@ "CreateXMLClassifierRequest$Name": "The name of the classifier.
", "CsvClassifier$Name": "The name of the classifier.
", "CsvHeader$member": null, + "CustomDatatypes$member": null, "CustomEntityType$Name": "A name for the custom pattern that allows it to be retrieved or deleted later. This name must be unique per Amazon Web Services account.
", "CustomEntityType$RegexString": "A regular expression string that is used for detecting sensitive data in a custom pattern.
", "CustomEntityTypeNames$member": null, @@ -5089,8 +5098,10 @@ "BatchGetWorkflowsRequest$IncludeGraph": "Specifies whether to include a graph when returning the workflow resource metadata.
", "CreateCsvClassifierRequest$DisableValueTrimming": "Specifies not to trim values before identifying the type of column values. The default value is true.
", "CreateCsvClassifierRequest$AllowSingleColumn": "Enables the processing of files that contain only one column.
", + "CreateCsvClassifierRequest$CustomDatatypeConfigured": "Enables the configuration of custom datatypes.
", "CsvClassifier$DisableValueTrimming": "Specifies not to trim values before identifying the type of column values. The default value is true
.
Enables the processing of files that contain only one column.
", + "CsvClassifier$CustomDatatypeConfigured": "Enables the custom datatype to be configured.
", "DeltaTarget$WriteManifest": "Specifies whether to write the manifest files to the Delta table path.
", "DynamoDBTarget$scanAll": "Indicates whether to scan all the records, or to sample rows from the table. Scanning all the records can take a long time when the table is not a high throughput table.
A value of true
means to scan all records, while a value of false
means to sample the records. If no value is specified, the value defaults to true
.
The value to switch on or off to force the output to match the provided labels from users. If the value is True
, the find matches
transform forces the output to match the provided labels. The results override the normal conflation results. If the value is False
, the find matches
transform does not ensure all the labels provided are respected, and the results rely on the trained model.
Note that setting this value to true may increase the conflation execution time.
", @@ -5102,7 +5113,8 @@ "LakeFormationConfiguration$UseLakeFormationCredentials": "Specifies whether to use Lake Formation credentials for the crawler instead of the IAM role credentials.
", "MongoDBTarget$ScanAll": "Indicates whether to scan all the records, or to sample rows from the table. Scanning all the records can take a long time when the table is not a high throughput table.
A value of true
means to scan all records, while a value of false
means to sample the records. If no value is specified, the value defaults to true
.
Specifies not to trim values before identifying the type of column values. The default value is true.
", - "UpdateCsvClassifierRequest$AllowSingleColumn": "Enables the processing of files that contain only one column.
" + "UpdateCsvClassifierRequest$AllowSingleColumn": "Enables the processing of files that contain only one column.
", + "UpdateCsvClassifierRequest$CustomDatatypeConfigured": "Specifies the configuration of custom datatypes.
" } }, "NullableDouble": { diff --git a/models/apis/glue/2017-03-31/endpoint-rule-set-1.json b/models/apis/glue/2017-03-31/endpoint-rule-set-1.json new file mode 100644 index 00000000000..fac1a2e4247 --- /dev/null +++ b/models/apis/glue/2017-03-31/endpoint-rule-set-1.json @@ -0,0 +1,315 @@ +{ + "version": "1.0", + "parameters": { + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "String" + }, + "UseDualStack": { + "builtIn": "AWS::UseDualStack", + "required": true, + "default": false, + "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", + "type": "Boolean" + }, + "UseFIPS": { + "builtIn": "AWS::UseFIPS", + "required": true, + "default": false, + "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", + "type": "Boolean" + }, + "Endpoint": { + "builtIn": "SDK::Endpoint", + "required": false, + "documentation": "Override the endpoint used to send this request", + "type": "String" + } + }, + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + }, + { + "fn": "parseURL", + "argv": [ + { + "ref": "Endpoint" + } + ], + "assign": "url" + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://glue-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://glue-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://glue.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" + } + ] + }, + { + "conditions": [], + "endpoint": { + "url": "https://glue.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] +} \ No newline at end of file diff --git a/models/apis/glue/2017-03-31/endpoint-tests-1.json b/models/apis/glue/2017-03-31/endpoint-tests-1.json new file mode 100644 index 00000000000..f4d72c68822 --- /dev/null +++ b/models/apis/glue/2017-03-31/endpoint-tests-1.json @@ -0,0 +1,1595 @@ +{ + "testCases": [ + { + "documentation": "For region ap-south-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.ap-south-1.api.aws" + } + }, + "params": { + "Region": "ap-south-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region ap-south-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.ap-south-1.amazonaws.com" + } + }, + "params": { + "Region": "ap-south-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region ap-south-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue.ap-south-1.api.aws" + } + }, + "params": { + "Region": "ap-south-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region ap-south-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue.ap-south-1.amazonaws.com" + } + }, + "params": { + "Region": "ap-south-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region eu-south-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.eu-south-1.api.aws" + } + }, + "params": { + "Region": "eu-south-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region eu-south-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.eu-south-1.amazonaws.com" + } + }, + "params": { + "Region": "eu-south-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region eu-south-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue.eu-south-1.api.aws" + } + }, + "params": { + "Region": "eu-south-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region eu-south-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue.eu-south-1.amazonaws.com" + } + }, + "params": { + "Region": "eu-south-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region eu-south-2 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.eu-south-2.api.aws" + } + }, + "params": { + "Region": "eu-south-2", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region eu-south-2 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.eu-south-2.amazonaws.com" + } + }, + "params": { + "Region": "eu-south-2", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region eu-south-2 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue.eu-south-2.api.aws" + } + }, + "params": { + "Region": "eu-south-2", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region eu-south-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue.eu-south-2.amazonaws.com" + } + }, + "params": { + "Region": "eu-south-2", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.us-gov-east-1.api.aws" + } + }, + "params": { + "Region": "us-gov-east-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.us-gov-east-1.amazonaws.com" + } + }, + "params": { + "Region": "us-gov-east-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue.us-gov-east-1.api.aws" + } + }, + "params": { + "Region": "us-gov-east-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue.us-gov-east-1.amazonaws.com" + } + }, + "params": { + "Region": "us-gov-east-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region me-central-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.me-central-1.api.aws" + } + }, + "params": { + "Region": "me-central-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region me-central-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.me-central-1.amazonaws.com" + } + }, + "params": { + "Region": "me-central-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region me-central-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue.me-central-1.api.aws" + } + }, + "params": { + "Region": "me-central-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region me-central-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue.me-central-1.amazonaws.com" + } + }, + "params": { + "Region": "me-central-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region ca-central-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.ca-central-1.api.aws" + } + }, + "params": { + "Region": "ca-central-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region ca-central-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.ca-central-1.amazonaws.com" + } + }, + "params": { + "Region": "ca-central-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region ca-central-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue.ca-central-1.api.aws" + } + }, + "params": { + "Region": "ca-central-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region ca-central-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue.ca-central-1.amazonaws.com" + } + }, + "params": { + "Region": "ca-central-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region eu-central-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.eu-central-1.api.aws" + } + }, + "params": { + "Region": "eu-central-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region eu-central-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.eu-central-1.amazonaws.com" + } + }, + "params": { + "Region": "eu-central-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region eu-central-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue.eu-central-1.api.aws" + } + }, + "params": { + "Region": "eu-central-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region eu-central-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue.eu-central-1.amazonaws.com" + } + }, + "params": { + "Region": "eu-central-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region us-west-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.us-west-1.api.aws" + } + }, + "params": { + "Region": "us-west-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region us-west-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.us-west-1.amazonaws.com" + } + }, + "params": { + "Region": "us-west-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region us-west-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue.us-west-1.api.aws" + } + }, + "params": { + "Region": "us-west-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region us-west-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue.us-west-1.amazonaws.com" + } + }, + "params": { + "Region": "us-west-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region us-west-2 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.us-west-2.api.aws" + } + }, + "params": { + "Region": "us-west-2", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region us-west-2 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.us-west-2.amazonaws.com" + } + }, + "params": { + "Region": "us-west-2", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region us-west-2 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue.us-west-2.api.aws" + } + }, + "params": { + "Region": "us-west-2", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region us-west-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue.us-west-2.amazonaws.com" + } + }, + "params": { + "Region": "us-west-2", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region af-south-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.af-south-1.api.aws" + } + }, + "params": { + "Region": "af-south-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region af-south-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.af-south-1.amazonaws.com" + } + }, + "params": { + "Region": "af-south-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region af-south-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue.af-south-1.api.aws" + } + }, + "params": { + "Region": "af-south-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region af-south-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue.af-south-1.amazonaws.com" + } + }, + "params": { + "Region": "af-south-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region eu-north-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.eu-north-1.api.aws" + } + }, + "params": { + "Region": "eu-north-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region eu-north-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.eu-north-1.amazonaws.com" + } + }, + "params": { + "Region": "eu-north-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region eu-north-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue.eu-north-1.api.aws" + } + }, + "params": { + "Region": "eu-north-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region eu-north-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue.eu-north-1.amazonaws.com" + } + }, + "params": { + "Region": "eu-north-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region eu-west-3 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.eu-west-3.api.aws" + } + }, + "params": { + "Region": "eu-west-3", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region eu-west-3 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.eu-west-3.amazonaws.com" + } + }, + "params": { + "Region": "eu-west-3", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region eu-west-3 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue.eu-west-3.api.aws" + } + }, + "params": { + "Region": "eu-west-3", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region eu-west-3 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue.eu-west-3.amazonaws.com" + } + }, + "params": { + "Region": "eu-west-3", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region eu-west-2 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.eu-west-2.api.aws" + } + }, + "params": { + "Region": "eu-west-2", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region eu-west-2 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.eu-west-2.amazonaws.com" + } + }, + "params": { + "Region": "eu-west-2", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region eu-west-2 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue.eu-west-2.api.aws" + } + }, + "params": { + "Region": "eu-west-2", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region eu-west-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue.eu-west-2.amazonaws.com" + } + }, + "params": { + "Region": "eu-west-2", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region eu-west-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.eu-west-1.api.aws" + } + }, + "params": { + "Region": "eu-west-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region eu-west-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.eu-west-1.amazonaws.com" + } + }, + "params": { + "Region": "eu-west-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region eu-west-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue.eu-west-1.api.aws" + } + }, + "params": { + "Region": "eu-west-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region eu-west-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue.eu-west-1.amazonaws.com" + } + }, + "params": { + "Region": "eu-west-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region ap-northeast-3 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.ap-northeast-3.api.aws" + } + }, + "params": { + "Region": "ap-northeast-3", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region ap-northeast-3 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.ap-northeast-3.amazonaws.com" + } + }, + "params": { + "Region": "ap-northeast-3", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region ap-northeast-3 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue.ap-northeast-3.api.aws" + } + }, + "params": { + "Region": "ap-northeast-3", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region ap-northeast-3 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue.ap-northeast-3.amazonaws.com" + } + }, + "params": { + "Region": "ap-northeast-3", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region ap-northeast-2 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.ap-northeast-2.api.aws" + } + }, + "params": { + "Region": "ap-northeast-2", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region ap-northeast-2 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.ap-northeast-2.amazonaws.com" + } + }, + "params": { + "Region": "ap-northeast-2", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue.ap-northeast-2.api.aws" + } + }, + "params": { + "Region": "ap-northeast-2", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue.ap-northeast-2.amazonaws.com" + } + }, + "params": { + "Region": "ap-northeast-2", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region ap-northeast-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.ap-northeast-1.api.aws" + } + }, + "params": { + "Region": "ap-northeast-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region ap-northeast-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.ap-northeast-1.amazonaws.com" + } + }, + "params": { + "Region": "ap-northeast-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue.ap-northeast-1.api.aws" + } + }, + "params": { + "Region": "ap-northeast-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue.ap-northeast-1.amazonaws.com" + } + }, + "params": { + "Region": "ap-northeast-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region me-south-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.me-south-1.api.aws" + } + }, + "params": { + "Region": "me-south-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region me-south-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.me-south-1.amazonaws.com" + } + }, + "params": { + "Region": "me-south-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region me-south-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue.me-south-1.api.aws" + } + }, + "params": { + "Region": "me-south-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region me-south-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue.me-south-1.amazonaws.com" + } + }, + "params": { + "Region": "me-south-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region sa-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.sa-east-1.api.aws" + } + }, + "params": { + "Region": "sa-east-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region sa-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.sa-east-1.amazonaws.com" + } + }, + "params": { + "Region": "sa-east-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region sa-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue.sa-east-1.api.aws" + } + }, + "params": { + "Region": "sa-east-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region sa-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue.sa-east-1.amazonaws.com" + } + }, + "params": { + "Region": "sa-east-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region ap-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.ap-east-1.api.aws" + } + }, + "params": { + "Region": "ap-east-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region ap-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.ap-east-1.amazonaws.com" + } + }, + "params": { + "Region": "ap-east-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region ap-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue.ap-east-1.api.aws" + } + }, + "params": { + "Region": "ap-east-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region ap-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue.ap-east-1.amazonaws.com" + } + }, + "params": { + "Region": "ap-east-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.cn-north-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "Region": "cn-north-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.cn-north-1.amazonaws.com.cn" + } + }, + "params": { + "Region": "cn-north-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue.cn-north-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "Region": "cn-north-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue.cn-north-1.amazonaws.com.cn" + } + }, + "params": { + "Region": "cn-north-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region us-gov-west-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.us-gov-west-1.api.aws" + } + }, + "params": { + "Region": "us-gov-west-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region us-gov-west-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.us-gov-west-1.amazonaws.com" + } + }, + "params": { + "Region": "us-gov-west-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region us-gov-west-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue.us-gov-west-1.api.aws" + } + }, + "params": { + "Region": "us-gov-west-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region us-gov-west-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue.us-gov-west-1.amazonaws.com" + } + }, + "params": { + "Region": "us-gov-west-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region ap-southeast-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.ap-southeast-1.api.aws" + } + }, + "params": { + "Region": "ap-southeast-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region ap-southeast-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.ap-southeast-1.amazonaws.com" + } + }, + "params": { + "Region": "ap-southeast-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue.ap-southeast-1.api.aws" + } + }, + "params": { + "Region": "ap-southeast-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue.ap-southeast-1.amazonaws.com" + } + }, + "params": { + "Region": "ap-southeast-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region ap-southeast-2 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.ap-southeast-2.api.aws" + } + }, + "params": { + "Region": "ap-southeast-2", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region ap-southeast-2 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.ap-southeast-2.amazonaws.com" + } + }, + "params": { + "Region": "ap-southeast-2", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue.ap-southeast-2.api.aws" + } + }, + "params": { + "Region": "ap-southeast-2", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue.ap-southeast-2.amazonaws.com" + } + }, + "params": { + "Region": "ap-southeast-2", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" + }, + "params": { + "Region": "us-iso-east-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.us-iso-east-1.c2s.ic.gov" + } + }, + "params": { + "Region": "us-iso-east-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "Region": "us-iso-east-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue.us-iso-east-1.c2s.ic.gov" + } + }, + "params": { + "Region": "us-iso-east-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region ap-southeast-3 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.ap-southeast-3.api.aws" + } + }, + "params": { + "Region": "ap-southeast-3", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region ap-southeast-3 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.ap-southeast-3.amazonaws.com" + } + }, + "params": { + "Region": "ap-southeast-3", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region ap-southeast-3 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue.ap-southeast-3.api.aws" + } + }, + "params": { + "Region": "ap-southeast-3", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region ap-southeast-3 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue.ap-southeast-3.amazonaws.com" + } + }, + "params": { + "Region": "ap-southeast-3", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.us-east-1.api.aws" + } + }, + "params": { + "Region": "us-east-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.us-east-1.amazonaws.com" + } + }, + "params": { + "Region": "us-east-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue.us-east-1.api.aws" + } + }, + "params": { + "Region": "us-east-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue.us-east-1.amazonaws.com" + } + }, + "params": { + "Region": "us-east-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region us-east-2 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.us-east-2.api.aws" + } + }, + "params": { + "Region": "us-east-2", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region us-east-2 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.us-east-2.amazonaws.com" + } + }, + "params": { + "Region": "us-east-2", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region us-east-2 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue.us-east-2.api.aws" + } + }, + "params": { + "Region": "us-east-2", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region us-east-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue.us-east-2.amazonaws.com" + } + }, + "params": { + "Region": "us-east-2", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region cn-northwest-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.cn-northwest-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "Region": "cn-northwest-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region cn-northwest-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.cn-northwest-1.amazonaws.com.cn" + } + }, + "params": { + "Region": "cn-northwest-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region cn-northwest-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://glue.cn-northwest-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "Region": "cn-northwest-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region cn-northwest-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue.cn-northwest-1.amazonaws.com.cn" + } + }, + "params": { + "Region": "cn-northwest-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" + }, + "params": { + "Region": "us-isob-east-1", + "UseFIPS": true, + "UseDualStack": true + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue-fips.us-isob-east-1.sc2s.sgov.gov" + } + }, + "params": { + "Region": "us-isob-east-1", + "UseFIPS": true, + "UseDualStack": false + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "Region": "us-isob-east-1", + "UseFIPS": false, + "UseDualStack": true + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://glue.us-isob-east-1.sc2s.sgov.gov" + } + }, + "params": { + "Region": "us-isob-east-1", + "UseFIPS": false, + "UseDualStack": false + } + }, + { + "documentation": "For custom endpoint with fips disabled and dualstack disabled", + "expect": { + "endpoint": { + "url": "https://example.com" + } + }, + "params": { + "Region": "us-east-1", + "UseFIPS": false, + "UseDualStack": false, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "For custom endpoint with fips enabled and dualstack disabled", + "expect": { + "error": "Invalid Configuration: FIPS and custom endpoint are not supported" + }, + "params": { + "Region": "us-east-1", + "UseFIPS": true, + "UseDualStack": false, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "For custom endpoint with fips disabled and dualstack enabled", + "expect": { + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported" + }, + "params": { + "Region": "us-east-1", + "UseFIPS": false, + "UseDualStack": true, + "Endpoint": "https://example.com" + } + } + ], + "version": "1.0" +} \ No newline at end of file diff --git a/models/apis/redshift/2012-12-01/docs-2.json b/models/apis/redshift/2012-12-01/docs-2.json index 988f35274b0..f305bedeb9e 100644 --- a/models/apis/redshift/2012-12-01/docs-2.json +++ b/models/apis/redshift/2012-12-01/docs-2.json @@ -3023,7 +3023,7 @@ "CreateClusterMessage$ClusterVersion": "The version of the Amazon Redshift engine software that you want to deploy on the cluster.
The version selected runs on all the nodes in the cluster.
Constraints: Only version 1.0 is currently available.
Example: 1.0
Specifies the name of the HSM client certificate the Amazon Redshift cluster uses to retrieve the data encryption keys stored in an HSM.
", "CreateClusterMessage$HsmConfigurationIdentifier": "Specifies the name of the HSM configuration that contains the information the Amazon Redshift cluster can use to retrieve and store keys in an HSM.
", - "CreateClusterMessage$ElasticIp": "The Elastic IP (EIP) address for the cluster.
Constraints: The cluster must be provisioned in EC2-VPC and publicly-accessible through an Internet gateway. For more information about provisioning clusters in EC2-VPC, go to Supported Platforms to Launch Your Cluster in the Amazon Redshift Cluster Management Guide.
", + "CreateClusterMessage$ElasticIp": "The Elastic IP (EIP) address for the cluster.
Constraints: The cluster must be provisioned in EC2-VPC and publicly-accessible through an Internet gateway. Don't specify the Elastic IP address for a publicly accessible cluster with availability zone relocation turned on. For more information about provisioning clusters in EC2-VPC, go to Supported Platforms to Launch Your Cluster in the Amazon Redshift Cluster Management Guide.
", "CreateClusterMessage$KmsKeyId": "The Key Management Service (KMS) key ID of the encryption key that you want to use to encrypt data in the cluster.
", "CreateClusterMessage$AdditionalInfo": "Reserved.
", "CreateClusterMessage$MaintenanceTrackName": "An optional parameter for the name of the maintenance track for the cluster. If you don't provide a maintenance track name, the cluster is assigned to the current
track.
The Amazon Web Services account used to create or copy the snapshot. Required if you are restoring a snapshot you do not own, optional if you own the snapshot.
", "RestoreFromClusterSnapshotMessage$HsmClientCertificateIdentifier": "Specifies the name of the HSM client certificate the Amazon Redshift cluster uses to retrieve the data encryption keys stored in an HSM.
", "RestoreFromClusterSnapshotMessage$HsmConfigurationIdentifier": "Specifies the name of the HSM configuration that contains the information the Amazon Redshift cluster can use to retrieve and store keys in an HSM.
", - "RestoreFromClusterSnapshotMessage$ElasticIp": "The elastic IP (EIP) address for the cluster.
", + "RestoreFromClusterSnapshotMessage$ElasticIp": "The Elastic IP (EIP) address for the cluster. Don't specify the Elastic IP address for a publicly accessible cluster with availability zone relocation turned on.
", "RestoreFromClusterSnapshotMessage$ClusterParameterGroupName": "The name of the parameter group to be associated with this cluster.
Default: The default Amazon Redshift cluster parameter group. For information about the default parameter group, go to Working with Amazon Redshift Parameter Groups.
Constraints:
Must be 1 to 255 alphanumeric characters or hyphens.
First character must be a letter.
Cannot end with a hyphen or contain two consecutive hyphens.
The weekly time range (in UTC) during which automated cluster maintenance can occur.
Format: ddd:hh24:mi-ddd:hh24:mi
Default: The value selected for the cluster from which the snapshot was taken. For more information about the time blocks for each region, see Maintenance Windows in Amazon Redshift Cluster Management Guide.
Valid Days: Mon | Tue | Wed | Thu | Fri | Sat | Sun
Constraints: Minimum 30-minute window.
", "RestoreFromClusterSnapshotMessage$KmsKeyId": "The Key Management Service (KMS) key ID of the encryption key that encrypts data in the cluster restored from a shared snapshot. You can also provide the key ID when you restore from an unencrypted snapshot to an encrypted cluster in the same account. Additionally, you can specify a new KMS key ID when you restore from an encrypted snapshot in the same account in order to change it. In that case, the restored cluster is encrypted with the new KMS key ID.
", diff --git a/models/apis/redshift/2012-12-01/endpoint-rule-set-1.json b/models/apis/redshift/2012-12-01/endpoint-rule-set-1.json new file mode 100644 index 00000000000..5874b80582f --- /dev/null +++ b/models/apis/redshift/2012-12-01/endpoint-rule-set-1.json @@ -0,0 +1,315 @@ +{ + "version": "1.0", + "parameters": { + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "String" + }, + "UseDualStack": { + "builtIn": "AWS::UseDualStack", + "required": true, + "default": false, + "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", + "type": "Boolean" + }, + "UseFIPS": { + "builtIn": "AWS::UseFIPS", + "required": true, + "default": false, + "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", + "type": "Boolean" + }, + "Endpoint": { + "builtIn": "SDK::Endpoint", + "required": false, + "documentation": "Override the endpoint used to send this request", + "type": "String" + } + }, + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + }, + { + "fn": "parseURL", + "argv": [ + { + "ref": "Endpoint" + } + ], + "assign": "url" + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://redshift-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://redshift-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://redshift.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" + } + ] + }, + { + "conditions": [], + "endpoint": { + "url": "https://redshift.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] +} \ No newline at end of file diff --git a/models/apis/redshift/2012-12-01/endpoint-tests-1.json b/models/apis/redshift/2012-12-01/endpoint-tests-1.json new file mode 100644 index 00000000000..548d47b2718 --- /dev/null +++ b/models/apis/redshift/2012-12-01/endpoint-tests-1.json @@ -0,0 +1,1799 @@ +{ + "testCases": [ + { + "documentation": "For region ap-south-2 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.ap-south-2.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-south-2", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-south-2 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.ap-south-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-south-2", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-south-2 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift.ap-south-2.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-south-2", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-south-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift.ap-south-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-south-2", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-south-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.ap-south-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-south-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-south-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.ap-south-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-south-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-south-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift.ap-south-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-south-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-south-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift.ap-south-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-south-1", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-south-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.eu-south-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-south-1", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-south-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.eu-south-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-south-1", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-south-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift.eu-south-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-south-1", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-south-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift.eu-south-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-south-1", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-south-2 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.eu-south-2.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-south-2", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-south-2 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.eu-south-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-south-2", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-south-2 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift.eu-south-2.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-south-2", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-south-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift.eu-south-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-south-2", + "UseDualStack": false + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.us-gov-east-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-gov-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.us-gov-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-gov-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift.us-gov-east-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-gov-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift.us-gov-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-gov-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region me-central-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.me-central-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "me-central-1", + "UseDualStack": true + } + }, + { + "documentation": "For region me-central-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.me-central-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "me-central-1", + "UseDualStack": false + } + }, + { + "documentation": "For region me-central-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift.me-central-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "me-central-1", + "UseDualStack": true + } + }, + { + "documentation": "For region me-central-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift.me-central-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "me-central-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ca-central-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.ca-central-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ca-central-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ca-central-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.ca-central-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ca-central-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ca-central-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift.ca-central-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ca-central-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ca-central-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift.ca-central-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ca-central-1", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-central-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.eu-central-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-central-1", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-central-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.eu-central-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-central-1", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-central-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift.eu-central-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-central-1", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-central-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift.eu-central-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-central-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-iso-west-1 with FIPS enabled and DualStack enabled", + "expect": { + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" + }, + "params": { + "UseFIPS": true, + "Region": "us-iso-west-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-iso-west-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.us-iso-west-1.c2s.ic.gov" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-iso-west-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-iso-west-1 with FIPS disabled and DualStack enabled", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "UseFIPS": false, + "Region": "us-iso-west-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-iso-west-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift.us-iso-west-1.c2s.ic.gov" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-iso-west-1", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-central-2 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.eu-central-2.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-central-2", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-central-2 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.eu-central-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-central-2", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-central-2 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift.eu-central-2.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-central-2", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-central-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift.eu-central-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-central-2", + "UseDualStack": false + } + }, + { + "documentation": "For region us-west-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.us-west-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-west-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-west-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.us-west-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-west-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-west-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift.us-west-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-west-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-west-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift.us-west-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-west-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-west-2 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.us-west-2.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-west-2", + "UseDualStack": true + } + }, + { + "documentation": "For region us-west-2 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.us-west-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-west-2", + "UseDualStack": false + } + }, + { + "documentation": "For region us-west-2 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift.us-west-2.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-west-2", + "UseDualStack": true + } + }, + { + "documentation": "For region us-west-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift.us-west-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-west-2", + "UseDualStack": false + } + }, + { + "documentation": "For region af-south-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.af-south-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "af-south-1", + "UseDualStack": true + } + }, + { + "documentation": "For region af-south-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.af-south-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "af-south-1", + "UseDualStack": false + } + }, + { + "documentation": "For region af-south-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift.af-south-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "af-south-1", + "UseDualStack": true + } + }, + { + "documentation": "For region af-south-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift.af-south-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "af-south-1", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-north-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.eu-north-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-north-1", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-north-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.eu-north-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-north-1", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-north-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift.eu-north-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-north-1", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-north-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift.eu-north-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-north-1", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-west-3 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.eu-west-3.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-west-3", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-west-3 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.eu-west-3.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-west-3", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-west-3 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift.eu-west-3.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-west-3", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-west-3 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift.eu-west-3.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-west-3", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-west-2 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.eu-west-2.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-west-2", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-west-2 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.eu-west-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-west-2", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-west-2 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift.eu-west-2.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-west-2", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-west-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift.eu-west-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-west-2", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-west-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.eu-west-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-west-1", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-west-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.eu-west-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-west-1", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-west-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift.eu-west-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-west-1", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-west-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift.eu-west-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-west-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-northeast-3 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.ap-northeast-3.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-northeast-3", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-northeast-3 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.ap-northeast-3.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-northeast-3", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-northeast-3 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift.ap-northeast-3.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-northeast-3", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-northeast-3 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift.ap-northeast-3.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-northeast-3", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-northeast-2 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.ap-northeast-2.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-northeast-2", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-northeast-2 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.ap-northeast-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-northeast-2", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift.ap-northeast-2.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-northeast-2", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift.ap-northeast-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-northeast-2", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-northeast-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.ap-northeast-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-northeast-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-northeast-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.ap-northeast-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-northeast-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift.ap-northeast-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-northeast-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift.ap-northeast-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-northeast-1", + "UseDualStack": false + } + }, + { + "documentation": "For region me-south-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.me-south-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "me-south-1", + "UseDualStack": true + } + }, + { + "documentation": "For region me-south-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.me-south-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "me-south-1", + "UseDualStack": false + } + }, + { + "documentation": "For region me-south-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift.me-south-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "me-south-1", + "UseDualStack": true + } + }, + { + "documentation": "For region me-south-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift.me-south-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "me-south-1", + "UseDualStack": false + } + }, + { + "documentation": "For region sa-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.sa-east-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "sa-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region sa-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.sa-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "sa-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region sa-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift.sa-east-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "sa-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region sa-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift.sa-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "sa-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.ap-east-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.ap-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift.ap-east-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift.ap-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.cn-north-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "UseFIPS": true, + "Region": "cn-north-1", + "UseDualStack": true + } + }, + { + "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.cn-north-1.amazonaws.com.cn" + } + }, + "params": { + "UseFIPS": true, + "Region": "cn-north-1", + "UseDualStack": false + } + }, + { + "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift.cn-north-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "UseFIPS": false, + "Region": "cn-north-1", + "UseDualStack": true + } + }, + { + "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift.cn-north-1.amazonaws.com.cn" + } + }, + "params": { + "UseFIPS": false, + "Region": "cn-north-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-gov-west-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.us-gov-west-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-gov-west-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-gov-west-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.us-gov-west-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-gov-west-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-gov-west-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift.us-gov-west-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-gov-west-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-gov-west-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift.us-gov-west-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-gov-west-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-southeast-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.ap-southeast-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-southeast-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-southeast-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.ap-southeast-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-southeast-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift.ap-southeast-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-southeast-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift.ap-southeast-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-southeast-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-southeast-2 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.ap-southeast-2.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-southeast-2", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-southeast-2 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.ap-southeast-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-southeast-2", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift.ap-southeast-2.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-southeast-2", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift.ap-southeast-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-southeast-2", + "UseDualStack": false + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" + }, + "params": { + "UseFIPS": true, + "Region": "us-iso-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.us-iso-east-1.c2s.ic.gov" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-iso-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "UseFIPS": false, + "Region": "us-iso-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift.us-iso-east-1.c2s.ic.gov" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-iso-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-southeast-3 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.ap-southeast-3.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-southeast-3", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-southeast-3 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.ap-southeast-3.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-southeast-3", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-southeast-3 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift.ap-southeast-3.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-southeast-3", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-southeast-3 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift.ap-southeast-3.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-southeast-3", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-southeast-4 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.ap-southeast-4.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-southeast-4", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-southeast-4 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.ap-southeast-4.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-southeast-4", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-southeast-4 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift.ap-southeast-4.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-southeast-4", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-southeast-4 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift.ap-southeast-4.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-southeast-4", + "UseDualStack": false + } + }, + { + "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.us-east-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.us-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift.us-east-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift.us-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-east-2 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.us-east-2.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-east-2", + "UseDualStack": true + } + }, + { + "documentation": "For region us-east-2 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.us-east-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-east-2", + "UseDualStack": false + } + }, + { + "documentation": "For region us-east-2 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift.us-east-2.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-east-2", + "UseDualStack": true + } + }, + { + "documentation": "For region us-east-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift.us-east-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-east-2", + "UseDualStack": false + } + }, + { + "documentation": "For region cn-northwest-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.cn-northwest-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "UseFIPS": true, + "Region": "cn-northwest-1", + "UseDualStack": true + } + }, + { + "documentation": "For region cn-northwest-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.cn-northwest-1.amazonaws.com.cn" + } + }, + "params": { + "UseFIPS": true, + "Region": "cn-northwest-1", + "UseDualStack": false + } + }, + { + "documentation": "For region cn-northwest-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://redshift.cn-northwest-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "UseFIPS": false, + "Region": "cn-northwest-1", + "UseDualStack": true + } + }, + { + "documentation": "For region cn-northwest-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift.cn-northwest-1.amazonaws.com.cn" + } + }, + "params": { + "UseFIPS": false, + "Region": "cn-northwest-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" + }, + "params": { + "UseFIPS": true, + "Region": "us-isob-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift-fips.us-isob-east-1.sc2s.sgov.gov" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-isob-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "UseFIPS": false, + "Region": "us-isob-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://redshift.us-isob-east-1.sc2s.sgov.gov" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-isob-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For custom endpoint with fips disabled and dualstack disabled", + "expect": { + "endpoint": { + "url": "https://example.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-east-1", + "UseDualStack": false, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "For custom endpoint with fips enabled and dualstack disabled", + "expect": { + "error": "Invalid Configuration: FIPS and custom endpoint are not supported" + }, + "params": { + "UseFIPS": true, + "Region": "us-east-1", + "UseDualStack": false, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "For custom endpoint with fips disabled and dualstack enabled", + "expect": { + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported" + }, + "params": { + "UseFIPS": false, + "Region": "us-east-1", + "UseDualStack": true, + "Endpoint": "https://example.com" + } + } + ], + "version": "1.0" +} \ No newline at end of file diff --git a/models/apis/sagemaker/2017-07-24/api-2.json b/models/apis/sagemaker/2017-07-24/api-2.json index da487f1c3f8..10b445fa7f6 100644 --- a/models/apis/sagemaker/2017-07-24/api-2.json +++ b/models/apis/sagemaker/2017-07-24/api-2.json @@ -3088,7 +3088,9 @@ "AlgorithmName":{"shape":"ArnOrName"}, "TrainingInputMode":{"shape":"TrainingInputMode"}, "MetricDefinitions":{"shape":"MetricDefinitionList"}, - "EnableSageMakerMetricsTimeSeries":{"shape":"Boolean"} + "EnableSageMakerMetricsTimeSeries":{"shape":"Boolean"}, + "ContainerEntrypoint":{"shape":"TrainingContainerEntrypoint"}, + "ContainerArguments":{"shape":"TrainingContainerArguments"} } }, "AlgorithmStatus":{ @@ -16659,6 +16661,28 @@ "type":"string", "enum":["PHASES"] }, + "TrainingContainerArgument":{ + "type":"string", + "max":256, + "pattern":".*" + }, + "TrainingContainerArguments":{ + "type":"list", + "member":{"shape":"TrainingContainerArgument"}, + "max":100, + "min":1 + }, + "TrainingContainerEntrypoint":{ + "type":"list", + "member":{"shape":"TrainingContainerEntrypointString"}, + "max":10, + "min":1 + }, + "TrainingContainerEntrypointString":{ + "type":"string", + "max":256, + "pattern":".*" + }, "TrainingEnvironmentKey":{ "type":"string", "max":512, diff --git a/models/apis/sagemaker/2017-07-24/docs-2.json b/models/apis/sagemaker/2017-07-24/docs-2.json index 4be79c7670e..57ee465cecf 100644 --- a/models/apis/sagemaker/2017-07-24/docs-2.json +++ b/models/apis/sagemaker/2017-07-24/docs-2.json @@ -47,7 +47,7 @@ "CreateProcessingJob": "Creates a processing job.
", "CreateProject": "Creates a machine learning (ML) project that can contain one or more templates that set up an ML pipeline from training to deploying an approved model.
", "CreateStudioLifecycleConfig": "Creates a new Studio Lifecycle Configuration.
", - "CreateTrainingJob": "Starts a model training job. After training completes, SageMaker saves the resulting model artifacts to an Amazon S3 location that you specify.
If you choose to host your model using SageMaker hosting services, you can use the resulting model artifacts as part of the model. You can also use the artifacts in a machine learning service other than SageMaker, provided that you know how to use them for inference.
In the request body, you provide the following:
AlgorithmSpecification
- Identifies the training algorithm to use.
HyperParameters
- Specify these algorithm-specific parameters to enable the estimation of model parameters during training. Hyperparameters can be tuned to optimize this learning process. For a list of hyperparameters for each training algorithm provided by SageMaker, see Algorithms.
Do not include any security-sensitive information including account access IDs, secrets or tokens in any hyperparameter field. If the use of security-sensitive credentials are detected, SageMaker will reject your training job request and return an exception error.
InputDataConfig
- Describes the training dataset and the Amazon S3, EFS, or FSx location where it is stored.
OutputDataConfig
- Identifies the Amazon S3 bucket where you want SageMaker to save the results of model training.
ResourceConfig
- Identifies the resources, ML compute instances, and ML storage volumes to deploy for model training. In distributed training, you specify more than one instance.
EnableManagedSpotTraining
- Optimize the cost of training machine learning models by up to 80% by using Amazon EC2 Spot instances. For more information, see Managed Spot Training.
RoleArn
- The Amazon Resource Name (ARN) that SageMaker assumes to perform tasks on your behalf during model training. You must grant this role the necessary permissions so that SageMaker can successfully complete model training.
StoppingCondition
- To help cap training costs, use MaxRuntimeInSeconds
to set a time limit for training. Use MaxWaitTimeInSeconds
to specify how long a managed spot training job has to complete.
Environment
- The environment variables to set in the Docker container.
RetryStrategy
- The number of times to retry the job when the job fails due to an InternalServerError
.
For more information about SageMaker, see How It Works.
", + "CreateTrainingJob": "Starts a model training job. After training completes, SageMaker saves the resulting model artifacts to an Amazon S3 location that you specify.
If you choose to host your model using SageMaker hosting services, you can use the resulting model artifacts as part of the model. You can also use the artifacts in a machine learning service other than SageMaker, provided that you know how to use them for inference.
In the request body, you provide the following:
AlgorithmSpecification
- Identifies the training algorithm to use.
HyperParameters
- Specify these algorithm-specific parameters to enable the estimation of model parameters during training. Hyperparameters can be tuned to optimize this learning process. For a list of hyperparameters for each training algorithm provided by SageMaker, see Algorithms.
Do not include any security-sensitive information including account access IDs, secrets or tokens in any hyperparameter field. If the use of security-sensitive credentials are detected, SageMaker will reject your training job request and return an exception error.
InputDataConfig
- Describes the input required by the training job and the Amazon S3, EFS, or FSx location where it is stored.
OutputDataConfig
- Identifies the Amazon S3 bucket where you want SageMaker to save the results of model training.
ResourceConfig
- Identifies the resources, ML compute instances, and ML storage volumes to deploy for model training. In distributed training, you specify more than one instance.
EnableManagedSpotTraining
- Optimize the cost of training machine learning models by up to 80% by using Amazon EC2 Spot instances. For more information, see Managed Spot Training.
RoleArn
- The Amazon Resource Name (ARN) that SageMaker assumes to perform tasks on your behalf during model training. You must grant this role the necessary permissions so that SageMaker can successfully complete model training.
StoppingCondition
- To help cap training costs, use MaxRuntimeInSeconds
to set a time limit for training. Use MaxWaitTimeInSeconds
to specify how long a managed spot training job has to complete.
Environment
- The environment variables to set in the Docker container.
RetryStrategy
- The number of times to retry the job when the job fails due to an InternalServerError
.
For more information about SageMaker, see How It Works.
", "CreateTransformJob": "Starts a transform job. A transform job uses a trained model to get inferences on a dataset and saves these results to an Amazon S3 location that you specify.
To perform batch transformations, you create a transform job and use the data that you have readily available.
In the request body, you provide the following:
TransformJobName
- Identifies the transform job. The name must be unique within an Amazon Web Services Region in an Amazon Web Services account.
ModelName
- Identifies the model to use. ModelName
must be the name of an existing Amazon SageMaker model in the same Amazon Web Services Region and Amazon Web Services account. For information on creating a model, see CreateModel.
TransformInput
- Describes the dataset to be transformed and the Amazon S3 location where it is stored.
TransformOutput
- Identifies the Amazon S3 location where you want Amazon SageMaker to save the results from the transform job.
TransformResources
- Identifies the ML compute instances for the transform job.
For more information about how batch transformation works, see Batch Transform.
", "CreateTrial": "Creates an SageMaker trial. A trial is a set of steps called trial components that produce a machine learning model. A trial is part of a single SageMaker experiment.
When you use SageMaker Studio or the SageMaker Python SDK, all experiments, trials, and trial components are automatically tracked, logged, and indexed. When you use the Amazon Web Services SDK for Python (Boto), you must use the logging APIs provided by the SDK.
You can add tags to a trial and then use the Search API to search for the tags.
To get a list of all your trials, call the ListTrials API. To view a trial's properties, call the DescribeTrial API. To create a trial component, call the CreateTrialComponent API.
", "CreateTrialComponent": "Creates a trial component, which is a stage of a machine learning trial. A trial is composed of one or more trial components. A trial component can be used in multiple trials.
Trial components include pre-processing jobs, training jobs, and batch transform jobs.
When you use SageMaker Studio or the SageMaker Python SDK, all experiments, trials, and trial components are automatically tracked, logged, and indexed. When you use the Amazon Web Services SDK for Python (Boto), you must use the logging APIs provided by the SDK.
You can add tags to a trial component and then use the Search API to search for the tags.
", @@ -11755,6 +11755,30 @@ "TrafficPattern$TrafficType": "Defines the traffic patterns.
" } }, + "TrainingContainerArgument": { + "base": null, + "refs": { + "TrainingContainerArguments$member": null + } + }, + "TrainingContainerArguments": { + "base": null, + "refs": { + "AlgorithmSpecification$ContainerArguments": "The arguments for a container used to run a training job. See How Amazon SageMaker Runs Your Training Image for additional information.
" + } + }, + "TrainingContainerEntrypoint": { + "base": null, + "refs": { + "AlgorithmSpecification$ContainerEntrypoint": "The entrypoint script for a Docker container used to run a training job. This script takes precedence over the default train processing instructions. See How Amazon SageMaker Runs Your Training Image for more information.
" + } + }, + "TrainingContainerEntrypointString": { + "base": null, + "refs": { + "TrainingContainerEntrypoint$member": null + } + }, "TrainingEnvironmentKey": { "base": null, "refs": { diff --git a/models/apis/sagemaker/2017-07-24/endpoint-tests-1.json b/models/apis/sagemaker/2017-07-24/endpoint-tests-1.json index 4503c943f84..152c2113122 100644 --- a/models/apis/sagemaker/2017-07-24/endpoint-tests-1.json +++ b/models/apis/sagemaker/2017-07-24/endpoint-tests-1.json @@ -8,8 +8,8 @@ } }, "params": { - "UseFIPS": true, "Region": "ap-south-1", + "UseFIPS": true, "UseDualStack": true } }, @@ -21,8 +21,8 @@ } }, "params": { - "UseFIPS": true, "Region": "ap-south-1", + "UseFIPS": true, "UseDualStack": false } }, @@ -34,8 +34,8 @@ } }, "params": { - "UseFIPS": false, "Region": "ap-south-1", + "UseFIPS": false, "UseDualStack": true } }, @@ -47,8 +47,8 @@ } }, "params": { - "UseFIPS": false, "Region": "ap-south-1", + "UseFIPS": false, "UseDualStack": false } }, @@ -60,8 +60,8 @@ } }, "params": { - "UseFIPS": true, "Region": "eu-south-1", + "UseFIPS": true, "UseDualStack": true } }, @@ -73,8 +73,8 @@ } }, "params": { - "UseFIPS": true, "Region": "eu-south-1", + "UseFIPS": true, "UseDualStack": false } }, @@ -86,8 +86,8 @@ } }, "params": { - "UseFIPS": false, "Region": "eu-south-1", + "UseFIPS": false, "UseDualStack": true } }, @@ -99,8 +99,8 @@ } }, "params": { - "UseFIPS": false, "Region": "eu-south-1", + "UseFIPS": false, "UseDualStack": false } }, @@ -112,8 +112,8 @@ } }, "params": { - "UseFIPS": true, "Region": "us-gov-east-1", + "UseFIPS": true, "UseDualStack": true } }, @@ -125,8 +125,8 @@ } }, "params": { - "UseFIPS": true, "Region": "us-gov-east-1", + "UseFIPS": true, "UseDualStack": false } }, @@ -138,8 +138,8 @@ } }, "params": { - "UseFIPS": false, "Region": "us-gov-east-1", + "UseFIPS": false, "UseDualStack": true } }, @@ -151,8 +151,8 @@ } }, "params": { - "UseFIPS": false, "Region": "us-gov-east-1", + "UseFIPS": false, "UseDualStack": false } }, @@ -164,8 +164,8 @@ } }, "params": { - "UseFIPS": true, "Region": "me-central-1", + "UseFIPS": true, "UseDualStack": true } }, @@ -177,8 +177,8 @@ } }, "params": { - "UseFIPS": true, "Region": "me-central-1", + "UseFIPS": true, "UseDualStack": false } }, @@ -190,8 +190,8 @@ } }, "params": { - "UseFIPS": false, "Region": "me-central-1", + "UseFIPS": false, "UseDualStack": true } }, @@ -203,8 +203,8 @@ } }, "params": { - "UseFIPS": false, "Region": "me-central-1", + "UseFIPS": false, "UseDualStack": false } }, @@ -216,8 +216,8 @@ } }, "params": { - "UseFIPS": true, "Region": "ca-central-1", + "UseFIPS": true, "UseDualStack": true } }, @@ -229,8 +229,8 @@ } }, "params": { - "UseFIPS": true, "Region": "ca-central-1", + "UseFIPS": true, "UseDualStack": false } }, @@ -242,8 +242,8 @@ } }, "params": { - "UseFIPS": false, "Region": "ca-central-1", + "UseFIPS": false, "UseDualStack": true } }, @@ -255,8 +255,8 @@ } }, "params": { - "UseFIPS": false, "Region": "ca-central-1", + "UseFIPS": false, "UseDualStack": false } }, @@ -268,8 +268,8 @@ } }, "params": { - "UseFIPS": true, "Region": "eu-central-1", + "UseFIPS": true, "UseDualStack": true } }, @@ -281,8 +281,8 @@ } }, "params": { - "UseFIPS": true, "Region": "eu-central-1", + "UseFIPS": true, "UseDualStack": false } }, @@ -294,8 +294,8 @@ } }, "params": { - "UseFIPS": false, "Region": "eu-central-1", + "UseFIPS": false, "UseDualStack": true } }, @@ -307,8 +307,8 @@ } }, "params": { - "UseFIPS": false, "Region": "eu-central-1", + "UseFIPS": false, "UseDualStack": false } }, @@ -320,8 +320,8 @@ } }, "params": { - "UseFIPS": true, "Region": "us-west-1", + "UseFIPS": true, "UseDualStack": true } }, @@ -333,8 +333,8 @@ } }, "params": { - "UseFIPS": true, "Region": "us-west-1", + "UseFIPS": true, "UseDualStack": false } }, @@ -346,8 +346,8 @@ } }, "params": { - "UseFIPS": false, "Region": "us-west-1", + "UseFIPS": false, "UseDualStack": true } }, @@ -359,8 +359,8 @@ } }, "params": { - "UseFIPS": false, "Region": "us-west-1", + "UseFIPS": false, "UseDualStack": false } }, @@ -372,8 +372,8 @@ } }, "params": { - "UseFIPS": true, "Region": "us-west-2", + "UseFIPS": true, "UseDualStack": true } }, @@ -385,8 +385,8 @@ } }, "params": { - "UseFIPS": true, "Region": "us-west-2", + "UseFIPS": true, "UseDualStack": false } }, @@ -398,8 +398,8 @@ } }, "params": { - "UseFIPS": false, "Region": "us-west-2", + "UseFIPS": false, "UseDualStack": true } }, @@ -411,8 +411,8 @@ } }, "params": { - "UseFIPS": false, "Region": "us-west-2", + "UseFIPS": false, "UseDualStack": false } }, @@ -424,8 +424,8 @@ } }, "params": { - "UseFIPS": true, "Region": "af-south-1", + "UseFIPS": true, "UseDualStack": true } }, @@ -437,8 +437,8 @@ } }, "params": { - "UseFIPS": true, "Region": "af-south-1", + "UseFIPS": true, "UseDualStack": false } }, @@ -450,8 +450,8 @@ } }, "params": { - "UseFIPS": false, "Region": "af-south-1", + "UseFIPS": false, "UseDualStack": true } }, @@ -463,8 +463,8 @@ } }, "params": { - "UseFIPS": false, "Region": "af-south-1", + "UseFIPS": false, "UseDualStack": false } }, @@ -476,8 +476,8 @@ } }, "params": { - "UseFIPS": true, "Region": "eu-north-1", + "UseFIPS": true, "UseDualStack": true } }, @@ -489,8 +489,8 @@ } }, "params": { - "UseFIPS": true, "Region": "eu-north-1", + "UseFIPS": true, "UseDualStack": false } }, @@ -502,8 +502,8 @@ } }, "params": { - "UseFIPS": false, "Region": "eu-north-1", + "UseFIPS": false, "UseDualStack": true } }, @@ -515,8 +515,8 @@ } }, "params": { - "UseFIPS": false, "Region": "eu-north-1", + "UseFIPS": false, "UseDualStack": false } }, @@ -528,8 +528,8 @@ } }, "params": { - "UseFIPS": true, "Region": "eu-west-3", + "UseFIPS": true, "UseDualStack": true } }, @@ -541,8 +541,8 @@ } }, "params": { - "UseFIPS": true, "Region": "eu-west-3", + "UseFIPS": true, "UseDualStack": false } }, @@ -554,8 +554,8 @@ } }, "params": { - "UseFIPS": false, "Region": "eu-west-3", + "UseFIPS": false, "UseDualStack": true } }, @@ -567,8 +567,8 @@ } }, "params": { - "UseFIPS": false, "Region": "eu-west-3", + "UseFIPS": false, "UseDualStack": false } }, @@ -580,8 +580,8 @@ } }, "params": { - "UseFIPS": true, "Region": "eu-west-2", + "UseFIPS": true, "UseDualStack": true } }, @@ -593,8 +593,8 @@ } }, "params": { - "UseFIPS": true, "Region": "eu-west-2", + "UseFIPS": true, "UseDualStack": false } }, @@ -606,8 +606,8 @@ } }, "params": { - "UseFIPS": false, "Region": "eu-west-2", + "UseFIPS": false, "UseDualStack": true } }, @@ -619,8 +619,8 @@ } }, "params": { - "UseFIPS": false, "Region": "eu-west-2", + "UseFIPS": false, "UseDualStack": false } }, @@ -632,8 +632,8 @@ } }, "params": { - "UseFIPS": true, "Region": "eu-west-1", + "UseFIPS": true, "UseDualStack": true } }, @@ -645,8 +645,8 @@ } }, "params": { - "UseFIPS": true, "Region": "eu-west-1", + "UseFIPS": true, "UseDualStack": false } }, @@ -658,8 +658,8 @@ } }, "params": { - "UseFIPS": false, "Region": "eu-west-1", + "UseFIPS": false, "UseDualStack": true } }, @@ -671,8 +671,8 @@ } }, "params": { - "UseFIPS": false, "Region": "eu-west-1", + "UseFIPS": false, "UseDualStack": false } }, @@ -684,8 +684,8 @@ } }, "params": { - "UseFIPS": true, "Region": "ap-northeast-3", + "UseFIPS": true, "UseDualStack": true } }, @@ -697,8 +697,8 @@ } }, "params": { - "UseFIPS": true, "Region": "ap-northeast-3", + "UseFIPS": true, "UseDualStack": false } }, @@ -710,8 +710,8 @@ } }, "params": { - "UseFIPS": false, "Region": "ap-northeast-3", + "UseFIPS": false, "UseDualStack": true } }, @@ -723,8 +723,8 @@ } }, "params": { - "UseFIPS": false, "Region": "ap-northeast-3", + "UseFIPS": false, "UseDualStack": false } }, @@ -736,8 +736,8 @@ } }, "params": { - "UseFIPS": true, "Region": "ap-northeast-2", + "UseFIPS": true, "UseDualStack": true } }, @@ -749,8 +749,8 @@ } }, "params": { - "UseFIPS": true, "Region": "ap-northeast-2", + "UseFIPS": true, "UseDualStack": false } }, @@ -762,8 +762,8 @@ } }, "params": { - "UseFIPS": false, "Region": "ap-northeast-2", + "UseFIPS": false, "UseDualStack": true } }, @@ -775,8 +775,8 @@ } }, "params": { - "UseFIPS": false, "Region": "ap-northeast-2", + "UseFIPS": false, "UseDualStack": false } }, @@ -788,8 +788,8 @@ } }, "params": { - "UseFIPS": true, "Region": "ap-northeast-1", + "UseFIPS": true, "UseDualStack": true } }, @@ -801,8 +801,8 @@ } }, "params": { - "UseFIPS": true, "Region": "ap-northeast-1", + "UseFIPS": true, "UseDualStack": false } }, @@ -814,8 +814,8 @@ } }, "params": { - "UseFIPS": false, "Region": "ap-northeast-1", + "UseFIPS": false, "UseDualStack": true } }, @@ -827,8 +827,8 @@ } }, "params": { - "UseFIPS": false, "Region": "ap-northeast-1", + "UseFIPS": false, "UseDualStack": false } }, @@ -840,8 +840,8 @@ } }, "params": { - "UseFIPS": true, "Region": "me-south-1", + "UseFIPS": true, "UseDualStack": true } }, @@ -853,8 +853,8 @@ } }, "params": { - "UseFIPS": true, "Region": "me-south-1", + "UseFIPS": true, "UseDualStack": false } }, @@ -866,8 +866,8 @@ } }, "params": { - "UseFIPS": false, "Region": "me-south-1", + "UseFIPS": false, "UseDualStack": true } }, @@ -879,8 +879,8 @@ } }, "params": { - "UseFIPS": false, "Region": "me-south-1", + "UseFIPS": false, "UseDualStack": false } }, @@ -892,8 +892,8 @@ } }, "params": { - "UseFIPS": true, "Region": "sa-east-1", + "UseFIPS": true, "UseDualStack": true } }, @@ -905,8 +905,8 @@ } }, "params": { - "UseFIPS": true, "Region": "sa-east-1", + "UseFIPS": true, "UseDualStack": false } }, @@ -918,8 +918,8 @@ } }, "params": { - "UseFIPS": false, "Region": "sa-east-1", + "UseFIPS": false, "UseDualStack": true } }, @@ -931,8 +931,8 @@ } }, "params": { - "UseFIPS": false, "Region": "sa-east-1", + "UseFIPS": false, "UseDualStack": false } }, @@ -944,8 +944,8 @@ } }, "params": { - "UseFIPS": true, "Region": "ap-east-1", + "UseFIPS": true, "UseDualStack": true } }, @@ -957,8 +957,8 @@ } }, "params": { - "UseFIPS": true, "Region": "ap-east-1", + "UseFIPS": true, "UseDualStack": false } }, @@ -970,8 +970,8 @@ } }, "params": { - "UseFIPS": false, "Region": "ap-east-1", + "UseFIPS": false, "UseDualStack": true } }, @@ -983,8 +983,8 @@ } }, "params": { - "UseFIPS": false, "Region": "ap-east-1", + "UseFIPS": false, "UseDualStack": false } }, @@ -996,8 +996,8 @@ } }, "params": { - "UseFIPS": true, "Region": "cn-north-1", + "UseFIPS": true, "UseDualStack": true } }, @@ -1009,8 +1009,8 @@ } }, "params": { - "UseFIPS": true, "Region": "cn-north-1", + "UseFIPS": true, "UseDualStack": false } }, @@ -1022,8 +1022,8 @@ } }, "params": { - "UseFIPS": false, "Region": "cn-north-1", + "UseFIPS": false, "UseDualStack": true } }, @@ -1035,8 +1035,8 @@ } }, "params": { - "UseFIPS": false, "Region": "cn-north-1", + "UseFIPS": false, "UseDualStack": false } }, @@ -1048,8 +1048,8 @@ } }, "params": { - "UseFIPS": true, "Region": "us-gov-west-1", + "UseFIPS": true, "UseDualStack": true } }, @@ -1061,8 +1061,8 @@ } }, "params": { - "UseFIPS": true, "Region": "us-gov-west-1", + "UseFIPS": true, "UseDualStack": false } }, @@ -1074,8 +1074,8 @@ } }, "params": { - "UseFIPS": false, "Region": "us-gov-west-1", + "UseFIPS": false, "UseDualStack": true } }, @@ -1087,8 +1087,8 @@ } }, "params": { - "UseFIPS": false, "Region": "us-gov-west-1", + "UseFIPS": false, "UseDualStack": false } }, @@ -1100,8 +1100,8 @@ } }, "params": { - "UseFIPS": true, "Region": "ap-southeast-1", + "UseFIPS": true, "UseDualStack": true } }, @@ -1113,8 +1113,8 @@ } }, "params": { - "UseFIPS": true, "Region": "ap-southeast-1", + "UseFIPS": true, "UseDualStack": false } }, @@ -1126,8 +1126,8 @@ } }, "params": { - "UseFIPS": false, "Region": "ap-southeast-1", + "UseFIPS": false, "UseDualStack": true } }, @@ -1139,8 +1139,8 @@ } }, "params": { - "UseFIPS": false, "Region": "ap-southeast-1", + "UseFIPS": false, "UseDualStack": false } }, @@ -1152,8 +1152,8 @@ } }, "params": { - "UseFIPS": true, "Region": "ap-southeast-2", + "UseFIPS": true, "UseDualStack": true } }, @@ -1165,8 +1165,8 @@ } }, "params": { - "UseFIPS": true, "Region": "ap-southeast-2", + "UseFIPS": true, "UseDualStack": false } }, @@ -1178,8 +1178,8 @@ } }, "params": { - "UseFIPS": false, "Region": "ap-southeast-2", + "UseFIPS": false, "UseDualStack": true } }, @@ -1191,8 +1191,8 @@ } }, "params": { - "UseFIPS": false, "Region": "ap-southeast-2", + "UseFIPS": false, "UseDualStack": false } }, @@ -1202,8 +1202,8 @@ "error": "FIPS and DualStack are enabled, but this partition does not support one or both" }, "params": { - "UseFIPS": true, "Region": "us-iso-east-1", + "UseFIPS": true, "UseDualStack": true } }, @@ -1215,8 +1215,8 @@ } }, "params": { - "UseFIPS": true, "Region": "us-iso-east-1", + "UseFIPS": true, "UseDualStack": false } }, @@ -1226,8 +1226,8 @@ "error": "DualStack is enabled but this partition does not support DualStack" }, "params": { - "UseFIPS": false, "Region": "us-iso-east-1", + "UseFIPS": false, "UseDualStack": true } }, @@ -1239,8 +1239,8 @@ } }, "params": { - "UseFIPS": false, "Region": "us-iso-east-1", + "UseFIPS": false, "UseDualStack": false } }, @@ -1252,8 +1252,8 @@ } }, "params": { - "UseFIPS": true, "Region": "ap-southeast-3", + "UseFIPS": true, "UseDualStack": true } }, @@ -1265,8 +1265,8 @@ } }, "params": { - "UseFIPS": true, "Region": "ap-southeast-3", + "UseFIPS": true, "UseDualStack": false } }, @@ -1278,8 +1278,8 @@ } }, "params": { - "UseFIPS": false, "Region": "ap-southeast-3", + "UseFIPS": false, "UseDualStack": true } }, @@ -1291,8 +1291,8 @@ } }, "params": { - "UseFIPS": false, "Region": "ap-southeast-3", + "UseFIPS": false, "UseDualStack": false } }, @@ -1304,8 +1304,8 @@ } }, "params": { - "UseFIPS": true, "Region": "us-east-1", + "UseFIPS": true, "UseDualStack": true } }, @@ -1317,8 +1317,8 @@ } }, "params": { - "UseFIPS": true, "Region": "us-east-1", + "UseFIPS": true, "UseDualStack": false } }, @@ -1330,8 +1330,8 @@ } }, "params": { - "UseFIPS": false, "Region": "us-east-1", + "UseFIPS": false, "UseDualStack": true } }, @@ -1343,8 +1343,8 @@ } }, "params": { - "UseFIPS": false, "Region": "us-east-1", + "UseFIPS": false, "UseDualStack": false } }, @@ -1356,8 +1356,8 @@ } }, "params": { - "UseFIPS": true, "Region": "us-east-2", + "UseFIPS": true, "UseDualStack": true } }, @@ -1369,8 +1369,8 @@ } }, "params": { - "UseFIPS": true, "Region": "us-east-2", + "UseFIPS": true, "UseDualStack": false } }, @@ -1382,8 +1382,8 @@ } }, "params": { - "UseFIPS": false, "Region": "us-east-2", + "UseFIPS": false, "UseDualStack": true } }, @@ -1395,8 +1395,8 @@ } }, "params": { - "UseFIPS": false, "Region": "us-east-2", + "UseFIPS": false, "UseDualStack": false } }, @@ -1408,8 +1408,8 @@ } }, "params": { - "UseFIPS": true, "Region": "cn-northwest-1", + "UseFIPS": true, "UseDualStack": true } }, @@ -1421,8 +1421,8 @@ } }, "params": { - "UseFIPS": true, "Region": "cn-northwest-1", + "UseFIPS": true, "UseDualStack": false } }, @@ -1434,8 +1434,8 @@ } }, "params": { - "UseFIPS": false, "Region": "cn-northwest-1", + "UseFIPS": false, "UseDualStack": true } }, @@ -1447,8 +1447,8 @@ } }, "params": { - "UseFIPS": false, "Region": "cn-northwest-1", + "UseFIPS": false, "UseDualStack": false } }, @@ -1458,8 +1458,8 @@ "error": "FIPS and DualStack are enabled, but this partition does not support one or both" }, "params": { - "UseFIPS": true, "Region": "us-isob-east-1", + "UseFIPS": true, "UseDualStack": true } }, @@ -1471,8 +1471,8 @@ } }, "params": { - "UseFIPS": true, "Region": "us-isob-east-1", + "UseFIPS": true, "UseDualStack": false } }, @@ -1482,8 +1482,8 @@ "error": "DualStack is enabled but this partition does not support DualStack" }, "params": { - "UseFIPS": false, "Region": "us-isob-east-1", + "UseFIPS": false, "UseDualStack": true } }, @@ -1495,8 +1495,8 @@ } }, "params": { - "UseFIPS": false, "Region": "us-isob-east-1", + "UseFIPS": false, "UseDualStack": false } }, @@ -1508,8 +1508,8 @@ } }, "params": { - "UseFIPS": false, "Region": "us-east-1", + "UseFIPS": false, "UseDualStack": false, "Endpoint": "https://example.com" } @@ -1520,8 +1520,8 @@ "error": "Invalid Configuration: FIPS and custom endpoint are not supported" }, "params": { - "UseFIPS": true, "Region": "us-east-1", + "UseFIPS": true, "UseDualStack": false, "Endpoint": "https://example.com" } @@ -1532,8 +1532,8 @@ "error": "Invalid Configuration: Dualstack and custom endpoint are not supported" }, "params": { - "UseFIPS": false, "Region": "us-east-1", + "UseFIPS": false, "UseDualStack": true, "Endpoint": "https://example.com" } diff --git a/models/apis/wafv2/2019-07-29/api-2.json b/models/apis/wafv2/2019-07-29/api-2.json index b4965b3fdcb..e3b4640e5a4 100755 --- a/models/apis/wafv2/2019-07-29/api-2.json +++ b/models/apis/wafv2/2019-07-29/api-2.json @@ -130,7 +130,8 @@ {"shape":"WAFTagOperationInternalErrorException"}, {"shape":"WAFSubscriptionNotFoundException"}, {"shape":"WAFInvalidOperationException"}, - {"shape":"WAFConfigurationWarningException"} + {"shape":"WAFConfigurationWarningException"}, + {"shape":"WAFExpiredManagedRuleGroupVersionException"} ] }, "DeleteFirewallManagerRuleGroups":{ @@ -808,6 +809,13 @@ } }, "shapes":{ + "AWSManagedRulesBotControlRuleSet":{ + "type":"structure", + "required":["InspectionLevel"], + "members":{ + "InspectionLevel":{"shape":"InspectionLevel"} + } + }, "Action":{"type":"string"}, "ActionCondition":{ "type":"structure", @@ -823,6 +831,7 @@ "BLOCK", "COUNT", "CAPTCHA", + "CHALLENGE", "EXCLUDED_AS_COUNT" ] }, @@ -925,6 +934,26 @@ "FailureReason":{"shape":"FailureReason"} } }, + "ChallengeAction":{ + "type":"structure", + "members":{ + "CustomRequestHandling":{"shape":"CustomRequestHandling"} + } + }, + "ChallengeConfig":{ + "type":"structure", + "members":{ + "ImmunityTimeProperty":{"shape":"ImmunityTimeProperty"} + } + }, + "ChallengeResponse":{ + "type":"structure", + "members":{ + "ResponseCode":{"shape":"ResponseCode"}, + "SolveTimestamp":{"shape":"SolveTimestamp"}, + "FailureReason":{"shape":"FailureReason"} + } + }, "CheckCapacityRequest":{ "type":"structure", "required":[ @@ -1349,7 +1378,9 @@ "VisibilityConfig":{"shape":"VisibilityConfig"}, "Tags":{"shape":"TagList"}, "CustomResponseBodies":{"shape":"CustomResponseBodies"}, - "CaptchaConfig":{"shape":"CaptchaConfig"} + "CaptchaConfig":{"shape":"CaptchaConfig"}, + "ChallengeConfig":{"shape":"ChallengeConfig"}, + "TokenDomains":{"shape":"TokenDomains"} } }, "CreateWebACLResponse":{ @@ -1622,7 +1653,9 @@ "type":"string", "enum":[ "TOKEN_MISSING", - "TOKEN_EXPIRED" + "TOKEN_EXPIRED", + "TOKEN_INVALID", + "TOKEN_DOMAIN_MISMATCH" ] }, "FallbackBehavior":{ @@ -2100,6 +2133,13 @@ "ImmunityTime":{"shape":"TimeWindowSecond"} } }, + "InspectionLevel":{ + "type":"string", + "enum":[ + "COMMON", + "TARGETED" + ] + }, "JsonBody":{ "type":"structure", "required":[ @@ -2436,7 +2476,8 @@ "LoginPath":{"shape":"LoginPathString"}, "PayloadType":{"shape":"PayloadType"}, "UsernameField":{"shape":"UsernameField"}, - "PasswordField":{"shape":"PasswordField"} + "PasswordField":{"shape":"PasswordField"}, + "AWSManagedRulesBotControlRuleSet":{"shape":"AWSManagedRulesBotControlRuleSet"} } }, "ManagedRuleGroupConfigs":{ @@ -2456,7 +2497,8 @@ "Version":{"shape":"VersionKeyString"}, "ExcludedRules":{"shape":"ExcludedRules"}, "ScopeDownStatement":{"shape":"Statement"}, - "ManagedRuleGroupConfigs":{"shape":"ManagedRuleGroupConfigs"} + "ManagedRuleGroupConfigs":{"shape":"ManagedRuleGroupConfigs"}, + "RuleActionOverrides":{"shape":"RuleActionOverrides"} } }, "ManagedRuleGroupSummaries":{ @@ -2665,7 +2707,9 @@ "HEADER_MATCH_PATTERN", "COOKIE_MATCH_PATTERN", "MAP_MATCH_SCOPE", - "OVERSIZE_HANDLING" + "OVERSIZE_HANDLING", + "CHALLENGE_CONFIG", + "TOKEN_DOMAIN" ] }, "ParameterExceptionParameter":{ @@ -2942,7 +2986,8 @@ "OverrideAction":{"shape":"OverrideAction"}, "RuleLabels":{"shape":"Labels"}, "VisibilityConfig":{"shape":"VisibilityConfig"}, - "CaptchaConfig":{"shape":"CaptchaConfig"} + "CaptchaConfig":{"shape":"CaptchaConfig"}, + "ChallengeConfig":{"shape":"ChallengeConfig"} } }, "RuleAction":{ @@ -2951,9 +2996,27 @@ "Block":{"shape":"BlockAction"}, "Allow":{"shape":"AllowAction"}, "Count":{"shape":"CountAction"}, - "Captcha":{"shape":"CaptchaAction"} + "Captcha":{"shape":"CaptchaAction"}, + "Challenge":{"shape":"ChallengeAction"} + } + }, + "RuleActionOverride":{ + "type":"structure", + "required":[ + "Name", + "ActionToUse" + ], + "members":{ + "Name":{"shape":"EntityName"}, + "ActionToUse":{"shape":"RuleAction"} } }, + "RuleActionOverrides":{ + "type":"list", + "member":{"shape":"RuleActionOverride"}, + "max":100, + "min":1 + }, "RuleGroup":{ "type":"structure", "required":[ @@ -2982,7 +3045,8 @@ "required":["ARN"], "members":{ "ARN":{"shape":"ResourceArn"}, - "ExcludedRules":{"shape":"ExcludedRules"} + "ExcludedRules":{"shape":"ExcludedRules"}, + "RuleActionOverrides":{"shape":"RuleActionOverrides"} } }, "RuleGroupSummaries":{ @@ -3037,7 +3101,9 @@ "RequestHeadersInserted":{"shape":"HTTPHeaders"}, "ResponseCodeSent":{"shape":"ResponseStatusCode"}, "Labels":{"shape":"Labels"}, - "CaptchaResponse":{"shape":"CaptchaResponse"} + "CaptchaResponse":{"shape":"CaptchaResponse"}, + "ChallengeResponse":{"shape":"ChallengeResponse"}, + "OverriddenAction":{"shape":"Action"} } }, "SampledHTTPRequests":{ @@ -3259,6 +3325,17 @@ "min":60 }, "Timestamp":{"type":"timestamp"}, + "TokenDomain":{ + "type":"string", + "max":253, + "min":1, + "pattern":"^[\\w\\.\\-/]+$" + }, + "TokenDomains":{ + "type":"list", + "member":{"shape":"TokenDomain"}, + "min":1 + }, "URIString":{"type":"string"}, "UntagResourceRequest":{ "type":"structure", @@ -3397,7 +3474,9 @@ "VisibilityConfig":{"shape":"VisibilityConfig"}, "LockToken":{"shape":"LockToken"}, "CustomResponseBodies":{"shape":"CustomResponseBodies"}, - "CaptchaConfig":{"shape":"CaptchaConfig"} + "CaptchaConfig":{"shape":"CaptchaConfig"}, + "ChallengeConfig":{"shape":"ChallengeConfig"}, + "TokenDomains":{"shape":"TokenDomains"} } }, "UpdateWebACLResponse":{ @@ -3609,7 +3688,9 @@ "ManagedByFirewallManager":{"shape":"Boolean"}, "LabelNamespace":{"shape":"LabelName"}, "CustomResponseBodies":{"shape":"CustomResponseBodies"}, - "CaptchaConfig":{"shape":"CaptchaConfig"} + "CaptchaConfig":{"shape":"CaptchaConfig"}, + "ChallengeConfig":{"shape":"ChallengeConfig"}, + "TokenDomains":{"shape":"TokenDomains"} } }, "WebACLSummaries":{ diff --git a/models/apis/wafv2/2019-07-29/docs-2.json b/models/apis/wafv2/2019-07-29/docs-2.json index 19735ba1cad..763d87807bc 100755 --- a/models/apis/wafv2/2019-07-29/docs-2.json +++ b/models/apis/wafv2/2019-07-29/docs-2.json @@ -17,11 +17,11 @@ "DeleteWebACL": "Deletes the specified WebACL.
You can only use this if ManagedByFirewallManager
is false in the specified WebACL.
Before deleting any web ACL, first disassociate it from all resources.
To retrieve a list of the resources that are associated with a web ACL, use the following calls:
For regional resources, call ListResourcesForWebACL.
For Amazon CloudFront distributions, use the CloudFront call ListDistributionsByWebACLId
. For information, see ListDistributionsByWebACLId.
To disassociate a resource from a web ACL, use the following calls:
For regional resources, call DisassociateWebACL.
For Amazon CloudFront distributions, provide an empty web ACL ID in the CloudFront call UpdateDistribution
. For information, see UpdateDistribution.
Provides high-level information for a managed rule group, including descriptions of the rules.
", "DisassociateWebACL": "Disassociates the specified regional application resource from any existing web ACL association. A resource can have at most one web ACL association. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool.
For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To disassociate a web ACL, provide an empty web ACL ID in the CloudFront call UpdateDistribution
. For information, see UpdateDistribution.
Generates a presigned download URL for the specified release of the mobile SDK.
The mobile SDK is not generally available. Customers who have access to the mobile SDK can use it to establish and manage Security Token Service (STS) security tokens for use in HTTP(S) requests from a mobile device to WAF. For more information, see WAF client application integration in the WAF Developer Guide.
", + "GenerateMobileSdkReleaseUrl": "Generates a presigned download URL for the specified release of the mobile SDK.
The mobile SDK is not generally available. Customers who have access to the mobile SDK can use it to establish and manage WAF tokens for use in HTTP(S) requests from a mobile device to WAF. For more information, see WAF client application integration in the WAF Developer Guide.
", "GetIPSet": "Retrieves the specified IPSet.
", "GetLoggingConfiguration": "Returns the LoggingConfiguration for the specified web ACL.
", "GetManagedRuleSet": "Retrieves the specified managed rule set.
This is intended for use only by vendors of managed rule sets. Vendors are Amazon Web Services and Amazon Web Services Marketplace sellers.
Vendors, you can use the managed rule set APIs to provide controlled rollout of your versioned managed rule group offerings for your customers. The APIs are ListManagedRuleSets
, GetManagedRuleSet
, PutManagedRuleSetVersions
, and UpdateManagedRuleSetVersionExpiryDate
.
Retrieves information for the specified mobile SDK release, including release notes and tags.
The mobile SDK is not generally available. Customers who have access to the mobile SDK can use it to establish and manage Security Token Service (STS) security tokens for use in HTTP(S) requests from a mobile device to WAF. For more information, see WAF client application integration in the WAF Developer Guide.
", + "GetMobileSdkRelease": "Retrieves information for the specified mobile SDK release, including release notes and tags.
The mobile SDK is not generally available. Customers who have access to the mobile SDK can use it to establish and manage WAF tokens for use in HTTP(S) requests from a mobile device to WAF. For more information, see WAF client application integration in the WAF Developer Guide.
", "GetPermissionPolicy": "Returns the IAM policy that is attached to the specified rule group.
You must be the owner of the rule group to perform this operation.
", "GetRateBasedStatementManagedKeys": "Retrieves the keys that are currently blocked by a rate-based rule instance. The maximum number of managed keys that can be blocked for a single rate-based rule instance is 10,000. If more than 10,000 addresses exceed the rate limit, those with the highest rates are blocked.
For a rate-based rule that you've defined inside a rule group, provide the name of the rule group reference statement in your request, in addition to the rate-based rule name and the web ACL name.
WAF monitors web requests and manages keys independently for each unique combination of web ACL, optional rule group, and rate-based rule. For example, if you define a rate-based rule inside a rule group, and then use the rule group in a web ACL, WAF monitors web requests and manages keys for that web ACL, rule group reference statement, and rate-based rule instance. If you use the same rule group in a second web ACL, WAF monitors web requests and manages keys for this second usage completely independent of your first.
", "GetRegexPatternSet": "Retrieves the specified RegexPatternSet.
", @@ -34,7 +34,7 @@ "ListIPSets": "Retrieves an array of IPSetSummary objects for the IP sets that you manage.
", "ListLoggingConfigurations": "Retrieves an array of your LoggingConfiguration objects.
", "ListManagedRuleSets": "Retrieves the managed rule sets that you own.
This is intended for use only by vendors of managed rule sets. Vendors are Amazon Web Services and Amazon Web Services Marketplace sellers.
Vendors, you can use the managed rule set APIs to provide controlled rollout of your versioned managed rule group offerings for your customers. The APIs are ListManagedRuleSets
, GetManagedRuleSet
, PutManagedRuleSetVersions
, and UpdateManagedRuleSetVersionExpiryDate
.
Retrieves a list of the available releases for the mobile SDK and the specified device platform.
The mobile SDK is not generally available. Customers who have access to the mobile SDK can use it to establish and manage Security Token Service (STS) security tokens for use in HTTP(S) requests from a mobile device to WAF. For more information, see WAF client application integration in the WAF Developer Guide.
", + "ListMobileSdkReleases": "Retrieves a list of the available releases for the mobile SDK and the specified device platform.
The mobile SDK is not generally available. Customers who have access to the mobile SDK can use it to establish and manage WAF tokens for use in HTTP(S) requests from a mobile device to WAF. For more information, see WAF client application integration in the WAF Developer Guide.
", "ListRegexPatternSets": "Retrieves an array of RegexPatternSetSummary objects for the regex pattern sets that you manage.
", "ListResourcesForWebACL": "Retrieves an array of the Amazon Resource Names (ARNs) for the regional resources that are associated with the specified web ACL. If you want the list of Amazon CloudFront resources, use the CloudFront call ListDistributionsByWebACLId
.
Retrieves an array of RuleGroupSummary objects for the rule groups that you manage.
", @@ -52,10 +52,17 @@ "UpdateWebACL": "Updates the specified WebACL. While updating a web ACL, WAF provides continuous coverage to the resources that you have associated with the web ACL.
When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.
This operation completely replaces the mutable specifications that you already have for the web ACL with the ones that you provide to this call. To modify the web ACL, retrieve it by calling GetWebACL, update the settings as needed, and then provide the complete web ACL specification to this call.
A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, or an Amazon Cognito user pool.
" }, "shapes": { + "AWSManagedRulesBotControlRuleSet": { + "base": "Details for your use of the Bot Control managed rule group, used in ManagedRuleGroupConfig
.
Additional configuration for using the Bot Control managed rule group. Use this to specify the inspection level that you want to use. For information about using the Bot Control managed rule group, see WAF Bot Control rule group and WAF Bot Control in the WAF Developer Guide.
" + } + }, "Action": { "base": null, "refs": { - "SampledHTTPRequest$Action": "The action for the Rule
that the request matched: Allow
, Block
, or Count
.
The action that WAF applied to the request.
", + "SampledHTTPRequest$OverriddenAction": "Used only for rule group rules that have a rule action override in place in the web ACL. This is the action that the rule group rule is configured for, and not the action that was applied to the request. The action that WAF applied is the Action
value.
The action setting that a log record must contain in order to meet the condition.
" + "ActionCondition$Action": "The action setting that a log record must contain in order to meet the condition. This is the action that WAF applied to the web request.
For rule groups, this is either the configured rule action setting, or if you've applied a rule action override to the rule, it's the override action. The value EXCLUDED_AS_COUNT
matches on excluded rules and also on rules that have a rule action override of Count.
Specifies that WAF should run a CAPTCHA
check against the request:
If the request includes a valid, unexpired CAPTCHA
token, WAF allows the web request inspection to proceed to the next rule, similar to a CountAction
.
If the request doesn't include a valid, unexpired CAPTCHA
token, WAF discontinues the web ACL evaluation of the request and blocks it from going to its intended destination.
WAF generates a response that it sends back to the client, which includes the following:
The header x-amzn-waf-action
with a value of captcha
.
The HTTP status code 405 Method Not Allowed
.
If the request contains an Accept
header with a value of text/html
, the response includes a CAPTCHA
challenge.
You can configure the expiration time in the CaptchaConfig
ImmunityTimeProperty
setting at the rule and web ACL level. The rule setting overrides the web ACL setting.
This action option is available for rules. It isn't available for web ACL default actions.
", + "base": "Specifies that WAF should run a CAPTCHA
check against the request:
If the request includes a valid, unexpired CAPTCHA
token, WAF applies any custom request handling and labels that you've configured and then allows the web request inspection to proceed to the next rule, similar to a CountAction
.
If the request doesn't include a valid, unexpired token, WAF discontinues the web ACL evaluation of the request and blocks it from going to its intended destination.
WAF generates a response that it sends back to the client, which includes the following:
The header x-amzn-waf-action
with a value of captcha
.
The HTTP status code 405 Method Not Allowed
.
If the request contains an Accept
header with a value of text/html
, the response includes a CAPTCHA
JavaScript page interstitial.
You can configure the expiration time in the CaptchaConfig
ImmunityTimeProperty
setting at the rule and web ACL level. The rule setting overrides the web ACL setting.
This action option is available for rules. It isn't available for web ACL default actions.
", "refs": { "RuleAction$Captcha": "Instructs WAF to run a CAPTCHA
check against the web request.
The CAPTCHA
response for the request.
Specifies that WAF should run a Challenge
check against the request to verify that the request is coming from a legitimate client session:
If the request includes a valid, unexpired challenge token, WAF applies any custom request handling and labels that you've configured and then allows the web request inspection to proceed to the next rule, similar to a CountAction
.
If the request doesn't include a valid, unexpired challenge token, WAF discontinues the web ACL evaluation of the request and blocks it from going to its intended destination.
WAF then generates a challenge response that it sends back to the client, which includes the following:
The header x-amzn-waf-action
with a value of challenge
.
The HTTP status code 202 Request Accepted
.
If the request contains an Accept
header with a value of text/html
, the response includes a JavaScript page interstitial with a challenge script.
Challenges run silent browser interrogations in the background, and don't generally affect the end user experience.
A challenge enforces token acquisition using an interstitial JavaScript challenge that inspects the client session for legitimate behavior. The challenge blocks bots or at least increases the cost of operating sophisticated bots.
After the client session successfully responds to the challenge, it receives a new token from WAF, which the challenge script uses to resubmit the original request.
You can configure the expiration time in the ChallengeConfig
ImmunityTimeProperty
setting at the rule and web ACL level. The rule setting overrides the web ACL setting.
This action option is available for rules. It isn't available for web ACL default actions.
", + "refs": { + "RuleAction$Challenge": "Instructs WAF to run a Challenge
check against the web request.
Specifies how WAF should handle Challenge
evaluations. This is available at the web ACL level and in each rule.
Specifies how WAF should handle challenge evaluations for rules that don't have their own ChallengeConfig
settings. If you don't specify this, WAF uses its default settings for ChallengeConfig
.
Specifies how WAF should handle Challenge
evaluations. If you don't specify this, WAF uses the challenge configuration that's defined for the web ACL.
Specifies how WAF should handle challenge evaluations for rules that don't have their own ChallengeConfig
settings. If you don't specify this, WAF uses its default settings for ChallengeConfig
.
Specifies how WAF should handle challenge evaluations for rules that don't have their own ChallengeConfig
settings. If you don't specify this, WAF uses its default settings for ChallengeConfig
.
The result from the inspection of the web request for a valid challenge token.
", + "refs": { + "SampledHTTPRequest$ChallengeResponse": "The Challenge
response for the request.
Specifies that WAF should count the request. Optionally defines additional custom handling for the request.
This is used in the context of other settings, for example to specify values for RuleAction and web ACL DefaultAction.
", "refs": { - "OverrideAction$Count": "Override the rule group evaluation result to count only.
This option is usually set to none. It does not affect how the rules in the rule group are evaluated. If you want the rules in the rule group to only count matches, do not use this and instead exclude those rules in your rule group reference statement settings.
Override the rule group evaluation result to count only.
This option is usually set to none. It does not affect how the rules in the rule group are evaluated. If you want the rules in the rule group to only count matches, do not use this and instead use the rule action override option, with Count
action, in your rule group reference statement settings.
Instructs WAF to count the web request and then continue evaluating the request using the remaining rules in the web ACL.
" } }, @@ -317,10 +345,11 @@ } }, "CustomRequestHandling": { - "base": "Custom request handling behavior that inserts custom headers into a web request. You can add custom request handling for the rule actions allow and count.
For information about customizing web requests and responses, see Customizing web requests and responses in WAF in the WAF Developer Guide.
", + "base": "Custom request handling behavior that inserts custom headers into a web request. You can add custom request handling for WAF to use when the rule action doesn't block the request. For example, CaptchaAction
for requests with valid t okens, and AllowAction
.
For information about customizing web requests and responses, see Customizing web requests and responses in WAF in the WAF Developer Guide.
", "refs": { "AllowAction$CustomRequestHandling": "Defines custom handling for the web request.
For information about customizing web requests and responses, see Customizing web requests and responses in WAF in the WAF Developer Guide.
", - "CaptchaAction$CustomRequestHandling": "Defines custom handling for the web request.
For information about customizing web requests and responses, see Customizing web requests and responses in WAF in the WAF Developer Guide.
", + "CaptchaAction$CustomRequestHandling": "Defines custom handling for the web request, used when the CAPTCHA
inspection determines that the request's token is valid and unexpired.
For information about customizing web requests and responses, see Customizing web requests and responses in WAF in the WAF Developer Guide.
", + "ChallengeAction$CustomRequestHandling": "Defines custom handling for the web request, used when the challenge inspection determines that the request's token is valid and unexpired.
For information about customizing web requests and responses, see Customizing web requests and responses in WAF in the WAF Developer Guide.
", "CountAction$CustomRequestHandling": "Defines custom handling for the web request.
For information about customizing web requests and responses, see Customizing web requests and responses in WAF in the WAF Developer Guide.
" } }, @@ -541,6 +570,7 @@ "RegexPatternSet$Name": "The name of the set. You cannot change the name after you create the set.
", "RegexPatternSetSummary$Name": "The name of the data type instance. You cannot change the name after you create the instance.
", "Rule$Name": "The name of the rule. You can't change the name of a Rule
after you create it.
The name of the rule to override.
", "RuleGroup$Name": "The name of the rule group. You cannot change the name of a rule group after you create it.
", "RuleGroupSummary$Name": "The name of the data type instance. You cannot change the name after you create the instance.
", "RuleSummary$Name": "The name of the rule.
", @@ -584,7 +614,7 @@ } }, "ExcludedRule": { - "base": "Specifies a single rule in a rule group whose action you want to override to Count
. When you exclude a rule, WAF evaluates it exactly as it would if the rule action setting were Count
. This is a useful option for testing the rules in a rule group without modifying how they handle your web traffic.
Specifies a single rule in a rule group whose action you want to override to Count
.
Instead of this option, use RuleActionOverrides
. It accepts any valid action setting, including Count
.
The rules in the referenced rule group whose actions are set to Count
. When you exclude a rule, WAF evaluates it exactly as it would if the rule action setting were Count
. This is a useful option for testing the rules in a rule group without modifying how they handle your web traffic.
The rules in the referenced rule group whose actions are set to Count
. When you exclude a rule, WAF evaluates it exactly as it would if the rule action setting were Count
. This is a useful option for testing the rules in a rule group without modifying how they handle your web traffic.
Rules in the referenced rule group whose actions are set to Count
.
Instead of this option, use RuleActionOverrides
. It accepts any valid action setting, including Count
.
Rules in the referenced rule group whose actions are set to Count
.
Instead of this option, use RuleActionOverrides
. It accepts any valid action setting, including Count
.
The reason for failure, populated when the evaluation of the token fails.
" + "CaptchaResponse$FailureReason": "The reason for failure, populated when the evaluation of the token fails.
", + "ChallengeResponse$FailureReason": "The reason for failure, populated when the evaluation of the token fails.
" } }, "FallbackBehavior": { @@ -949,9 +980,16 @@ } }, "ImmunityTimeProperty": { - "base": "Determines how long a CAPTCHA
token remains valid after the client successfully solves a CAPTCHA
puzzle.
Used for CAPTCHA and challenge token settings. Determines how long a CAPTCHA
or challenge timestamp remains valid after WAF updates it for a successful CAPTCHA
or challenge response.
Determines how long a CAPTCHA
timestamp in the token remains valid after the client successfully solves a CAPTCHA
puzzle.
Determines how long a challenge timestamp in the token remains valid after the client successfully responds to a challenge.
" + } + }, + "InspectionLevel": { + "base": null, "refs": { - "CaptchaConfig$ImmunityTimeProperty": "Determines how long a CAPTCHA
token remains valid after the client successfully solves a CAPTCHA
puzzle.
The inspection level to use for the Bot Control rule group. The common level is the least expensive. The targeted level includes all common level rules and adds rules with more advanced inspection criteria. For details, see WAF Bot Control rule group.
" } }, "JsonBody": { @@ -1232,7 +1270,7 @@ } }, "ManagedRuleGroupConfig": { - "base": "Additional information that's used by a managed rule group. Most managed rule groups don't require this.
Use this for the account takeover prevention managed rule group AWSManagedRulesATPRuleSet
, to provide information about the sign-in page of your application.
You can provide multiple individual ManagedRuleGroupConfig
objects for any rule group configuration, for example UsernameField
and PasswordField
. The configuration that you provide depends on the needs of the managed rule group. For the ATP managed rule group, you provide the following individual configuration objects: LoginPath
, PasswordField
, PayloadType
and UsernameField
.
For example specifications, see the examples section of CreateWebACL.
", + "base": "Additional information that's used by a managed rule group. Many managed rule groups don't require this.
Use the AWSManagedRulesBotControlRuleSet
configuration object to configure the protection level that you want the Bot Control rule group to use.
For example specifications, see the examples section of CreateWebACL.
", "refs": { "ManagedRuleGroupConfigs$member": null } @@ -1240,7 +1278,7 @@ "ManagedRuleGroupConfigs": { "base": null, "refs": { - "ManagedRuleGroupStatement$ManagedRuleGroupConfigs": "Additional information that's used by a managed rule group. Most managed rule groups don't require this.
Use this for the account takeover prevention managed rule group AWSManagedRulesATPRuleSet
, to provide information about the sign-in page of your application.
You can provide multiple individual ManagedRuleGroupConfig
objects for any rule group configuration, for example UsernameField
and PasswordField
. The configuration that you provide depends on the needs of the managed rule group. For the ATP managed rule group, you provide the following individual configuration objects: LoginPath
, PasswordField
, PayloadType
and UsernameField
.
Additional information that's used by a managed rule group. Many managed rule groups don't require this.
Use the AWSManagedRulesBotControlRuleSet
configuration object to configure the protection level that you want the Bot Control rule group to use.
Information for a release of the mobile SDK, including release notes and tags.
The mobile SDK is not generally available. Customers who have access to the mobile SDK can use it to establish and manage Security Token Service (STS) security tokens for use in HTTP(S) requests from a mobile device to WAF. For more information, see WAF client application integration in the WAF Developer Guide.
", + "base": "Information for a release of the mobile SDK, including release notes and tags.
The mobile SDK is not generally available. Customers who have access to the mobile SDK can use it to establish and manage WAF tokens for use in HTTP(S) requests from a mobile device to WAF. For more information, see WAF client application integration in the WAF Developer Guide.
", "refs": { "GetMobileSdkReleaseResponse$MobileSdkRelease": "Information for a specified SDK release, including release notes and tags.
" } @@ -1374,10 +1412,10 @@ } }, "OverrideAction": { - "base": "The action to use in the place of the action that results from the rule group evaluation. Set the override action to none to leave the result of the rule group alone. Set it to count to override the result to count only.
You can only use this for rule statements that reference a rule group, like RuleGroupReferenceStatement
and ManagedRuleGroupStatement
.
This option is usually set to none. It does not affect how the rules in the rule group are evaluated. If you want the rules in the rule group to only count matches, do not use this and instead exclude those rules in your rule group reference statement settings.
The action to use in the place of the action that results from the rule group evaluation. Set the override action to none to leave the result of the rule group alone. Set it to count to override the result to count only.
You can only use this for rule statements that reference a rule group, like RuleGroupReferenceStatement
and ManagedRuleGroupStatement
.
This option is usually set to none. It does not affect how the rules in the rule group are evaluated. If you want the rules in the rule group to only count matches, do not use this and instead use the rule action override option, with Count
action, in your rule group reference statement settings.
The action to use in the place of the action that results from the rule group evaluation. Set the override action to none to leave the result of the rule group alone. Set it to count to override the result to count only.
You can only use this for rule statements that reference a rule group, like RuleGroupReferenceStatement
and ManagedRuleGroupStatement
.
This option is usually set to none. It does not affect how the rules in the rule group are evaluated. If you want the rules in the rule group to only count matches, do not use this and instead exclude those rules in your rule group reference statement settings.
The action to use in the place of the action that results from the rule group evaluation. Set the override action to none to leave the result of the rule group alone. Set it to count to override the result to count only.
You can only use this for rule statements that reference a rule group, like RuleGroupReferenceStatement
and ManagedRuleGroupStatement
.
This option is usually set to none. It does not affect how the rules in the rule group are evaluated. If you want the rules in the rule group to only count matches, do not use this and instead exclude those rules in your rule group reference statement settings.
The action to use in the place of the action that results from the rule group evaluation. Set the override action to none to leave the result of the rule group alone. Set it to count to override the result to count only.
You can only use this for rule statements that reference a rule group, like RuleGroupReferenceStatement
and ManagedRuleGroupStatement
.
This option is usually set to none. It does not affect how the rules in the rule group are evaluated. If you want the rules in the rule group to only count matches, do not use this and instead use the rule action override option, with Count
action, in your rule group reference statement settings.
The action to use in the place of the action that results from the rule group evaluation. Set the override action to none to leave the result of the rule group alone. Set it to count to override the result to count only.
You can only use this for rule statements that reference a rule group, like RuleGroupReferenceStatement
and ManagedRuleGroupStatement
.
This option is usually set to none. It does not affect how the rules in the rule group are evaluated. If you want the rules in the rule group to only count matches, do not use this and instead use the rule action override option, with Count
action, in your rule group reference statement settings.
The HTTP response code indicating the status of the CAPTCHA
token in the web request. If the token is missing, invalid, or expired, this code is 405 Method Not Allowed
.
The HTTP response code indicating the status of the CAPTCHA
token in the web request. If the token is missing, invalid, or expired, this code is 405 Method Not Allowed
.
The HTTP response code indicating the status of the challenge token in the web request. If the token is missing, invalid, or expired, this code is 202 Request Accepted
.
The action that WAF should take on a web request when it matches a rule's statement. Settings at the web ACL level can override the rule action setting.
", "refs": { "Rule$Action": "The action that WAF should take on a web request when it matches the rule statement. Settings at the web ACL level can override the rule action setting.
This is used only for rules whose statements do not reference a rule group. Rule statements that reference a rule group include RuleGroupReferenceStatement
and ManagedRuleGroupStatement
.
You must specify either this Action
setting or the rule OverrideAction
setting, but not both:
If the rule statement does not reference a rule group, use this rule action setting and not the rule override action setting.
If the rule statement references a rule group, use the override action setting and not this action setting.
The override action to use, in place of the configured action of the rule in the rule group.
", "RuleSummary$Action": "The action that WAF should take on a web request when it matches a rule's statement. Settings at the web ACL level can override the rule action setting.
" } }, + "RuleActionOverride": { + "base": "Action setting to use in the place of a rule action that is configured inside the rule group. You specify one override for each rule whose action you want to change.
You can use overrides for testing, for example you can override all of rule actions to Count
and then monitor the resulting count metrics to understand how the rule group would handle your web traffic. You can also permanently override some or all actions, to modify how the rule group manages your web traffic.
Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change.
You can use overrides for testing, for example you can override all of rule actions to Count
and then monitor the resulting count metrics to understand how the rule group would handle your web traffic. You can also permanently override some or all actions, to modify how the rule group manages your web traffic.
Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change.
You can use overrides for testing, for example you can override all of rule actions to Count
and then monitor the resulting count metrics to understand how the rule group would handle your web traffic. You can also permanently override some or all actions, to modify how the rule group manages your web traffic.
A rule group defines a collection of rules to inspect and control web requests that you can use in a WebACL. When you create a rule group, you define an immutable capacity limit. If you update a rule group, you must stay within the capacity. This allows others to reuse the rule group with confidence in its capacity requirements.
", "refs": { @@ -1845,7 +1898,8 @@ "SolveTimestamp": { "base": null, "refs": { - "CaptchaResponse$SolveTimestamp": "The time that the CAPTCHA
puzzle was solved for the supplied token.
The time that the CAPTCHA
was last solved for the supplied token.
The time that the challenge was last solved for the supplied token.
" } }, "SqliMatchStatement": { @@ -1970,7 +2024,7 @@ "TimeWindowSecond": { "base": null, "refs": { - "ImmunityTimeProperty$ImmunityTime": "The amount of time, in seconds, that a CAPTCHA
token is valid. The default setting is 300.
The amount of time, in seconds, that a CAPTCHA
or challenge timestamp is considered valid by WAF. The default setting is 300.
For the Challenge action, the minimum setting is 300.
" } }, "Timestamp": { @@ -1989,6 +2043,20 @@ "UpdateManagedRuleSetVersionExpiryDateResponse$ExpiryTimestamp": "The time that the version will expire.
Times are in Coordinated Universal Time (UTC) format. UTC format includes the special designator, Z. For example, \"2016-09-27T14:50Z\".
" } }, + "TokenDomain": { + "base": null, + "refs": { + "TokenDomains$member": null + } + }, + "TokenDomains": { + "base": null, + "refs": { + "CreateWebACLRequest$TokenDomains": "Specifies the domains that WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When WAF provides a token, it uses the domain of the Amazon Web Services resource that the web ACL is protecting. If you don't specify a list of token domains, WAF accepts tokens only for the domain of the protected resource. With a token domain list, WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
Example JSON: \"TokenDomains\": { \"mywebsite.com\", \"myotherwebsite.com\" }
Specifies the domains that WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When WAF provides a token, it uses the domain of the Amazon Web Services resource that the web ACL is protecting. If you don't specify a list of token domains, WAF accepts tokens only for the domain of the protected resource. With a token domain list, WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
Example JSON: \"TokenDomains\": { \"mywebsite.com\", \"myotherwebsite.com\" }
Specifies the domains that WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When WAF provides a token, it uses the domain of the Amazon Web Services resource that the web ACL is protecting. If you don't specify a list of token domains, WAF accepts tokens only for the domain of the protected resource. With a token domain list, WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
" + } + }, "URIString": { "base": null, "refs": { diff --git a/models/apis/wafv2/2019-07-29/endpoint-rule-set-1.json b/models/apis/wafv2/2019-07-29/endpoint-rule-set-1.json new file mode 100644 index 00000000000..2d500acd7da --- /dev/null +++ b/models/apis/wafv2/2019-07-29/endpoint-rule-set-1.json @@ -0,0 +1,315 @@ +{ + "version": "1.0", + "parameters": { + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "String" + }, + "UseDualStack": { + "builtIn": "AWS::UseDualStack", + "required": true, + "default": false, + "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", + "type": "Boolean" + }, + "UseFIPS": { + "builtIn": "AWS::UseFIPS", + "required": true, + "default": false, + "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", + "type": "Boolean" + }, + "Endpoint": { + "builtIn": "SDK::Endpoint", + "required": false, + "documentation": "Override the endpoint used to send this request", + "type": "String" + } + }, + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + }, + { + "fn": "parseURL", + "argv": [ + { + "ref": "Endpoint" + } + ], + "assign": "url" + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://wafv2-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://wafv2-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://wafv2.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" + } + ] + }, + { + "conditions": [], + "endpoint": { + "url": "https://wafv2.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] +} \ No newline at end of file diff --git a/models/apis/wafv2/2019-07-29/endpoint-tests-1.json b/models/apis/wafv2/2019-07-29/endpoint-tests-1.json new file mode 100644 index 00000000000..573c1f9c22a --- /dev/null +++ b/models/apis/wafv2/2019-07-29/endpoint-tests-1.json @@ -0,0 +1,1395 @@ +{ + "testCases": [ + { + "documentation": "For region ap-south-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.ap-south-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-south-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-south-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.ap-south-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-south-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-south-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2.ap-south-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-south-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-south-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2.ap-south-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-south-1", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-south-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.eu-south-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-south-1", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-south-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.eu-south-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-south-1", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-south-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2.eu-south-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-south-1", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-south-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2.eu-south-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-south-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.us-gov-east-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-gov-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.us-gov-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-gov-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2.us-gov-east-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-gov-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2.us-gov-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-gov-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ca-central-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.ca-central-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ca-central-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ca-central-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.ca-central-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ca-central-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ca-central-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2.ca-central-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ca-central-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ca-central-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2.ca-central-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ca-central-1", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-central-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.eu-central-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-central-1", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-central-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.eu-central-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-central-1", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-central-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2.eu-central-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-central-1", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-central-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2.eu-central-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-central-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-west-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.us-west-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-west-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-west-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.us-west-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-west-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-west-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2.us-west-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-west-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-west-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2.us-west-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-west-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-west-2 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.us-west-2.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-west-2", + "UseDualStack": true + } + }, + { + "documentation": "For region us-west-2 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.us-west-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-west-2", + "UseDualStack": false + } + }, + { + "documentation": "For region us-west-2 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2.us-west-2.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-west-2", + "UseDualStack": true + } + }, + { + "documentation": "For region us-west-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2.us-west-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-west-2", + "UseDualStack": false + } + }, + { + "documentation": "For region af-south-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.af-south-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "af-south-1", + "UseDualStack": true + } + }, + { + "documentation": "For region af-south-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.af-south-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "af-south-1", + "UseDualStack": false + } + }, + { + "documentation": "For region af-south-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2.af-south-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "af-south-1", + "UseDualStack": true + } + }, + { + "documentation": "For region af-south-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2.af-south-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "af-south-1", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-north-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.eu-north-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-north-1", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-north-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.eu-north-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-north-1", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-north-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2.eu-north-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-north-1", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-north-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2.eu-north-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-north-1", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-west-3 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.eu-west-3.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-west-3", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-west-3 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.eu-west-3.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-west-3", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-west-3 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2.eu-west-3.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-west-3", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-west-3 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2.eu-west-3.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-west-3", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-west-2 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.eu-west-2.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-west-2", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-west-2 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.eu-west-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-west-2", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-west-2 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2.eu-west-2.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-west-2", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-west-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2.eu-west-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-west-2", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-west-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.eu-west-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-west-1", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-west-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.eu-west-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "eu-west-1", + "UseDualStack": false + } + }, + { + "documentation": "For region eu-west-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2.eu-west-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-west-1", + "UseDualStack": true + } + }, + { + "documentation": "For region eu-west-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2.eu-west-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "eu-west-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-northeast-3 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.ap-northeast-3.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-northeast-3", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-northeast-3 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.ap-northeast-3.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-northeast-3", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-northeast-3 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2.ap-northeast-3.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-northeast-3", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-northeast-3 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2.ap-northeast-3.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-northeast-3", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-northeast-2 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.ap-northeast-2.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-northeast-2", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-northeast-2 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.ap-northeast-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-northeast-2", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2.ap-northeast-2.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-northeast-2", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2.ap-northeast-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-northeast-2", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-northeast-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.ap-northeast-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-northeast-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-northeast-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.ap-northeast-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-northeast-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2.ap-northeast-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-northeast-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2.ap-northeast-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-northeast-1", + "UseDualStack": false + } + }, + { + "documentation": "For region me-south-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.me-south-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "me-south-1", + "UseDualStack": true + } + }, + { + "documentation": "For region me-south-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.me-south-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "me-south-1", + "UseDualStack": false + } + }, + { + "documentation": "For region me-south-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2.me-south-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "me-south-1", + "UseDualStack": true + } + }, + { + "documentation": "For region me-south-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2.me-south-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "me-south-1", + "UseDualStack": false + } + }, + { + "documentation": "For region sa-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.sa-east-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "sa-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region sa-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.sa-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "sa-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region sa-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2.sa-east-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "sa-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region sa-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2.sa-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "sa-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.ap-east-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.ap-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2.ap-east-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2.ap-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.cn-north-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "UseFIPS": true, + "Region": "cn-north-1", + "UseDualStack": true + } + }, + { + "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.cn-north-1.amazonaws.com.cn" + } + }, + "params": { + "UseFIPS": true, + "Region": "cn-north-1", + "UseDualStack": false + } + }, + { + "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2.cn-north-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "UseFIPS": false, + "Region": "cn-north-1", + "UseDualStack": true + } + }, + { + "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2.cn-north-1.amazonaws.com.cn" + } + }, + "params": { + "UseFIPS": false, + "Region": "cn-north-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-gov-west-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.us-gov-west-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-gov-west-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-gov-west-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.us-gov-west-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-gov-west-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-gov-west-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2.us-gov-west-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-gov-west-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-gov-west-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2.us-gov-west-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-gov-west-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-southeast-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.ap-southeast-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-southeast-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-southeast-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.ap-southeast-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-southeast-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2.ap-southeast-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-southeast-1", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2.ap-southeast-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-southeast-1", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-southeast-2 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.ap-southeast-2.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-southeast-2", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-southeast-2 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.ap-southeast-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-southeast-2", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2.ap-southeast-2.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-southeast-2", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2.ap-southeast-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-southeast-2", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-southeast-3 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.ap-southeast-3.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-southeast-3", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-southeast-3 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.ap-southeast-3.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "ap-southeast-3", + "UseDualStack": false + } + }, + { + "documentation": "For region ap-southeast-3 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2.ap-southeast-3.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-southeast-3", + "UseDualStack": true + } + }, + { + "documentation": "For region ap-southeast-3 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2.ap-southeast-3.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "ap-southeast-3", + "UseDualStack": false + } + }, + { + "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.us-east-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.us-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2.us-east-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2.us-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-east-2 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.us-east-2.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-east-2", + "UseDualStack": true + } + }, + { + "documentation": "For region us-east-2 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.us-east-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-east-2", + "UseDualStack": false + } + }, + { + "documentation": "For region us-east-2 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2.us-east-2.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-east-2", + "UseDualStack": true + } + }, + { + "documentation": "For region us-east-2 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2.us-east-2.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-east-2", + "UseDualStack": false + } + }, + { + "documentation": "For region cn-northwest-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.cn-northwest-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "UseFIPS": true, + "Region": "cn-northwest-1", + "UseDualStack": true + } + }, + { + "documentation": "For region cn-northwest-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2-fips.cn-northwest-1.amazonaws.com.cn" + } + }, + "params": { + "UseFIPS": true, + "Region": "cn-northwest-1", + "UseDualStack": false + } + }, + { + "documentation": "For region cn-northwest-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://wafv2.cn-northwest-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "UseFIPS": false, + "Region": "cn-northwest-1", + "UseDualStack": true + } + }, + { + "documentation": "For region cn-northwest-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://wafv2.cn-northwest-1.amazonaws.com.cn" + } + }, + "params": { + "UseFIPS": false, + "Region": "cn-northwest-1", + "UseDualStack": false + } + }, + { + "documentation": "For custom endpoint with fips disabled and dualstack disabled", + "expect": { + "endpoint": { + "url": "https://example.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-east-1", + "UseDualStack": false, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "For custom endpoint with fips enabled and dualstack disabled", + "expect": { + "error": "Invalid Configuration: FIPS and custom endpoint are not supported" + }, + "params": { + "UseFIPS": true, + "Region": "us-east-1", + "UseDualStack": false, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "For custom endpoint with fips disabled and dualstack enabled", + "expect": { + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported" + }, + "params": { + "UseFIPS": false, + "Region": "us-east-1", + "UseDualStack": true, + "Endpoint": "https://example.com" + } + } + ], + "version": "1.0" +} \ No newline at end of file diff --git a/models/endpoints/endpoints.json b/models/endpoints/endpoints.json index cf3994c1ff8..2ec5e756f3f 100644 --- a/models/endpoints/endpoints.json +++ b/models/endpoints/endpoints.json @@ -2190,6 +2190,7 @@ "deprecated" : true, "hostname" : "cloudcontrolapi-fips.us-west-2.amazonaws.com" }, + "me-central-1" : { }, "me-south-1" : { }, "sa-east-1" : { }, "us-east-1" : { @@ -20372,7 +20373,8 @@ }, "ds" : { "endpoints" : { - "us-iso-east-1" : { } + "us-iso-east-1" : { }, + "us-iso-west-1" : { } } }, "dynamodb" : { diff --git a/service/ec2/api.go b/service/ec2/api.go index c13d0c3d3ad..f4a6ea08b6e 100644 --- a/service/ec2/api.go +++ b/service/ec2/api.go @@ -7148,9 +7148,10 @@ func (c *EC2) CreateReplaceRootVolumeTaskRequest(input *CreateReplaceRootVolumeT // CreateReplaceRootVolumeTask API operation for Amazon Elastic Compute Cloud. // -// Creates a root volume replacement task for an Amazon EC2 instance. The root -// volume can either be restored to its initial launch state, or it can be restored -// using a specific snapshot. +// Replaces the EBS-backed root volume for a running instance with a new volume +// that is restored to the original root volume's launch state, that is restored +// to a specific snapshot taken from the original root volume, or that is restored +// from an AMI that has the same key characteristics as that of the instance. // // For more information, see Replace a root volume (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-restoring-volume.html#replace-root) // in the Amazon Elastic Compute Cloud User Guide. @@ -67510,20 +67511,38 @@ type CreateReplaceRootVolumeTaskInput struct { // Ensuring idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `type:"string" idempotencyToken:"true"` + // Indicates whether to automatically delete the original root volume after + // the root volume replacement task completes. To delete the original root volume, + // specify true. If you choose to keep the original root volume after the replacement + // task completes, you must manually delete it when you no longer need it. + DeleteReplacedRootVolume *bool `type:"boolean"` + // Checks whether you have the required permissions for the action, without // actually making the request, and provides an error response. If you have // the required permissions, the error response is DryRunOperation. Otherwise, // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` + // The ID of the AMI to use to restore the root volume. The specified AMI must + // have the same product code, billing information, architecture type, and virtualization + // type as that of the instance. + // + // If you want to restore the replacement volume from a specific snapshot, or + // if you want to restore it to its launch state, omit this parameter. + ImageId *string `type:"string"` + // The ID of the instance for which to replace the root volume. // // InstanceId is a required field InstanceId *string `type:"string" required:"true"` // The ID of the snapshot from which to restore the replacement root volume. - // If you want to restore the volume to the initial launch state, omit this - // parameter. + // The specified snapshot must be a snapshot that you previously created from + // the original root volume. + // + // If you want to restore the replacement root volume to the initial launch + // state, or if you want to restore the replacement root volume from an AMI, + // omit this parameter. SnapshotId *string `type:"string"` // The tags to apply to the root volume replacement task. @@ -67567,12 +67586,24 @@ func (s *CreateReplaceRootVolumeTaskInput) SetClientToken(v string) *CreateRepla return s } +// SetDeleteReplacedRootVolume sets the DeleteReplacedRootVolume field's value. +func (s *CreateReplaceRootVolumeTaskInput) SetDeleteReplacedRootVolume(v bool) *CreateReplaceRootVolumeTaskInput { + s.DeleteReplacedRootVolume = &v + return s +} + // SetDryRun sets the DryRun field's value. func (s *CreateReplaceRootVolumeTaskInput) SetDryRun(v bool) *CreateReplaceRootVolumeTaskInput { s.DryRun = &v return s } +// SetImageId sets the ImageId field's value. +func (s *CreateReplaceRootVolumeTaskInput) SetImageId(v string) *CreateReplaceRootVolumeTaskInput { + s.ImageId = &v + return s +} + // SetInstanceId sets the InstanceId field's value. func (s *CreateReplaceRootVolumeTaskInput) SetInstanceId(v string) *CreateReplaceRootVolumeTaskInput { s.InstanceId = &v @@ -143965,12 +143996,22 @@ type ReplaceRootVolumeTask struct { // The time the task completed. CompleteTime *string `locationName:"completeTime" type:"string"` + // Indicates whether the original root volume is to be deleted after the root + // volume replacement task completes. + DeleteReplacedRootVolume *bool `locationName:"deleteReplacedRootVolume" type:"boolean"` + + // The ID of the AMI used to create the replacement root volume. + ImageId *string `locationName:"imageId" type:"string"` + // The ID of the instance for which the root volume replacement task was created. InstanceId *string `locationName:"instanceId" type:"string"` // The ID of the root volume replacement task. ReplaceRootVolumeTaskId *string `locationName:"replaceRootVolumeTaskId" type:"string"` + // The ID of the snapshot used to create the replacement root volume. + SnapshotId *string `locationName:"snapshotId" type:"string"` + // The time the task was started. StartTime *string `locationName:"startTime" type:"string"` @@ -144024,6 +144065,18 @@ func (s *ReplaceRootVolumeTask) SetCompleteTime(v string) *ReplaceRootVolumeTask return s } +// SetDeleteReplacedRootVolume sets the DeleteReplacedRootVolume field's value. +func (s *ReplaceRootVolumeTask) SetDeleteReplacedRootVolume(v bool) *ReplaceRootVolumeTask { + s.DeleteReplacedRootVolume = &v + return s +} + +// SetImageId sets the ImageId field's value. +func (s *ReplaceRootVolumeTask) SetImageId(v string) *ReplaceRootVolumeTask { + s.ImageId = &v + return s +} + // SetInstanceId sets the InstanceId field's value. func (s *ReplaceRootVolumeTask) SetInstanceId(v string) *ReplaceRootVolumeTask { s.InstanceId = &v @@ -144036,6 +144089,12 @@ func (s *ReplaceRootVolumeTask) SetReplaceRootVolumeTaskId(v string) *ReplaceRoo return s } +// SetSnapshotId sets the SnapshotId field's value. +func (s *ReplaceRootVolumeTask) SetSnapshotId(v string) *ReplaceRootVolumeTask { + s.SnapshotId = &v + return s +} + // SetStartTime sets the StartTime field's value. func (s *ReplaceRootVolumeTask) SetStartTime(v string) *ReplaceRootVolumeTask { s.StartTime = &v diff --git a/service/fms/api.go b/service/fms/api.go index f3311899f06..69f3df56da7 100644 --- a/service/fms/api.go +++ b/service/fms/api.go @@ -8193,6 +8193,40 @@ func (s *NetworkFirewallPolicyModifiedViolation) SetViolationTarget(v string) *N return s } +// The setting that allows the policy owner to change the behavior of the rule +// group within a policy. +type NetworkFirewallStatefulRuleGroupOverride struct { + _ struct{} `type:"structure"` + + // The action that changes the rule group from DROP to ALERT. This only applies + // to managed rule groups. + Action *string `type:"string" enum:"NetworkFirewallOverrideAction"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s NetworkFirewallStatefulRuleGroupOverride) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s NetworkFirewallStatefulRuleGroupOverride) GoString() string { + return s.String() +} + +// SetAction sets the Action field's value. +func (s *NetworkFirewallStatefulRuleGroupOverride) SetAction(v string) *NetworkFirewallStatefulRuleGroupOverride { + s.Action = &v + return s +} + // Violation detail for an unexpected route that's present in a route table. type NetworkFirewallUnexpectedFirewallRoutesViolation struct { _ struct{} `type:"structure"` @@ -10553,34 +10587,6 @@ type SecurityServicePolicyData struct { // "endpointLocation":{ "availabilityZoneConfigList":[ { "availabilityZoneName":"${AvailabilityZone}" // } ] } }, "allowedIPV4CidrList":[ ] } } } }" // - // * Specification for SHIELD_ADVANCED for Amazon CloudFront distributions - // "{\"type\":\"SHIELD_ADVANCED\",\"automaticResponseConfiguration\": {\"automaticResponseStatus\":\"ENABLED|IGNORED|DISABLED\", - // \"automaticResponseAction\":\"BLOCK|COUNT\"}, \"overrideCustomerWebaclClassic\":true|false}" - // For example: "{\"type\":\"SHIELD_ADVANCED\",\"automaticResponseConfiguration\": - // {\"automaticResponseStatus\":\"ENABLED\", \"automaticResponseAction\":\"COUNT\"}}" - // The default value for automaticResponseStatus is IGNORED. The value for - // automaticResponseAction is only required when automaticResponseStatus - // is set to ENABLED. The default value for overrideCustomerWebaclClassic - // is false. For other resource types that you can protect with a Shield - // Advanced policy, this ManagedServiceData configuration is an empty string. - // - // * Example: WAFV2 "{\"type\":\"WAFV2\",\"preProcessRuleGroups\":[{\"ruleGroupArn\":null,\"overrideAction\":{\"type\":\"NONE\"},\"managedRuleGroupIdentifier\":{\"version\":null,\"vendorName\":\"AWS\",\"managedRuleGroupName\":\"AWSManagedRulesAmazonIpReputationList\"},\"ruleGroupType\":\"ManagedRuleGroup\",\"excludeRules\":[{\"name\":\"NoUserAgent_HEADER\"}]}],\"postProcessRuleGroups\":[],\"defaultAction\":{\"type\":\"ALLOW\"},\"overrideCustomerWebACLAssociation\":false,\"loggingConfiguration\":{\"logDestinationConfigs\":[\"arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination\"],\"redactedFields\":[{\"redactedFieldType\":\"SingleHeader\",\"redactedFieldValue\":\"Cookies\"},{\"redactedFieldType\":\"Method\"}]}}" - // In the loggingConfiguration, you can specify one logDestinationConfigs, - // you can optionally provide up to 20 redactedFields, and the RedactedFieldType - // must be one of URI, QUERY_STRING, HEADER, or METHOD. - // - // * Example: WAF Classic "{\"type\": \"WAF\", \"ruleGroups\": [{\"id\":\"12345678-1bcd-9012-efga-0987654321ab\", - // \"overrideAction\" : {\"type\": \"COUNT\"}}], \"defaultAction\": {\"type\": - // \"BLOCK\"}}" - // - // * Example: WAFV2 - Firewall Manager support for WAF managed rule group - // versioning "{\"type\":\"WAFV2\",\"preProcessRuleGroups\":[{\"ruleGroupArn\":null,\"overrideAction\":{\"type\":\"NONE\"},\"managedRuleGroupIdentifier\":{\"versionEnabled\":true,\"version\":\"Version_2.0\",\"vendorName\":\"AWS\",\"managedRuleGroupName\":\"AWSManagedRulesCommonRuleSet\"},\"ruleGroupType\":\"ManagedRuleGroup\",\"excludeRules\":[{\"name\":\"NoUserAgent_HEADER\"}]}],\"postProcessRuleGroups\":[],\"defaultAction\":{\"type\":\"ALLOW\"},\"overrideCustomerWebACLAssociation\":false,\"loggingConfiguration\":{\"logDestinationConfigs\":[\"arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination\"],\"redactedFields\":[{\"redactedFieldType\":\"SingleHeader\",\"redactedFieldValue\":\"Cookies\"},{\"redactedFieldType\":\"Method\"}]}}" - // To use a specific version of a WAF managed rule group in your Firewall - // Manager policy, you must set versionEnabled to true, and set version to - // the version you'd like to use. If you don't set versionEnabled to true, - // or if you omit versionEnabled, then Firewall Manager uses the default - // version of the WAF managed rule group. - // // * Example: SECURITY_GROUPS_COMMON "{\"type\":\"SECURITY_GROUPS_COMMON\",\"revertManualSecurityGroupChanges\":false,\"exclusiveResourceSecurityGroupManagement\":false, // \"applyToAllEC2InstanceENIs\":false,\"securityGroups\":[{\"id\":\" sg-000e55995d61a06bd\"}]}" // @@ -10608,6 +10614,34 @@ type SecurityServicePolicyData struct { // or range in the policy security group. // // * Example: SECURITY_GROUPS_USAGE_AUDIT "{\"type\":\"SECURITY_GROUPS_USAGE_AUDIT\",\"deleteUnusedSecurityGroups\":true,\"coalesceRedundantSecurityGroups\":true}" + // + // * Specification for SHIELD_ADVANCED for Amazon CloudFront distributions + // "{\"type\":\"SHIELD_ADVANCED\",\"automaticResponseConfiguration\": {\"automaticResponseStatus\":\"ENABLED|IGNORED|DISABLED\", + // \"automaticResponseAction\":\"BLOCK|COUNT\"}, \"overrideCustomerWebaclClassic\":true|false}" + // For example: "{\"type\":\"SHIELD_ADVANCED\",\"automaticResponseConfiguration\": + // {\"automaticResponseStatus\":\"ENABLED\", \"automaticResponseAction\":\"COUNT\"}}" + // The default value for automaticResponseStatus is IGNORED. The value for + // automaticResponseAction is only required when automaticResponseStatus + // is set to ENABLED. The default value for overrideCustomerWebaclClassic + // is false. For other resource types that you can protect with a Shield + // Advanced policy, this ManagedServiceData configuration is an empty string. + // + // * Example: WAFV2 "{\"type\":\"WAFV2\",\"preProcessRuleGroups\":[{\"ruleGroupArn\":null,\"overrideAction\":{\"type\":\"NONE\"},\"managedRuleGroupIdentifier\":{\"version\":null,\"vendorName\":\"AWS\",\"managedRuleGroupName\":\"AWSManagedRulesAmazonIpReputationList\"},\"ruleGroupType\":\"ManagedRuleGroup\",\"excludeRules\":[{\"name\":\"NoUserAgent_HEADER\"}]}],\"postProcessRuleGroups\":[],\"defaultAction\":{\"type\":\"ALLOW\"},\"overrideCustomerWebACLAssociation\":false,\"loggingConfiguration\":{\"logDestinationConfigs\":[\"arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination\"],\"redactedFields\":[{\"redactedFieldType\":\"SingleHeader\",\"redactedFieldValue\":\"Cookies\"},{\"redactedFieldType\":\"Method\"}]}}" + // In the loggingConfiguration, you can specify one logDestinationConfigs, + // you can optionally provide up to 20 redactedFields, and the RedactedFieldType + // must be one of URI, QUERY_STRING, HEADER, or METHOD. + // + // * Example: WAFV2 - Firewall Manager support for WAF managed rule group + // versioning "{\"type\":\"WAFV2\",\"preProcessRuleGroups\":[{\"ruleGroupArn\":null,\"overrideAction\":{\"type\":\"NONE\"},\"managedRuleGroupIdentifier\":{\"versionEnabled\":true,\"version\":\"Version_2.0\",\"vendorName\":\"AWS\",\"managedRuleGroupName\":\"AWSManagedRulesCommonRuleSet\"},\"ruleGroupType\":\"ManagedRuleGroup\",\"excludeRules\":[{\"name\":\"NoUserAgent_HEADER\"}]}],\"postProcessRuleGroups\":[],\"defaultAction\":{\"type\":\"ALLOW\"},\"overrideCustomerWebACLAssociation\":false,\"loggingConfiguration\":{\"logDestinationConfigs\":[\"arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination\"],\"redactedFields\":[{\"redactedFieldType\":\"SingleHeader\",\"redactedFieldValue\":\"Cookies\"},{\"redactedFieldType\":\"Method\"}]}}" + // To use a specific version of a WAF managed rule group in your Firewall + // Manager policy, you must set versionEnabled to true, and set version to + // the version you'd like to use. If you don't set versionEnabled to true, + // or if you omit versionEnabled, then Firewall Manager uses the default + // version of the WAF managed rule group. + // + // * Example: WAF Classic "{\"type\": \"WAF\", \"ruleGroups\": [{\"id\":\"12345678-1bcd-9012-efga-0987654321ab\", + // \"overrideAction\" : {\"type\": \"COUNT\"}}], \"defaultAction\": {\"type\": + // \"BLOCK\"}}" ManagedServiceData *string `min:"1" type:"string"` // Contains the Network Firewall firewall policy options to configure a centralized @@ -10719,6 +10753,10 @@ func (s *StatefulEngineOptions) SetRuleOrder(v string) *StatefulEngineOptions { type StatefulRuleGroup struct { _ struct{} `type:"structure"` + // The action that allows the policy owner to override the behavior of the rule + // group within a policy. + Override *NetworkFirewallStatefulRuleGroupOverride `type:"structure"` + // An integer setting that indicates the order in which to run the stateful // rule groups in a single Network Firewall firewall policy. This setting only // applies to firewall policies that specify the STRICT_ORDER rule order in @@ -10758,6 +10796,12 @@ func (s StatefulRuleGroup) GoString() string { return s.String() } +// SetOverride sets the Override field's value. +func (s *StatefulRuleGroup) SetOverride(v *NetworkFirewallStatefulRuleGroupOverride) *StatefulRuleGroup { + s.Override = v + return s +} + // SetPriority sets the Priority field's value. func (s *StatefulRuleGroup) SetPriority(v int64) *StatefulRuleGroup { s.Priority = &v @@ -11569,6 +11613,18 @@ func MarketplaceSubscriptionOnboardingStatus_Values() []string { } } +const ( + // NetworkFirewallOverrideActionDropToAlert is a NetworkFirewallOverrideAction enum value + NetworkFirewallOverrideActionDropToAlert = "DROP_TO_ALERT" +) + +// NetworkFirewallOverrideAction_Values returns all elements of the NetworkFirewallOverrideAction enum +func NetworkFirewallOverrideAction_Values() []string { + return []string{ + NetworkFirewallOverrideActionDropToAlert, + } +} + const ( // PolicyComplianceStatusTypeCompliant is a PolicyComplianceStatusType enum value PolicyComplianceStatusTypeCompliant = "COMPLIANT" diff --git a/service/glue/api.go b/service/glue/api.go index c3df47e4a5c..1838f152258 100644 --- a/service/glue/api.go +++ b/service/glue/api.go @@ -26950,6 +26950,12 @@ type CreateCsvClassifierRequest struct { // Indicates whether the CSV file contains a header. ContainsHeader *string `type:"string" enum:"CsvHeaderOption"` + // Enables the configuration of custom datatypes. + CustomDatatypeConfigured *bool `type:"boolean"` + + // Creates a list of supported custom datatypes. + CustomDatatypes []*string `type:"list"` + // A custom symbol to denote what separates each column entry in the row. Delimiter *string `min:"1" type:"string"` @@ -27022,6 +27028,18 @@ func (s *CreateCsvClassifierRequest) SetContainsHeader(v string) *CreateCsvClass return s } +// SetCustomDatatypeConfigured sets the CustomDatatypeConfigured field's value. +func (s *CreateCsvClassifierRequest) SetCustomDatatypeConfigured(v bool) *CreateCsvClassifierRequest { + s.CustomDatatypeConfigured = &v + return s +} + +// SetCustomDatatypes sets the CustomDatatypes field's value. +func (s *CreateCsvClassifierRequest) SetCustomDatatypes(v []*string) *CreateCsvClassifierRequest { + s.CustomDatatypes = v + return s +} + // SetDelimiter sets the Delimiter field's value. func (s *CreateCsvClassifierRequest) SetDelimiter(v string) *CreateCsvClassifierRequest { s.Delimiter = &v @@ -30381,6 +30399,13 @@ type CsvClassifier struct { // The time that this classifier was registered. CreationTime *time.Time `type:"timestamp"` + // Enables the custom datatype to be configured. + CustomDatatypeConfigured *bool `type:"boolean"` + + // A list of custom datatypes including "BINARY", "BOOLEAN", "DATE", "DECIMAL", + // "DOUBLE", "FLOAT", "INT", "LONG", "SHORT", "STRING", "TIMESTAMP". + CustomDatatypes []*string `type:"list"` + // A custom symbol to denote what separates each column entry in the row. Delimiter *string `min:"1" type:"string"` @@ -30443,6 +30468,18 @@ func (s *CsvClassifier) SetCreationTime(v time.Time) *CsvClassifier { return s } +// SetCustomDatatypeConfigured sets the CustomDatatypeConfigured field's value. +func (s *CsvClassifier) SetCustomDatatypeConfigured(v bool) *CsvClassifier { + s.CustomDatatypeConfigured = &v + return s +} + +// SetCustomDatatypes sets the CustomDatatypes field's value. +func (s *CsvClassifier) SetCustomDatatypes(v []*string) *CsvClassifier { + s.CustomDatatypes = v + return s +} + // SetDelimiter sets the Delimiter field's value. func (s *CsvClassifier) SetDelimiter(v string) *CsvClassifier { s.Delimiter = &v @@ -61747,6 +61784,12 @@ type UpdateCsvClassifierRequest struct { // Indicates whether the CSV file contains a header. ContainsHeader *string `type:"string" enum:"CsvHeaderOption"` + // Specifies the configuration of custom datatypes. + CustomDatatypeConfigured *bool `type:"boolean"` + + // Specifies a list of supported custom datatypes. + CustomDatatypes []*string `type:"list"` + // A custom symbol to denote what separates each column entry in the row. Delimiter *string `min:"1" type:"string"` @@ -61819,6 +61862,18 @@ func (s *UpdateCsvClassifierRequest) SetContainsHeader(v string) *UpdateCsvClass return s } +// SetCustomDatatypeConfigured sets the CustomDatatypeConfigured field's value. +func (s *UpdateCsvClassifierRequest) SetCustomDatatypeConfigured(v bool) *UpdateCsvClassifierRequest { + s.CustomDatatypeConfigured = &v + return s +} + +// SetCustomDatatypes sets the CustomDatatypes field's value. +func (s *UpdateCsvClassifierRequest) SetCustomDatatypes(v []*string) *UpdateCsvClassifierRequest { + s.CustomDatatypes = v + return s +} + // SetDelimiter sets the Delimiter field's value. func (s *UpdateCsvClassifierRequest) SetDelimiter(v string) *UpdateCsvClassifierRequest { s.Delimiter = &v diff --git a/service/redshift/api.go b/service/redshift/api.go index ce271d20443..dbe8b2ebfe7 100644 --- a/service/redshift/api.go +++ b/service/redshift/api.go @@ -16237,8 +16237,10 @@ type CreateClusterInput struct { // The Elastic IP (EIP) address for the cluster. // // Constraints: The cluster must be provisioned in EC2-VPC and publicly-accessible - // through an Internet gateway. For more information about provisioning clusters - // in EC2-VPC, go to Supported Platforms to Launch Your Cluster (https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-clusters.html#cluster-platforms) + // through an Internet gateway. Don't specify the Elastic IP address for a publicly + // accessible cluster with availability zone relocation turned on. For more + // information about provisioning clusters in EC2-VPC, go to Supported Platforms + // to Launch Your Cluster (https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-clusters.html#cluster-platforms) // in the Amazon Redshift Cluster Management Guide. ElasticIp *string `type:"string"` @@ -31629,7 +31631,9 @@ type RestoreFromClusterSnapshotInput struct { // a snapshot. DefaultIamRoleArn *string `type:"string"` - // The elastic IP (EIP) address for the cluster. + // The Elastic IP (EIP) address for the cluster. Don't specify the Elastic IP + // address for a publicly accessible cluster with availability zone relocation + // turned on. ElasticIp *string `type:"string"` // Enables support for restoring an unencrypted snapshot to a cluster encrypted diff --git a/service/sagemaker/api.go b/service/sagemaker/api.go index 71ca81af623..41459ed3081 100644 --- a/service/sagemaker/api.go +++ b/service/sagemaker/api.go @@ -4149,8 +4149,8 @@ func (c *SageMaker) CreateTrainingJobRequest(input *CreateTrainingJobInput) (req // credentials are detected, SageMaker will reject your training job request // and return an exception error. // -// - InputDataConfig - Describes the training dataset and the Amazon S3, -// EFS, or FSx location where it is stored. +// - InputDataConfig - Describes the input required by the training job and +// the Amazon S3, EFS, or FSx location where it is stored. // // - OutputDataConfig - Identifies the Amazon S3 bucket where you want SageMaker // to save the results of model training. @@ -25561,6 +25561,18 @@ type AlgorithmSpecification struct { // raise a null error. AlgorithmName *string `min:"1" type:"string"` + // The arguments for a container used to run a training job. See How Amazon + // SageMaker Runs Your Training Image (https://docs.aws.amazon.com/sagemaker/latest/dg/your-algorithms-training-algo-dockerfile.html) + // for additional information. + ContainerArguments []*string `min:"1" type:"list"` + + // The entrypoint script for a Docker container (https://docs.docker.com/engine/reference/builder/) + // used to run a training job. This script takes precedence over the default + // train processing instructions. See How Amazon SageMaker Runs Your Training + // Image (https://docs.aws.amazon.com/sagemaker/latest/dg/your-algorithms-training-algo-dockerfile.html) + // for more information. + ContainerEntrypoint []*string `min:"1" type:"list"` + // To generate and save time-series metrics during training, set to true. The // default is false and time-series metrics aren't generated except in the following // cases: @@ -25658,6 +25670,12 @@ func (s *AlgorithmSpecification) Validate() error { if s.AlgorithmName != nil && len(*s.AlgorithmName) < 1 { invalidParams.Add(request.NewErrParamMinLen("AlgorithmName", 1)) } + if s.ContainerArguments != nil && len(s.ContainerArguments) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ContainerArguments", 1)) + } + if s.ContainerEntrypoint != nil && len(s.ContainerEntrypoint) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ContainerEntrypoint", 1)) + } if s.TrainingInputMode == nil { invalidParams.Add(request.NewErrParamRequired("TrainingInputMode")) } @@ -25684,6 +25702,18 @@ func (s *AlgorithmSpecification) SetAlgorithmName(v string) *AlgorithmSpecificat return s } +// SetContainerArguments sets the ContainerArguments field's value. +func (s *AlgorithmSpecification) SetContainerArguments(v []*string) *AlgorithmSpecification { + s.ContainerArguments = v + return s +} + +// SetContainerEntrypoint sets the ContainerEntrypoint field's value. +func (s *AlgorithmSpecification) SetContainerEntrypoint(v []*string) *AlgorithmSpecification { + s.ContainerEntrypoint = v + return s +} + // SetEnableSageMakerMetricsTimeSeries sets the EnableSageMakerMetricsTimeSeries field's value. func (s *AlgorithmSpecification) SetEnableSageMakerMetricsTimeSeries(v bool) *AlgorithmSpecification { s.EnableSageMakerMetricsTimeSeries = &v diff --git a/service/wafv2/api.go b/service/wafv2/api.go index 59ddfad0e8f..408cf6d0efe 100644 --- a/service/wafv2/api.go +++ b/service/wafv2/api.go @@ -816,6 +816,11 @@ func (c *WAFV2) CreateWebACLRequest(input *CreateWebACLInput) (req *request.Requ // the resource that you provide to this operation: Tag (key:WAF:OversizeFieldsHandlingConstraintOptOut, // value:true). // +// - WAFExpiredManagedRuleGroupVersionException +// The operation failed because the specified version for the managed rule group +// has expired. You can retrieve the available versions for the managed rule +// group by calling ListAvailableManagedRuleGroupVersions. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CreateWebACL func (c *WAFV2) CreateWebACL(input *CreateWebACLInput) (*CreateWebACLOutput, error) { req, out := c.CreateWebACLRequest(input) @@ -1938,9 +1943,9 @@ func (c *WAFV2) GenerateMobileSdkReleaseUrlRequest(input *GenerateMobileSdkRelea // SDK. // // The mobile SDK is not generally available. Customers who have access to the -// mobile SDK can use it to establish and manage Security Token Service (STS) -// security tokens for use in HTTP(S) requests from a mobile device to WAF. -// For more information, see WAF client application integration (https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html) +// mobile SDK can use it to establish and manage WAF tokens for use in HTTP(S) +// requests from a mobile device to WAF. For more information, see WAF client +// application integration (https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html) // in the WAF Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -2369,9 +2374,9 @@ func (c *WAFV2) GetMobileSdkReleaseRequest(input *GetMobileSdkReleaseInput) (req // notes and tags. // // The mobile SDK is not generally available. Customers who have access to the -// mobile SDK can use it to establish and manage Security Token Service (STS) -// security tokens for use in HTTP(S) requests from a mobile device to WAF. -// For more information, see WAF client application integration (https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html) +// mobile SDK can use it to establish and manage WAF tokens for use in HTTP(S) +// requests from a mobile device to WAF. For more information, see WAF client +// application integration (https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html) // in the WAF Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -3743,9 +3748,9 @@ func (c *WAFV2) ListMobileSdkReleasesRequest(input *ListMobileSdkReleasesInput) // device platform. // // The mobile SDK is not generally available. Customers who have access to the -// mobile SDK can use it to establish and manage Security Token Service (STS) -// security tokens for use in HTTP(S) requests from a mobile device to WAF. -// For more information, see WAF client application integration (https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html) +// mobile SDK can use it to establish and manage WAF tokens for use in HTTP(S) +// requests from a mobile device to WAF. For more information, see WAF client +// application integration (https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html) // in the WAF Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -5735,11 +5740,67 @@ func (c *WAFV2) UpdateWebACLWithContext(ctx aws.Context, input *UpdateWebACLInpu return out, req.Send() } +// Details for your use of the Bot Control managed rule group, used in ManagedRuleGroupConfig. +type AWSManagedRulesBotControlRuleSet struct { + _ struct{} `type:"structure"` + + // The inspection level to use for the Bot Control rule group. The common level + // is the least expensive. The targeted level includes all common level rules + // and adds rules with more advanced inspection criteria. For details, see WAF + // Bot Control rule group (https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-bot.html). + // + // InspectionLevel is a required field + InspectionLevel *string `type:"string" required:"true" enum:"InspectionLevel"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AWSManagedRulesBotControlRuleSet) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AWSManagedRulesBotControlRuleSet) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *AWSManagedRulesBotControlRuleSet) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AWSManagedRulesBotControlRuleSet"} + if s.InspectionLevel == nil { + invalidParams.Add(request.NewErrParamRequired("InspectionLevel")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetInspectionLevel sets the InspectionLevel field's value. +func (s *AWSManagedRulesBotControlRuleSet) SetInspectionLevel(v string) *AWSManagedRulesBotControlRuleSet { + s.InspectionLevel = &v + return s +} + // A single action condition for a Condition in a logging filter. type ActionCondition struct { _ struct{} `type:"structure"` // The action setting that a log record must contain in order to meet the condition. + // This is the action that WAF applied to the web request. + // + // For rule groups, this is either the configured rule action setting, or if + // you've applied a rule action override to the rule, it's the override action. + // The value EXCLUDED_AS_COUNT matches on excluded rules and also on rules that + // have a rule action override of Count. // // Action is a required field Action *string `type:"string" required:"true" enum:"ActionValue"` @@ -6336,16 +6397,18 @@ func (s *ByteMatchStatement) SetTextTransformations(v []*TextTransformation) *By // Specifies that WAF should run a CAPTCHA check against the request: // -// - If the request includes a valid, unexpired CAPTCHA token, WAF allows -// the web request inspection to proceed to the next rule, similar to a CountAction. +// - If the request includes a valid, unexpired CAPTCHA token, WAF applies +// any custom request handling and labels that you've configured and then +// allows the web request inspection to proceed to the next rule, similar +// to a CountAction. // -// - If the request doesn't include a valid, unexpired CAPTCHA token, WAF -// discontinues the web ACL evaluation of the request and blocks it from -// going to its intended destination. WAF generates a response that it sends -// back to the client, which includes the following: The header x-amzn-waf-action -// with a value of captcha. The HTTP status code 405 Method Not Allowed. -// If the request contains an Accept header with a value of text/html, the -// response includes a CAPTCHA challenge. +// - If the request doesn't include a valid, unexpired token, WAF discontinues +// the web ACL evaluation of the request and blocks it from going to its +// intended destination. WAF generates a response that it sends back to the +// client, which includes the following: The header x-amzn-waf-action with +// a value of captcha. The HTTP status code 405 Method Not Allowed. If the +// request contains an Accept header with a value of text/html, the response +// includes a CAPTCHA JavaScript page interstitial. // // You can configure the expiration time in the CaptchaConfig ImmunityTimeProperty // setting at the rule and web ACL level. The rule setting overrides the web @@ -6356,7 +6419,8 @@ func (s *ByteMatchStatement) SetTextTransformations(v []*TextTransformation) *By type CaptchaAction struct { _ struct{} `type:"structure"` - // Defines custom handling for the web request. + // Defines custom handling for the web request, used when the CAPTCHA inspection + // determines that the request's token is valid and unexpired. // // For information about customizing web requests and responses, see Customizing // web requests and responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html) @@ -6408,8 +6472,8 @@ func (s *CaptchaAction) SetCustomRequestHandling(v *CustomRequestHandling) *Capt type CaptchaConfig struct { _ struct{} `type:"structure"` - // Determines how long a CAPTCHA token remains valid after the client successfully - // solves a CAPTCHA puzzle. + // Determines how long a CAPTCHA timestamp in the token remains valid after + // the client successfully solves a CAPTCHA puzzle. ImmunityTimeProperty *ImmunityTimeProperty `type:"structure"` } @@ -6464,7 +6528,7 @@ type CaptchaResponse struct { // Method Not Allowed. ResponseCode *int64 `type:"integer"` - // The time that the CAPTCHA puzzle was solved for the supplied token. + // The time that the CAPTCHA was last solved for the supplied token. SolveTimestamp *int64 `type:"long"` } @@ -6504,6 +6568,188 @@ func (s *CaptchaResponse) SetSolveTimestamp(v int64) *CaptchaResponse { return s } +// Specifies that WAF should run a Challenge check against the request to verify +// that the request is coming from a legitimate client session: +// +// - If the request includes a valid, unexpired challenge token, WAF applies +// any custom request handling and labels that you've configured and then +// allows the web request inspection to proceed to the next rule, similar +// to a CountAction. +// +// - If the request doesn't include a valid, unexpired challenge token, WAF +// discontinues the web ACL evaluation of the request and blocks it from +// going to its intended destination. WAF then generates a challenge response +// that it sends back to the client, which includes the following: The header +// x-amzn-waf-action with a value of challenge. The HTTP status code 202 +// Request Accepted. If the request contains an Accept header with a value +// of text/html, the response includes a JavaScript page interstitial with +// a challenge script. Challenges run silent browser interrogations in the +// background, and don't generally affect the end user experience. A challenge +// enforces token acquisition using an interstitial JavaScript challenge +// that inspects the client session for legitimate behavior. The challenge +// blocks bots or at least increases the cost of operating sophisticated +// bots. After the client session successfully responds to the challenge, +// it receives a new token from WAF, which the challenge script uses to resubmit +// the original request. +// +// You can configure the expiration time in the ChallengeConfig ImmunityTimeProperty +// setting at the rule and web ACL level. The rule setting overrides the web +// ACL setting. +// +// This action option is available for rules. It isn't available for web ACL +// default actions. +type ChallengeAction struct { + _ struct{} `type:"structure"` + + // Defines custom handling for the web request, used when the challenge inspection + // determines that the request's token is valid and unexpired. + // + // For information about customizing web requests and responses, see Customizing + // web requests and responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html) + // in the WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). + CustomRequestHandling *CustomRequestHandling `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ChallengeAction) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ChallengeAction) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ChallengeAction) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ChallengeAction"} + if s.CustomRequestHandling != nil { + if err := s.CustomRequestHandling.Validate(); err != nil { + invalidParams.AddNested("CustomRequestHandling", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCustomRequestHandling sets the CustomRequestHandling field's value. +func (s *ChallengeAction) SetCustomRequestHandling(v *CustomRequestHandling) *ChallengeAction { + s.CustomRequestHandling = v + return s +} + +// Specifies how WAF should handle Challenge evaluations. This is available +// at the web ACL level and in each rule. +type ChallengeConfig struct { + _ struct{} `type:"structure"` + + // Determines how long a challenge timestamp in the token remains valid after + // the client successfully responds to a challenge. + ImmunityTimeProperty *ImmunityTimeProperty `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ChallengeConfig) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ChallengeConfig) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ChallengeConfig) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ChallengeConfig"} + if s.ImmunityTimeProperty != nil { + if err := s.ImmunityTimeProperty.Validate(); err != nil { + invalidParams.AddNested("ImmunityTimeProperty", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetImmunityTimeProperty sets the ImmunityTimeProperty field's value. +func (s *ChallengeConfig) SetImmunityTimeProperty(v *ImmunityTimeProperty) *ChallengeConfig { + s.ImmunityTimeProperty = v + return s +} + +// The result from the inspection of the web request for a valid challenge token. +type ChallengeResponse struct { + _ struct{} `type:"structure"` + + // The reason for failure, populated when the evaluation of the token fails. + FailureReason *string `type:"string" enum:"FailureReason"` + + // The HTTP response code indicating the status of the challenge token in the + // web request. If the token is missing, invalid, or expired, this code is 202 + // Request Accepted. + ResponseCode *int64 `type:"integer"` + + // The time that the challenge was last solved for the supplied token. + SolveTimestamp *int64 `type:"long"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ChallengeResponse) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ChallengeResponse) GoString() string { + return s.String() +} + +// SetFailureReason sets the FailureReason field's value. +func (s *ChallengeResponse) SetFailureReason(v string) *ChallengeResponse { + s.FailureReason = &v + return s +} + +// SetResponseCode sets the ResponseCode field's value. +func (s *ChallengeResponse) SetResponseCode(v int64) *ChallengeResponse { + s.ResponseCode = &v + return s +} + +// SetSolveTimestamp sets the SolveTimestamp field's value. +func (s *ChallengeResponse) SetSolveTimestamp(v int64) *ChallengeResponse { + s.SolveTimestamp = &v + return s +} + type CheckCapacityInput struct { _ struct{} `type:"structure"` @@ -7541,6 +7787,11 @@ type CreateWebACLInput struct { // its default settings for CaptchaConfig. CaptchaConfig *CaptchaConfig `type:"structure"` + // Specifies how WAF should handle challenge evaluations for rules that don't + // have their own ChallengeConfig settings. If you don't specify this, WAF uses + // its default settings for ChallengeConfig. + ChallengeConfig *ChallengeConfig `type:"structure"` + // A map of custom response keys and content bodies. When you create a rule // with a block action, you can send a custom response to the web request. You // define these for the web ACL, and then use them in the rules and default @@ -7594,6 +7845,17 @@ type CreateWebACLInput struct { // An array of key:value pairs to associate with the resource. Tags []*Tag `min:"1" type:"list"` + // Specifies the domains that WAF should accept in a web request token. This + // enables the use of tokens across multiple protected websites. When WAF provides + // a token, it uses the domain of the Amazon Web Services resource that the + // web ACL is protecting. If you don't specify a list of token domains, WAF + // accepts tokens only for the domain of the protected resource. With a token + // domain list, WAF accepts the resource's host domain plus all domains in the + // token domain list, including their prefixed subdomains. + // + // Example JSON: "TokenDomains": { "mywebsite.com", "myotherwebsite.com" } + TokenDomains []*string `min:"1" type:"list"` + // Defines and enables Amazon CloudWatch metrics and web request sample collection. // // VisibilityConfig is a required field @@ -7642,6 +7904,9 @@ func (s *CreateWebACLInput) Validate() error { if s.Tags != nil && len(s.Tags) < 1 { invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) } + if s.TokenDomains != nil && len(s.TokenDomains) < 1 { + invalidParams.Add(request.NewErrParamMinLen("TokenDomains", 1)) + } if s.VisibilityConfig == nil { invalidParams.Add(request.NewErrParamRequired("VisibilityConfig")) } @@ -7650,6 +7915,11 @@ func (s *CreateWebACLInput) Validate() error { invalidParams.AddNested("CaptchaConfig", err.(request.ErrInvalidParams)) } } + if s.ChallengeConfig != nil { + if err := s.ChallengeConfig.Validate(); err != nil { + invalidParams.AddNested("ChallengeConfig", err.(request.ErrInvalidParams)) + } + } if s.CustomResponseBodies != nil { for i, v := range s.CustomResponseBodies { if v == nil { @@ -7703,6 +7973,12 @@ func (s *CreateWebACLInput) SetCaptchaConfig(v *CaptchaConfig) *CreateWebACLInpu return s } +// SetChallengeConfig sets the ChallengeConfig field's value. +func (s *CreateWebACLInput) SetChallengeConfig(v *ChallengeConfig) *CreateWebACLInput { + s.ChallengeConfig = v + return s +} + // SetCustomResponseBodies sets the CustomResponseBodies field's value. func (s *CreateWebACLInput) SetCustomResponseBodies(v map[string]*CustomResponseBody) *CreateWebACLInput { s.CustomResponseBodies = v @@ -7745,6 +8021,12 @@ func (s *CreateWebACLInput) SetTags(v []*Tag) *CreateWebACLInput { return s } +// SetTokenDomains sets the TokenDomains field's value. +func (s *CreateWebACLInput) SetTokenDomains(v []*string) *CreateWebACLInput { + s.TokenDomains = v + return s +} + // SetVisibilityConfig sets the VisibilityConfig field's value. func (s *CreateWebACLInput) SetVisibilityConfig(v *VisibilityConfig) *CreateWebACLInput { s.VisibilityConfig = v @@ -7858,7 +8140,9 @@ func (s *CustomHTTPHeader) SetValue(v string) *CustomHTTPHeader { } // Custom request handling behavior that inserts custom headers into a web request. -// You can add custom request handling for the rule actions allow and count. +// You can add custom request handling for WAF to use when the rule action doesn't +// block the request. For example, CaptchaAction for requests with valid t okens, +// and AllowAction. // // For information about customizing web requests and responses, see Customizing // web requests and responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html) @@ -9275,9 +9559,10 @@ func (s DisassociateWebACLOutput) GoString() string { } // Specifies a single rule in a rule group whose action you want to override -// to Count. When you exclude a rule, WAF evaluates it exactly as it would if -// the rule action setting were Count. This is a useful option for testing the -// rules in a rule group without modifying how they handle your web traffic. +// to Count. +// +// Instead of this option, use RuleActionOverrides. It accepts any valid action +// setting, including Count. type ExcludedRule struct { _ struct{} `type:"structure"` @@ -9646,8 +9931,8 @@ type FirewallManagerRuleGroup struct { // // This option is usually set to none. It does not affect how the rules in the // rule group are evaluated. If you want the rules in the rule group to only - // count matches, do not use this and instead exclude those rules in your rule - // group reference statement settings. + // count matches, do not use this and instead use the rule action override option, + // with Count action, in your rule group reference statement settings. // // OverrideAction is a required field OverrideAction *OverrideAction `type:"structure" required:"true"` @@ -12181,13 +12466,16 @@ func (s *IPSetSummary) SetName(v string) *IPSetSummary { return s } -// Determines how long a CAPTCHA token remains valid after the client successfully -// solves a CAPTCHA puzzle. +// Used for CAPTCHA and challenge token settings. Determines how long a CAPTCHA +// or challenge timestamp remains valid after WAF updates it for a successful +// CAPTCHA or challenge response. type ImmunityTimeProperty struct { _ struct{} `type:"structure"` - // The amount of time, in seconds, that a CAPTCHA token is valid. The default - // setting is 300. + // The amount of time, in seconds, that a CAPTCHA or challenge timestamp is + // considered valid by WAF. The default setting is 300. + // + // For the Challenge action, the minimum setting is 300. // // ImmunityTime is a required field ImmunityTime *int64 `min:"60" type:"long" required:"true"` @@ -14312,22 +14600,24 @@ func (s *LoggingFilter) SetFilters(v []*Filter) *LoggingFilter { return s } -// Additional information that's used by a managed rule group. Most managed +// Additional information that's used by a managed rule group. Many managed // rule groups don't require this. // -// Use this for the account takeover prevention managed rule group AWSManagedRulesATPRuleSet, -// to provide information about the sign-in page of your application. -// -// You can provide multiple individual ManagedRuleGroupConfig objects for any -// rule group configuration, for example UsernameField and PasswordField. The -// configuration that you provide depends on the needs of the managed rule group. -// For the ATP managed rule group, you provide the following individual configuration -// objects: LoginPath, PasswordField, PayloadType and UsernameField. +// Use the AWSManagedRulesBotControlRuleSet configuration object to configure +// the protection level that you want the Bot Control rule group to use. // // For example specifications, see the examples section of CreateWebACL. type ManagedRuleGroupConfig struct { _ struct{} `type:"structure"` + // Additional configuration for using the Bot Control managed rule group. Use + // this to specify the inspection level that you want to use. For information + // about using the Bot Control managed rule group, see WAF Bot Control rule + // group (https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-bot.html) + // and WAF Bot Control (https://docs.aws.amazon.com/waf/latest/developerguide/waf-bot-control.html) + // in the WAF Developer Guide. + AWSManagedRulesBotControlRuleSet *AWSManagedRulesBotControlRuleSet `type:"structure"` + // The path of the login endpoint for your application. For example, for the // URL https://example.com/web/login, you would provide the path /web/login. LoginPath *string `min:"1" type:"string"` @@ -14366,6 +14656,11 @@ func (s *ManagedRuleGroupConfig) Validate() error { if s.LoginPath != nil && len(*s.LoginPath) < 1 { invalidParams.Add(request.NewErrParamMinLen("LoginPath", 1)) } + if s.AWSManagedRulesBotControlRuleSet != nil { + if err := s.AWSManagedRulesBotControlRuleSet.Validate(); err != nil { + invalidParams.AddNested("AWSManagedRulesBotControlRuleSet", err.(request.ErrInvalidParams)) + } + } if s.PasswordField != nil { if err := s.PasswordField.Validate(); err != nil { invalidParams.AddNested("PasswordField", err.(request.ErrInvalidParams)) @@ -14383,6 +14678,12 @@ func (s *ManagedRuleGroupConfig) Validate() error { return nil } +// SetAWSManagedRulesBotControlRuleSet sets the AWSManagedRulesBotControlRuleSet field's value. +func (s *ManagedRuleGroupConfig) SetAWSManagedRulesBotControlRuleSet(v *AWSManagedRulesBotControlRuleSet) *ManagedRuleGroupConfig { + s.AWSManagedRulesBotControlRuleSet = v + return s +} + // SetLoginPath sets the LoginPath field's value. func (s *ManagedRuleGroupConfig) SetLoginPath(v string) *ManagedRuleGroupConfig { s.LoginPath = &v @@ -14422,23 +14723,17 @@ func (s *ManagedRuleGroupConfig) SetUsernameField(v *UsernameField) *ManagedRule type ManagedRuleGroupStatement struct { _ struct{} `type:"structure"` - // The rules in the referenced rule group whose actions are set to Count. When - // you exclude a rule, WAF evaluates it exactly as it would if the rule action - // setting were Count. This is a useful option for testing the rules in a rule - // group without modifying how they handle your web traffic. + // Rules in the referenced rule group whose actions are set to Count. + // + // Instead of this option, use RuleActionOverrides. It accepts any valid action + // setting, including Count. ExcludedRules []*ExcludedRule `type:"list"` - // Additional information that's used by a managed rule group. Most managed + // Additional information that's used by a managed rule group. Many managed // rule groups don't require this. // - // Use this for the account takeover prevention managed rule group AWSManagedRulesATPRuleSet, - // to provide information about the sign-in page of your application. - // - // You can provide multiple individual ManagedRuleGroupConfig objects for any - // rule group configuration, for example UsernameField and PasswordField. The - // configuration that you provide depends on the needs of the managed rule group. - // For the ATP managed rule group, you provide the following individual configuration - // objects: LoginPath, PasswordField, PayloadType and UsernameField. + // Use the AWSManagedRulesBotControlRuleSet configuration object to configure + // the protection level that you want the Bot Control rule group to use. ManagedRuleGroupConfigs []*ManagedRuleGroupConfig `min:"1" type:"list"` // The name of the managed rule group. You use this, along with the vendor name, @@ -14447,6 +14742,17 @@ type ManagedRuleGroupStatement struct { // Name is a required field Name *string `min:"1" type:"string" required:"true"` + // Action settings to use in the place of the rule actions that are configured + // inside the rule group. You specify one override for each rule whose action + // you want to change. + // + // You can use overrides for testing, for example you can override all of rule + // actions to Count and then monitor the resulting count metrics to understand + // how the rule group would handle your web traffic. You can also permanently + // override some or all actions, to modify how the rule group manages your web + // traffic. + RuleActionOverrides []*RuleActionOverride `min:"1" type:"list"` + // An optional nested statement that narrows the scope of the web requests that // are evaluated by the managed rule group. Requests are only evaluated by the // rule group if they match the scope-down statement. You can use any nestable @@ -14497,6 +14803,9 @@ func (s *ManagedRuleGroupStatement) Validate() error { if s.Name != nil && len(*s.Name) < 1 { invalidParams.Add(request.NewErrParamMinLen("Name", 1)) } + if s.RuleActionOverrides != nil && len(s.RuleActionOverrides) < 1 { + invalidParams.Add(request.NewErrParamMinLen("RuleActionOverrides", 1)) + } if s.VendorName == nil { invalidParams.Add(request.NewErrParamRequired("VendorName")) } @@ -14526,6 +14835,16 @@ func (s *ManagedRuleGroupStatement) Validate() error { } } } + if s.RuleActionOverrides != nil { + for i, v := range s.RuleActionOverrides { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "RuleActionOverrides", i), err.(request.ErrInvalidParams)) + } + } + } if s.ScopeDownStatement != nil { if err := s.ScopeDownStatement.Validate(); err != nil { invalidParams.AddNested("ScopeDownStatement", err.(request.ErrInvalidParams)) @@ -14556,6 +14875,12 @@ func (s *ManagedRuleGroupStatement) SetName(v string) *ManagedRuleGroupStatement return s } +// SetRuleActionOverrides sets the RuleActionOverrides field's value. +func (s *ManagedRuleGroupStatement) SetRuleActionOverrides(v []*RuleActionOverride) *ManagedRuleGroupStatement { + s.RuleActionOverrides = v + return s +} + // SetScopeDownStatement sets the ScopeDownStatement field's value. func (s *ManagedRuleGroupStatement) SetScopeDownStatement(v *Statement) *ManagedRuleGroupStatement { s.ScopeDownStatement = v @@ -15047,9 +15372,9 @@ func (s Method) GoString() string { // tags. // // The mobile SDK is not generally available. Customers who have access to the -// mobile SDK can use it to establish and manage Security Token Service (STS) -// security tokens for use in HTTP(S) requests from a mobile device to WAF. -// For more information, see WAF client application integration (https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html) +// mobile SDK can use it to establish and manage WAF tokens for use in HTTP(S) +// requests from a mobile device to WAF. For more information, see WAF client +// application integration (https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html) // in the WAF Developer Guide. type MobileSdkRelease struct { _ struct{} `type:"structure"` @@ -15259,8 +15584,8 @@ func (s *OrStatement) SetStatements(v []*Statement) *OrStatement { // // This option is usually set to none. It does not affect how the rules in the // rule group are evaluated. If you want the rules in the rule group to only -// count matches, do not use this and instead exclude those rules in your rule -// group reference statement settings. +// count matches, do not use this and instead use the rule action override option, +// with Count action, in your rule group reference statement settings. type OverrideAction struct { _ struct{} `type:"structure"` @@ -15268,8 +15593,8 @@ type OverrideAction struct { // // This option is usually set to none. It does not affect how the rules in the // rule group are evaluated. If you want the rules in the rule group to only - // count matches, do not use this and instead exclude those rules in your rule - // group reference statement settings. + // count matches, do not use this and instead use the rule action override option, + // with Count action, in your rule group reference statement settings. Count *CountAction `type:"structure"` // Don't override the rule group evaluation result. This is the most common @@ -16508,6 +16833,10 @@ type Rule struct { // this, WAF uses the CAPTCHA configuration that's defined for the web ACL. CaptchaConfig *CaptchaConfig `type:"structure"` + // Specifies how WAF should handle Challenge evaluations. If you don't specify + // this, WAF uses the challenge configuration that's defined for the web ACL. + ChallengeConfig *ChallengeConfig `type:"structure"` + // The name of the rule. You can't change the name of a Rule after you create // it. // @@ -16523,8 +16852,8 @@ type Rule struct { // // This option is usually set to none. It does not affect how the rules in the // rule group are evaluated. If you want the rules in the rule group to only - // count matches, do not use this and instead exclude those rules in your rule - // group reference statement settings. + // count matches, do not use this and instead use the rule action override option, + // with Count action, in your rule group reference statement settings. OverrideAction *OverrideAction `type:"structure"` // If you define more than one Rule in a WebACL, WAF evaluates each request @@ -16616,6 +16945,11 @@ func (s *Rule) Validate() error { invalidParams.AddNested("CaptchaConfig", err.(request.ErrInvalidParams)) } } + if s.ChallengeConfig != nil { + if err := s.ChallengeConfig.Validate(); err != nil { + invalidParams.AddNested("ChallengeConfig", err.(request.ErrInvalidParams)) + } + } if s.OverrideAction != nil { if err := s.OverrideAction.Validate(); err != nil { invalidParams.AddNested("OverrideAction", err.(request.ErrInvalidParams)) @@ -16660,6 +16994,12 @@ func (s *Rule) SetCaptchaConfig(v *CaptchaConfig) *Rule { return s } +// SetChallengeConfig sets the ChallengeConfig field's value. +func (s *Rule) SetChallengeConfig(v *ChallengeConfig) *Rule { + s.ChallengeConfig = v + return s +} + // SetName sets the Name field's value. func (s *Rule) SetName(v string) *Rule { s.Name = &v @@ -16710,6 +17050,9 @@ type RuleAction struct { // Instructs WAF to run a CAPTCHA check against the web request. Captcha *CaptchaAction `type:"structure"` + // Instructs WAF to run a Challenge check against the web request. + Challenge *ChallengeAction `type:"structure"` + // Instructs WAF to count the web request and then continue evaluating the request // using the remaining rules in the web ACL. Count *CountAction `type:"structure"` @@ -16751,6 +17094,11 @@ func (s *RuleAction) Validate() error { invalidParams.AddNested("Captcha", err.(request.ErrInvalidParams)) } } + if s.Challenge != nil { + if err := s.Challenge.Validate(); err != nil { + invalidParams.AddNested("Challenge", err.(request.ErrInvalidParams)) + } + } if s.Count != nil { if err := s.Count.Validate(); err != nil { invalidParams.AddNested("Count", err.(request.ErrInvalidParams)) @@ -16781,12 +17129,96 @@ func (s *RuleAction) SetCaptcha(v *CaptchaAction) *RuleAction { return s } +// SetChallenge sets the Challenge field's value. +func (s *RuleAction) SetChallenge(v *ChallengeAction) *RuleAction { + s.Challenge = v + return s +} + // SetCount sets the Count field's value. func (s *RuleAction) SetCount(v *CountAction) *RuleAction { s.Count = v return s } +// Action setting to use in the place of a rule action that is configured inside +// the rule group. You specify one override for each rule whose action you want +// to change. +// +// You can use overrides for testing, for example you can override all of rule +// actions to Count and then monitor the resulting count metrics to understand +// how the rule group would handle your web traffic. You can also permanently +// override some or all actions, to modify how the rule group manages your web +// traffic. +type RuleActionOverride struct { + _ struct{} `type:"structure"` + + // The override action to use, in place of the configured action of the rule + // in the rule group. + // + // ActionToUse is a required field + ActionToUse *RuleAction `type:"structure" required:"true"` + + // The name of the rule to override. + // + // Name is a required field + Name *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RuleActionOverride) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RuleActionOverride) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *RuleActionOverride) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "RuleActionOverride"} + if s.ActionToUse == nil { + invalidParams.Add(request.NewErrParamRequired("ActionToUse")) + } + if s.Name == nil { + invalidParams.Add(request.NewErrParamRequired("Name")) + } + if s.Name != nil && len(*s.Name) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Name", 1)) + } + if s.ActionToUse != nil { + if err := s.ActionToUse.Validate(); err != nil { + invalidParams.AddNested("ActionToUse", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetActionToUse sets the ActionToUse field's value. +func (s *RuleActionOverride) SetActionToUse(v *RuleAction) *RuleActionOverride { + s.ActionToUse = v + return s +} + +// SetName sets the Name field's value. +func (s *RuleActionOverride) SetName(v string) *RuleActionOverride { + s.Name = &v + return s +} + // A rule group defines a collection of rules to inspect and control web requests // that you can use in a WebACL. When you create a rule group, you define an // immutable capacity limit. If you update a rule group, you must stay within @@ -16981,11 +17413,22 @@ type RuleGroupReferenceStatement struct { // ARN is a required field ARN *string `min:"20" type:"string" required:"true"` - // The rules in the referenced rule group whose actions are set to Count. When - // you exclude a rule, WAF evaluates it exactly as it would if the rule action - // setting were Count. This is a useful option for testing the rules in a rule - // group without modifying how they handle your web traffic. + // Rules in the referenced rule group whose actions are set to Count. + // + // Instead of this option, use RuleActionOverrides. It accepts any valid action + // setting, including Count. ExcludedRules []*ExcludedRule `type:"list"` + + // Action settings to use in the place of the rule actions that are configured + // inside the rule group. You specify one override for each rule whose action + // you want to change. + // + // You can use overrides for testing, for example you can override all of rule + // actions to Count and then monitor the resulting count metrics to understand + // how the rule group would handle your web traffic. You can also permanently + // override some or all actions, to modify how the rule group manages your web + // traffic. + RuleActionOverrides []*RuleActionOverride `min:"1" type:"list"` } // String returns the string representation. @@ -17015,6 +17458,9 @@ func (s *RuleGroupReferenceStatement) Validate() error { if s.ARN != nil && len(*s.ARN) < 20 { invalidParams.Add(request.NewErrParamMinLen("ARN", 20)) } + if s.RuleActionOverrides != nil && len(s.RuleActionOverrides) < 1 { + invalidParams.Add(request.NewErrParamMinLen("RuleActionOverrides", 1)) + } if s.ExcludedRules != nil { for i, v := range s.ExcludedRules { if v == nil { @@ -17025,6 +17471,16 @@ func (s *RuleGroupReferenceStatement) Validate() error { } } } + if s.RuleActionOverrides != nil { + for i, v := range s.RuleActionOverrides { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "RuleActionOverrides", i), err.(request.ErrInvalidParams)) + } + } + } if invalidParams.Len() > 0 { return invalidParams @@ -17044,6 +17500,12 @@ func (s *RuleGroupReferenceStatement) SetExcludedRules(v []*ExcludedRule) *RuleG return s } +// SetRuleActionOverrides sets the RuleActionOverrides field's value. +func (s *RuleGroupReferenceStatement) SetRuleActionOverrides(v []*RuleActionOverride) *RuleGroupReferenceStatement { + s.RuleActionOverrides = v + return s +} + // High-level information about a RuleGroup, returned by operations like create // and list. This provides information like the ID, that you can use to retrieve // and manage a RuleGroup, and the ARN, that you provide to the RuleGroupReferenceStatement @@ -17177,12 +17639,15 @@ func (s *RuleSummary) SetName(v string) *RuleSummary { type SampledHTTPRequest struct { _ struct{} `type:"structure"` - // The action for the Rule that the request matched: Allow, Block, or Count. + // The action that WAF applied to the request. Action *string `type:"string"` // The CAPTCHA response for the request. CaptchaResponse *CaptchaResponse `type:"structure"` + // The Challenge response for the request. + ChallengeResponse *ChallengeResponse `type:"structure"` + // Labels applied to the web request by matching rules. WAF applies fully qualified // labels to matching web requests. A fully qualified label is the concatenation // of a label namespace and a rule label. The rule's rule group or web ACL defines @@ -17192,6 +17657,12 @@ type SampledHTTPRequest struct { // or awswaf:managed:aws:managed-rule-set:header:encoding:utf8. Labels []*Label `type:"list"` + // Used only for rule group rules that have a rule action override in place + // in the web ACL. This is the action that the rule group rule is configured + // for, and not the action that was applied to the request. The action that + // WAF applied is the Action value. + OverriddenAction *string `type:"string"` + // A complex type that contains detailed information about the request. // // Request is a required field @@ -17253,12 +17724,24 @@ func (s *SampledHTTPRequest) SetCaptchaResponse(v *CaptchaResponse) *SampledHTTP return s } +// SetChallengeResponse sets the ChallengeResponse field's value. +func (s *SampledHTTPRequest) SetChallengeResponse(v *ChallengeResponse) *SampledHTTPRequest { + s.ChallengeResponse = v + return s +} + // SetLabels sets the Labels field's value. func (s *SampledHTTPRequest) SetLabels(v []*Label) *SampledHTTPRequest { s.Labels = v return s } +// SetOverriddenAction sets the OverriddenAction field's value. +func (s *SampledHTTPRequest) SetOverriddenAction(v string) *SampledHTTPRequest { + s.OverriddenAction = &v + return s +} + // SetRequest sets the Request field's value. func (s *SampledHTTPRequest) SetRequest(v *HTTPRequest) *SampledHTTPRequest { s.Request = v @@ -19409,6 +19892,11 @@ type UpdateWebACLInput struct { // its default settings for CaptchaConfig. CaptchaConfig *CaptchaConfig `type:"structure"` + // Specifies how WAF should handle challenge evaluations for rules that don't + // have their own ChallengeConfig settings. If you don't specify this, WAF uses + // its default settings for ChallengeConfig. + ChallengeConfig *ChallengeConfig `type:"structure"` + // A map of custom response keys and content bodies. When you create a rule // with a block action, you can send a custom response to the web request. You // define these for the web ACL, and then use them in the rules and default @@ -19478,6 +19966,17 @@ type UpdateWebACLInput struct { // Scope is a required field Scope *string `type:"string" required:"true" enum:"Scope"` + // Specifies the domains that WAF should accept in a web request token. This + // enables the use of tokens across multiple protected websites. When WAF provides + // a token, it uses the domain of the Amazon Web Services resource that the + // web ACL is protecting. If you don't specify a list of token domains, WAF + // accepts tokens only for the domain of the protected resource. With a token + // domain list, WAF accepts the resource's host domain plus all domains in the + // token domain list, including their prefixed subdomains. + // + // Example JSON: "TokenDomains": { "mywebsite.com", "myotherwebsite.com" } + TokenDomains []*string `min:"1" type:"list"` + // Defines and enables Amazon CloudWatch metrics and web request sample collection. // // VisibilityConfig is a required field @@ -19535,6 +20034,9 @@ func (s *UpdateWebACLInput) Validate() error { if s.Scope == nil { invalidParams.Add(request.NewErrParamRequired("Scope")) } + if s.TokenDomains != nil && len(s.TokenDomains) < 1 { + invalidParams.Add(request.NewErrParamMinLen("TokenDomains", 1)) + } if s.VisibilityConfig == nil { invalidParams.Add(request.NewErrParamRequired("VisibilityConfig")) } @@ -19543,6 +20045,11 @@ func (s *UpdateWebACLInput) Validate() error { invalidParams.AddNested("CaptchaConfig", err.(request.ErrInvalidParams)) } } + if s.ChallengeConfig != nil { + if err := s.ChallengeConfig.Validate(); err != nil { + invalidParams.AddNested("ChallengeConfig", err.(request.ErrInvalidParams)) + } + } if s.CustomResponseBodies != nil { for i, v := range s.CustomResponseBodies { if v == nil { @@ -19586,6 +20093,12 @@ func (s *UpdateWebACLInput) SetCaptchaConfig(v *CaptchaConfig) *UpdateWebACLInpu return s } +// SetChallengeConfig sets the ChallengeConfig field's value. +func (s *UpdateWebACLInput) SetChallengeConfig(v *ChallengeConfig) *UpdateWebACLInput { + s.ChallengeConfig = v + return s +} + // SetCustomResponseBodies sets the CustomResponseBodies field's value. func (s *UpdateWebACLInput) SetCustomResponseBodies(v map[string]*CustomResponseBody) *UpdateWebACLInput { s.CustomResponseBodies = v @@ -19634,6 +20147,12 @@ func (s *UpdateWebACLInput) SetScope(v string) *UpdateWebACLInput { return s } +// SetTokenDomains sets the TokenDomains field's value. +func (s *UpdateWebACLInput) SetTokenDomains(v []*string) *UpdateWebACLInput { + s.TokenDomains = v + return s +} + // SetVisibilityConfig sets the VisibilityConfig field's value. func (s *UpdateWebACLInput) SetVisibilityConfig(v *VisibilityConfig) *UpdateWebACLInput { s.VisibilityConfig = v @@ -21167,6 +21686,11 @@ type WebACL struct { // its default settings for CaptchaConfig. CaptchaConfig *CaptchaConfig `type:"structure"` + // Specifies how WAF should handle challenge evaluations for rules that don't + // have their own ChallengeConfig settings. If you don't specify this, WAF uses + // its default settings for ChallengeConfig. + ChallengeConfig *ChallengeConfig `type:"structure"` + // A map of custom response keys and content bodies. When you create a rule // with a block action, you can send a custom response to the web request. You // define these for the web ACL, and then use them in the rules and default @@ -21248,6 +21772,15 @@ type WebACL struct { // them. Rules []*Rule `type:"list"` + // Specifies the domains that WAF should accept in a web request token. This + // enables the use of tokens across multiple protected websites. When WAF provides + // a token, it uses the domain of the Amazon Web Services resource that the + // web ACL is protecting. If you don't specify a list of token domains, WAF + // accepts tokens only for the domain of the protected resource. With a token + // domain list, WAF accepts the resource's host domain plus all domains in the + // token domain list, including their prefixed subdomains. + TokenDomains []*string `min:"1" type:"list"` + // Defines and enables Amazon CloudWatch metrics and web request sample collection. // // VisibilityConfig is a required field @@ -21290,6 +21823,12 @@ func (s *WebACL) SetCaptchaConfig(v *CaptchaConfig) *WebACL { return s } +// SetChallengeConfig sets the ChallengeConfig field's value. +func (s *WebACL) SetChallengeConfig(v *ChallengeConfig) *WebACL { + s.ChallengeConfig = v + return s +} + // SetCustomResponseBodies sets the CustomResponseBodies field's value. func (s *WebACL) SetCustomResponseBodies(v map[string]*CustomResponseBody) *WebACL { s.CustomResponseBodies = v @@ -21350,6 +21889,12 @@ func (s *WebACL) SetRules(v []*Rule) *WebACL { return s } +// SetTokenDomains sets the TokenDomains field's value. +func (s *WebACL) SetTokenDomains(v []*string) *WebACL { + s.TokenDomains = v + return s +} + // SetVisibilityConfig sets the VisibilityConfig field's value. func (s *WebACL) SetVisibilityConfig(v *VisibilityConfig) *WebACL { s.VisibilityConfig = v @@ -21534,6 +22079,9 @@ const ( // ActionValueCaptcha is a ActionValue enum value ActionValueCaptcha = "CAPTCHA" + // ActionValueChallenge is a ActionValue enum value + ActionValueChallenge = "CHALLENGE" + // ActionValueExcludedAsCount is a ActionValue enum value ActionValueExcludedAsCount = "EXCLUDED_AS_COUNT" ) @@ -21545,6 +22093,7 @@ func ActionValue_Values() []string { ActionValueBlock, ActionValueCount, ActionValueCaptcha, + ActionValueChallenge, ActionValueExcludedAsCount, } } @@ -22615,6 +23164,12 @@ const ( // FailureReasonTokenExpired is a FailureReason enum value FailureReasonTokenExpired = "TOKEN_EXPIRED" + + // FailureReasonTokenInvalid is a FailureReason enum value + FailureReasonTokenInvalid = "TOKEN_INVALID" + + // FailureReasonTokenDomainMismatch is a FailureReason enum value + FailureReasonTokenDomainMismatch = "TOKEN_DOMAIN_MISMATCH" ) // FailureReason_Values returns all elements of the FailureReason enum @@ -22622,6 +23177,8 @@ func FailureReason_Values() []string { return []string{ FailureReasonTokenMissing, FailureReasonTokenExpired, + FailureReasonTokenInvalid, + FailureReasonTokenDomainMismatch, } } @@ -22709,6 +23266,22 @@ func IPAddressVersion_Values() []string { } } +const ( + // InspectionLevelCommon is a InspectionLevel enum value + InspectionLevelCommon = "COMMON" + + // InspectionLevelTargeted is a InspectionLevel enum value + InspectionLevelTargeted = "TARGETED" +) + +// InspectionLevel_Values returns all elements of the InspectionLevel enum +func InspectionLevel_Values() []string { + return []string{ + InspectionLevelCommon, + InspectionLevelTargeted, + } +} + const ( // JsonMatchScopeAll is a JsonMatchScope enum value JsonMatchScopeAll = "ALL" @@ -22974,6 +23547,12 @@ const ( // ParameterExceptionFieldOversizeHandling is a ParameterExceptionField enum value ParameterExceptionFieldOversizeHandling = "OVERSIZE_HANDLING" + + // ParameterExceptionFieldChallengeConfig is a ParameterExceptionField enum value + ParameterExceptionFieldChallengeConfig = "CHALLENGE_CONFIG" + + // ParameterExceptionFieldTokenDomain is a ParameterExceptionField enum value + ParameterExceptionFieldTokenDomain = "TOKEN_DOMAIN" ) // ParameterExceptionField_Values returns all elements of the ParameterExceptionField enum @@ -23042,6 +23621,8 @@ func ParameterExceptionField_Values() []string { ParameterExceptionFieldCookieMatchPattern, ParameterExceptionFieldMapMatchScope, ParameterExceptionFieldOversizeHandling, + ParameterExceptionFieldChallengeConfig, + ParameterExceptionFieldTokenDomain, } }