From 8ec3bc49702496035dd02b5f35311f135fbdc992 Mon Sep 17 00:00:00 2001 From: awssdkgo Date: Wed, 24 Aug 2022 18:25:35 +0000 Subject: [PATCH] Release v1.44.84 (2022-08-24) === ### Service Client Updates * `service/cloudfront`: Updates service API and documentation * Adds support for CloudFront origin access control (OAC), making it possible to restrict public access to S3 bucket origins in all AWS Regions, those with SSE-KMS, and more. * `service/config`: Updates service API and documentation * `service/iam`: Updates service documentation * Documentation updates for AWS Identity and Access Management (IAM). * `service/ivs`: Updates service documentation * `service/quicksight`: Updates service API and documentation * Added a new optional property DashboardVisual under ExperienceConfiguration parameter of GenerateEmbedUrlForAnonymousUser and GenerateEmbedUrlForRegisteredUser API operations. This supports embedding of specific visuals in QuickSight dashboards. * `service/transfer`: Updates service documentation * Documentation updates for AWS Transfer Family --- CHANGELOG.md | 15 + aws/version.go | 2 +- models/apis/cloudfront/2020-05-31/api-2.json | 435 +++- models/apis/cloudfront/2020-05-31/docs-2.json | 202 ++ models/apis/config/2014-11-12/api-2.json | 22 +- models/apis/config/2014-11-12/docs-2.json | 33 +- models/apis/iam/2010-05-08/docs-2.json | 8 +- models/apis/ivs/2020-07-14/docs-2.json | 8 +- models/apis/quicksight/2018-04-01/api-2.json | 33 +- models/apis/quicksight/2018-04-01/docs-2.json | 28 +- models/apis/transfer/2018-11-05/docs-2.json | 42 +- service/cloudfront/api.go | 1992 +++++++++++++++-- .../cloudfront/cloudfrontiface/interface.go | 24 + service/cloudfront/errors.go | 71 + service/configservice/api.go | 152 +- service/configservice/errors.go | 3 +- service/iam/api.go | 42 +- service/ivs/api.go | 54 +- service/ivs/doc.go | 9 +- service/quicksight/api.go | 260 ++- service/transfer/api.go | 145 +- service/transfer/doc.go | 16 +- 22 files changed, 3211 insertions(+), 385 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0e5c00dbb2..1bd1597372 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,18 @@ +Release v1.44.84 (2022-08-24) +=== + +### Service Client Updates +* `service/cloudfront`: Updates service API and documentation + * Adds support for CloudFront origin access control (OAC), making it possible to restrict public access to S3 bucket origins in all AWS Regions, those with SSE-KMS, and more. +* `service/config`: Updates service API and documentation +* `service/iam`: Updates service documentation + * Documentation updates for AWS Identity and Access Management (IAM). +* `service/ivs`: Updates service documentation +* `service/quicksight`: Updates service API and documentation + * Added a new optional property DashboardVisual under ExperienceConfiguration parameter of GenerateEmbedUrlForAnonymousUser and GenerateEmbedUrlForRegisteredUser API operations. This supports embedding of specific visuals in QuickSight dashboards. +* `service/transfer`: Updates service documentation + * Documentation updates for AWS Transfer Family + Release v1.44.83 (2022-08-23) === diff --git a/aws/version.go b/aws/version.go index 07db2feca4..e3033d4124 100644 --- a/aws/version.go +++ b/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.44.83" +const SDKVersion = "1.44.84" diff --git a/models/apis/cloudfront/2020-05-31/api-2.json b/models/apis/cloudfront/2020-05-31/api-2.json index 693f7a555e..6af6915571 100644 --- a/models/apis/cloudfront/2020-05-31/api-2.json +++ b/models/apis/cloudfront/2020-05-31/api-2.json @@ -79,6 +79,9 @@ {"shape":"DistributionAlreadyExists"}, {"shape":"InvalidOrigin"}, {"shape":"InvalidOriginAccessIdentity"}, + {"shape":"InvalidOriginAccessControl"}, + {"shape":"IllegalOriginAccessConfiguration"}, + {"shape":"TooManyDistributionsAssociatedToOriginAccessControl"}, {"shape":"AccessDenied"}, {"shape":"TooManyTrustedSigners"}, {"shape":"TrustedSignerDoesNotExist"}, @@ -133,7 +136,8 @@ {"shape":"TooManyKeyGroupsAssociatedToDistribution"}, {"shape":"TrustedKeyGroupDoesNotExist"}, {"shape":"NoSuchRealtimeLogConfig"}, - {"shape":"RealtimeLogConfigOwnerMismatch"} + {"shape":"RealtimeLogConfigOwnerMismatch"}, + {"shape":"InvalidDomainNameForOriginAccessControl"} ] }, "CreateDistributionWithTags":{ @@ -150,6 +154,7 @@ {"shape":"DistributionAlreadyExists"}, {"shape":"InvalidOrigin"}, {"shape":"InvalidOriginAccessIdentity"}, + {"shape":"InvalidOriginAccessControl"}, {"shape":"AccessDenied"}, {"shape":"TooManyTrustedSigners"}, {"shape":"TrustedSignerDoesNotExist"}, @@ -205,7 +210,8 @@ {"shape":"TooManyKeyGroupsAssociatedToDistribution"}, {"shape":"TrustedKeyGroupDoesNotExist"}, {"shape":"NoSuchRealtimeLogConfig"}, - {"shape":"RealtimeLogConfigOwnerMismatch"} + {"shape":"RealtimeLogConfigOwnerMismatch"}, + {"shape":"InvalidDomainNameForOriginAccessControl"} ] }, "CreateFieldLevelEncryptionConfig":{ @@ -308,16 +314,32 @@ "name":"CreateMonitoringSubscription2020_05_31", "http":{ "method":"POST", - "requestUri":"/2020-05-31/distributions/{DistributionId}/monitoring-subscription" + "requestUri":"/2020-05-31/distributions/{DistributionId}/monitoring-subscription/" }, "input":{"shape":"CreateMonitoringSubscriptionRequest"}, "output":{"shape":"CreateMonitoringSubscriptionResult"}, "errors":[ {"shape":"AccessDenied"}, {"shape":"NoSuchDistribution"}, + {"shape":"MonitoringSubscriptionAlreadyExists"}, {"shape":"UnsupportedOperation"} ] }, + "CreateOriginAccessControl":{ + "name":"CreateOriginAccessControl2020_05_31", + "http":{ + "method":"POST", + "requestUri":"/2020-05-31/origin-access-control", + "responseCode":201 + }, + "input":{"shape":"CreateOriginAccessControlRequest"}, + "output":{"shape":"CreateOriginAccessControlResult"}, + "errors":[ + {"shape":"OriginAccessControlAlreadyExists"}, + {"shape":"TooManyOriginAccessControls"}, + {"shape":"InvalidArgument"} + ] + }, "CreateOriginRequestPolicy":{ "name":"CreateOriginRequestPolicy2020_05_31", "http":{ @@ -406,6 +428,7 @@ {"shape":"StreamingDistributionAlreadyExists"}, {"shape":"InvalidOrigin"}, {"shape":"InvalidOriginAccessIdentity"}, + {"shape":"InvalidOriginAccessControl"}, {"shape":"AccessDenied"}, {"shape":"TooManyTrustedSigners"}, {"shape":"TrustedSignerDoesNotExist"}, @@ -430,6 +453,7 @@ {"shape":"StreamingDistributionAlreadyExists"}, {"shape":"InvalidOrigin"}, {"shape":"InvalidOriginAccessIdentity"}, + {"shape":"InvalidOriginAccessControl"}, {"shape":"AccessDenied"}, {"shape":"TooManyTrustedSigners"}, {"shape":"TrustedSignerDoesNotExist"}, @@ -557,16 +581,33 @@ "name":"DeleteMonitoringSubscription2020_05_31", "http":{ "method":"DELETE", - "requestUri":"/2020-05-31/distributions/{DistributionId}/monitoring-subscription" + "requestUri":"/2020-05-31/distributions/{DistributionId}/monitoring-subscription/" }, "input":{"shape":"DeleteMonitoringSubscriptionRequest"}, "output":{"shape":"DeleteMonitoringSubscriptionResult"}, "errors":[ {"shape":"AccessDenied"}, {"shape":"NoSuchDistribution"}, + {"shape":"NoSuchMonitoringSubscription"}, {"shape":"UnsupportedOperation"} ] }, + "DeleteOriginAccessControl":{ + "name":"DeleteOriginAccessControl2020_05_31", + "http":{ + "method":"DELETE", + "requestUri":"/2020-05-31/origin-access-control/{Id}", + "responseCode":204 + }, + "input":{"shape":"DeleteOriginAccessControlRequest"}, + "errors":[ + {"shape":"AccessDenied"}, + {"shape":"InvalidIfMatchVersion"}, + {"shape":"NoSuchOriginAccessControl"}, + {"shape":"PreconditionFailed"}, + {"shape":"OriginAccessControlInUse"} + ] + }, "DeleteOriginRequestPolicy":{ "name":"DeleteOriginRequestPolicy2020_05_31", "http":{ @@ -850,16 +891,43 @@ "name":"GetMonitoringSubscription2020_05_31", "http":{ "method":"GET", - "requestUri":"/2020-05-31/distributions/{DistributionId}/monitoring-subscription" + "requestUri":"/2020-05-31/distributions/{DistributionId}/monitoring-subscription/" }, "input":{"shape":"GetMonitoringSubscriptionRequest"}, "output":{"shape":"GetMonitoringSubscriptionResult"}, "errors":[ {"shape":"AccessDenied"}, {"shape":"NoSuchDistribution"}, + {"shape":"NoSuchMonitoringSubscription"}, {"shape":"UnsupportedOperation"} ] }, + "GetOriginAccessControl":{ + "name":"GetOriginAccessControl2020_05_31", + "http":{ + "method":"GET", + "requestUri":"/2020-05-31/origin-access-control/{Id}" + }, + "input":{"shape":"GetOriginAccessControlRequest"}, + "output":{"shape":"GetOriginAccessControlResult"}, + "errors":[ + {"shape":"NoSuchOriginAccessControl"}, + {"shape":"AccessDenied"} + ] + }, + "GetOriginAccessControlConfig":{ + "name":"GetOriginAccessControlConfig2020_05_31", + "http":{ + "method":"GET", + "requestUri":"/2020-05-31/origin-access-control/{Id}/config" + }, + "input":{"shape":"GetOriginAccessControlConfigRequest"}, + "output":{"shape":"GetOriginAccessControlConfigResult"}, + "errors":[ + {"shape":"NoSuchOriginAccessControl"}, + {"shape":"AccessDenied"} + ] + }, "GetOriginRequestPolicy":{ "name":"GetOriginRequestPolicy2020_05_31", "http":{ @@ -1181,6 +1249,18 @@ {"shape":"InvalidArgument"} ] }, + "ListOriginAccessControls":{ + "name":"ListOriginAccessControls2020_05_31", + "http":{ + "method":"GET", + "requestUri":"/2020-05-31/origin-access-control" + }, + "input":{"shape":"ListOriginAccessControlsRequest"}, + "output":{"shape":"ListOriginAccessControlsResult"}, + "errors":[ + {"shape":"InvalidArgument"} + ] + }, "ListOriginRequestPolicies":{ "name":"ListOriginRequestPolicies2020_05_31", "http":{ @@ -1392,6 +1472,7 @@ {"shape":"InvalidResponseCode"}, {"shape":"InvalidArgument"}, {"shape":"InvalidOriginAccessIdentity"}, + {"shape":"InvalidOriginAccessControl"}, {"shape":"TooManyTrustedSigners"}, {"shape":"TrustedSignerDoesNotExist"}, {"shape":"InvalidViewerCertificate"}, @@ -1436,7 +1517,9 @@ {"shape":"TooManyKeyGroupsAssociatedToDistribution"}, {"shape":"TrustedKeyGroupDoesNotExist"}, {"shape":"NoSuchRealtimeLogConfig"}, - {"shape":"RealtimeLogConfigOwnerMismatch"} + {"shape":"RealtimeLogConfigOwnerMismatch"}, + {"shape":"IllegalOriginAccessConfiguration"}, + {"shape":"InvalidDomainNameForOriginAccessControl"} ] }, "UpdateFieldLevelEncryptionConfig":{ @@ -1522,6 +1605,24 @@ {"shape":"TooManyPublicKeysInKeyGroup"} ] }, + "UpdateOriginAccessControl":{ + "name":"UpdateOriginAccessControl2020_05_31", + "http":{ + "method":"PUT", + "requestUri":"/2020-05-31/origin-access-control/{Id}/config" + }, + "input":{"shape":"UpdateOriginAccessControlRequest"}, + "output":{"shape":"UpdateOriginAccessControlResult"}, + "errors":[ + {"shape":"AccessDenied"}, + {"shape":"IllegalUpdate"}, + {"shape":"InvalidIfMatchVersion"}, + {"shape":"OriginAccessControlAlreadyExists"}, + {"shape":"NoSuchOriginAccessControl"}, + {"shape":"PreconditionFailed"}, + {"shape":"InvalidArgument"} + ] + }, "UpdateOriginRequestPolicy":{ "name":"UpdateOriginRequestPolicy2020_05_31", "http":{ @@ -1620,6 +1721,7 @@ {"shape":"TooManyStreamingDistributionCNAMEs"}, {"shape":"InvalidArgument"}, {"shape":"InvalidOriginAccessIdentity"}, + {"shape":"InvalidOriginAccessControl"}, {"shape":"TooManyTrustedSigners"}, {"shape":"TrustedSignerDoesNotExist"}, {"shape":"InconsistentQuantities"} @@ -2438,6 +2540,35 @@ }, "payload":"MonitoringSubscription" }, + "CreateOriginAccessControlRequest":{ + "type":"structure", + "required":["OriginAccessControlConfig"], + "members":{ + "OriginAccessControlConfig":{ + "shape":"OriginAccessControlConfig", + "locationName":"OriginAccessControlConfig", + "xmlNamespace":{"uri":"http://cloudfront.amazonaws.com/doc/2020-05-31/"} + } + }, + "payload":"OriginAccessControlConfig" + }, + "CreateOriginAccessControlResult":{ + "type":"structure", + "members":{ + "OriginAccessControl":{"shape":"OriginAccessControl"}, + "Location":{ + "shape":"string", + "location":"header", + "locationName":"Location" + }, + "ETag":{ + "shape":"string", + "location":"header", + "locationName":"ETag" + } + }, + "payload":"OriginAccessControl" + }, "CreateOriginRequestPolicyRequest":{ "type":"structure", "required":["OriginRequestPolicyConfig"], @@ -2823,6 +2954,22 @@ "members":{ } }, + "DeleteOriginAccessControlRequest":{ + "type":"structure", + "required":["Id"], + "members":{ + "Id":{ + "shape":"string", + "location":"uri", + "locationName":"Id" + }, + "IfMatch":{ + "shape":"string", + "location":"header", + "locationName":"If-Match" + } + } + }, "DeleteOriginRequestPolicyRequest":{ "type":"structure", "required":["Id"], @@ -3869,6 +4016,52 @@ }, "payload":"MonitoringSubscription" }, + "GetOriginAccessControlConfigRequest":{ + "type":"structure", + "required":["Id"], + "members":{ + "Id":{ + "shape":"string", + "location":"uri", + "locationName":"Id" + } + } + }, + "GetOriginAccessControlConfigResult":{ + "type":"structure", + "members":{ + "OriginAccessControlConfig":{"shape":"OriginAccessControlConfig"}, + "ETag":{ + "shape":"string", + "location":"header", + "locationName":"ETag" + } + }, + "payload":"OriginAccessControlConfig" + }, + "GetOriginAccessControlRequest":{ + "type":"structure", + "required":["Id"], + "members":{ + "Id":{ + "shape":"string", + "location":"uri", + "locationName":"Id" + } + } + }, + "GetOriginAccessControlResult":{ + "type":"structure", + "members":{ + "OriginAccessControl":{"shape":"OriginAccessControl"}, + "ETag":{ + "shape":"string", + "location":"header", + "locationName":"ETag" + } + }, + "payload":"OriginAccessControl" + }, "GetOriginRequestPolicyConfigRequest":{ "type":"structure", "required":["Id"], @@ -4114,6 +4307,14 @@ "error":{"httpStatusCode":400}, "exception":true }, + "IllegalOriginAccessConfiguration":{ + "type":"structure", + "members":{ + "Message":{"shape":"string"} + }, + "error":{"httpStatusCode":400}, + "exception":true + }, "IllegalUpdate":{ "type":"structure", "members":{ @@ -4146,6 +4347,14 @@ "error":{"httpStatusCode":400}, "exception":true }, + "InvalidDomainNameForOriginAccessControl":{ + "type":"structure", + "members":{ + "Message":{"shape":"string"} + }, + "error":{"httpStatusCode":400}, + "exception":true + }, "InvalidErrorCode":{ "type":"structure", "members":{ @@ -4226,6 +4435,14 @@ "error":{"httpStatusCode":400}, "exception":true }, + "InvalidOriginAccessControl":{ + "type":"structure", + "members":{ + "Message":{"shape":"string"} + }, + "error":{"httpStatusCode":400}, + "exception":true + }, "InvalidOriginAccessIdentity":{ "type":"structure", "members":{ @@ -4905,6 +5122,28 @@ }, "payload":"KeyGroupList" }, + "ListOriginAccessControlsRequest":{ + "type":"structure", + "members":{ + "Marker":{ + "shape":"string", + "location":"querystring", + "locationName":"Marker" + }, + "MaxItems":{ + "shape":"string", + "location":"querystring", + "locationName":"MaxItems" + } + } + }, + "ListOriginAccessControlsResult":{ + "type":"structure", + "members":{ + "OriginAccessControlList":{"shape":"OriginAccessControlList"} + }, + "payload":"OriginAccessControlList" + }, "ListOriginRequestPoliciesRequest":{ "type":"structure", "members":{ @@ -5111,6 +5350,14 @@ "RealtimeMetricsSubscriptionConfig":{"shape":"RealtimeMetricsSubscriptionConfig"} } }, + "MonitoringSubscriptionAlreadyExists":{ + "type":"structure", + "members":{ + "Message":{"shape":"string"} + }, + "error":{"httpStatusCode":409}, + "exception":true + }, "NoSuchCachePolicy":{ "type":"structure", "members":{ @@ -5167,6 +5414,14 @@ "error":{"httpStatusCode":404}, "exception":true }, + "NoSuchMonitoringSubscription":{ + "type":"structure", + "members":{ + "Message":{"shape":"string"} + }, + "error":{"httpStatusCode":404}, + "exception":true + }, "NoSuchOrigin":{ "type":"structure", "members":{ @@ -5175,6 +5430,14 @@ "error":{"httpStatusCode":404}, "exception":true }, + "NoSuchOriginAccessControl":{ + "type":"structure", + "members":{ + "Message":{"shape":"string"} + }, + "error":{"httpStatusCode":404}, + "exception":true + }, "NoSuchOriginRequestPolicy":{ "type":"structure", "members":{ @@ -5238,7 +5501,108 @@ "CustomOriginConfig":{"shape":"CustomOriginConfig"}, "ConnectionAttempts":{"shape":"integer"}, "ConnectionTimeout":{"shape":"integer"}, - "OriginShield":{"shape":"OriginShield"} + "OriginShield":{"shape":"OriginShield"}, + "OriginAccessControlId":{"shape":"string"} + } + }, + "OriginAccessControl":{ + "type":"structure", + "required":["Id"], + "members":{ + "Id":{"shape":"string"}, + "OriginAccessControlConfig":{"shape":"OriginAccessControlConfig"} + } + }, + "OriginAccessControlAlreadyExists":{ + "type":"structure", + "members":{ + "Message":{"shape":"string"} + }, + "error":{"httpStatusCode":409}, + "exception":true + }, + "OriginAccessControlConfig":{ + "type":"structure", + "required":[ + "Name", + "Description", + "SigningProtocol", + "SigningBehavior", + "OriginAccessControlOriginType" + ], + "members":{ + "Name":{"shape":"string"}, + "Description":{"shape":"string"}, + "SigningProtocol":{"shape":"OriginAccessControlSigningProtocols"}, + "SigningBehavior":{"shape":"OriginAccessControlSigningBehaviors"}, + "OriginAccessControlOriginType":{"shape":"OriginAccessControlOriginTypes"} + } + }, + "OriginAccessControlInUse":{ + "type":"structure", + "members":{ + "Message":{"shape":"string"} + }, + "error":{"httpStatusCode":409}, + "exception":true + }, + "OriginAccessControlList":{ + "type":"structure", + "required":[ + "Marker", + "MaxItems", + "IsTruncated", + "Quantity" + ], + "members":{ + "Marker":{"shape":"string"}, + "NextMarker":{"shape":"string"}, + "MaxItems":{"shape":"integer"}, + "IsTruncated":{"shape":"boolean"}, + "Quantity":{"shape":"integer"}, + "Items":{"shape":"OriginAccessControlSummaryList"} + } + }, + "OriginAccessControlOriginTypes":{ + "type":"string", + "enum":["s3"] + }, + "OriginAccessControlSigningBehaviors":{ + "type":"string", + "enum":[ + "never", + "always", + "no-override" + ] + }, + "OriginAccessControlSigningProtocols":{ + "type":"string", + "enum":["sigv4"] + }, + "OriginAccessControlSummary":{ + "type":"structure", + "required":[ + "Id", + "Description", + "Name", + "SigningProtocol", + "SigningBehavior", + "OriginAccessControlOriginType" + ], + "members":{ + "Id":{"shape":"string"}, + "Description":{"shape":"string"}, + "Name":{"shape":"string"}, + "SigningProtocol":{"shape":"OriginAccessControlSigningProtocols"}, + "SigningBehavior":{"shape":"OriginAccessControlSigningBehaviors"}, + "OriginAccessControlOriginType":{"shape":"OriginAccessControlOriginTypes"} + } + }, + "OriginAccessControlSummaryList":{ + "type":"list", + "member":{ + "shape":"OriginAccessControlSummary", + "locationName":"OriginAccessControlSummary" } }, "OriginCustomHeader":{ @@ -5918,8 +6282,8 @@ "Name":{"shape":"string"}, "CorsConfig":{"shape":"ResponseHeadersPolicyCorsConfig"}, "SecurityHeadersConfig":{"shape":"ResponseHeadersPolicySecurityHeadersConfig"}, - "CustomHeadersConfig":{"shape":"ResponseHeadersPolicyCustomHeadersConfig"}, - "ServerTimingHeadersConfig":{"shape":"ResponseHeadersPolicyServerTimingHeadersConfig"} + "ServerTimingHeadersConfig":{"shape":"ResponseHeadersPolicyServerTimingHeadersConfig"}, + "CustomHeadersConfig":{"shape":"ResponseHeadersPolicyCustomHeadersConfig"} } }, "ResponseHeadersPolicyContentSecurityPolicy":{ @@ -6545,6 +6909,14 @@ "error":{"httpStatusCode":400}, "exception":true }, + "TooManyDistributionsAssociatedToOriginAccessControl":{ + "type":"structure", + "members":{ + "Message":{"shape":"string"} + }, + "error":{"httpStatusCode":400}, + "exception":true + }, "TooManyDistributionsAssociatedToOriginRequestPolicy":{ "type":"structure", "members":{ @@ -6705,6 +7077,14 @@ "error":{"httpStatusCode":400}, "exception":true }, + "TooManyOriginAccessControls":{ + "type":"structure", + "members":{ + "Message":{"shape":"string"} + }, + "error":{"httpStatusCode":400}, + "exception":true + }, "TooManyOriginCustomHeaders":{ "type":"structure", "members":{ @@ -7149,6 +7529,43 @@ }, "payload":"KeyGroup" }, + "UpdateOriginAccessControlRequest":{ + "type":"structure", + "required":[ + "OriginAccessControlConfig", + "Id" + ], + "members":{ + "OriginAccessControlConfig":{ + "shape":"OriginAccessControlConfig", + "locationName":"OriginAccessControlConfig", + "xmlNamespace":{"uri":"http://cloudfront.amazonaws.com/doc/2020-05-31/"} + }, + "Id":{ + "shape":"string", + "location":"uri", + "locationName":"Id" + }, + "IfMatch":{ + "shape":"string", + "location":"header", + "locationName":"If-Match" + } + }, + "payload":"OriginAccessControlConfig" + }, + "UpdateOriginAccessControlResult":{ + "type":"structure", + "members":{ + "OriginAccessControl":{"shape":"OriginAccessControl"}, + "ETag":{ + "shape":"string", + "location":"header", + "locationName":"ETag" + } + }, + "payload":"OriginAccessControl" + }, "UpdateOriginRequestPolicyRequest":{ "type":"structure", "required":[ diff --git a/models/apis/cloudfront/2020-05-31/docs-2.json b/models/apis/cloudfront/2020-05-31/docs-2.json index cdec055e49..afd2f4d52f 100644 --- a/models/apis/cloudfront/2020-05-31/docs-2.json +++ b/models/apis/cloudfront/2020-05-31/docs-2.json @@ -13,6 +13,7 @@ "CreateInvalidation": "

Create a new invalidation.

", "CreateKeyGroup": "

Creates a key group that you can use with CloudFront signed URLs and signed cookies.

To create a key group, you must specify at least one public key for the key group. After you create a key group, you can reference it from one or more cache behaviors. When you reference a key group in a cache behavior, CloudFront requires signed URLs or signed cookies for all requests that match the cache behavior. The URLs or cookies must be signed with a private key whose corresponding public key is in the key group. The signed URL or cookie contains information about which public key CloudFront should use to verify the signature. For more information, see Serving private content in the Amazon CloudFront Developer Guide.

", "CreateMonitoringSubscription": "

Enables additional CloudWatch metrics for the specified CloudFront distribution. The additional metrics incur an additional cost.

For more information, see Viewing additional CloudFront distribution metrics in the Amazon CloudFront Developer Guide.

", + "CreateOriginAccessControl": "

Creates a new origin access control in CloudFront. After you create an origin access control, you can add it to an origin in a CloudFront distribution so that CloudFront sends authenticated (signed) requests to the origin.

For an Amazon S3 origin, this makes it possible to block public access to the Amazon S3 bucket so that viewers (users) can access the content in the bucket only through CloudFront.

For more information about using a CloudFront origin access control, see Restricting access to an Amazon S3 origin in the Amazon CloudFront Developer Guide.

", "CreateOriginRequestPolicy": "

Creates an origin request policy.

After you create an origin request policy, you can attach it to one or more cache behaviors. When it’s attached to a cache behavior, the origin request policy determines the values that CloudFront includes in requests that it sends to the origin. Each request that CloudFront sends to the origin includes the following:

CloudFront sends a request when it can’t find a valid object in its cache that matches the request. If you want to send values to the origin and also include them in the cache key, use CachePolicy.

For more information about origin request policies, see Controlling origin requests in the Amazon CloudFront Developer Guide.

", "CreatePublicKey": "

Uploads a public key to CloudFront that you can use with signed URLs and signed cookies, or with field-level encryption.

", "CreateRealtimeLogConfig": "

Creates a real-time log configuration.

After you create a real-time log configuration, you can attach it to one or more cache behaviors to send real-time log data to the specified Amazon Kinesis data stream.

For more information about real-time log configurations, see Real-time logs in the Amazon CloudFront Developer Guide.

", @@ -27,6 +28,7 @@ "DeleteFunction": "

Deletes a CloudFront function.

You cannot delete a function if it’s associated with a cache behavior. First, update your distributions to remove the function association from all cache behaviors, then delete the function.

To delete a function, you must provide the function’s name and version (ETag value). To get these values, you can use ListFunctions and DescribeFunction.

", "DeleteKeyGroup": "

Deletes a key group.

You cannot delete a key group that is referenced in a cache behavior. First update your distributions to remove the key group from all cache behaviors, then delete the key group.

To delete a key group, you must provide the key group’s identifier and version. To get these values, use ListKeyGroups followed by GetKeyGroup or GetKeyGroupConfig.

", "DeleteMonitoringSubscription": "

Disables additional CloudWatch metrics for the specified CloudFront distribution.

", + "DeleteOriginAccessControl": "

Deletes a CloudFront origin access control.

You cannot delete an origin access control if it's in use. First, update all distributions to remove the origin access control from all origins, then delete the origin access control.

", "DeleteOriginRequestPolicy": "

Deletes an origin request policy.

You cannot delete an origin request policy if it’s attached to any cache behaviors. First update your distributions to remove the origin request policy from all cache behaviors, then delete the origin request policy.

To delete an origin request policy, you must provide the policy’s identifier and version. To get the identifier, you can use ListOriginRequestPolicies or GetOriginRequestPolicy.

", "DeletePublicKey": "

Remove a public key you previously added to CloudFront.

", "DeleteRealtimeLogConfig": "

Deletes a real-time log configuration.

You cannot delete a real-time log configuration if it’s attached to a cache behavior. First update your distributions to remove the real-time log configuration from all cache behaviors, then delete the real-time log configuration.

To delete a real-time log configuration, you can provide the configuration’s name or its Amazon Resource Name (ARN). You must provide at least one. If you provide both, CloudFront uses the name to identify the real-time log configuration to delete.

", @@ -48,6 +50,8 @@ "GetKeyGroup": "

Gets a key group, including the date and time when the key group was last modified.

To get a key group, you must provide the key group’s identifier. If the key group is referenced in a distribution’s cache behavior, you can get the key group’s identifier using ListDistributions or GetDistribution. If the key group is not referenced in a cache behavior, you can get the identifier using ListKeyGroups.

", "GetKeyGroupConfig": "

Gets a key group configuration.

To get a key group configuration, you must provide the key group’s identifier. If the key group is referenced in a distribution’s cache behavior, you can get the key group’s identifier using ListDistributions or GetDistribution. If the key group is not referenced in a cache behavior, you can get the identifier using ListKeyGroups.

", "GetMonitoringSubscription": "

Gets information about whether additional CloudWatch metrics are enabled for the specified CloudFront distribution.

", + "GetOriginAccessControl": "

Gets a CloudFront origin access control.

", + "GetOriginAccessControlConfig": "

Gets a CloudFront origin access control.

", "GetOriginRequestPolicy": "

Gets an origin request policy, including the following metadata:

To get an origin request policy, you must provide the policy’s identifier. If the origin request policy is attached to a distribution’s cache behavior, you can get the policy’s identifier using ListDistributions or GetDistribution. If the origin request policy is not attached to a cache behavior, you can get the identifier using ListOriginRequestPolicies.

", "GetOriginRequestPolicyConfig": "

Gets an origin request policy configuration.

To get an origin request policy configuration, you must provide the policy’s identifier. If the origin request policy is attached to a distribution’s cache behavior, you can get the policy’s identifier using ListDistributions or GetDistribution. If the origin request policy is not attached to a cache behavior, you can get the identifier using ListOriginRequestPolicies.

", "GetPublicKey": "

Gets a public key.

", @@ -72,6 +76,7 @@ "ListFunctions": "

Gets a list of all CloudFront functions in your Amazon Web Services account.

You can optionally apply a filter to return only the functions that are in the specified stage, either DEVELOPMENT or LIVE.

You can optionally specify the maximum number of items to receive in the response. If the total number of items in the list exceeds the maximum that you specify, or the default maximum, the response is paginated. To get the next page of items, send a subsequent request that specifies the NextMarker value from the current response as the Marker value in the subsequent request.

", "ListInvalidations": "

Lists invalidation batches.

", "ListKeyGroups": "

Gets a list of key groups.

You can optionally specify the maximum number of items to receive in the response. If the total number of items in the list exceeds the maximum that you specify, or the default maximum, the response is paginated. To get the next page of items, send a subsequent request that specifies the NextMarker value from the current response as the Marker value in the subsequent request.

", + "ListOriginAccessControls": "

Gets the list of CloudFront origin access controls in this Amazon Web Services account.

You can optionally specify the maximum number of items to receive in the response. If the total number of items in the list exceeds the maximum that you specify, or the default maximum, the response is paginated. To get the next page of items, send another request that specifies the NextMarker value from the current response as the Marker value in the next request.

", "ListOriginRequestPolicies": "

Gets a list of origin request policies.

You can optionally apply a filter to return only the managed policies created by Amazon Web Services, or only the custom policies created in your Amazon Web Services account.

You can optionally specify the maximum number of items to receive in the response. If the total number of items in the list exceeds the maximum that you specify, or the default maximum, the response is paginated. To get the next page of items, send a subsequent request that specifies the NextMarker value from the current response as the Marker value in the subsequent request.

", "ListPublicKeys": "

List all public keys that have been added to CloudFront for this account.

", "ListRealtimeLogConfigs": "

Gets a list of real-time log configurations.

You can optionally specify the maximum number of items to receive in the response. If the total number of items in the list exceeds the maximum that you specify, or the default maximum, the response is paginated. To get the next page of items, send a subsequent request that specifies the NextMarker value from the current response as the Marker value in the subsequent request.

", @@ -89,6 +94,7 @@ "UpdateFieldLevelEncryptionProfile": "

Update a field-level encryption profile.

", "UpdateFunction": "

Updates a CloudFront function.

You can update a function’s code or the comment that describes the function. You cannot update a function’s name.

To update a function, you provide the function’s name and version (ETag value) along with the updated function code. To get the name and version, you can use ListFunctions and DescribeFunction.

", "UpdateKeyGroup": "

Updates a key group.

When you update a key group, all the fields are updated with the values provided in the request. You cannot update some fields independent of others. To update a key group:

  1. Get the current key group with GetKeyGroup or GetKeyGroupConfig.

  2. Locally modify the fields in the key group that you want to update. For example, add or remove public key IDs.

  3. Call UpdateKeyGroup with the entire key group object, including the fields that you modified and those that you didn’t.

", + "UpdateOriginAccessControl": "

Updates a CloudFront origin access control.

", "UpdateOriginRequestPolicy": "

Updates an origin request policy configuration.

When you update an origin request policy configuration, all the fields are updated with the values provided in the request. You cannot update some fields independent of others. To update an origin request policy configuration:

  1. Use GetOriginRequestPolicyConfig to get the current configuration.

  2. Locally modify the fields in the origin request policy configuration that you want to update.

  3. Call UpdateOriginRequestPolicy by providing the entire origin request policy configuration, including the fields that you modified and those that you didn’t.

", "UpdatePublicKey": "

Update public key information. Note that the only value you can change is the comment.

", "UpdateRealtimeLogConfig": "

Updates a real-time log configuration.

When you update a real-time log configuration, all the parameters are updated with the values provided in the request. You cannot update some parameters independent of others. To update a real-time log configuration:

  1. Call GetRealtimeLogConfig to get the current real-time log configuration.

  2. Locally modify the parameters in the real-time log configuration that you want to update.

  3. Call this API (UpdateRealtimeLogConfig) by providing the entire real-time log configuration, including the parameters that you modified and those that you didn’t.

You cannot update a real-time log configuration’s Name or ARN.

", @@ -533,6 +539,16 @@ "refs": { } }, + "CreateOriginAccessControlRequest": { + "base": null, + "refs": { + } + }, + "CreateOriginAccessControlResult": { + "base": null, + "refs": { + } + }, "CreateOriginRequestPolicyRequest": { "base": null, "refs": { @@ -676,6 +692,11 @@ "refs": { } }, + "DeleteOriginAccessControlRequest": { + "base": null, + "refs": { + } + }, "DeleteOriginRequestPolicyRequest": { "base": null, "refs": { @@ -1237,6 +1258,26 @@ "refs": { } }, + "GetOriginAccessControlConfigRequest": { + "base": null, + "refs": { + } + }, + "GetOriginAccessControlConfigResult": { + "base": null, + "refs": { + } + }, + "GetOriginAccessControlRequest": { + "base": null, + "refs": { + } + }, + "GetOriginAccessControlResult": { + "base": null, + "refs": { + } + }, "GetOriginRequestPolicyConfigRequest": { "base": null, "refs": { @@ -1364,6 +1405,11 @@ "refs": { } }, + "IllegalOriginAccessConfiguration": { + "base": "

An origin cannot contain both an origin access control (OAC) and an origin access identity (OAI).

", + "refs": { + } + }, "IllegalUpdate": { "base": "

The update contains modifications that are not allowed.

", "refs": { @@ -1384,6 +1430,11 @@ "refs": { } }, + "InvalidDomainNameForOriginAccessControl": { + "base": "

An origin access control is associated with an origin whose domain name is not supported.

", + "refs": { + } + }, "InvalidErrorCode": { "base": "

An invalid error code was specified.

", "refs": { @@ -1434,6 +1485,11 @@ "refs": { } }, + "InvalidOriginAccessControl": { + "base": "

The origin access control is not valid.

", + "refs": { + } + }, "InvalidOriginAccessIdentity": { "base": "

The origin access identity is not valid or doesn't exist.

", "refs": { @@ -1779,6 +1835,16 @@ "refs": { } }, + "ListOriginAccessControlsRequest": { + "base": null, + "refs": { + } + }, + "ListOriginAccessControlsResult": { + "base": null, + "refs": { + } + }, "ListOriginRequestPoliciesRequest": { "base": null, "refs": { @@ -1883,6 +1949,11 @@ "GetMonitoringSubscriptionResult$MonitoringSubscription": "

A monitoring subscription. This structure contains information about whether additional CloudWatch metrics are enabled for a given CloudFront distribution.

" } }, + "MonitoringSubscriptionAlreadyExists": { + "base": "

A monitoring subscription already exists for the specified distribution.

", + "refs": { + } + }, "NoSuchCachePolicy": { "base": "

The cache policy does not exist.

", "refs": { @@ -1918,11 +1989,21 @@ "refs": { } }, + "NoSuchMonitoringSubscription": { + "base": "

A monitoring subscription does not exist for the specified distribution.

", + "refs": { + } + }, "NoSuchOrigin": { "base": "

No origin exists with the specified Origin Id.

", "refs": { } }, + "NoSuchOriginAccessControl": { + "base": "

The origin access control does not exist.

", + "refs": { + } + }, "NoSuchOriginRequestPolicy": { "base": "

The origin request policy does not exist.

", "refs": { @@ -1959,6 +2040,72 @@ "OriginList$member": null } }, + "OriginAccessControl": { + "base": "

A CloudFront origin access control.

", + "refs": { + "CreateOriginAccessControlResult$OriginAccessControl": "

Contains an origin access control.

", + "GetOriginAccessControlResult$OriginAccessControl": "

Contains an origin access control.

", + "UpdateOriginAccessControlResult$OriginAccessControl": "

The origin access control after it has been updated.

" + } + }, + "OriginAccessControlAlreadyExists": { + "base": "

An origin access control with the specified parameters already exists.

", + "refs": { + } + }, + "OriginAccessControlConfig": { + "base": "

A CloudFront origin access control.

", + "refs": { + "CreateOriginAccessControlRequest$OriginAccessControlConfig": "

Contains the origin access control.

", + "GetOriginAccessControlConfigResult$OriginAccessControlConfig": "

Contains an origin access control.

", + "OriginAccessControl$OriginAccessControlConfig": "

The origin access control.

", + "UpdateOriginAccessControlRequest$OriginAccessControlConfig": "

An origin access control.

" + } + }, + "OriginAccessControlInUse": { + "base": "

Cannot delete the origin access control because it's in use by one or more distributions.

", + "refs": { + } + }, + "OriginAccessControlList": { + "base": "

A list of CloudFront origin access controls.

", + "refs": { + "ListOriginAccessControlsResult$OriginAccessControlList": "

A list of origin access controls.

" + } + }, + "OriginAccessControlOriginTypes": { + "base": null, + "refs": { + "OriginAccessControlConfig$OriginAccessControlOriginType": "

The type of origin that this origin access control is for. The only valid value is s3.

", + "OriginAccessControlSummary$OriginAccessControlOriginType": "

The type of origin that this origin access control is for. The only valid value is s3.

" + } + }, + "OriginAccessControlSigningBehaviors": { + "base": null, + "refs": { + "OriginAccessControlConfig$SigningBehavior": "

Specifies which requests CloudFront signs (adds authentication information to). Specify always for the most common use case. For more information, see origin access control advanced settings in the Amazon CloudFront Developer Guide.

This field can have one of the following values:

", + "OriginAccessControlSummary$SigningBehavior": "

A value that specifies which requests CloudFront signs (adds authentication information to). This field can have one of the following values:

" + } + }, + "OriginAccessControlSigningProtocols": { + "base": null, + "refs": { + "OriginAccessControlConfig$SigningProtocol": "

The signing protocol of the origin access control, which determines how CloudFront signs (authenticates) requests. The only valid value is sigv4.

", + "OriginAccessControlSummary$SigningProtocol": "

The signing protocol of the origin access control. The signing protocol determines how CloudFront signs (authenticates) requests. The only valid value is sigv4.

" + } + }, + "OriginAccessControlSummary": { + "base": "

A CloudFront origin access control.

", + "refs": { + "OriginAccessControlSummaryList$member": null + } + }, + "OriginAccessControlSummaryList": { + "base": null, + "refs": { + "OriginAccessControlList$Items": "

Contains the origin access controls in the list.

" + } + }, "OriginCustomHeader": { "base": "

A complex type that contains HeaderName and HeaderValue elements, if any, for this distribution.

", "refs": { @@ -2779,6 +2926,11 @@ "refs": { } }, + "TooManyDistributionsAssociatedToOriginAccessControl": { + "base": "

The maximum number of distributions have been associated with the specified origin access control.

For more information, see Quotas (formerly known as limits) in the Amazon CloudFront Developer Guide.

", + "refs": { + } + }, "TooManyDistributionsAssociatedToOriginRequestPolicy": { "base": "

The maximum number of distributions have been associated with the specified origin request policy. For more information, see Quotas (formerly known as limits) in the Amazon CloudFront Developer Guide.

", "refs": { @@ -2879,6 +3031,11 @@ "refs": { } }, + "TooManyOriginAccessControls": { + "base": "

The number of origin access controls in your Amazon Web Services account exceeds the maximum allowed.

For more information, see Quotas (formerly known as limits) in the Amazon CloudFront Developer Guide.

", + "refs": { + } + }, "TooManyOriginCustomHeaders": { "base": "

Your request contains too many origin custom headers.

", "refs": { @@ -3061,6 +3218,16 @@ "refs": { } }, + "UpdateOriginAccessControlRequest": { + "base": null, + "refs": { + } + }, + "UpdateOriginAccessControlResult": { + "base": null, + "refs": { + } + }, "UpdateOriginRequestPolicyRequest": { "base": null, "refs": { @@ -3153,6 +3320,7 @@ "LambdaFunctionAssociation$IncludeBody": "

A flag that allows a Lambda@Edge function to have read access to the body content. For more information, see Accessing the Request Body by Choosing the Include Body Option in the Amazon CloudFront Developer Guide.

", "LoggingConfig$Enabled": "

Specifies whether you want CloudFront to save access logs to an Amazon S3 bucket. If you don't want to enable logging when you create a distribution or if you want to disable logging for an existing distribution, specify false for Enabled, and specify empty Bucket and Prefix elements. If you specify false for Enabled but you specify values for Bucket, prefix, and IncludeCookies, the values are automatically deleted.

", "LoggingConfig$IncludeCookies": "

Specifies whether you want CloudFront to include cookies in access logs, specify true for IncludeCookies. If you choose to include cookies in logs, CloudFront logs all cookies regardless of how you configure the cache behaviors for this distribution. If you don't want to include cookies when you create a distribution or if you want to disable include cookies for an existing distribution, specify false for IncludeCookies.

", + "OriginAccessControlList$IsTruncated": "

If there are more items in the list than are in this response, this value is true.

", "OriginShield$Enabled": "

A flag that specifies whether Origin Shield is enabled.

When it’s enabled, CloudFront routes all requests through Origin Shield, which can help protect your origin. When it’s disabled, CloudFront might send requests directly to your origin from multiple edge locations or regional edge caches.

", "ParametersInCacheKeyAndForwardedToOrigin$EnableAcceptEncodingGzip": "

A flag that can affect whether the Accept-Encoding HTTP header is included in the cache key and included in requests that CloudFront sends to the origin.

This field is related to the EnableAcceptEncodingBrotli field. If one or both of these fields is true and the viewer request includes the Accept-Encoding header, then CloudFront does the following:

For more information, see Compression support in the Amazon CloudFront Developer Guide.

If you set this value to true, and this cache behavior also has an origin request policy attached, do not include the Accept-Encoding header in the origin request policy. CloudFront always includes the Accept-Encoding header in origin requests when the value of this field is true, so including this header in an origin request policy has no effect.

If both of these fields are false, then CloudFront treats the Accept-Encoding header the same as any other HTTP header in the viewer request. By default, it’s not included in the cache key and it’s not included in origin requests. In this case, you can manually add Accept-Encoding to the headers whitelist like any other HTTP header.

", "ParametersInCacheKeyAndForwardedToOrigin$EnableAcceptEncodingBrotli": "

A flag that can affect whether the Accept-Encoding HTTP header is included in the cache key and included in requests that CloudFront sends to the origin.

This field is related to the EnableAcceptEncodingGzip field. If one or both of these fields is true and the viewer request includes the Accept-Encoding header, then CloudFront does the following:

For more information, see Compression support in the Amazon CloudFront Developer Guide.

If you set this value to true, and this cache behavior also has an origin request policy attached, do not include the Accept-Encoding header in the origin request policy. CloudFront always includes the Accept-Encoding header in origin requests when the value of this field is true, so including this header in an origin request policy has no effect.

If both of these fields are false, then CloudFront treats the Accept-Encoding header the same as any other HTTP header in the viewer request. By default, it’s not included in the cache key and it’s not included in origin requests. In this case, you can manually add Accept-Encoding to the headers whitelist like any other HTTP header.

", @@ -3235,6 +3403,8 @@ "LambdaFunctionAssociations$Quantity": "

The number of Lambda@Edge function associations for this cache behavior.

", "Origin$ConnectionAttempts": "

The number of times that CloudFront attempts to connect to the origin. The minimum number is 1, the maximum is 3, and the default (if you don’t specify otherwise) is 3.

For a custom origin (including an Amazon S3 bucket that’s configured with static website hosting), this value also specifies the number of times that CloudFront attempts to get a response from the origin, in the case of an Origin Response Timeout.

For more information, see Origin Connection Attempts in the Amazon CloudFront Developer Guide.

", "Origin$ConnectionTimeout": "

The number of seconds that CloudFront waits when trying to establish a connection to the origin. The minimum timeout is 1 second, the maximum is 10 seconds, and the default (if you don’t specify otherwise) is 10 seconds.

For more information, see Origin Connection Timeout in the Amazon CloudFront Developer Guide.

", + "OriginAccessControlList$MaxItems": "

The maximum number of origin access controls requested.

", + "OriginAccessControlList$Quantity": "

The number of origin access controls returned in the response.

", "OriginGroupMembers$Quantity": "

The number of origins in an origin group.

", "OriginGroups$Quantity": "

The number of origin groups.

", "OriginRequestPolicyList$MaxItems": "

The maximum number of origin request policies requested.

", @@ -3362,6 +3532,8 @@ "CreateKeyGroupResult$Location": "

The URL of the key group.

", "CreateKeyGroupResult$ETag": "

The identifier for this version of the key group.

", "CreateMonitoringSubscriptionRequest$DistributionId": "

The ID of the distribution that you are enabling metrics for.

", + "CreateOriginAccessControlResult$Location": "

The URL of the origin access control.

", + "CreateOriginAccessControlResult$ETag": "

The version identifier for the current version of the origin access control.

", "CreateOriginRequestPolicyResult$Location": "

The fully qualified URI of the origin request policy just created.

", "CreateOriginRequestPolicyResult$ETag": "

The current version of the origin request policy.

", "CreatePublicKeyResult$Location": "

The URL of the public key.

", @@ -3396,6 +3568,8 @@ "DeleteKeyGroupRequest$Id": "

The identifier of the key group that you are deleting. To get the identifier, use ListKeyGroups.

", "DeleteKeyGroupRequest$IfMatch": "

The version of the key group that you are deleting. The version is the key group’s ETag value. To get the ETag, use GetKeyGroup or GetKeyGroupConfig.

", "DeleteMonitoringSubscriptionRequest$DistributionId": "

The ID of the distribution that you are disabling metrics for.

", + "DeleteOriginAccessControlRequest$Id": "

The unique identifier of the origin access control that you are deleting.

", + "DeleteOriginAccessControlRequest$IfMatch": "

The current version (ETag value) of the origin access control that you are deleting.

", "DeleteOriginRequestPolicyRequest$Id": "

The unique identifier for the origin request policy that you are deleting. To get the identifier, you can use ListOriginRequestPolicies.

", "DeleteOriginRequestPolicyRequest$IfMatch": "

The version of the origin request policy that you are deleting. The version is the origin request policy’s ETag value, which you can get using ListOriginRequestPolicies, GetOriginRequestPolicy, or GetOriginRequestPolicyConfig.

", "DeletePublicKeyRequest$Id": "

The ID of the public key you want to remove from CloudFront.

", @@ -3490,6 +3664,10 @@ "GetKeyGroupRequest$Id": "

The identifier of the key group that you are getting. To get the identifier, use ListKeyGroups.

", "GetKeyGroupResult$ETag": "

The identifier for this version of the key group.

", "GetMonitoringSubscriptionRequest$DistributionId": "

The ID of the distribution that you are getting metrics information for.

", + "GetOriginAccessControlConfigRequest$Id": "

The unique identifier of the origin access control.

", + "GetOriginAccessControlConfigResult$ETag": "

The version identifier for the current version of the origin access control.

", + "GetOriginAccessControlRequest$Id": "

The unique identifier of the origin access control.

", + "GetOriginAccessControlResult$ETag": "

The version identifier for the current version of the origin access control.

", "GetOriginRequestPolicyConfigRequest$Id": "

The unique identifier for the origin request policy. If the origin request policy is attached to a distribution’s cache behavior, you can get the policy’s identifier using ListDistributions or GetDistribution. If the origin request policy is not attached to a cache behavior, you can get the identifier using ListOriginRequestPolicies.

", "GetOriginRequestPolicyConfigResult$ETag": "

The current version of the origin request policy.

", "GetOriginRequestPolicyRequest$Id": "

The unique identifier for the origin request policy. If the origin request policy is attached to a distribution’s cache behavior, you can get the policy’s identifier using ListDistributions or GetDistribution. If the origin request policy is not attached to a cache behavior, you can get the identifier using ListOriginRequestPolicies.

", @@ -3511,10 +3689,12 @@ "HeaderList$member": null, "IllegalDelete$Message": null, "IllegalFieldLevelEncryptionConfigAssociationWithCacheBehavior$Message": null, + "IllegalOriginAccessConfiguration$Message": null, "IllegalUpdate$Message": null, "InconsistentQuantities$Message": null, "InvalidArgument$Message": null, "InvalidDefaultRootObject$Message": null, + "InvalidDomainNameForOriginAccessControl$Message": null, "InvalidErrorCode$Message": null, "InvalidForwardCookies$Message": null, "InvalidFunctionAssociation$Message": null, @@ -3525,6 +3705,7 @@ "InvalidLocationCode$Message": null, "InvalidMinimumProtocolVersion$Message": null, "InvalidOrigin$Message": null, + "InvalidOriginAccessControl$Message": null, "InvalidOriginAccessIdentity$Message": null, "InvalidOriginKeepaliveTimeout$Message": null, "InvalidOriginReadTimeout$Message": null, @@ -3590,6 +3771,8 @@ "ListInvalidationsRequest$MaxItems": "

The maximum number of invalidation batches that you want in the response body.

", "ListKeyGroupsRequest$Marker": "

Use this field when paginating results to indicate where to begin in your list of key groups. The response includes key groups in the list that occur after the marker. To get the next page of the list, set this field’s value to the value of NextMarker from the current page’s response.

", "ListKeyGroupsRequest$MaxItems": "

The maximum number of key groups that you want in the response.

", + "ListOriginAccessControlsRequest$Marker": "

Use this field when paginating results to indicate where to begin in your list of origin access controls. The response includes the items in the list that occur after the marker. To get the next page of the list, set this field's value to the value of NextMarker from the current page's response.

", + "ListOriginAccessControlsRequest$MaxItems": "

The maximum number of origin access controls that you want in the response.

", "ListOriginRequestPoliciesRequest$Marker": "

Use this field when paginating results to indicate where to begin in your list of origin request policies. The response includes origin request policies in the list that occur after the marker. To get the next page of the list, set this field’s value to the value of NextMarker from the current page’s response.

", "ListOriginRequestPoliciesRequest$MaxItems": "

The maximum number of origin request policies that you want in the response.

", "ListPublicKeysRequest$Marker": "

Use this when paginating results to indicate where to begin in your list of public keys. The results include public keys in the list that occur after the marker. To get the next page of results, set the Marker to the value of the NextMarker from the current page's response (which is also the ID of the last public key on that page).

", @@ -3604,6 +3787,7 @@ "LoggingConfig$Bucket": "

The Amazon S3 bucket to store the access logs in, for example, myawslogbucket.s3.amazonaws.com.

", "LoggingConfig$Prefix": "

An optional string that you want CloudFront to prefix to the access log filenames for this distribution, for example, myprefix/. If you want to enable logging, but you don't want to specify a prefix, you still must include an empty Prefix element in the Logging element.

", "MissingBody$Message": null, + "MonitoringSubscriptionAlreadyExists$Message": null, "NoSuchCachePolicy$Message": null, "NoSuchCloudFrontOriginAccessIdentity$Message": null, "NoSuchDistribution$Message": null, @@ -3611,7 +3795,9 @@ "NoSuchFieldLevelEncryptionProfile$Message": null, "NoSuchFunctionExists$Message": null, "NoSuchInvalidation$Message": null, + "NoSuchMonitoringSubscription$Message": null, "NoSuchOrigin$Message": null, + "NoSuchOriginAccessControl$Message": null, "NoSuchOriginRequestPolicy$Message": null, "NoSuchPublicKey$Message": null, "NoSuchRealtimeLogConfig$Message": null, @@ -3621,6 +3807,17 @@ "Origin$Id": "

A unique identifier for the origin. This value must be unique within the distribution.

Use this value to specify the TargetOriginId in a CacheBehavior or DefaultCacheBehavior.

", "Origin$DomainName": "

The domain name for the origin.

For more information, see Origin Domain Name in the Amazon CloudFront Developer Guide.

", "Origin$OriginPath": "

An optional path that CloudFront appends to the origin domain name when CloudFront requests content from the origin.

For more information, see Origin Path in the Amazon CloudFront Developer Guide.

", + "Origin$OriginAccessControlId": "

The unique identifier of an origin access control for this origin.

For more information, see Restricting access to an Amazon S3 origin in the Amazon CloudFront Developer Guide.

", + "OriginAccessControl$Id": "

The unique identifier of the origin access control.

", + "OriginAccessControlAlreadyExists$Message": null, + "OriginAccessControlConfig$Name": "

A name to identify the origin access control.

", + "OriginAccessControlConfig$Description": "

A description of the origin access control.

", + "OriginAccessControlInUse$Message": null, + "OriginAccessControlList$Marker": "

The value of the Marker field that was provided in the request.

", + "OriginAccessControlList$NextMarker": "

If there are more items in the list than are in this response, this element is present. It contains the value to use in the Marker field of another request to continue listing origin access controls.

", + "OriginAccessControlSummary$Id": "

The unique identifier of the origin access control.

", + "OriginAccessControlSummary$Description": "

A description of the origin access control.

", + "OriginAccessControlSummary$Name": "

A unique name that identifies the origin access control.

", "OriginCustomHeader$HeaderName": "

The name of a header that you want CloudFront to send to your origin. For more information, see Adding Custom Headers to Origin Requests in the Amazon CloudFront Developer Guide.

", "OriginGroup$Id": "

The origin group's ID.

", "OriginGroupMember$OriginId": "

The ID for an origin in an origin group.

", @@ -3709,6 +3906,7 @@ "TooManyDistributionsAssociatedToCachePolicy$Message": null, "TooManyDistributionsAssociatedToFieldLevelEncryptionConfig$Message": null, "TooManyDistributionsAssociatedToKeyGroup$Message": null, + "TooManyDistributionsAssociatedToOriginAccessControl$Message": null, "TooManyDistributionsAssociatedToOriginRequestPolicy$Message": null, "TooManyDistributionsAssociatedToResponseHeadersPolicy$Message": null, "TooManyDistributionsWithFunctionAssociations$Message": null, @@ -3729,6 +3927,7 @@ "TooManyKeyGroups$Message": null, "TooManyKeyGroupsAssociatedToDistribution$Message": null, "TooManyLambdaFunctionAssociations$Message": null, + "TooManyOriginAccessControls$Message": null, "TooManyOriginCustomHeaders$Message": null, "TooManyOriginGroupsPerDistribution$Message": null, "TooManyOriginRequestPolicies$Message": null, @@ -3768,6 +3967,9 @@ "UpdateKeyGroupRequest$Id": "

The identifier of the key group that you are updating.

", "UpdateKeyGroupRequest$IfMatch": "

The version of the key group that you are updating. The version is the key group’s ETag value.

", "UpdateKeyGroupResult$ETag": "

The identifier for this version of the key group.

", + "UpdateOriginAccessControlRequest$Id": "

The unique identifier of the origin access control that you are updating.

", + "UpdateOriginAccessControlRequest$IfMatch": "

The current version (ETag value) of the origin access control that you are updating.

", + "UpdateOriginAccessControlResult$ETag": "

The new version of the origin access control after it has been updated.

", "UpdateOriginRequestPolicyRequest$Id": "

The unique identifier for the origin request policy that you are updating. The identifier is returned in a cache behavior’s OriginRequestPolicyId field in the response to GetDistributionConfig.

", "UpdateOriginRequestPolicyRequest$IfMatch": "

The version of the origin request policy that you are updating. The version is returned in the origin request policy’s ETag field in the response to GetOriginRequestPolicyConfig.

", "UpdateOriginRequestPolicyResult$ETag": "

The current version of the origin request policy.

", diff --git a/models/apis/config/2014-11-12/api-2.json b/models/apis/config/2014-11-12/api-2.json index 124abbd9b8..4c26892de1 100644 --- a/models/apis/config/2014-11-12/api-2.json +++ b/models/apis/config/2014-11-12/api-2.json @@ -1916,7 +1916,8 @@ "DeliveryS3KeyPrefix":{"shape":"DeliveryS3KeyPrefix"}, "ConformancePackInputParameters":{"shape":"ConformancePackInputParameters"}, "LastUpdateRequestedTime":{"shape":"Date"}, - "CreatedBy":{"shape":"StringWithCharLimit256"} + "CreatedBy":{"shape":"StringWithCharLimit256"}, + "TemplateSSMDocumentDetails":{"shape":"TemplateSSMDocumentDetails"} } }, "ConformancePackDetailList":{ @@ -3965,7 +3966,8 @@ "TemplateBody":{"shape":"TemplateBody"}, "DeliveryS3Bucket":{"shape":"DeliveryS3Bucket"}, "DeliveryS3KeyPrefix":{"shape":"DeliveryS3KeyPrefix"}, - "ConformancePackInputParameters":{"shape":"ConformancePackInputParameters"} + "ConformancePackInputParameters":{"shape":"ConformancePackInputParameters"}, + "TemplateSSMDocumentDetails":{"shape":"TemplateSSMDocumentDetails"} } }, "PutConformancePackResponse":{ @@ -4668,6 +4670,14 @@ "max":50, "min":0 }, + "SSMDocumentName":{ + "type":"string", + "pattern":"^[a-zA-Z0-9_\\-.:/]{3,200}$" + }, + "SSMDocumentVersion":{ + "type":"string", + "pattern":"([$]LATEST|[$]DEFAULT|^[1-9][0-9]*$)" + }, "SchemaVersionId":{ "type":"string", "max":128, @@ -4978,6 +4988,14 @@ "min":1, "pattern":"s3://.*" }, + "TemplateSSMDocumentDetails":{ + "type":"structure", + "required":["DocumentName"], + "members":{ + "DocumentName":{"shape":"SSMDocumentName"}, + "DocumentVersion":{"shape":"SSMDocumentVersion"} + } + }, "TooManyTagsException":{ "type":"structure", "members":{ diff --git a/models/apis/config/2014-11-12/docs-2.json b/models/apis/config/2014-11-12/docs-2.json index ab10124cc6..a8d7ee33fa 100644 --- a/models/apis/config/2014-11-12/docs-2.json +++ b/models/apis/config/2014-11-12/docs-2.json @@ -72,7 +72,7 @@ "PutConfigRule": "

Adds or updates an Config rule to evaluate if your Amazon Web Services resources comply with your desired configurations. For information on how many Config rules you can have per account, see Service Limits in the Config Developer Guide.

There are two types of rules: Config Custom Rules and Config Managed Rules. You can use PutConfigRule to create both Config custom rules and Config managed rules.

Custom rules are rules that you can create using either Guard or Lambda functions. Guard (Guard GitHub Repository) is a policy-as-code language that allows you to write policies that are enforced by Config Custom Policy rules. Lambda uses custom code that you upload to evaluate a custom rule. If you are adding a new Custom Lambda rule, you first need to create an Lambda function that the rule invokes to evaluate your resources. When you use PutConfigRule to add a Custom Lambda rule to Config, you must specify the Amazon Resource Name (ARN) that Lambda assigns to the function. You specify the ARN in the SourceIdentifier key. This key is part of the Source object, which is part of the ConfigRule object.

Managed rules are predefined, customizable rules created by Config. For a list of managed rules, see List of Config Managed Rules. If you are adding an Config managed rule, you must specify the rule's identifier for the SourceIdentifier key.

For any new rule that you add, specify the ConfigRuleName in the ConfigRule object. Do not specify the ConfigRuleArn or the ConfigRuleId. These values are generated by Config for new rules.

If you are updating a rule that you added previously, you can specify the rule by ConfigRuleName, ConfigRuleId, or ConfigRuleArn in the ConfigRule data type that you use in this request.

For more information about developing and using Config rules, see Evaluating Amazon Web Services resource Configurations with Config in the Config Developer Guide.

", "PutConfigurationAggregator": "

Creates and updates the configuration aggregator with the selected source accounts and regions. The source account can be individual account(s) or an organization.

accountIds that are passed will be replaced with existing accounts. If you want to add additional accounts into the aggregator, call DescribeConfigurationAggregators to get the previous accounts and then append new ones.

Config should be enabled in source accounts and regions you want to aggregate.

If your source type is an organization, you must be signed in to the management account or a registered delegated administrator and all the features must be enabled in your organization. If the caller is a management account, Config calls EnableAwsServiceAccess API to enable integration between Config and Organizations. If the caller is a registered delegated administrator, Config calls ListDelegatedAdministrators API to verify whether the caller is a valid delegated administrator.

To register a delegated administrator, see Register a Delegated Administrator in the Config developer guide.

", "PutConfigurationRecorder": "

Creates a new configuration recorder to record the selected resource configurations.

You can use this action to change the role roleARN or the recordingGroup of an existing recorder. To change the role, call the action on the existing configuration recorder and specify a role.

Currently, you can specify only one configuration recorder per region in your account.

If ConfigurationRecorder does not have the recordingGroup parameter specified, the default is to record all supported resource types.

", - "PutConformancePack": "

Creates or updates a conformance pack. A conformance pack is a collection of Config rules that can be easily deployed in an account and a region and across Amazon Web Services Organization. For information on how many conformance packs you can have per account, see Service Limits in the Config Developer Guide.

This API creates a service-linked role AWSServiceRoleForConfigConforms in your account. The service-linked role is created only when the role does not exist in your account.

You must specify either the TemplateS3Uri or the TemplateBody parameter, but not both. If you provide both Config uses the TemplateS3Uri parameter and ignores the TemplateBody parameter.

", + "PutConformancePack": "

Creates or updates a conformance pack. A conformance pack is a collection of Config rules that can be easily deployed in an account and a region and across Amazon Web Services Organization. For information on how many conformance packs you can have per account, see Service Limits in the Config Developer Guide.

This API creates a service-linked role AWSServiceRoleForConfigConforms in your account. The service-linked role is created only when the role does not exist in your account.

You must specify one and only one of theTemplateS3Uri, TemplateBody or TemplateSSMDocumentDetails parameters.

", "PutDeliveryChannel": "

Creates a delivery channel object to deliver configuration information to an Amazon S3 bucket and Amazon SNS topic.

Before you can create a delivery channel, you must create a configuration recorder.

You can use this action to change the Amazon S3 bucket or an Amazon SNS topic of the existing delivery channel. To change the Amazon S3 bucket or an Amazon SNS topic, call this action and specify the changed values for the S3 bucket and the SNS topic. If you specify a different value for either the S3 bucket or the SNS topic, this action will keep the existing value for the parameter that is not changed.

You can have only one delivery channel per region in your account.

", "PutEvaluations": "

Used by an Lambda function to deliver evaluation results to Config. This action is required in every Lambda function that is invoked by an Config rule.

", "PutExternalEvaluation": "

Add or updates the evaluations for process checks. This API checks if the rule is a process check when the name of the Config rule is provided.

", @@ -889,7 +889,7 @@ "DescribeConformancePackComplianceResponse$ConformancePackName": "

Name of the conformance pack.

", "GetConformancePackComplianceDetailsRequest$ConformancePackName": "

Name of the conformance pack.

", "GetConformancePackComplianceDetailsResponse$ConformancePackName": "

Name of the conformance pack.

", - "PutConformancePackRequest$ConformancePackName": "

Name of the conformance pack you want to create.

" + "PutConformancePackRequest$ConformancePackName": "

The unique name of the conformance pack you want to deploy.

" } }, "ConformancePackNameFilter": { @@ -1005,7 +1005,7 @@ "ConfigurationRecorderStatus$lastStartTime": "

The time the recorder was last started.

", "ConfigurationRecorderStatus$lastStopTime": "

The time the recorder was last stopped.

", "ConfigurationRecorderStatus$lastStatusChangeTime": "

The time when the status was last changed.

", - "ConformancePackDetail$LastUpdateRequestedTime": "

Last time when conformation pack update was requested.

", + "ConformancePackDetail$LastUpdateRequestedTime": "

The last time a conformation pack update was requested.

", "ConformancePackEvaluationResult$ConfigRuleInvokedTime": "

The time when Config rule evaluated Amazon Web Services resource.

", "ConformancePackEvaluationResult$ResultRecordedTime": "

The time when Config recorded the evaluation result.

", "ConformancePackStatusDetail$LastUpdateRequestedTime": "

Last time when conformation pack creation and update was requested.

", @@ -1823,7 +1823,7 @@ } }, "InsufficientPermissionsException": { - "base": "

Indicates one of the following errors:

", + "base": "

Indicates one of the following errors:

", "refs": { } }, @@ -3060,6 +3060,18 @@ "DescribeConfigRuleEvaluationStatusRequest$Limit": "

The number of rule evaluation results that you want returned.

This parameter is required if the rule limit for your account is more than the default of 150 rules.

For information about requesting a rule limit increase, see Config Limits in the Amazon Web Services General Reference Guide.

" } }, + "SSMDocumentName": { + "base": null, + "refs": { + "TemplateSSMDocumentDetails$DocumentName": "

The name or Amazon Resource Name (ARN) of the SSM document to use to create a conformance pack. If you use the Document Name, Config checks only your account and region for the SSM document. If you want to use an SSM document from another region or account, you must provide the ARN.

" + } + }, + "SSMDocumentVersion": { + "base": null, + "refs": { + "TemplateSSMDocumentDetails$DocumentVersion": "

The version of the SSM document to use to create a conformance pack. By default, Config uses the latest version.

This field is optional.

" + } + }, "SchemaVersionId": { "base": null, "refs": { @@ -3331,7 +3343,7 @@ "ConfigRule$CreatedBy": "

Service principal name of the service that created the rule.

The field is populated only if the service-linked rule is created by a service. The field is empty if you create your own rule.

", "ConfigurationAggregator$CreatedBy": "

Amazon Web Services service that created the configuration aggregator.

", "ConformancePackComplianceResourceIds$member": null, - "ConformancePackDetail$CreatedBy": "

Amazon Web Services service that created the conformance pack.

", + "ConformancePackDetail$CreatedBy": "

The Amazon Web Services service that created the conformance pack.

", "ConformancePackEvaluationFilters$ResourceType": "

Filters the results by the resource type (for example, \"AWS::EC2::Instance\").

", "DescribeComplianceByResourceRequest$ResourceType": "

The types of Amazon Web Services resources for which you want compliance information (for example, AWS::EC2::Instance). For this action, you can specify that the resource type is an Amazon Web Services account by specifying AWS::::Account.

", "Evaluation$ComplianceResourceType": "

The type of Amazon Web Services resource that was evaluated.

", @@ -3473,17 +3485,24 @@ "TemplateBody": { "base": null, "refs": { - "PutConformancePackRequest$TemplateBody": "

A string containing full conformance pack template body. Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.

You can only use a YAML template with two resource types: Config rule (AWS::Config::ConfigRule) and a remediation action (AWS::Config::RemediationConfiguration).

", + "PutConformancePackRequest$TemplateBody": "

A string containing the full conformance pack template body. The structure containing the template body has a minimum length of 1 byte and a maximum length of 51,200 bytes.

You can only use a YAML template with two resource types: Config rule (AWS::Config::ConfigRule) and remediation action (AWS::Config::RemediationConfiguration).

", "PutOrganizationConformancePackRequest$TemplateBody": "

A string containing full conformance pack template body. Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.

" } }, "TemplateS3Uri": { "base": null, "refs": { - "PutConformancePackRequest$TemplateS3Uri": "

Location of file containing the template body (s3://bucketname/prefix). The uri must point to the conformance pack template (max size: 300 KB) that is located in an Amazon S3 bucket in the same region as the conformance pack.

You must have access to read Amazon S3 bucket.

", + "PutConformancePackRequest$TemplateS3Uri": "

The location of the file containing the template body (s3://bucketname/prefix). The uri must point to a conformance pack template (max size: 300 KB) that is located in an Amazon S3 bucket in the same region as the conformance pack.

You must have access to read Amazon S3 bucket.

", "PutOrganizationConformancePackRequest$TemplateS3Uri": "

Location of file containing the template body. The uri must point to the conformance pack template (max size: 300 KB).

You must have access to read Amazon S3 bucket.

" } }, + "TemplateSSMDocumentDetails": { + "base": "

This API allows you to create a conformance pack template with an Amazon Web Services Systems Manager document (SSM document). To deploy a conformance pack using an SSM document, you first create an SSM document with conformance pack content, and then provide the DocumentName (and optionally DocumentVersion) in the PutConformancePack API.

The TemplateSSMDocumentDetails object contains the name of the SSM document and the version of the SSM document.

", + "refs": { + "ConformancePackDetail$TemplateSSMDocumentDetails": "

An object that contains the name or Amazon Resource Name (ARN) of the Amazon Web Services Systems Manager document (SSM document) and the version of the SSM document that is used to create a conformance pack.

", + "PutConformancePackRequest$TemplateSSMDocumentDetails": "

An object of type TemplateSSMDocumentDetails, which contains the name or the Amazon Resource Name (ARN) of the Amazon Web Services Systems Manager document (SSM document) and the version of the SSM document that is used to create a conformance pack.

" + } + }, "TooManyTagsException": { "base": "

You have reached the limit of the number of tags you can use. You have more than 50 tags.

", "refs": { diff --git a/models/apis/iam/2010-05-08/docs-2.json b/models/apis/iam/2010-05-08/docs-2.json index e1178a5159..8859e35c3b 100644 --- a/models/apis/iam/2010-05-08/docs-2.json +++ b/models/apis/iam/2010-05-08/docs-2.json @@ -79,7 +79,7 @@ "GetServiceLinkedRoleDeletionStatus": "

Retrieves the status of your service-linked role deletion. After you use DeleteServiceLinkedRole to submit a service-linked role for deletion, you can use the DeletionTaskId parameter in GetServiceLinkedRoleDeletionStatus to check the status of the deletion. If the deletion fails, this operation returns the reason that it failed, if that information is returned by the service.

", "GetUser": "

Retrieves information about the specified IAM user, including the user's creation date, path, unique ID, and ARN.

If you do not specify a user name, IAM determines the user name implicitly based on the Amazon Web Services access key ID used to sign the request to this operation.

", "GetUserPolicy": "

Retrieves the specified inline policy document that is embedded in the specified IAM user.

Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality.

An IAM user can also have managed policies attached to it. To retrieve a managed policy document that is attached to a user, use GetPolicy to determine the policy's default version. Then use GetPolicyVersion to retrieve the policy document.

For more information about policies, see Managed policies and inline policies in the IAM User Guide.

", - "ListAccessKeys": "

Returns information about the access key IDs associated with the specified IAM user. If there is none, the operation returns an empty list.

Although each user is limited to a small number of keys, you can still paginate the results using the MaxItems and Marker parameters.

If the UserName field is not specified, the user name is determined implicitly based on the Amazon Web Services access key ID used to sign the request. This operation works for access keys under the Amazon Web Services account. Consequently, you can use this operation to manage Amazon Web Services account root user credentials even if the Amazon Web Services account has no associated users.

To ensure the security of your Amazon Web Services account, the secret access key is accessible only during key and user creation.

", + "ListAccessKeys": "

Returns information about the access key IDs associated with the specified IAM user. If there is none, the operation returns an empty list.

Although each user is limited to a small number of keys, you can still paginate the results using the MaxItems and Marker parameters.

If the UserName is not specified, the user name is determined implicitly based on the Amazon Web Services access key ID used to sign the request. If a temporary access key is used, then UserName is required. If a long-term key is assigned to the user, then UserName is not required. This operation works for access keys under the Amazon Web Services account. Consequently, you can use this operation to manage Amazon Web Services account root user credentials even if the Amazon Web Services account has no associated users.

To ensure the security of your Amazon Web Services account, the secret access key is accessible only during key and user creation.

", "ListAccountAliases": "

Lists the account alias associated with the Amazon Web Services account (Note: you can have only one). For information about using an Amazon Web Services account alias, see Using an alias for your Amazon Web Services account ID in the IAM User Guide.

", "ListAttachedGroupPolicies": "

Lists all managed policies that are attached to the specified IAM group.

An IAM group can also have inline policies embedded with it. To list the inline policies for a group, use ListGroupPolicies. For information about policies, see Managed policies and inline policies in the IAM User Guide.

You can paginate the results using the MaxItems and Marker parameters. You can use the PathPrefix parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified group (or none that match the specified path prefix), the operation returns an empty list.

", "ListAttachedRolePolicies": "

Lists all managed policies that are attached to the specified IAM role.

An IAM role can also have inline policies embedded with it. To list the inline policies for a role, use ListRolePolicies. For information about policies, see Managed policies and inline policies in the IAM User Guide.

You can paginate the results using the MaxItems and Marker parameters. You can use the PathPrefix parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified role (or none that match the specified path prefix), the operation returns an empty list.

", @@ -143,7 +143,7 @@ "UntagSAMLProvider": "

Removes the specified tags from the specified Security Assertion Markup Language (SAML) identity provider in IAM. For more information about these providers, see About web identity federation. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

", "UntagServerCertificate": "

Removes the specified tags from the IAM server certificate. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

For certificates in a Region supported by Certificate Manager (ACM), we recommend that you don't use IAM server certificates. Instead, use ACM to provision, manage, and deploy your server certificates. For more information about IAM server certificates, Working with server certificates in the IAM User Guide.

", "UntagUser": "

Removes the specified tags from the user. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

", - "UpdateAccessKey": "

Changes the status of the specified access key from Active to Inactive, or vice versa. This operation can be used to disable a user's key as part of a key rotation workflow.

If the UserName is not specified, the user name is determined implicitly based on the Amazon Web Services access key ID used to sign the request. This operation works for access keys under the Amazon Web Services account. Consequently, you can use this operation to manage Amazon Web Services account root user credentials even if the Amazon Web Services account has no associated users.

For information about rotating keys, see Managing keys and certificates in the IAM User Guide.

", + "UpdateAccessKey": "

Changes the status of the specified access key from Active to Inactive, or vice versa. This operation can be used to disable a user's key as part of a key rotation workflow.

If the UserName is not specified, the user name is determined implicitly based on the Amazon Web Services access key ID used to sign the request. If a temporary access key is used, then UserName is required. If a long-term key is assigned to the user, then UserName is not required. This operation works for access keys under the Amazon Web Services account. Consequently, you can use this operation to manage Amazon Web Services account root user credentials even if the Amazon Web Services account has no associated users.

For information about rotating keys, see Managing keys and certificates in the IAM User Guide.

", "UpdateAccountPasswordPolicy": "

Updates the password policy settings for the Amazon Web Services account.

This operation does not support partial updates. No parameters are required, but if you do not specify a parameter, that parameter's value reverts to its default value. See the Request Parameters section for each parameter's default value. Also note that some parameters do not allow the default parameter to be explicitly set. Instead, to invoke the default value, do not include that parameter when you invoke the operation.

For more information about using a password policy, see Managing an IAM password policy in the IAM User Guide.

", "UpdateAssumeRolePolicy": "

Updates the policy that grants an IAM entity permission to assume a role. This is typically referred to as the \"role trust policy\". For more information about roles, see Using roles to delegate permissions and federate identities.

", "UpdateGroup": "

Updates the name and/or the path of the specified IAM group.

You should understand the implications of changing a group's path or name. For more information, see Renaming users and groups in the IAM User Guide.

The person making the request (the principal), must have permission to change the role group with the old name and the new name. For example, to change the group named Managers to MGRs, the principal must have a policy that allows them to update both groups. If the principal has permission to update the Managers group, but not the MGRs group, then the update fails. For more information about permissions, see Access management.

", @@ -1680,8 +1680,8 @@ "ResourceHandlingOptionType": { "base": null, "refs": { - "SimulateCustomPolicyRequest$ResourceHandlingOption": "

Specifies the type of simulation to run. Different API operations that support resource-based policies require different combinations of resources. By specifying the type of simulation to run, you enable the policy simulator to enforce the presence of the required resources to ensure reliable simulation results. If your simulation does not match one of the following scenarios, then you can omit this parameter. The following list shows each of the supported scenario values and the resources that you must define to run the simulation.

Each of the EC2 scenarios requires that you specify instance, image, and security-group resources. If your scenario includes an EBS volume, then you must specify that volume as a resource. If the EC2 scenario includes VPC, then you must supply the network-interface resource. If it includes an IP subnet, then you must specify the subnet resource. For more information on the EC2 scenario options, see Supported platforms in the Amazon EC2 User Guide.

", - "SimulatePrincipalPolicyRequest$ResourceHandlingOption": "

Specifies the type of simulation to run. Different API operations that support resource-based policies require different combinations of resources. By specifying the type of simulation to run, you enable the policy simulator to enforce the presence of the required resources to ensure reliable simulation results. If your simulation does not match one of the following scenarios, then you can omit this parameter. The following list shows each of the supported scenario values and the resources that you must define to run the simulation.

Each of the EC2 scenarios requires that you specify instance, image, and security group resources. If your scenario includes an EBS volume, then you must specify that volume as a resource. If the EC2 scenario includes VPC, then you must supply the network interface resource. If it includes an IP subnet, then you must specify the subnet resource. For more information on the EC2 scenario options, see Supported platforms in the Amazon EC2 User Guide.

" + "SimulateCustomPolicyRequest$ResourceHandlingOption": "

Specifies the type of simulation to run. Different API operations that support resource-based policies require different combinations of resources. By specifying the type of simulation to run, you enable the policy simulator to enforce the presence of the required resources to ensure reliable simulation results. If your simulation does not match one of the following scenarios, then you can omit this parameter. The following list shows each of the supported scenario values and the resources that you must define to run the simulation.

Each of the EC2 scenarios requires that you specify instance, image, and security group resources. If your scenario includes an EBS volume, then you must specify that volume as a resource. If the EC2 scenario includes VPC, then you must supply the network interface resource. If it includes an IP subnet, then you must specify the subnet resource. For more information on the EC2 scenario options, see Supported platforms in the Amazon EC2 User Guide.

", + "SimulatePrincipalPolicyRequest$ResourceHandlingOption": "

Specifies the type of simulation to run. Different API operations that support resource-based policies require different combinations of resources. By specifying the type of simulation to run, you enable the policy simulator to enforce the presence of the required resources to ensure reliable simulation results. If your simulation does not match one of the following scenarios, then you can omit this parameter. The following list shows each of the supported scenario values and the resources that you must define to run the simulation.

Each of the EC2 scenarios requires that you specify instance, image, and security group resources. If your scenario includes an EBS volume, then you must specify that volume as a resource. If the EC2 scenario includes VPC, then you must supply the network interface resource. If it includes an IP subnet, then you must specify the subnet resource. For more information on the EC2 scenario options, see Supported platforms in the Amazon EC2 User Guide.

" } }, "ResourceNameListType": { diff --git a/models/apis/ivs/2020-07-14/docs-2.json b/models/apis/ivs/2020-07-14/docs-2.json index ada10f5816..fa4df15cfa 100644 --- a/models/apis/ivs/2020-07-14/docs-2.json +++ b/models/apis/ivs/2020-07-14/docs-2.json @@ -1,6 +1,6 @@ { "version": "2.0", - "service": "

Introduction

The Amazon Interactive Video Service (IVS) API is REST compatible, using a standard HTTP API and an Amazon Web Services EventBridge event stream for responses. JSON is used for both requests and responses, including errors.

The API is an Amazon Web Services regional service. For a list of supported regions and Amazon IVS HTTPS service endpoints, see the Amazon IVS page in the Amazon Web Services General Reference.

All API request parameters and URLs are case sensitive.

For a summary of notable documentation changes in each release, see Document History.

Allowed Header Values

Resources

The following resources contain information about your IVS live stream (see Getting Started with Amazon IVS):

Tagging

A tag is a metadata label that you assign to an Amazon Web Services resource. A tag comprises a key and a value, both set by you. For example, you might set a tag as topic:nature to label a particular video category. See Tagging Amazon Web Services Resources for more information, including restrictions that apply to tags and \"Tag naming limits and requirements\"; Amazon IVS has no service-specific constraints beyond what is documented there.

Tags can help you identify and organize your Amazon Web Services resources. For example, you can use the same tag for different resources to indicate that they are related. You can also use tags to manage access (see Access Tags).

The Amazon IVS API has these tag-related endpoints: TagResource, UntagResource, and ListTagsForResource. The following resources support tagging: Channels, Stream Keys, Playback Key Pairs, and Recording Configurations.

At most 50 tags can be applied to a resource.

Authentication versus Authorization

Note the differences between these concepts:

Authentication

All Amazon IVS API requests must be authenticated with a signature. The Amazon Web Services Command-Line Interface (CLI) and Amazon IVS Player SDKs take care of signing the underlying API calls for you. However, if your application calls the Amazon IVS API directly, it’s your responsibility to sign the requests.

You generate a signature using valid Amazon Web Services credentials that have permission to perform the requested action. For example, you must sign PutMetadata requests with a signature generated from an IAM user account that has the ivs:PutMetadata permission.

For more information:

Channel Endpoints

StreamKey Endpoints

Stream Endpoints

PlaybackKeyPair Endpoints

For more information, see Setting Up Private Channels in the Amazon IVS User Guide.

RecordingConfiguration Endpoints

Amazon Web Services Tags Endpoints

", + "service": "

Introduction

The Amazon Interactive Video Service (IVS) API is REST compatible, using a standard HTTP API and an Amazon Web Services EventBridge event stream for responses. JSON is used for both requests and responses, including errors.

The API is an Amazon Web Services regional service. For a list of supported regions and Amazon IVS HTTPS service endpoints, see the Amazon IVS page in the Amazon Web Services General Reference.

All API request parameters and URLs are case sensitive.

For a summary of notable documentation changes in each release, see Document History.

Allowed Header Values

Resources

The following resources contain information about your IVS live stream (see Getting Started with Amazon IVS):

Tagging

A tag is a metadata label that you assign to an Amazon Web Services resource. A tag comprises a key and a value, both set by you. For example, you might set a tag as topic:nature to label a particular video category. See Tagging Amazon Web Services Resources for more information, including restrictions that apply to tags and \"Tag naming limits and requirements\"; Amazon IVS has no service-specific constraints beyond what is documented there.

Tags can help you identify and organize your Amazon Web Services resources. For example, you can use the same tag for different resources to indicate that they are related. You can also use tags to manage access (see Access Tags).

The Amazon IVS API has these tag-related endpoints: TagResource, UntagResource, and ListTagsForResource. The following resources support tagging: Channels, Stream Keys, Playback Key Pairs, and Recording Configurations.

At most 50 tags can be applied to a resource.

Authentication versus Authorization

Note the differences between these concepts:

Authentication

All Amazon IVS API requests must be authenticated with a signature. The Amazon Web Services Command-Line Interface (CLI) and Amazon IVS Player SDKs take care of signing the underlying API calls for you. However, if your application calls the Amazon IVS API directly, it’s your responsibility to sign the requests.

You generate a signature using valid Amazon Web Services credentials that have permission to perform the requested action. For example, you must sign PutMetadata requests with a signature generated from an IAM user account that has the ivs:PutMetadata permission.

For more information:

Amazon Resource Names (ARNs)

ARNs uniquely identify AWS resources. An ARN is required when you need to specify a resource unambiguously across all of AWS, such as in IAM policies and API calls. For more information, see Amazon Resource Names in the AWS General Reference.

Channel Endpoints

StreamKey Endpoints

Stream Endpoints

PlaybackKeyPair Endpoints

For more information, see Setting Up Private Channels in the Amazon IVS User Guide.

RecordingConfiguration Endpoints

Amazon Web Services Tags Endpoints

", "operations": { "BatchGetChannel": "

Performs GetChannel on multiple ARNs simultaneously.

", "BatchGetStreamKey": "

Performs GetStreamKey on multiple ARNs simultaneously.

", @@ -171,9 +171,9 @@ "ChannelType": { "base": null, "refs": { - "Channel$type": "

Channel type, which determines the allowable resolution and bitrate. If you exceed the allowable resolution or bitrate, the stream probably will disconnect immediately. Default: STANDARD. Valid values:

", - "CreateChannelRequest$type": "

Channel type, which determines the allowable resolution and bitrate. If you exceed the allowable resolution or bitrate, the stream probably will disconnect immediately. Default: STANDARD. Valid values:

", - "UpdateChannelRequest$type": "

Channel type, which determines the allowable resolution and bitrate. If you exceed the allowable resolution or bitrate, the stream probably will disconnect immediately. Valid values:

" + "Channel$type": "

Channel type, which determines the allowable resolution and bitrate. If you exceed the allowable resolution or bitrate, the stream probably will disconnect immediately. Default: STANDARD. Valid values:

", + "CreateChannelRequest$type": "

Channel type, which determines the allowable resolution and bitrate. If you exceed the allowable resolution or bitrate, the stream probably will disconnect immediately. Default: STANDARD. Valid values:

", + "UpdateChannelRequest$type": "

Channel type, which determines the allowable resolution and bitrate. If you exceed the allowable resolution or bitrate, the stream probably will disconnect immediately. Valid values:

" } }, "Channels": { diff --git a/models/apis/quicksight/2018-04-01/api-2.json b/models/apis/quicksight/2018-04-01/api-2.json index 7e5713a4d9..bae3efd4b5 100644 --- a/models/apis/quicksight/2018-04-01/api-2.json +++ b/models/apis/quicksight/2018-04-01/api-2.json @@ -2327,10 +2327,18 @@ "InitialDashboardId":{"shape":"RestrictiveResourceId"} } }, + "AnonymousUserDashboardVisualEmbeddingConfiguration":{ + "type":"structure", + "required":["InitialDashboardVisualId"], + "members":{ + "InitialDashboardVisualId":{"shape":"DashboardVisualId"} + } + }, "AnonymousUserEmbeddingExperienceConfiguration":{ "type":"structure", "members":{ - "Dashboard":{"shape":"AnonymousUserDashboardEmbeddingConfiguration"} + "Dashboard":{"shape":"AnonymousUserDashboardEmbeddingConfiguration"}, + "DashboardVisual":{"shape":"AnonymousUserDashboardVisualEmbeddingConfiguration"} } }, "Arn":{"type":"string"}, @@ -3500,6 +3508,19 @@ "member":{"shape":"DashboardVersionSummary"}, "max":100 }, + "DashboardVisualId":{ + "type":"structure", + "required":[ + "DashboardId", + "SheetId", + "VisualId" + ], + "members":{ + "DashboardId":{"shape":"RestrictiveResourceId"}, + "SheetId":{"shape":"RestrictiveResourceId"}, + "VisualId":{"shape":"RestrictiveResourceId"} + } + }, "DataColorPalette":{ "type":"structure", "members":{ @@ -7347,12 +7368,20 @@ "InitialDashboardId":{"shape":"RestrictiveResourceId"} } }, + "RegisteredUserDashboardVisualEmbeddingConfiguration":{ + "type":"structure", + "required":["InitialDashboardVisualId"], + "members":{ + "InitialDashboardVisualId":{"shape":"DashboardVisualId"} + } + }, "RegisteredUserEmbeddingExperienceConfiguration":{ "type":"structure", "members":{ "Dashboard":{"shape":"RegisteredUserDashboardEmbeddingConfiguration"}, "QuickSightConsole":{"shape":"RegisteredUserQuickSightConsoleEmbeddingConfiguration"}, - "QSearchBar":{"shape":"RegisteredUserQSearchBarEmbeddingConfiguration"} + "QSearchBar":{"shape":"RegisteredUserQSearchBarEmbeddingConfiguration"}, + "DashboardVisual":{"shape":"RegisteredUserDashboardVisualEmbeddingConfiguration"} } }, "RegisteredUserQSearchBarEmbeddingConfiguration":{ diff --git a/models/apis/quicksight/2018-04-01/docs-2.json b/models/apis/quicksight/2018-04-01/docs-2.json index f7cf7550e6..3c363a3f20 100644 --- a/models/apis/quicksight/2018-04-01/docs-2.json +++ b/models/apis/quicksight/2018-04-01/docs-2.json @@ -64,7 +64,7 @@ "DescribeThemeAlias": "

Describes the alias for a theme.

", "DescribeThemePermissions": "

Describes the read and write permissions for a theme.

", "DescribeUser": "

Returns information about a user, given the user name.

", - "GenerateEmbedUrlForAnonymousUser": "

Generates an embed URL that you can use to embed an Amazon QuickSight dashboard in your website, without having to register any reader users. Before you use this action, make sure that you have configured the dashboards and permissions.

The following rules apply to the generated URL:

For more information, see Embedded Analytics in the Amazon QuickSight User Guide.

For more information about the high-level steps for embedding and for an interactive demo of the ways you can customize embedding, visit the Amazon QuickSight Developer Portal.

", + "GenerateEmbedUrlForAnonymousUser": "

Generates an embed URL that you can use to embed an Amazon QuickSight dashboard or visual in your website, without having to register any reader users. Before you use this action, make sure that you have configured the dashboards and permissions.

The following rules apply to the generated URL:

For more information, see Embedded Analytics in the Amazon QuickSight User Guide.

For more information about the high-level steps for embedding and for an interactive demo of the ways you can customize embedding, visit the Amazon QuickSight Developer Portal.

", "GenerateEmbedUrlForRegisteredUser": "

Generates an embed URL that you can use to embed an Amazon QuickSight experience in your website. This action can be used for any type of user registered in an Amazon QuickSight account. Before you use this action, make sure that you have configured the relevant Amazon QuickSight resource and permissions.

The following rules apply to the generated URL:

For more information, see Embedded Analytics in the Amazon QuickSight User Guide.

For more information about the high-level steps for embedding and for an interactive demo of the ways you can customize embedding, visit the Amazon QuickSight Developer Portal.

", "GetDashboardEmbedUrl": "

Generates a temporary session URL and authorization code(bearer token) that you can use to embed an Amazon QuickSight read-only dashboard in your website or application. Before you use this command, make sure that you have configured the dashboards and permissions.

Currently, you can use GetDashboardEmbedURL only from the server, not from the user's browser. The following rules apply to the generated URL:

For more information, see Embedding Analytics Using GetDashboardEmbedUrl in the Amazon QuickSight User Guide.

For more information about the high-level steps for embedding and for an interactive demo of the ways you can customize embedding, visit the Amazon QuickSight Developer Portal.

", "GetSessionEmbedUrl": "

Generates a session URL and authorization code that you can use to embed the Amazon Amazon QuickSight console in your web server code. Use GetSessionEmbedUrl where you want to provide an authoring portal that allows users to create data sources, datasets, analyses, and dashboards. The users who access an embedded Amazon QuickSight console need belong to the author or admin security cohort. If you want to restrict permissions to some of these features, add a custom permissions profile to the user with the UpdateUser API operation. Use RegisterUser API operation to add a new user with a custom permission profile attached. For more information, see the following sections in the Amazon QuickSight User Guide:

", @@ -296,6 +296,12 @@ "AnonymousUserEmbeddingExperienceConfiguration$Dashboard": "

The type of embedding experience. In this case, Amazon QuickSight dashboards.

" } }, + "AnonymousUserDashboardVisualEmbeddingConfiguration": { + "base": "

The experience that you are embedding. You can use this object to generate a url that embeds a visual into your application.

", + "refs": { + "AnonymousUserEmbeddingExperienceConfiguration$DashboardVisual": "

The type of embedding experience. In this case, Amazon QuickSight visuals.

" + } + }, "AnonymousUserEmbeddingExperienceConfiguration": { "base": "

The type of experience you want to embed. For anonymous users, you can embed Amazon QuickSight dashboards.

", "refs": { @@ -1157,6 +1163,13 @@ "ListDashboardVersionsResponse$DashboardVersionSummaryList": "

A structure that contains information about each version of the dashboard.

" } }, + "DashboardVisualId": { + "base": "

A structure that contains the following elements:

The DashboardId, SheetId, and VisualId can be found in the IDs for developers section of the Embed visual pane of the visual's on-visual menu of the Amazon QuickSight console. You can also get the DashboardId with a ListDashboards API operation.

", + "refs": { + "AnonymousUserDashboardVisualEmbeddingConfiguration$InitialDashboardVisualId": "

The visual ID for the visual that you want the user to see. This ID is included in the output URL. When the URL in response is accessed, Amazon QuickSight renders this visual.

The Amazon Resource Name (ARN) of the dashboard that the visual belongs to must be included in the AuthorizedResourceArns parameter. Otherwise, the request will fail with InvalidParameterValueException.

", + "RegisteredUserDashboardVisualEmbeddingConfiguration$InitialDashboardVisualId": "

The visual ID for the visual that you want the user to embed. This ID is included in the output URL. When the URL in response is accessed, Amazon QuickSight renders this visual.

The Amazon Resource Name (ARN) of the dashboard that the visual belongs to must be included in the AuthorizedResourceArns parameter. Otherwise, the request will fail with InvalidParameterValueException.

" + } + }, "DataColorPalette": { "base": "

The theme colors that are used for data colors in charts. The colors description is a hexadecimal color code that consists of six alphanumerical characters, prefixed with #, for example #37BFF5.

", "refs": { @@ -1826,7 +1839,7 @@ "base": null, "refs": { "GenerateEmbedUrlForAnonymousUserResponse$EmbedUrl": "

The embed URL for the dashboard.

", - "GenerateEmbedUrlForRegisteredUserResponse$EmbedUrl": "

The embed URL for the Amazon QuickSight dashboard or console.

", + "GenerateEmbedUrlForRegisteredUserResponse$EmbedUrl": "

The embed URL for the Amazon QuickSight dashboard, visual, Q search bar, or console.

", "GetDashboardEmbedUrlResponse$EmbedUrl": "

A single-use URL that you can put into your server-side webpage to embed your dashboard. This URL is valid for 5 minutes. The API operation provides the URL with an auth_code value that enables one (and only one) sign-on to a user session that is valid for 10 hours.

", "GetSessionEmbedUrlResponse$EmbedUrl": "

A single-use URL that you can put into your server-side web page to embed your Amazon QuickSight session. This URL is valid for 5 minutes. The API operation provides the URL with an auth_code value that enables one (and only one) sign-on to a user session that is valid for 10 hours.

" } @@ -3058,10 +3071,16 @@ "RegisteredUserEmbeddingExperienceConfiguration$Dashboard": "

The configuration details for providing a dashboard embedding experience.

" } }, + "RegisteredUserDashboardVisualEmbeddingConfiguration": { + "base": "

The experience that you are embedding. You can use this object to generate a url that embeds a visual into your application.

", + "refs": { + "RegisteredUserEmbeddingExperienceConfiguration$DashboardVisual": "

The type of embedding experience. In this case, Amazon QuickSight visuals.

" + } + }, "RegisteredUserEmbeddingExperienceConfiguration": { "base": "

The type of experience you want to embed. For registered users, you can embed Amazon QuickSight dashboards or the Amazon QuickSight console.

Exactly one of the experience configurations is required. You can choose Dashboard or QuickSightConsole. You cannot choose more than one experience configuration.

", "refs": { - "GenerateEmbedUrlForRegisteredUserRequest$ExperienceConfiguration": "

The experience you are embedding. For registered users, you can embed Amazon QuickSight dashboards or the entire Amazon QuickSight console.

" + "GenerateEmbedUrlForRegisteredUserRequest$ExperienceConfiguration": "

The experience you are embedding. For registered users, you can embed Amazon QuickSight dashboards, Amazon QuickSight visuals, the Amazon QuickSight Q search bar, or the entire Amazon QuickSight console.

" } }, "RegisteredUserQSearchBarEmbeddingConfiguration": { @@ -3263,6 +3282,9 @@ "CreateThemeResponse$ThemeId": "

The ID of the theme.

", "Dashboard$DashboardId": "

Dashboard ID.

", "DashboardSummary$DashboardId": "

Dashboard ID.

", + "DashboardVisualId$DashboardId": "

The ID of the dashboard that has the visual that you want to embed. The DashboardId can be found in the IDs for developers section of the Embed visual pane of the visual's on-visual menu of the Amazon QuickSight console. You can also get the DashboardId with a ListDashboards API operation.

", + "DashboardVisualId$SheetId": "

The ID of the sheet that the has visual that you want to embed. The SheetId can be found in the IDs for developers section of the Embed visual pane of the visual's on-visual menu of the Amazon QuickSight console.

", + "DashboardVisualId$VisualId": "

The ID of the visual that you want to embed. The VisualID can be found in the IDs for developers section of the Embed visual pane of the visual's on-visual menu of the Amazon QuickSight console.

", "DeleteAnalysisRequest$AnalysisId": "

The ID of the analysis that you're deleting.

", "DeleteAnalysisResponse$AnalysisId": "

The ID of the deleted analysis.

", "DeleteDashboardRequest$DashboardId": "

The ID for the dashboard.

", diff --git a/models/apis/transfer/2018-11-05/docs-2.json b/models/apis/transfer/2018-11-05/docs-2.json index f506e53f97..1f6c11d5e4 100644 --- a/models/apis/transfer/2018-11-05/docs-2.json +++ b/models/apis/transfer/2018-11-05/docs-2.json @@ -1,6 +1,6 @@ { "version": "2.0", - "service": "

Transfer Family is a fully managed service that enables the transfer of files over the File Transfer Protocol (FTP), File Transfer Protocol over SSL (FTPS), or Secure Shell (SSH) File Transfer Protocol (SFTP) directly into and out of Amazon Simple Storage Service (Amazon S3). Amazon Web Services helps you seamlessly migrate your file transfer workflows to Transfer Family by integrating with existing authentication systems, and providing DNS routing with Amazon Route 53 so nothing changes for your customers and partners, or their applications. With your data in Amazon S3, you can use it with Amazon Web Services for processing, analytics, machine learning, and archiving. Getting started with Transfer Family is easy since there is no infrastructure to buy and set up.

", + "service": "

Transfer Family is a fully managed service that enables the transfer of files over the File Transfer Protocol (FTP), File Transfer Protocol over SSL (FTPS), or Secure Shell (SSH) File Transfer Protocol (SFTP) directly into and out of Amazon Simple Storage Service (Amazon S3) or Amazon EFS. Additionally, you can use Applicability Statement 2 (AS2) to transfer files into and out of Amazon S3. Amazon Web Services helps you seamlessly migrate your file transfer workflows to Transfer Family by integrating with existing authentication systems, and providing DNS routing with Amazon Route 53 so nothing changes for your customers and partners, or their applications. With your data in Amazon S3, you can use it with Amazon Web Services for processing, analytics, machine learning, and archiving. Getting started with Transfer Family is easy since there is no infrastructure to buy and set up.

", "operations": { "CreateAccess": "

Used by administrators to choose which groups in the directory should have access to upload and download files over the enabled protocols using Transfer Family. For example, a Microsoft Active Directory might contain 50,000 users, but only a small fraction might need the ability to transfer files to the server. An administrator can use CreateAccess to limit the access to the correct set of users who need this ability.

", "CreateAgreement": "

Creates an agreement. An agreement is a bilateral trading partner agreement, or partnership, between an Transfer Family server and an AS2 process. The agreement defines the file and message transfer relationship between the server and the AS2 process. To define an agreement, Transfer Family combines a server, local profile, partner profile, certificate, and other attributes.

The partner is identified with the PartnerProfileId, and the AS2 process is identified with the LocalProfileId.

", @@ -129,9 +129,9 @@ "As2Id": { "base": null, "refs": { - "CreateProfileRequest$As2Id": "

The As2Id is the AS2-name, as defined in the defined in the RFC 4130. For inbound transfers, this is the AS2-From header for the AS2 messages sent from the partner. For outbound connectors, this is the AS2-To header for the AS2 messages sent to the partner using the StartFileTransfer API operation. This ID cannot include spaces.

", - "DescribedProfile$As2Id": "

The unique identifier for the AS2 process.

", - "ListedProfile$As2Id": "

The unique identifier for the AS2 process.

" + "CreateProfileRequest$As2Id": "

The As2Id is the AS2-name, as defined in the RFC 4130. For inbound transfers, this is the AS2-From header for the AS2 messages sent from the partner. For outbound connectors, this is the AS2-To header for the AS2 messages sent to the partner using the StartFileTransfer API operation. This ID cannot include spaces.

", + "DescribedProfile$As2Id": "

The As2Id is the AS2-name, as defined in the RFC 4130. For inbound transfers, this is the AS2-From header for the AS2 messages sent from the partner. For outbound connectors, this is the AS2-To header for the AS2 messages sent to the partner using the StartFileTransfer API operation. This ID cannot include spaces.

", + "ListedProfile$As2Id": "

The As2Id is the AS2-name, as defined in the RFC 4130. For inbound transfers, this is the AS2-From header for the AS2 messages sent from the partner. For outbound connectors, this is the AS2-To header for the AS2 messages sent to the partner using the StartFileTransfer API operation. This ID cannot include spaces.

" } }, "As2Transport": { @@ -1128,7 +1128,7 @@ "MdnSigningAlg": { "base": null, "refs": { - "As2ConnectorConfig$MdnSigningAlgorithm": "

The signing algorithm for the MDN response.

" + "As2ConnectorConfig$MdnSigningAlgorithm": "

The signing algorithm for the MDN response.

If set to DEFAULT (or not set at all), the value for SigningAlogorithm is used.

" } }, "Message": { @@ -1146,7 +1146,7 @@ "MessageSubject": { "base": null, "refs": { - "As2ConnectorConfig$MessageSubject": "

A short description to help identify the connector.

" + "As2ConnectorConfig$MessageSubject": "

Used as the Subject HTTP header attribute in AS2 messages that are being sent with the connector.

" } }, "NextToken": { @@ -1256,21 +1256,21 @@ "ProfileId": { "base": null, "refs": { - "As2ConnectorConfig$LocalProfileId": "

A unique identifier for the AS2 process.

", - "As2ConnectorConfig$PartnerProfileId": "

A unique identifier for the partner for the connector.

", + "As2ConnectorConfig$LocalProfileId": "

A unique identifier for the AS2 local profile.

", + "As2ConnectorConfig$PartnerProfileId": "

A unique identifier for the partner profile for the connector.

", "CreateAgreementRequest$LocalProfileId": "

A unique identifier for the AS2 local profile.

", "CreateAgreementRequest$PartnerProfileId": "

A unique identifier for the partner profile used in the agreement.

", "CreateProfileResponse$ProfileId": "

The unique identifier for the AS2 profile, returned after the API call succeeds.

", "DeleteProfileRequest$ProfileId": "

The ID of the profile that you are deleting.

", "DescribeProfileRequest$ProfileId": "

The identifier of the profile that you want described.

", - "DescribedAgreement$LocalProfileId": "

A unique identifier for the AS2 process.

", - "DescribedAgreement$PartnerProfileId": "

A unique identifier for the partner in the agreement.

", + "DescribedAgreement$LocalProfileId": "

A unique identifier for the AS2 local profile.

", + "DescribedAgreement$PartnerProfileId": "

A unique identifier for the partner profile used in the agreement.

", "DescribedProfile$ProfileId": "

A unique identifier for the local or partner AS2 profile.

", - "ListedAgreement$LocalProfileId": "

A unique identifier for the AS2 process.

", - "ListedAgreement$PartnerProfileId": "

A unique identifier for the partner process.

", + "ListedAgreement$LocalProfileId": "

A unique identifier for the AS2 local profile.

", + "ListedAgreement$PartnerProfileId": "

A unique identifier for the partner profile.

", "ListedProfile$ProfileId": "

A unique identifier for the local or partner AS2 profile.

", - "UpdateAgreementRequest$LocalProfileId": "

To change the local profile identifier, provide a new value here.

", - "UpdateAgreementRequest$PartnerProfileId": "

To change the partner profile identifier, provide a new value here.

", + "UpdateAgreementRequest$LocalProfileId": "

A unique identifier for the AS2 local profile.

To change the local profile identifier, provide a new value here.

", + "UpdateAgreementRequest$PartnerProfileId": "

A unique identifier for the partner profile. To change the partner profile identifier, provide a new value here.

", "UpdateProfileRequest$ProfileId": "

The identifier of the profile object that you are updating.

", "UpdateProfileResponse$ProfileId": "

Returns the identifier for the profile that's being updated.

" } @@ -1295,7 +1295,7 @@ "base": "

The protocol settings that are configured for your server.

", "refs": { "CreateServerRequest$ProtocolDetails": "

The protocol settings that are configured for your server.

", - "DescribedServer$ProtocolDetails": "

The protocol settings that are configured for your server.

Use the PassiveIp parameter to indicate passive mode. Enter a single IPv4 address, such as the public IP address of a firewall, router, or load balancer.

", + "DescribedServer$ProtocolDetails": "

The protocol settings that are configured for your server.

", "UpdateServerRequest$ProtocolDetails": "

The protocol settings that are configured for your server.

" } }, @@ -1303,8 +1303,8 @@ "base": null, "refs": { "CreateServerRequest$Protocols": "

Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. The available protocols are:

", - "DescribedServer$Protocols": "

Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. The available protocols are:

", - "UpdateServerRequest$Protocols": "

Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. The available protocols are:

If you select FTPS, you must choose a certificate stored in Amazon Web ServicesCertificate Manager (ACM) which will be used to identify your server when clients connect to it over FTPS.

If Protocol includes either FTP or FTPS, then the EndpointType must be VPC and the IdentityProviderType must be AWS_DIRECTORY_SERVICE or API_GATEWAY.

If Protocol includes FTP, then AddressAllocationIds cannot be associated.

If Protocol is set only to SFTP, the EndpointType can be set to PUBLIC and the IdentityProviderType can be set to SERVICE_MANAGED.

" + "DescribedServer$Protocols": "

Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. The available protocols are:

", + "UpdateServerRequest$Protocols": "

Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. The available protocols are:

" } }, "Resource": { @@ -1347,13 +1347,13 @@ "base": null, "refs": { "CreateAccessRequest$Role": "

The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that controls your users' access to your Amazon S3 bucket or Amazon EFS file system. The policies attached to this role determine the level of access that you want to provide your users when transferring files into and out of your Amazon S3 bucket or Amazon EFS file system. The IAM role should also contain a trust relationship that allows the server to access your resources when servicing your users' transfer requests.

", - "CreateAgreementRequest$AccessRole": "

The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that grants access to at least the HomeDirectory of your users' Amazon S3 buckets.

", + "CreateAgreementRequest$AccessRole": "

With AS2, you can send files by calling StartFileTransfer and specifying the file paths in the request parameter, SendFilePaths. We use the file’s parent directory (for example, for --send-file-paths /bucket/dir/file.txt, parent directory is /bucket/dir/) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the AccessRole needs to provide read and write access to the parent directory of the file location used in the StartFileTransfer request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with StartFileTransfer.

", "CreateConnectorRequest$AccessRole": "

With AS2, you can send files by calling StartFileTransfer and specifying the file paths in the request parameter, SendFilePaths. We use the file’s parent directory (for example, for --send-file-paths /bucket/dir/file.txt, parent directory is /bucket/dir/) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the AccessRole needs to provide read and write access to the parent directory of the file location used in the StartFileTransfer request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with StartFileTransfer.

", "CreateConnectorRequest$LoggingRole": "

The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that allows a connector to turn on CloudWatch logging for Amazon S3 events. When set, you can view connector activity in your CloudWatch logs.

", "CreateServerRequest$LoggingRole": "

The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that allows a server to turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFSevents. When set, you can view user activity in your CloudWatch logs.

", "CreateUserRequest$Role": "

The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that controls your users' access to your Amazon S3 bucket or Amazon EFS file system. The policies attached to this role determine the level of access that you want to provide your users when transferring files into and out of your Amazon S3 bucket or Amazon EFS file system. The IAM role should also contain a trust relationship that allows the server to access your resources when servicing your users' transfer requests.

", "DescribedAccess$Role": "

The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that controls your users' access to your Amazon S3 bucket or Amazon EFS file system. The policies attached to this role determine the level of access that you want to provide your users when transferring files into and out of your Amazon S3 bucket or Amazon EFS file system. The IAM role should also contain a trust relationship that allows the server to access your resources when servicing your users' transfer requests.

", - "DescribedAgreement$AccessRole": "

The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that grants access to at least the HomeDirectory of your users' Amazon S3 buckets.

", + "DescribedAgreement$AccessRole": "

With AS2, you can send files by calling StartFileTransfer and specifying the file paths in the request parameter, SendFilePaths. We use the file’s parent directory (for example, for --send-file-paths /bucket/dir/file.txt, parent directory is /bucket/dir/) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the AccessRole needs to provide read and write access to the parent directory of the file location used in the StartFileTransfer request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with StartFileTransfer.

", "DescribedConnector$AccessRole": "

With AS2, you can send files by calling StartFileTransfer and specifying the file paths in the request parameter, SendFilePaths. We use the file’s parent directory (for example, for --send-file-paths /bucket/dir/file.txt, parent directory is /bucket/dir/) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the AccessRole needs to provide read and write access to the parent directory of the file location used in the StartFileTransfer request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with StartFileTransfer.

", "DescribedConnector$LoggingRole": "

The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that allows a connector to turn on CloudWatch logging for Amazon S3 events. When set, you can view connector activity in your CloudWatch logs.

", "DescribedExecution$ExecutionRole": "

The IAM role associated with the execution.

", @@ -1365,7 +1365,7 @@ "ListedUser$Role": "

The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that controls your users' access to your Amazon S3 bucket or Amazon EFS file system. The policies attached to this role determine the level of access that you want to provide your users when transferring files into and out of your Amazon S3 bucket or Amazon EFS file system. The IAM role should also contain a trust relationship that allows the server to access your resources when servicing your users' transfer requests.

The IAM role that controls your users' access to your Amazon S3 bucket for servers with Domain=S3, or your EFS file system for servers with Domain=EFS.

The policies attached to this role determine the level of access you want to provide your users when transferring files into and out of your S3 buckets or EFS file systems.

", "LoggingConfiguration$LoggingRole": "

The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that allows a server to turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFSevents. When set, you can view user activity in your CloudWatch logs.

", "UpdateAccessRequest$Role": "

The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that controls your users' access to your Amazon S3 bucket or Amazon EFS file system. The policies attached to this role determine the level of access that you want to provide your users when transferring files into and out of your Amazon S3 bucket or Amazon EFS file system. The IAM role should also contain a trust relationship that allows the server to access your resources when servicing your users' transfer requests.

", - "UpdateAgreementRequest$AccessRole": "

The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that grants access to at least the HomeDirectory of your users' Amazon S3 buckets.

", + "UpdateAgreementRequest$AccessRole": "

With AS2, you can send files by calling StartFileTransfer and specifying the file paths in the request parameter, SendFilePaths. We use the file’s parent directory (for example, for --send-file-paths /bucket/dir/file.txt, parent directory is /bucket/dir/) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the AccessRole needs to provide read and write access to the parent directory of the file location used in the StartFileTransfer request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with StartFileTransfer.

", "UpdateConnectorRequest$AccessRole": "

With AS2, you can send files by calling StartFileTransfer and specifying the file paths in the request parameter, SendFilePaths. We use the file’s parent directory (for example, for --send-file-paths /bucket/dir/file.txt, parent directory is /bucket/dir/) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the AccessRole needs to provide read and write access to the parent directory of the file location used in the StartFileTransfer request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with StartFileTransfer.

", "UpdateConnectorRequest$LoggingRole": "

The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that allows a connector to turn on CloudWatch logging for Amazon S3 events. When set, you can view connector activity in your CloudWatch logs.

", "UpdateUserRequest$Role": "

The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that controls your users' access to your Amazon S3 bucket or Amazon EFS file system. The policies attached to this role determine the level of access that you want to provide your users when transferring files into and out of your Amazon S3 bucket or Amazon EFS file system. The IAM role should also contain a trust relationship that allows the server to access your resources when servicing your users' transfer requests.

", @@ -1572,7 +1572,7 @@ "SigningAlg": { "base": null, "refs": { - "As2ConnectorConfig$SigningAlgorithm": "

The algorithm that is used to sign the AS2 transfers for this partner profile.

" + "As2ConnectorConfig$SigningAlgorithm": "

The algorithm that is used to sign the AS2 messages sent with the connector.

" } }, "SourceFileLocation": { diff --git a/service/cloudfront/api.go b/service/cloudfront/api.go index a96f523c92..30b8a8a552 100644 --- a/service/cloudfront/api.go +++ b/service/cloudfront/api.go @@ -430,6 +430,20 @@ func (c *CloudFront) CreateDistributionRequest(input *CreateDistributionInput) ( // - ErrCodeInvalidOriginAccessIdentity "InvalidOriginAccessIdentity" // The origin access identity is not valid or doesn't exist. // +// - ErrCodeInvalidOriginAccessControl "InvalidOriginAccessControl" +// The origin access control is not valid. +// +// - ErrCodeIllegalOriginAccessConfiguration "IllegalOriginAccessConfiguration" +// An origin cannot contain both an origin access control (OAC) and an origin +// access identity (OAI). +// +// - ErrCodeTooManyDistributionsAssociatedToOriginAccessControl "TooManyDistributionsAssociatedToOriginAccessControl" +// The maximum number of distributions have been associated with the specified +// origin access control. +// +// For more information, see Quotas (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html) +// (formerly known as limits) in the Amazon CloudFront Developer Guide. +// // - ErrCodeAccessDenied "AccessDenied" // Access denied. // @@ -631,6 +645,10 @@ func (c *CloudFront) CreateDistributionRequest(input *CreateDistributionInput) ( // The specified real-time log configuration belongs to a different Amazon Web // Services account. // +// - ErrCodeInvalidDomainNameForOriginAccessControl "InvalidDomainNameForOriginAccessControl" +// An origin access control is associated with an origin whose domain name is +// not supported. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/CreateDistribution func (c *CloudFront) CreateDistribution(input *CreateDistributionInput) (*CreateDistributionOutput, error) { req, out := c.CreateDistributionRequest(input) @@ -721,6 +739,9 @@ func (c *CloudFront) CreateDistributionWithTagsRequest(input *CreateDistribution // - ErrCodeInvalidOriginAccessIdentity "InvalidOriginAccessIdentity" // The origin access identity is not valid or doesn't exist. // +// - ErrCodeInvalidOriginAccessControl "InvalidOriginAccessControl" +// The origin access control is not valid. +// // - ErrCodeAccessDenied "AccessDenied" // Access denied. // @@ -925,6 +946,10 @@ func (c *CloudFront) CreateDistributionWithTagsRequest(input *CreateDistribution // The specified real-time log configuration belongs to a different Amazon Web // Services account. // +// - ErrCodeInvalidDomainNameForOriginAccessControl "InvalidDomainNameForOriginAccessControl" +// An origin access control is associated with an origin whose domain name is +// not supported. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/CreateDistributionWithTags func (c *CloudFront) CreateDistributionWithTags(input *CreateDistributionWithTagsInput) (*CreateDistributionWithTagsOutput, error) { req, out := c.CreateDistributionWithTagsRequest(input) @@ -1492,7 +1517,7 @@ func (c *CloudFront) CreateMonitoringSubscriptionRequest(input *CreateMonitoring op := &request.Operation{ Name: opCreateMonitoringSubscription, HTTPMethod: "POST", - HTTPPath: "/2020-05-31/distributions/{DistributionId}/monitoring-subscription", + HTTPPath: "/2020-05-31/distributions/{DistributionId}/monitoring-subscription/", } if input == nil { @@ -1528,6 +1553,9 @@ func (c *CloudFront) CreateMonitoringSubscriptionRequest(input *CreateMonitoring // - ErrCodeNoSuchDistribution "NoSuchDistribution" // The specified distribution does not exist. // +// - ErrCodeMonitoringSubscriptionAlreadyExists "MonitoringSubscriptionAlreadyExists" +// A monitoring subscription already exists for the specified distribution. +// // - ErrCodeUnsupportedOperation "UnsupportedOperation" // This operation is not supported in this region. // @@ -1553,6 +1581,105 @@ func (c *CloudFront) CreateMonitoringSubscriptionWithContext(ctx aws.Context, in return out, req.Send() } +const opCreateOriginAccessControl = "CreateOriginAccessControl2020_05_31" + +// CreateOriginAccessControlRequest generates a "aws/request.Request" representing the +// client's request for the CreateOriginAccessControl operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateOriginAccessControl for more information on using the CreateOriginAccessControl +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateOriginAccessControlRequest method. +// req, resp := client.CreateOriginAccessControlRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/CreateOriginAccessControl +func (c *CloudFront) CreateOriginAccessControlRequest(input *CreateOriginAccessControlInput) (req *request.Request, output *CreateOriginAccessControlOutput) { + op := &request.Operation{ + Name: opCreateOriginAccessControl, + HTTPMethod: "POST", + HTTPPath: "/2020-05-31/origin-access-control", + } + + if input == nil { + input = &CreateOriginAccessControlInput{} + } + + output = &CreateOriginAccessControlOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateOriginAccessControl API operation for Amazon CloudFront. +// +// Creates a new origin access control in CloudFront. After you create an origin +// access control, you can add it to an origin in a CloudFront distribution +// so that CloudFront sends authenticated (signed) requests to the origin. +// +// For an Amazon S3 origin, this makes it possible to block public access to +// the Amazon S3 bucket so that viewers (users) can access the content in the +// bucket only through CloudFront. +// +// For more information about using a CloudFront origin access control, see +// Restricting access to an Amazon S3 origin (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html) +// in the Amazon CloudFront Developer Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudFront's +// API operation CreateOriginAccessControl for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeOriginAccessControlAlreadyExists "OriginAccessControlAlreadyExists" +// An origin access control with the specified parameters already exists. +// +// - ErrCodeTooManyOriginAccessControls "TooManyOriginAccessControls" +// The number of origin access controls in your Amazon Web Services account +// exceeds the maximum allowed. +// +// For more information, see Quotas (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html) +// (formerly known as limits) in the Amazon CloudFront Developer Guide. +// +// - ErrCodeInvalidArgument "InvalidArgument" +// An argument is invalid. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/CreateOriginAccessControl +func (c *CloudFront) CreateOriginAccessControl(input *CreateOriginAccessControlInput) (*CreateOriginAccessControlOutput, error) { + req, out := c.CreateOriginAccessControlRequest(input) + return out, req.Send() +} + +// CreateOriginAccessControlWithContext is the same as CreateOriginAccessControl with the addition of +// the ability to pass a context and additional request options. +// +// See CreateOriginAccessControl for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudFront) CreateOriginAccessControlWithContext(ctx aws.Context, input *CreateOriginAccessControlInput, opts ...request.Option) (*CreateOriginAccessControlOutput, error) { + req, out := c.CreateOriginAccessControlRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opCreateOriginRequestPolicy = "CreateOriginRequestPolicy2020_05_31" // CreateOriginRequestPolicyRequest generates a "aws/request.Request" representing the @@ -2064,6 +2191,9 @@ func (c *CloudFront) CreateStreamingDistributionRequest(input *CreateStreamingDi // - ErrCodeInvalidOriginAccessIdentity "InvalidOriginAccessIdentity" // The origin access identity is not valid or doesn't exist. // +// - ErrCodeInvalidOriginAccessControl "InvalidOriginAccessControl" +// The origin access control is not valid. +// // - ErrCodeAccessDenied "AccessDenied" // Access denied. // @@ -2183,6 +2313,9 @@ func (c *CloudFront) CreateStreamingDistributionWithTagsRequest(input *CreateStr // - ErrCodeInvalidOriginAccessIdentity "InvalidOriginAccessIdentity" // The origin access identity is not valid or doesn't exist. // +// - ErrCodeInvalidOriginAccessControl "InvalidOriginAccessControl" +// The origin access control is not valid. +// // - ErrCodeAccessDenied "AccessDenied" // Access denied. // @@ -2931,7 +3064,7 @@ func (c *CloudFront) DeleteMonitoringSubscriptionRequest(input *DeleteMonitoring op := &request.Operation{ Name: opDeleteMonitoringSubscription, HTTPMethod: "DELETE", - HTTPPath: "/2020-05-31/distributions/{DistributionId}/monitoring-subscription", + HTTPPath: "/2020-05-31/distributions/{DistributionId}/monitoring-subscription/", } if input == nil { @@ -2963,6 +3096,9 @@ func (c *CloudFront) DeleteMonitoringSubscriptionRequest(input *DeleteMonitoring // - ErrCodeNoSuchDistribution "NoSuchDistribution" // The specified distribution does not exist. // +// - ErrCodeNoSuchMonitoringSubscription "NoSuchMonitoringSubscription" +// A monitoring subscription does not exist for the specified distribution. +// // - ErrCodeUnsupportedOperation "UnsupportedOperation" // This operation is not supported in this region. // @@ -2988,6 +3124,103 @@ func (c *CloudFront) DeleteMonitoringSubscriptionWithContext(ctx aws.Context, in return out, req.Send() } +const opDeleteOriginAccessControl = "DeleteOriginAccessControl2020_05_31" + +// DeleteOriginAccessControlRequest generates a "aws/request.Request" representing the +// client's request for the DeleteOriginAccessControl operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteOriginAccessControl for more information on using the DeleteOriginAccessControl +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DeleteOriginAccessControlRequest method. +// req, resp := client.DeleteOriginAccessControlRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/DeleteOriginAccessControl +func (c *CloudFront) DeleteOriginAccessControlRequest(input *DeleteOriginAccessControlInput) (req *request.Request, output *DeleteOriginAccessControlOutput) { + op := &request.Operation{ + Name: opDeleteOriginAccessControl, + HTTPMethod: "DELETE", + HTTPPath: "/2020-05-31/origin-access-control/{Id}", + } + + if input == nil { + input = &DeleteOriginAccessControlInput{} + } + + output = &DeleteOriginAccessControlOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// DeleteOriginAccessControl API operation for Amazon CloudFront. +// +// Deletes a CloudFront origin access control. +// +// You cannot delete an origin access control if it's in use. First, update +// all distributions to remove the origin access control from all origins, then +// delete the origin access control. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudFront's +// API operation DeleteOriginAccessControl for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeAccessDenied "AccessDenied" +// Access denied. +// +// - ErrCodeInvalidIfMatchVersion "InvalidIfMatchVersion" +// The If-Match version is missing or not valid. +// +// - ErrCodeNoSuchOriginAccessControl "NoSuchOriginAccessControl" +// The origin access control does not exist. +// +// - ErrCodePreconditionFailed "PreconditionFailed" +// The precondition in one or more of the request fields evaluated to false. +// +// - ErrCodeOriginAccessControlInUse "OriginAccessControlInUse" +// Cannot delete the origin access control because it's in use by one or more +// distributions. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/DeleteOriginAccessControl +func (c *CloudFront) DeleteOriginAccessControl(input *DeleteOriginAccessControlInput) (*DeleteOriginAccessControlOutput, error) { + req, out := c.DeleteOriginAccessControlRequest(input) + return out, req.Send() +} + +// DeleteOriginAccessControlWithContext is the same as DeleteOriginAccessControl with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteOriginAccessControl for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudFront) DeleteOriginAccessControlWithContext(ctx aws.Context, input *DeleteOriginAccessControlInput, opts ...request.Option) (*DeleteOriginAccessControlOutput, error) { + req, out := c.DeleteOriginAccessControlRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteOriginRequestPolicy = "DeleteOriginRequestPolicy2020_05_31" // DeleteOriginRequestPolicyRequest generates a "aws/request.Request" representing the @@ -4807,7 +5040,7 @@ func (c *CloudFront) GetMonitoringSubscriptionRequest(input *GetMonitoringSubscr op := &request.Operation{ Name: opGetMonitoringSubscription, HTTPMethod: "GET", - HTTPPath: "/2020-05-31/distributions/{DistributionId}/monitoring-subscription", + HTTPPath: "/2020-05-31/distributions/{DistributionId}/monitoring-subscription/", } if input == nil { @@ -4839,6 +5072,9 @@ func (c *CloudFront) GetMonitoringSubscriptionRequest(input *GetMonitoringSubscr // - ErrCodeNoSuchDistribution "NoSuchDistribution" // The specified distribution does not exist. // +// - ErrCodeNoSuchMonitoringSubscription "NoSuchMonitoringSubscription" +// A monitoring subscription does not exist for the specified distribution. +// // - ErrCodeUnsupportedOperation "UnsupportedOperation" // This operation is not supported in this region. // @@ -4864,244 +5100,408 @@ func (c *CloudFront) GetMonitoringSubscriptionWithContext(ctx aws.Context, input return out, req.Send() } -const opGetOriginRequestPolicy = "GetOriginRequestPolicy2020_05_31" +const opGetOriginAccessControl = "GetOriginAccessControl2020_05_31" -// GetOriginRequestPolicyRequest generates a "aws/request.Request" representing the -// client's request for the GetOriginRequestPolicy operation. The "output" return +// GetOriginAccessControlRequest generates a "aws/request.Request" representing the +// client's request for the GetOriginAccessControl operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See GetOriginRequestPolicy for more information on using the GetOriginRequestPolicy +// See GetOriginAccessControl for more information on using the GetOriginAccessControl // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the GetOriginRequestPolicyRequest method. -// req, resp := client.GetOriginRequestPolicyRequest(params) +// // Example sending a request using the GetOriginAccessControlRequest method. +// req, resp := client.GetOriginAccessControlRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/GetOriginRequestPolicy -func (c *CloudFront) GetOriginRequestPolicyRequest(input *GetOriginRequestPolicyInput) (req *request.Request, output *GetOriginRequestPolicyOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/GetOriginAccessControl +func (c *CloudFront) GetOriginAccessControlRequest(input *GetOriginAccessControlInput) (req *request.Request, output *GetOriginAccessControlOutput) { op := &request.Operation{ - Name: opGetOriginRequestPolicy, + Name: opGetOriginAccessControl, HTTPMethod: "GET", - HTTPPath: "/2020-05-31/origin-request-policy/{Id}", + HTTPPath: "/2020-05-31/origin-access-control/{Id}", } if input == nil { - input = &GetOriginRequestPolicyInput{} + input = &GetOriginAccessControlInput{} } - output = &GetOriginRequestPolicyOutput{} + output = &GetOriginAccessControlOutput{} req = c.newRequest(op, input, output) return } -// GetOriginRequestPolicy API operation for Amazon CloudFront. +// GetOriginAccessControl API operation for Amazon CloudFront. // -// Gets an origin request policy, including the following metadata: -// -// - The policy’s identifier. -// -// - The date and time when the policy was last modified. -// -// To get an origin request policy, you must provide the policy’s identifier. -// If the origin request policy is attached to a distribution’s cache behavior, -// you can get the policy’s identifier using ListDistributions or GetDistribution. -// If the origin request policy is not attached to a cache behavior, you can -// get the identifier using ListOriginRequestPolicies. +// Gets a CloudFront origin access control. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudFront's -// API operation GetOriginRequestPolicy for usage and error information. +// API operation GetOriginAccessControl for usage and error information. // // Returned Error Codes: // +// - ErrCodeNoSuchOriginAccessControl "NoSuchOriginAccessControl" +// The origin access control does not exist. +// // - ErrCodeAccessDenied "AccessDenied" // Access denied. // -// - ErrCodeNoSuchOriginRequestPolicy "NoSuchOriginRequestPolicy" -// The origin request policy does not exist. -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/GetOriginRequestPolicy -func (c *CloudFront) GetOriginRequestPolicy(input *GetOriginRequestPolicyInput) (*GetOriginRequestPolicyOutput, error) { - req, out := c.GetOriginRequestPolicyRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/GetOriginAccessControl +func (c *CloudFront) GetOriginAccessControl(input *GetOriginAccessControlInput) (*GetOriginAccessControlOutput, error) { + req, out := c.GetOriginAccessControlRequest(input) return out, req.Send() } -// GetOriginRequestPolicyWithContext is the same as GetOriginRequestPolicy with the addition of +// GetOriginAccessControlWithContext is the same as GetOriginAccessControl with the addition of // the ability to pass a context and additional request options. // -// See GetOriginRequestPolicy for details on how to use this API operation. +// See GetOriginAccessControl for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudFront) GetOriginRequestPolicyWithContext(ctx aws.Context, input *GetOriginRequestPolicyInput, opts ...request.Option) (*GetOriginRequestPolicyOutput, error) { - req, out := c.GetOriginRequestPolicyRequest(input) +func (c *CloudFront) GetOriginAccessControlWithContext(ctx aws.Context, input *GetOriginAccessControlInput, opts ...request.Option) (*GetOriginAccessControlOutput, error) { + req, out := c.GetOriginAccessControlRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opGetOriginRequestPolicyConfig = "GetOriginRequestPolicyConfig2020_05_31" +const opGetOriginAccessControlConfig = "GetOriginAccessControlConfig2020_05_31" -// GetOriginRequestPolicyConfigRequest generates a "aws/request.Request" representing the -// client's request for the GetOriginRequestPolicyConfig operation. The "output" return +// GetOriginAccessControlConfigRequest generates a "aws/request.Request" representing the +// client's request for the GetOriginAccessControlConfig operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See GetOriginRequestPolicyConfig for more information on using the GetOriginRequestPolicyConfig +// See GetOriginAccessControlConfig for more information on using the GetOriginAccessControlConfig // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the GetOriginRequestPolicyConfigRequest method. -// req, resp := client.GetOriginRequestPolicyConfigRequest(params) +// // Example sending a request using the GetOriginAccessControlConfigRequest method. +// req, resp := client.GetOriginAccessControlConfigRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/GetOriginRequestPolicyConfig -func (c *CloudFront) GetOriginRequestPolicyConfigRequest(input *GetOriginRequestPolicyConfigInput) (req *request.Request, output *GetOriginRequestPolicyConfigOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/GetOriginAccessControlConfig +func (c *CloudFront) GetOriginAccessControlConfigRequest(input *GetOriginAccessControlConfigInput) (req *request.Request, output *GetOriginAccessControlConfigOutput) { op := &request.Operation{ - Name: opGetOriginRequestPolicyConfig, + Name: opGetOriginAccessControlConfig, HTTPMethod: "GET", - HTTPPath: "/2020-05-31/origin-request-policy/{Id}/config", + HTTPPath: "/2020-05-31/origin-access-control/{Id}/config", } if input == nil { - input = &GetOriginRequestPolicyConfigInput{} + input = &GetOriginAccessControlConfigInput{} } - output = &GetOriginRequestPolicyConfigOutput{} + output = &GetOriginAccessControlConfigOutput{} req = c.newRequest(op, input, output) return } -// GetOriginRequestPolicyConfig API operation for Amazon CloudFront. +// GetOriginAccessControlConfig API operation for Amazon CloudFront. // -// Gets an origin request policy configuration. -// -// To get an origin request policy configuration, you must provide the policy’s -// identifier. If the origin request policy is attached to a distribution’s -// cache behavior, you can get the policy’s identifier using ListDistributions -// or GetDistribution. If the origin request policy is not attached to a cache -// behavior, you can get the identifier using ListOriginRequestPolicies. +// Gets a CloudFront origin access control. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudFront's -// API operation GetOriginRequestPolicyConfig for usage and error information. +// API operation GetOriginAccessControlConfig for usage and error information. // // Returned Error Codes: // +// - ErrCodeNoSuchOriginAccessControl "NoSuchOriginAccessControl" +// The origin access control does not exist. +// // - ErrCodeAccessDenied "AccessDenied" // Access denied. // -// - ErrCodeNoSuchOriginRequestPolicy "NoSuchOriginRequestPolicy" -// The origin request policy does not exist. -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/GetOriginRequestPolicyConfig -func (c *CloudFront) GetOriginRequestPolicyConfig(input *GetOriginRequestPolicyConfigInput) (*GetOriginRequestPolicyConfigOutput, error) { - req, out := c.GetOriginRequestPolicyConfigRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/GetOriginAccessControlConfig +func (c *CloudFront) GetOriginAccessControlConfig(input *GetOriginAccessControlConfigInput) (*GetOriginAccessControlConfigOutput, error) { + req, out := c.GetOriginAccessControlConfigRequest(input) return out, req.Send() } -// GetOriginRequestPolicyConfigWithContext is the same as GetOriginRequestPolicyConfig with the addition of +// GetOriginAccessControlConfigWithContext is the same as GetOriginAccessControlConfig with the addition of // the ability to pass a context and additional request options. // -// See GetOriginRequestPolicyConfig for details on how to use this API operation. +// See GetOriginAccessControlConfig for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudFront) GetOriginRequestPolicyConfigWithContext(ctx aws.Context, input *GetOriginRequestPolicyConfigInput, opts ...request.Option) (*GetOriginRequestPolicyConfigOutput, error) { - req, out := c.GetOriginRequestPolicyConfigRequest(input) +func (c *CloudFront) GetOriginAccessControlConfigWithContext(ctx aws.Context, input *GetOriginAccessControlConfigInput, opts ...request.Option) (*GetOriginAccessControlConfigOutput, error) { + req, out := c.GetOriginAccessControlConfigRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opGetPublicKey = "GetPublicKey2020_05_31" +const opGetOriginRequestPolicy = "GetOriginRequestPolicy2020_05_31" -// GetPublicKeyRequest generates a "aws/request.Request" representing the -// client's request for the GetPublicKey operation. The "output" return +// GetOriginRequestPolicyRequest generates a "aws/request.Request" representing the +// client's request for the GetOriginRequestPolicy operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See GetPublicKey for more information on using the GetPublicKey +// See GetOriginRequestPolicy for more information on using the GetOriginRequestPolicy // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the GetPublicKeyRequest method. -// req, resp := client.GetPublicKeyRequest(params) +// // Example sending a request using the GetOriginRequestPolicyRequest method. +// req, resp := client.GetOriginRequestPolicyRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/GetPublicKey -func (c *CloudFront) GetPublicKeyRequest(input *GetPublicKeyInput) (req *request.Request, output *GetPublicKeyOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/GetOriginRequestPolicy +func (c *CloudFront) GetOriginRequestPolicyRequest(input *GetOriginRequestPolicyInput) (req *request.Request, output *GetOriginRequestPolicyOutput) { op := &request.Operation{ - Name: opGetPublicKey, + Name: opGetOriginRequestPolicy, HTTPMethod: "GET", - HTTPPath: "/2020-05-31/public-key/{Id}", + HTTPPath: "/2020-05-31/origin-request-policy/{Id}", } if input == nil { - input = &GetPublicKeyInput{} + input = &GetOriginRequestPolicyInput{} } - output = &GetPublicKeyOutput{} + output = &GetOriginRequestPolicyOutput{} req = c.newRequest(op, input, output) return } -// GetPublicKey API operation for Amazon CloudFront. +// GetOriginRequestPolicy API operation for Amazon CloudFront. // -// Gets a public key. +// Gets an origin request policy, including the following metadata: +// +// - The policy’s identifier. +// +// - The date and time when the policy was last modified. +// +// To get an origin request policy, you must provide the policy’s identifier. +// If the origin request policy is attached to a distribution’s cache behavior, +// you can get the policy’s identifier using ListDistributions or GetDistribution. +// If the origin request policy is not attached to a cache behavior, you can +// get the identifier using ListOriginRequestPolicies. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudFront's -// API operation GetPublicKey for usage and error information. +// API operation GetOriginRequestPolicy for usage and error information. // // Returned Error Codes: // // - ErrCodeAccessDenied "AccessDenied" // Access denied. // -// - ErrCodeNoSuchPublicKey "NoSuchPublicKey" +// - ErrCodeNoSuchOriginRequestPolicy "NoSuchOriginRequestPolicy" +// The origin request policy does not exist. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/GetOriginRequestPolicy +func (c *CloudFront) GetOriginRequestPolicy(input *GetOriginRequestPolicyInput) (*GetOriginRequestPolicyOutput, error) { + req, out := c.GetOriginRequestPolicyRequest(input) + return out, req.Send() +} + +// GetOriginRequestPolicyWithContext is the same as GetOriginRequestPolicy with the addition of +// the ability to pass a context and additional request options. +// +// See GetOriginRequestPolicy for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudFront) GetOriginRequestPolicyWithContext(ctx aws.Context, input *GetOriginRequestPolicyInput, opts ...request.Option) (*GetOriginRequestPolicyOutput, error) { + req, out := c.GetOriginRequestPolicyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opGetOriginRequestPolicyConfig = "GetOriginRequestPolicyConfig2020_05_31" + +// GetOriginRequestPolicyConfigRequest generates a "aws/request.Request" representing the +// client's request for the GetOriginRequestPolicyConfig operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetOriginRequestPolicyConfig for more information on using the GetOriginRequestPolicyConfig +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetOriginRequestPolicyConfigRequest method. +// req, resp := client.GetOriginRequestPolicyConfigRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/GetOriginRequestPolicyConfig +func (c *CloudFront) GetOriginRequestPolicyConfigRequest(input *GetOriginRequestPolicyConfigInput) (req *request.Request, output *GetOriginRequestPolicyConfigOutput) { + op := &request.Operation{ + Name: opGetOriginRequestPolicyConfig, + HTTPMethod: "GET", + HTTPPath: "/2020-05-31/origin-request-policy/{Id}/config", + } + + if input == nil { + input = &GetOriginRequestPolicyConfigInput{} + } + + output = &GetOriginRequestPolicyConfigOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetOriginRequestPolicyConfig API operation for Amazon CloudFront. +// +// Gets an origin request policy configuration. +// +// To get an origin request policy configuration, you must provide the policy’s +// identifier. If the origin request policy is attached to a distribution’s +// cache behavior, you can get the policy’s identifier using ListDistributions +// or GetDistribution. If the origin request policy is not attached to a cache +// behavior, you can get the identifier using ListOriginRequestPolicies. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudFront's +// API operation GetOriginRequestPolicyConfig for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeAccessDenied "AccessDenied" +// Access denied. +// +// - ErrCodeNoSuchOriginRequestPolicy "NoSuchOriginRequestPolicy" +// The origin request policy does not exist. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/GetOriginRequestPolicyConfig +func (c *CloudFront) GetOriginRequestPolicyConfig(input *GetOriginRequestPolicyConfigInput) (*GetOriginRequestPolicyConfigOutput, error) { + req, out := c.GetOriginRequestPolicyConfigRequest(input) + return out, req.Send() +} + +// GetOriginRequestPolicyConfigWithContext is the same as GetOriginRequestPolicyConfig with the addition of +// the ability to pass a context and additional request options. +// +// See GetOriginRequestPolicyConfig for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudFront) GetOriginRequestPolicyConfigWithContext(ctx aws.Context, input *GetOriginRequestPolicyConfigInput, opts ...request.Option) (*GetOriginRequestPolicyConfigOutput, error) { + req, out := c.GetOriginRequestPolicyConfigRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opGetPublicKey = "GetPublicKey2020_05_31" + +// GetPublicKeyRequest generates a "aws/request.Request" representing the +// client's request for the GetPublicKey operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetPublicKey for more information on using the GetPublicKey +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetPublicKeyRequest method. +// req, resp := client.GetPublicKeyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/GetPublicKey +func (c *CloudFront) GetPublicKeyRequest(input *GetPublicKeyInput) (req *request.Request, output *GetPublicKeyOutput) { + op := &request.Operation{ + Name: opGetPublicKey, + HTTPMethod: "GET", + HTTPPath: "/2020-05-31/public-key/{Id}", + } + + if input == nil { + input = &GetPublicKeyInput{} + } + + output = &GetPublicKeyOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetPublicKey API operation for Amazon CloudFront. +// +// Gets a public key. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudFront's +// API operation GetPublicKey for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeAccessDenied "AccessDenied" +// Access denied. +// +// - ErrCodeNoSuchPublicKey "NoSuchPublicKey" // The specified public key doesn't exist. // // See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/GetPublicKey @@ -7128,6 +7528,91 @@ func (c *CloudFront) ListKeyGroupsWithContext(ctx aws.Context, input *ListKeyGro return out, req.Send() } +const opListOriginAccessControls = "ListOriginAccessControls2020_05_31" + +// ListOriginAccessControlsRequest generates a "aws/request.Request" representing the +// client's request for the ListOriginAccessControls operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListOriginAccessControls for more information on using the ListOriginAccessControls +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ListOriginAccessControlsRequest method. +// req, resp := client.ListOriginAccessControlsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/ListOriginAccessControls +func (c *CloudFront) ListOriginAccessControlsRequest(input *ListOriginAccessControlsInput) (req *request.Request, output *ListOriginAccessControlsOutput) { + op := &request.Operation{ + Name: opListOriginAccessControls, + HTTPMethod: "GET", + HTTPPath: "/2020-05-31/origin-access-control", + } + + if input == nil { + input = &ListOriginAccessControlsInput{} + } + + output = &ListOriginAccessControlsOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListOriginAccessControls API operation for Amazon CloudFront. +// +// Gets the list of CloudFront origin access controls in this Amazon Web Services +// account. +// +// You can optionally specify the maximum number of items to receive in the +// response. If the total number of items in the list exceeds the maximum that +// you specify, or the default maximum, the response is paginated. To get the +// next page of items, send another request that specifies the NextMarker value +// from the current response as the Marker value in the next request. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudFront's +// API operation ListOriginAccessControls for usage and error information. +// +// Returned Error Codes: +// - ErrCodeInvalidArgument "InvalidArgument" +// An argument is invalid. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/ListOriginAccessControls +func (c *CloudFront) ListOriginAccessControls(input *ListOriginAccessControlsInput) (*ListOriginAccessControlsOutput, error) { + req, out := c.ListOriginAccessControlsRequest(input) + return out, req.Send() +} + +// ListOriginAccessControlsWithContext is the same as ListOriginAccessControls with the addition of +// the ability to pass a context and additional request options. +// +// See ListOriginAccessControls for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudFront) ListOriginAccessControlsWithContext(ctx aws.Context, input *ListOriginAccessControlsInput, opts ...request.Option) (*ListOriginAccessControlsOutput, error) { + req, out := c.ListOriginAccessControlsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opListOriginRequestPolicies = "ListOriginRequestPolicies2020_05_31" // ListOriginRequestPoliciesRequest generates a "aws/request.Request" representing the @@ -8481,6 +8966,9 @@ func (c *CloudFront) UpdateDistributionRequest(input *UpdateDistributionInput) ( // - ErrCodeInvalidOriginAccessIdentity "InvalidOriginAccessIdentity" // The origin access identity is not valid or doesn't exist. // +// - ErrCodeInvalidOriginAccessControl "InvalidOriginAccessControl" +// The origin access control is not valid. +// // - ErrCodeTooManyTrustedSigners "TooManyTrustedSigners" // Your request contains more trusted signers than are allowed per distribution. // @@ -8648,6 +9136,14 @@ func (c *CloudFront) UpdateDistributionRequest(input *UpdateDistributionInput) ( // The specified real-time log configuration belongs to a different Amazon Web // Services account. // +// - ErrCodeIllegalOriginAccessConfiguration "IllegalOriginAccessConfiguration" +// An origin cannot contain both an origin access control (OAC) and an origin +// access identity (OAI). +// +// - ErrCodeInvalidDomainNameForOriginAccessControl "InvalidDomainNameForOriginAccessControl" +// An origin access control is associated with an origin whose domain name is +// not supported. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/UpdateDistribution func (c *CloudFront) UpdateDistribution(input *UpdateDistributionInput) (*UpdateDistributionOutput, error) { req, out := c.UpdateDistributionRequest(input) @@ -9106,56 +9602,153 @@ func (c *CloudFront) UpdateKeyGroupWithContext(ctx aws.Context, input *UpdateKey return out, req.Send() } -const opUpdateOriginRequestPolicy = "UpdateOriginRequestPolicy2020_05_31" +const opUpdateOriginAccessControl = "UpdateOriginAccessControl2020_05_31" -// UpdateOriginRequestPolicyRequest generates a "aws/request.Request" representing the -// client's request for the UpdateOriginRequestPolicy operation. The "output" return +// UpdateOriginAccessControlRequest generates a "aws/request.Request" representing the +// client's request for the UpdateOriginAccessControl operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See UpdateOriginRequestPolicy for more information on using the UpdateOriginRequestPolicy +// See UpdateOriginAccessControl for more information on using the UpdateOriginAccessControl // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the UpdateOriginRequestPolicyRequest method. -// req, resp := client.UpdateOriginRequestPolicyRequest(params) +// // Example sending a request using the UpdateOriginAccessControlRequest method. +// req, resp := client.UpdateOriginAccessControlRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/UpdateOriginRequestPolicy -func (c *CloudFront) UpdateOriginRequestPolicyRequest(input *UpdateOriginRequestPolicyInput) (req *request.Request, output *UpdateOriginRequestPolicyOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/UpdateOriginAccessControl +func (c *CloudFront) UpdateOriginAccessControlRequest(input *UpdateOriginAccessControlInput) (req *request.Request, output *UpdateOriginAccessControlOutput) { op := &request.Operation{ - Name: opUpdateOriginRequestPolicy, + Name: opUpdateOriginAccessControl, HTTPMethod: "PUT", - HTTPPath: "/2020-05-31/origin-request-policy/{Id}", + HTTPPath: "/2020-05-31/origin-access-control/{Id}/config", } if input == nil { - input = &UpdateOriginRequestPolicyInput{} + input = &UpdateOriginAccessControlInput{} } - output = &UpdateOriginRequestPolicyOutput{} + output = &UpdateOriginAccessControlOutput{} req = c.newRequest(op, input, output) return } -// UpdateOriginRequestPolicy API operation for Amazon CloudFront. +// UpdateOriginAccessControl API operation for Amazon CloudFront. // -// Updates an origin request policy configuration. +// Updates a CloudFront origin access control. // -// When you update an origin request policy configuration, all the fields are -// updated with the values provided in the request. You cannot update some fields -// independent of others. To update an origin request policy configuration: +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. // -// Use GetOriginRequestPolicyConfig to get the current configuration. +// See the AWS API reference guide for Amazon CloudFront's +// API operation UpdateOriginAccessControl for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeAccessDenied "AccessDenied" +// Access denied. +// +// - ErrCodeIllegalUpdate "IllegalUpdate" +// The update contains modifications that are not allowed. +// +// - ErrCodeInvalidIfMatchVersion "InvalidIfMatchVersion" +// The If-Match version is missing or not valid. +// +// - ErrCodeOriginAccessControlAlreadyExists "OriginAccessControlAlreadyExists" +// An origin access control with the specified parameters already exists. +// +// - ErrCodeNoSuchOriginAccessControl "NoSuchOriginAccessControl" +// The origin access control does not exist. +// +// - ErrCodePreconditionFailed "PreconditionFailed" +// The precondition in one or more of the request fields evaluated to false. +// +// - ErrCodeInvalidArgument "InvalidArgument" +// An argument is invalid. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/UpdateOriginAccessControl +func (c *CloudFront) UpdateOriginAccessControl(input *UpdateOriginAccessControlInput) (*UpdateOriginAccessControlOutput, error) { + req, out := c.UpdateOriginAccessControlRequest(input) + return out, req.Send() +} + +// UpdateOriginAccessControlWithContext is the same as UpdateOriginAccessControl with the addition of +// the ability to pass a context and additional request options. +// +// See UpdateOriginAccessControl for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudFront) UpdateOriginAccessControlWithContext(ctx aws.Context, input *UpdateOriginAccessControlInput, opts ...request.Option) (*UpdateOriginAccessControlOutput, error) { + req, out := c.UpdateOriginAccessControlRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opUpdateOriginRequestPolicy = "UpdateOriginRequestPolicy2020_05_31" + +// UpdateOriginRequestPolicyRequest generates a "aws/request.Request" representing the +// client's request for the UpdateOriginRequestPolicy operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See UpdateOriginRequestPolicy for more information on using the UpdateOriginRequestPolicy +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the UpdateOriginRequestPolicyRequest method. +// req, resp := client.UpdateOriginRequestPolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/UpdateOriginRequestPolicy +func (c *CloudFront) UpdateOriginRequestPolicyRequest(input *UpdateOriginRequestPolicyInput) (req *request.Request, output *UpdateOriginRequestPolicyOutput) { + op := &request.Operation{ + Name: opUpdateOriginRequestPolicy, + HTTPMethod: "PUT", + HTTPPath: "/2020-05-31/origin-request-policy/{Id}", + } + + if input == nil { + input = &UpdateOriginRequestPolicyInput{} + } + + output = &UpdateOriginRequestPolicyOutput{} + req = c.newRequest(op, input, output) + return +} + +// UpdateOriginRequestPolicy API operation for Amazon CloudFront. +// +// Updates an origin request policy configuration. +// +// When you update an origin request policy configuration, all the fields are +// updated with the values provided in the request. You cannot update some fields +// independent of others. To update an origin request policy configuration: +// +// Use GetOriginRequestPolicyConfig to get the current configuration. // // Locally modify the fields in the origin request policy configuration that // you want to update. @@ -9645,6 +10238,9 @@ func (c *CloudFront) UpdateStreamingDistributionRequest(input *UpdateStreamingDi // - ErrCodeInvalidOriginAccessIdentity "InvalidOriginAccessIdentity" // The origin access identity is not valid or doesn't exist. // +// - ErrCodeInvalidOriginAccessControl "InvalidOriginAccessControl" +// The origin access control is not valid. +// // - ErrCodeTooManyTrustedSigners "TooManyTrustedSigners" // Your request contains more trusted signers than are allowed per distribution. // @@ -12819,6 +13415,106 @@ func (s *CreateMonitoringSubscriptionOutput) SetMonitoringSubscription(v *Monito return s } +type CreateOriginAccessControlInput struct { + _ struct{} `locationName:"CreateOriginAccessControlRequest" type:"structure" payload:"OriginAccessControlConfig"` + + // Contains the origin access control. + // + // OriginAccessControlConfig is a required field + OriginAccessControlConfig *OriginAccessControlConfig `locationName:"OriginAccessControlConfig" type:"structure" required:"true" xmlURI:"http://cloudfront.amazonaws.com/doc/2020-05-31/"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateOriginAccessControlInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateOriginAccessControlInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateOriginAccessControlInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateOriginAccessControlInput"} + if s.OriginAccessControlConfig == nil { + invalidParams.Add(request.NewErrParamRequired("OriginAccessControlConfig")) + } + if s.OriginAccessControlConfig != nil { + if err := s.OriginAccessControlConfig.Validate(); err != nil { + invalidParams.AddNested("OriginAccessControlConfig", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetOriginAccessControlConfig sets the OriginAccessControlConfig field's value. +func (s *CreateOriginAccessControlInput) SetOriginAccessControlConfig(v *OriginAccessControlConfig) *CreateOriginAccessControlInput { + s.OriginAccessControlConfig = v + return s +} + +type CreateOriginAccessControlOutput struct { + _ struct{} `type:"structure" payload:"OriginAccessControl"` + + // The version identifier for the current version of the origin access control. + ETag *string `location:"header" locationName:"ETag" type:"string"` + + // The URL of the origin access control. + Location *string `location:"header" locationName:"Location" type:"string"` + + // Contains an origin access control. + OriginAccessControl *OriginAccessControl `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateOriginAccessControlOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateOriginAccessControlOutput) GoString() string { + return s.String() +} + +// SetETag sets the ETag field's value. +func (s *CreateOriginAccessControlOutput) SetETag(v string) *CreateOriginAccessControlOutput { + s.ETag = &v + return s +} + +// SetLocation sets the Location field's value. +func (s *CreateOriginAccessControlOutput) SetLocation(v string) *CreateOriginAccessControlOutput { + s.Location = &v + return s +} + +// SetOriginAccessControl sets the OriginAccessControl field's value. +func (s *CreateOriginAccessControlOutput) SetOriginAccessControl(v *OriginAccessControl) *CreateOriginAccessControlOutput { + s.OriginAccessControl = v + return s +} + type CreateOriginRequestPolicyInput struct { _ struct{} `locationName:"CreateOriginRequestPolicyRequest" type:"structure" payload:"OriginRequestPolicyConfig"` @@ -14942,6 +15638,87 @@ func (s DeleteMonitoringSubscriptionOutput) GoString() string { return s.String() } +type DeleteOriginAccessControlInput struct { + _ struct{} `locationName:"DeleteOriginAccessControlRequest" type:"structure"` + + // The unique identifier of the origin access control that you are deleting. + // + // Id is a required field + Id *string `location:"uri" locationName:"Id" type:"string" required:"true"` + + // The current version (ETag value) of the origin access control that you are + // deleting. + IfMatch *string `location:"header" locationName:"If-Match" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteOriginAccessControlInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteOriginAccessControlInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteOriginAccessControlInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteOriginAccessControlInput"} + if s.Id == nil { + invalidParams.Add(request.NewErrParamRequired("Id")) + } + if s.Id != nil && len(*s.Id) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Id", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetId sets the Id field's value. +func (s *DeleteOriginAccessControlInput) SetId(v string) *DeleteOriginAccessControlInput { + s.Id = &v + return s +} + +// SetIfMatch sets the IfMatch field's value. +func (s *DeleteOriginAccessControlInput) SetIfMatch(v string) *DeleteOriginAccessControlInput { + s.IfMatch = &v + return s +} + +type DeleteOriginAccessControlOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteOriginAccessControlOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteOriginAccessControlOutput) GoString() string { + return s.String() +} + type DeleteOriginRequestPolicyInput struct { _ struct{} `locationName:"DeleteOriginRequestPolicyRequest" type:"structure"` @@ -19388,14 +20165,10 @@ func (s *GetMonitoringSubscriptionOutput) SetMonitoringSubscription(v *Monitorin return s } -type GetOriginRequestPolicyConfigInput struct { - _ struct{} `locationName:"GetOriginRequestPolicyConfigRequest" type:"structure"` +type GetOriginAccessControlConfigInput struct { + _ struct{} `locationName:"GetOriginAccessControlConfigRequest" type:"structure"` - // The unique identifier for the origin request policy. If the origin request - // policy is attached to a distribution’s cache behavior, you can get the - // policy’s identifier using ListDistributions or GetDistribution. If the - // origin request policy is not attached to a cache behavior, you can get the - // identifier using ListOriginRequestPolicies. + // The unique identifier of the origin access control. // // Id is a required field Id *string `location:"uri" locationName:"Id" type:"string" required:"true"` @@ -19406,7 +20179,7 @@ type GetOriginRequestPolicyConfigInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s GetOriginRequestPolicyConfigInput) String() string { +func (s GetOriginAccessControlConfigInput) String() string { return awsutil.Prettify(s) } @@ -19415,13 +20188,13 @@ func (s GetOriginRequestPolicyConfigInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s GetOriginRequestPolicyConfigInput) GoString() string { +func (s GetOriginAccessControlConfigInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *GetOriginRequestPolicyConfigInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "GetOriginRequestPolicyConfigInput"} +func (s *GetOriginAccessControlConfigInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetOriginAccessControlConfigInput"} if s.Id == nil { invalidParams.Add(request.NewErrParamRequired("Id")) } @@ -19436,19 +20209,19 @@ func (s *GetOriginRequestPolicyConfigInput) Validate() error { } // SetId sets the Id field's value. -func (s *GetOriginRequestPolicyConfigInput) SetId(v string) *GetOriginRequestPolicyConfigInput { +func (s *GetOriginAccessControlConfigInput) SetId(v string) *GetOriginAccessControlConfigInput { s.Id = &v return s } -type GetOriginRequestPolicyConfigOutput struct { - _ struct{} `type:"structure" payload:"OriginRequestPolicyConfig"` +type GetOriginAccessControlConfigOutput struct { + _ struct{} `type:"structure" payload:"OriginAccessControlConfig"` - // The current version of the origin request policy. + // The version identifier for the current version of the origin access control. ETag *string `location:"header" locationName:"ETag" type:"string"` - // The origin request policy configuration. - OriginRequestPolicyConfig *OriginRequestPolicyConfig `type:"structure"` + // Contains an origin access control. + OriginAccessControlConfig *OriginAccessControlConfig `type:"structure"` } // String returns the string representation. @@ -19456,7 +20229,7 @@ type GetOriginRequestPolicyConfigOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s GetOriginRequestPolicyConfigOutput) String() string { +func (s GetOriginAccessControlConfigOutput) String() string { return awsutil.Prettify(s) } @@ -19465,30 +20238,26 @@ func (s GetOriginRequestPolicyConfigOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s GetOriginRequestPolicyConfigOutput) GoString() string { +func (s GetOriginAccessControlConfigOutput) GoString() string { return s.String() } // SetETag sets the ETag field's value. -func (s *GetOriginRequestPolicyConfigOutput) SetETag(v string) *GetOriginRequestPolicyConfigOutput { +func (s *GetOriginAccessControlConfigOutput) SetETag(v string) *GetOriginAccessControlConfigOutput { s.ETag = &v return s } -// SetOriginRequestPolicyConfig sets the OriginRequestPolicyConfig field's value. -func (s *GetOriginRequestPolicyConfigOutput) SetOriginRequestPolicyConfig(v *OriginRequestPolicyConfig) *GetOriginRequestPolicyConfigOutput { - s.OriginRequestPolicyConfig = v +// SetOriginAccessControlConfig sets the OriginAccessControlConfig field's value. +func (s *GetOriginAccessControlConfigOutput) SetOriginAccessControlConfig(v *OriginAccessControlConfig) *GetOriginAccessControlConfigOutput { + s.OriginAccessControlConfig = v return s } -type GetOriginRequestPolicyInput struct { - _ struct{} `locationName:"GetOriginRequestPolicyRequest" type:"structure"` +type GetOriginAccessControlInput struct { + _ struct{} `locationName:"GetOriginAccessControlRequest" type:"structure"` - // The unique identifier for the origin request policy. If the origin request - // policy is attached to a distribution’s cache behavior, you can get the - // policy’s identifier using ListDistributions or GetDistribution. If the - // origin request policy is not attached to a cache behavior, you can get the - // identifier using ListOriginRequestPolicies. + // The unique identifier of the origin access control. // // Id is a required field Id *string `location:"uri" locationName:"Id" type:"string" required:"true"` @@ -19499,7 +20268,7 @@ type GetOriginRequestPolicyInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s GetOriginRequestPolicyInput) String() string { +func (s GetOriginAccessControlInput) String() string { return awsutil.Prettify(s) } @@ -19508,13 +20277,199 @@ func (s GetOriginRequestPolicyInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s GetOriginRequestPolicyInput) GoString() string { +func (s GetOriginAccessControlInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *GetOriginRequestPolicyInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "GetOriginRequestPolicyInput"} +func (s *GetOriginAccessControlInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetOriginAccessControlInput"} + if s.Id == nil { + invalidParams.Add(request.NewErrParamRequired("Id")) + } + if s.Id != nil && len(*s.Id) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Id", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetId sets the Id field's value. +func (s *GetOriginAccessControlInput) SetId(v string) *GetOriginAccessControlInput { + s.Id = &v + return s +} + +type GetOriginAccessControlOutput struct { + _ struct{} `type:"structure" payload:"OriginAccessControl"` + + // The version identifier for the current version of the origin access control. + ETag *string `location:"header" locationName:"ETag" type:"string"` + + // Contains an origin access control. + OriginAccessControl *OriginAccessControl `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetOriginAccessControlOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetOriginAccessControlOutput) GoString() string { + return s.String() +} + +// SetETag sets the ETag field's value. +func (s *GetOriginAccessControlOutput) SetETag(v string) *GetOriginAccessControlOutput { + s.ETag = &v + return s +} + +// SetOriginAccessControl sets the OriginAccessControl field's value. +func (s *GetOriginAccessControlOutput) SetOriginAccessControl(v *OriginAccessControl) *GetOriginAccessControlOutput { + s.OriginAccessControl = v + return s +} + +type GetOriginRequestPolicyConfigInput struct { + _ struct{} `locationName:"GetOriginRequestPolicyConfigRequest" type:"structure"` + + // The unique identifier for the origin request policy. If the origin request + // policy is attached to a distribution’s cache behavior, you can get the + // policy’s identifier using ListDistributions or GetDistribution. If the + // origin request policy is not attached to a cache behavior, you can get the + // identifier using ListOriginRequestPolicies. + // + // Id is a required field + Id *string `location:"uri" locationName:"Id" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetOriginRequestPolicyConfigInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetOriginRequestPolicyConfigInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetOriginRequestPolicyConfigInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetOriginRequestPolicyConfigInput"} + if s.Id == nil { + invalidParams.Add(request.NewErrParamRequired("Id")) + } + if s.Id != nil && len(*s.Id) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Id", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetId sets the Id field's value. +func (s *GetOriginRequestPolicyConfigInput) SetId(v string) *GetOriginRequestPolicyConfigInput { + s.Id = &v + return s +} + +type GetOriginRequestPolicyConfigOutput struct { + _ struct{} `type:"structure" payload:"OriginRequestPolicyConfig"` + + // The current version of the origin request policy. + ETag *string `location:"header" locationName:"ETag" type:"string"` + + // The origin request policy configuration. + OriginRequestPolicyConfig *OriginRequestPolicyConfig `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetOriginRequestPolicyConfigOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetOriginRequestPolicyConfigOutput) GoString() string { + return s.String() +} + +// SetETag sets the ETag field's value. +func (s *GetOriginRequestPolicyConfigOutput) SetETag(v string) *GetOriginRequestPolicyConfigOutput { + s.ETag = &v + return s +} + +// SetOriginRequestPolicyConfig sets the OriginRequestPolicyConfig field's value. +func (s *GetOriginRequestPolicyConfigOutput) SetOriginRequestPolicyConfig(v *OriginRequestPolicyConfig) *GetOriginRequestPolicyConfigOutput { + s.OriginRequestPolicyConfig = v + return s +} + +type GetOriginRequestPolicyInput struct { + _ struct{} `locationName:"GetOriginRequestPolicyRequest" type:"structure"` + + // The unique identifier for the origin request policy. If the origin request + // policy is attached to a distribution’s cache behavior, you can get the + // policy’s identifier using ListDistributions or GetDistribution. If the + // origin request policy is not attached to a cache behavior, you can get the + // identifier using ListOriginRequestPolicies. + // + // Id is a required field + Id *string `location:"uri" locationName:"Id" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetOriginRequestPolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetOriginRequestPolicyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetOriginRequestPolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetOriginRequestPolicyInput"} if s.Id == nil { invalidParams.Add(request.NewErrParamRequired("Id")) } @@ -22494,6 +23449,80 @@ func (s *ListKeyGroupsOutput) SetKeyGroupList(v *KeyGroupList) *ListKeyGroupsOut return s } +type ListOriginAccessControlsInput struct { + _ struct{} `locationName:"ListOriginAccessControlsRequest" type:"structure"` + + // Use this field when paginating results to indicate where to begin in your + // list of origin access controls. The response includes the items in the list + // that occur after the marker. To get the next page of the list, set this field's + // value to the value of NextMarker from the current page's response. + Marker *string `location:"querystring" locationName:"Marker" type:"string"` + + // The maximum number of origin access controls that you want in the response. + MaxItems *int64 `location:"querystring" locationName:"MaxItems" type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListOriginAccessControlsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListOriginAccessControlsInput) GoString() string { + return s.String() +} + +// SetMarker sets the Marker field's value. +func (s *ListOriginAccessControlsInput) SetMarker(v string) *ListOriginAccessControlsInput { + s.Marker = &v + return s +} + +// SetMaxItems sets the MaxItems field's value. +func (s *ListOriginAccessControlsInput) SetMaxItems(v int64) *ListOriginAccessControlsInput { + s.MaxItems = &v + return s +} + +type ListOriginAccessControlsOutput struct { + _ struct{} `type:"structure" payload:"OriginAccessControlList"` + + // A list of origin access controls. + OriginAccessControlList *OriginAccessControlList `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListOriginAccessControlsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListOriginAccessControlsOutput) GoString() string { + return s.String() +} + +// SetOriginAccessControlList sets the OriginAccessControlList field's value. +func (s *ListOriginAccessControlsOutput) SetOriginAccessControlList(v *OriginAccessControlList) *ListOriginAccessControlsOutput { + s.OriginAccessControlList = v + return s +} + type ListOriginRequestPoliciesInput struct { _ struct{} `locationName:"ListOriginRequestPoliciesRequest" type:"structure"` @@ -23199,28 +24228,352 @@ type Origin struct { // // Use this value to specify the TargetOriginId in a CacheBehavior or DefaultCacheBehavior. // - // Id is a required field - Id *string `type:"string" required:"true"` + // Id is a required field + Id *string `type:"string" required:"true"` + + // The unique identifier of an origin access control for this origin. + // + // For more information, see Restricting access to an Amazon S3 origin (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html) + // in the Amazon CloudFront Developer Guide. + OriginAccessControlId *string `type:"string"` + + // An optional path that CloudFront appends to the origin domain name when CloudFront + // requests content from the origin. + // + // For more information, see Origin Path (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginPath) + // in the Amazon CloudFront Developer Guide. + OriginPath *string `type:"string"` + + // CloudFront Origin Shield. Using Origin Shield can help reduce the load on + // your origin. + // + // For more information, see Using Origin Shield (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/origin-shield.html) + // in the Amazon CloudFront Developer Guide. + OriginShield *OriginShield `type:"structure"` + + // Use this type to specify an origin that is an Amazon S3 bucket that is not + // configured with static website hosting. To specify any other type of origin, + // including an Amazon S3 bucket that is configured with static website hosting, + // use the CustomOriginConfig type instead. + S3OriginConfig *S3OriginConfig `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Origin) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Origin) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *Origin) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "Origin"} + if s.DomainName == nil { + invalidParams.Add(request.NewErrParamRequired("DomainName")) + } + if s.Id == nil { + invalidParams.Add(request.NewErrParamRequired("Id")) + } + if s.CustomHeaders != nil { + if err := s.CustomHeaders.Validate(); err != nil { + invalidParams.AddNested("CustomHeaders", err.(request.ErrInvalidParams)) + } + } + if s.CustomOriginConfig != nil { + if err := s.CustomOriginConfig.Validate(); err != nil { + invalidParams.AddNested("CustomOriginConfig", err.(request.ErrInvalidParams)) + } + } + if s.OriginShield != nil { + if err := s.OriginShield.Validate(); err != nil { + invalidParams.AddNested("OriginShield", err.(request.ErrInvalidParams)) + } + } + if s.S3OriginConfig != nil { + if err := s.S3OriginConfig.Validate(); err != nil { + invalidParams.AddNested("S3OriginConfig", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetConnectionAttempts sets the ConnectionAttempts field's value. +func (s *Origin) SetConnectionAttempts(v int64) *Origin { + s.ConnectionAttempts = &v + return s +} + +// SetConnectionTimeout sets the ConnectionTimeout field's value. +func (s *Origin) SetConnectionTimeout(v int64) *Origin { + s.ConnectionTimeout = &v + return s +} + +// SetCustomHeaders sets the CustomHeaders field's value. +func (s *Origin) SetCustomHeaders(v *CustomHeaders) *Origin { + s.CustomHeaders = v + return s +} + +// SetCustomOriginConfig sets the CustomOriginConfig field's value. +func (s *Origin) SetCustomOriginConfig(v *CustomOriginConfig) *Origin { + s.CustomOriginConfig = v + return s +} + +// SetDomainName sets the DomainName field's value. +func (s *Origin) SetDomainName(v string) *Origin { + s.DomainName = &v + return s +} + +// SetId sets the Id field's value. +func (s *Origin) SetId(v string) *Origin { + s.Id = &v + return s +} + +// SetOriginAccessControlId sets the OriginAccessControlId field's value. +func (s *Origin) SetOriginAccessControlId(v string) *Origin { + s.OriginAccessControlId = &v + return s +} + +// SetOriginPath sets the OriginPath field's value. +func (s *Origin) SetOriginPath(v string) *Origin { + s.OriginPath = &v + return s +} + +// SetOriginShield sets the OriginShield field's value. +func (s *Origin) SetOriginShield(v *OriginShield) *Origin { + s.OriginShield = v + return s +} + +// SetS3OriginConfig sets the S3OriginConfig field's value. +func (s *Origin) SetS3OriginConfig(v *S3OriginConfig) *Origin { + s.S3OriginConfig = v + return s +} + +// A CloudFront origin access control. +type OriginAccessControl struct { + _ struct{} `type:"structure"` + + // The unique identifier of the origin access control. + // + // Id is a required field + Id *string `type:"string" required:"true"` + + // The origin access control. + OriginAccessControlConfig *OriginAccessControlConfig `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s OriginAccessControl) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s OriginAccessControl) GoString() string { + return s.String() +} + +// SetId sets the Id field's value. +func (s *OriginAccessControl) SetId(v string) *OriginAccessControl { + s.Id = &v + return s +} + +// SetOriginAccessControlConfig sets the OriginAccessControlConfig field's value. +func (s *OriginAccessControl) SetOriginAccessControlConfig(v *OriginAccessControlConfig) *OriginAccessControl { + s.OriginAccessControlConfig = v + return s +} + +// A CloudFront origin access control. +type OriginAccessControlConfig struct { + _ struct{} `type:"structure"` + + // A description of the origin access control. + // + // Description is a required field + Description *string `type:"string" required:"true"` + + // A name to identify the origin access control. + // + // Name is a required field + Name *string `type:"string" required:"true"` + + // The type of origin that this origin access control is for. The only valid + // value is s3. + // + // OriginAccessControlOriginType is a required field + OriginAccessControlOriginType *string `type:"string" required:"true" enum:"OriginAccessControlOriginTypes"` + + // Specifies which requests CloudFront signs (adds authentication information + // to). Specify always for the most common use case. For more information, see + // origin access control advanced settings (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html#oac-advanced-settings) + // in the Amazon CloudFront Developer Guide. + // + // This field can have one of the following values: + // + // * always – CloudFront signs all origin requests, overwriting the Authorization + // header from the viewer request if one exists. + // + // * never – CloudFront doesn't sign any origin requests. This value turns + // off origin access control for all origins in all distributions that use + // this origin access control. + // + // * no-override – If the viewer request doesn't contain the Authorization + // header, then CloudFront signs the origin request. If the viewer request + // contains the Authorization header, then CloudFront doesn't sign the origin + // request and instead passes along the Authorization header from the viewer + // request. WARNING: To pass along the Authorization header from the viewer + // request, you must add the Authorization header to an origin request policy + // (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html) + // for all cache behaviors that use origins associated with this origin access + // control. + // + // SigningBehavior is a required field + SigningBehavior *string `type:"string" required:"true" enum:"OriginAccessControlSigningBehaviors"` + + // The signing protocol of the origin access control, which determines how CloudFront + // signs (authenticates) requests. The only valid value is sigv4. + // + // SigningProtocol is a required field + SigningProtocol *string `type:"string" required:"true" enum:"OriginAccessControlSigningProtocols"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s OriginAccessControlConfig) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s OriginAccessControlConfig) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *OriginAccessControlConfig) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "OriginAccessControlConfig"} + if s.Description == nil { + invalidParams.Add(request.NewErrParamRequired("Description")) + } + if s.Name == nil { + invalidParams.Add(request.NewErrParamRequired("Name")) + } + if s.OriginAccessControlOriginType == nil { + invalidParams.Add(request.NewErrParamRequired("OriginAccessControlOriginType")) + } + if s.SigningBehavior == nil { + invalidParams.Add(request.NewErrParamRequired("SigningBehavior")) + } + if s.SigningProtocol == nil { + invalidParams.Add(request.NewErrParamRequired("SigningProtocol")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDescription sets the Description field's value. +func (s *OriginAccessControlConfig) SetDescription(v string) *OriginAccessControlConfig { + s.Description = &v + return s +} + +// SetName sets the Name field's value. +func (s *OriginAccessControlConfig) SetName(v string) *OriginAccessControlConfig { + s.Name = &v + return s +} + +// SetOriginAccessControlOriginType sets the OriginAccessControlOriginType field's value. +func (s *OriginAccessControlConfig) SetOriginAccessControlOriginType(v string) *OriginAccessControlConfig { + s.OriginAccessControlOriginType = &v + return s +} + +// SetSigningBehavior sets the SigningBehavior field's value. +func (s *OriginAccessControlConfig) SetSigningBehavior(v string) *OriginAccessControlConfig { + s.SigningBehavior = &v + return s +} + +// SetSigningProtocol sets the SigningProtocol field's value. +func (s *OriginAccessControlConfig) SetSigningProtocol(v string) *OriginAccessControlConfig { + s.SigningProtocol = &v + return s +} + +// A list of CloudFront origin access controls. +type OriginAccessControlList struct { + _ struct{} `type:"structure"` + + // If there are more items in the list than are in this response, this value + // is true. + // + // IsTruncated is a required field + IsTruncated *bool `type:"boolean" required:"true"` - // An optional path that CloudFront appends to the origin domain name when CloudFront - // requests content from the origin. + // Contains the origin access controls in the list. + Items []*OriginAccessControlSummary `locationNameList:"OriginAccessControlSummary" type:"list"` + + // The value of the Marker field that was provided in the request. // - // For more information, see Origin Path (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginPath) - // in the Amazon CloudFront Developer Guide. - OriginPath *string `type:"string"` + // Marker is a required field + Marker *string `type:"string" required:"true"` - // CloudFront Origin Shield. Using Origin Shield can help reduce the load on - // your origin. + // The maximum number of origin access controls requested. // - // For more information, see Using Origin Shield (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/origin-shield.html) - // in the Amazon CloudFront Developer Guide. - OriginShield *OriginShield `type:"structure"` + // MaxItems is a required field + MaxItems *int64 `type:"integer" required:"true"` - // Use this type to specify an origin that is an Amazon S3 bucket that is not - // configured with static website hosting. To specify any other type of origin, - // including an Amazon S3 bucket that is configured with static website hosting, - // use the CustomOriginConfig type instead. - S3OriginConfig *S3OriginConfig `type:"structure"` + // If there are more items in the list than are in this response, this element + // is present. It contains the value to use in the Marker field of another request + // to continue listing origin access controls. + NextMarker *string `type:"string"` + + // The number of origin access controls returned in the response. + // + // Quantity is a required field + Quantity *int64 `type:"integer" required:"true"` } // String returns the string representation. @@ -23228,7 +24581,7 @@ type Origin struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s Origin) String() string { +func (s OriginAccessControlList) String() string { return awsutil.Prettify(s) } @@ -23237,97 +24590,146 @@ func (s Origin) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s Origin) GoString() string { +func (s OriginAccessControlList) GoString() string { return s.String() } -// Validate inspects the fields of the type to determine if they are valid. -func (s *Origin) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "Origin"} - if s.DomainName == nil { - invalidParams.Add(request.NewErrParamRequired("DomainName")) - } - if s.Id == nil { - invalidParams.Add(request.NewErrParamRequired("Id")) - } - if s.CustomHeaders != nil { - if err := s.CustomHeaders.Validate(); err != nil { - invalidParams.AddNested("CustomHeaders", err.(request.ErrInvalidParams)) - } - } - if s.CustomOriginConfig != nil { - if err := s.CustomOriginConfig.Validate(); err != nil { - invalidParams.AddNested("CustomOriginConfig", err.(request.ErrInvalidParams)) - } - } - if s.OriginShield != nil { - if err := s.OriginShield.Validate(); err != nil { - invalidParams.AddNested("OriginShield", err.(request.ErrInvalidParams)) - } - } - if s.S3OriginConfig != nil { - if err := s.S3OriginConfig.Validate(); err != nil { - invalidParams.AddNested("S3OriginConfig", err.(request.ErrInvalidParams)) - } - } +// SetIsTruncated sets the IsTruncated field's value. +func (s *OriginAccessControlList) SetIsTruncated(v bool) *OriginAccessControlList { + s.IsTruncated = &v + return s +} - if invalidParams.Len() > 0 { - return invalidParams - } - return nil +// SetItems sets the Items field's value. +func (s *OriginAccessControlList) SetItems(v []*OriginAccessControlSummary) *OriginAccessControlList { + s.Items = v + return s } -// SetConnectionAttempts sets the ConnectionAttempts field's value. -func (s *Origin) SetConnectionAttempts(v int64) *Origin { - s.ConnectionAttempts = &v +// SetMarker sets the Marker field's value. +func (s *OriginAccessControlList) SetMarker(v string) *OriginAccessControlList { + s.Marker = &v return s } -// SetConnectionTimeout sets the ConnectionTimeout field's value. -func (s *Origin) SetConnectionTimeout(v int64) *Origin { - s.ConnectionTimeout = &v +// SetMaxItems sets the MaxItems field's value. +func (s *OriginAccessControlList) SetMaxItems(v int64) *OriginAccessControlList { + s.MaxItems = &v return s } -// SetCustomHeaders sets the CustomHeaders field's value. -func (s *Origin) SetCustomHeaders(v *CustomHeaders) *Origin { - s.CustomHeaders = v +// SetNextMarker sets the NextMarker field's value. +func (s *OriginAccessControlList) SetNextMarker(v string) *OriginAccessControlList { + s.NextMarker = &v return s } -// SetCustomOriginConfig sets the CustomOriginConfig field's value. -func (s *Origin) SetCustomOriginConfig(v *CustomOriginConfig) *Origin { - s.CustomOriginConfig = v +// SetQuantity sets the Quantity field's value. +func (s *OriginAccessControlList) SetQuantity(v int64) *OriginAccessControlList { + s.Quantity = &v return s } -// SetDomainName sets the DomainName field's value. -func (s *Origin) SetDomainName(v string) *Origin { - s.DomainName = &v +// A CloudFront origin access control. +type OriginAccessControlSummary struct { + _ struct{} `type:"structure"` + + // A description of the origin access control. + // + // Description is a required field + Description *string `type:"string" required:"true"` + + // The unique identifier of the origin access control. + // + // Id is a required field + Id *string `type:"string" required:"true"` + + // A unique name that identifies the origin access control. + // + // Name is a required field + Name *string `type:"string" required:"true"` + + // The type of origin that this origin access control is for. The only valid + // value is s3. + // + // OriginAccessControlOriginType is a required field + OriginAccessControlOriginType *string `type:"string" required:"true" enum:"OriginAccessControlOriginTypes"` + + // A value that specifies which requests CloudFront signs (adds authentication + // information to). This field can have one of the following values: + // + // * never – CloudFront doesn't sign any origin requests. + // + // * always – CloudFront signs all origin requests, overwriting the Authorization + // header from the viewer request if necessary. + // + // * no-override – If the viewer request doesn't contain the Authorization + // header, CloudFront signs the origin request. If the viewer request contains + // the Authorization header, CloudFront doesn't sign the origin request, + // but instead passes along the Authorization header that it received in + // the viewer request. + // + // SigningBehavior is a required field + SigningBehavior *string `type:"string" required:"true" enum:"OriginAccessControlSigningBehaviors"` + + // The signing protocol of the origin access control. The signing protocol determines + // how CloudFront signs (authenticates) requests. The only valid value is sigv4. + // + // SigningProtocol is a required field + SigningProtocol *string `type:"string" required:"true" enum:"OriginAccessControlSigningProtocols"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s OriginAccessControlSummary) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s OriginAccessControlSummary) GoString() string { + return s.String() +} + +// SetDescription sets the Description field's value. +func (s *OriginAccessControlSummary) SetDescription(v string) *OriginAccessControlSummary { + s.Description = &v return s } // SetId sets the Id field's value. -func (s *Origin) SetId(v string) *Origin { +func (s *OriginAccessControlSummary) SetId(v string) *OriginAccessControlSummary { s.Id = &v return s } -// SetOriginPath sets the OriginPath field's value. -func (s *Origin) SetOriginPath(v string) *Origin { - s.OriginPath = &v +// SetName sets the Name field's value. +func (s *OriginAccessControlSummary) SetName(v string) *OriginAccessControlSummary { + s.Name = &v return s } -// SetOriginShield sets the OriginShield field's value. -func (s *Origin) SetOriginShield(v *OriginShield) *Origin { - s.OriginShield = v +// SetOriginAccessControlOriginType sets the OriginAccessControlOriginType field's value. +func (s *OriginAccessControlSummary) SetOriginAccessControlOriginType(v string) *OriginAccessControlSummary { + s.OriginAccessControlOriginType = &v return s } -// SetS3OriginConfig sets the S3OriginConfig field's value. -func (s *Origin) SetS3OriginConfig(v *S3OriginConfig) *Origin { - s.S3OriginConfig = v +// SetSigningBehavior sets the SigningBehavior field's value. +func (s *OriginAccessControlSummary) SetSigningBehavior(v string) *OriginAccessControlSummary { + s.SigningBehavior = &v + return s +} + +// SetSigningProtocol sets the SigningProtocol field's value. +func (s *OriginAccessControlSummary) SetSigningProtocol(v string) *OriginAccessControlSummary { + s.SigningProtocol = &v return s } @@ -30113,6 +31515,124 @@ func (s *UpdateKeyGroupOutput) SetKeyGroup(v *KeyGroup) *UpdateKeyGroupOutput { return s } +type UpdateOriginAccessControlInput struct { + _ struct{} `locationName:"UpdateOriginAccessControlRequest" type:"structure" payload:"OriginAccessControlConfig"` + + // The unique identifier of the origin access control that you are updating. + // + // Id is a required field + Id *string `location:"uri" locationName:"Id" type:"string" required:"true"` + + // The current version (ETag value) of the origin access control that you are + // updating. + IfMatch *string `location:"header" locationName:"If-Match" type:"string"` + + // An origin access control. + // + // OriginAccessControlConfig is a required field + OriginAccessControlConfig *OriginAccessControlConfig `locationName:"OriginAccessControlConfig" type:"structure" required:"true" xmlURI:"http://cloudfront.amazonaws.com/doc/2020-05-31/"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateOriginAccessControlInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateOriginAccessControlInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *UpdateOriginAccessControlInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "UpdateOriginAccessControlInput"} + if s.Id == nil { + invalidParams.Add(request.NewErrParamRequired("Id")) + } + if s.Id != nil && len(*s.Id) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Id", 1)) + } + if s.OriginAccessControlConfig == nil { + invalidParams.Add(request.NewErrParamRequired("OriginAccessControlConfig")) + } + if s.OriginAccessControlConfig != nil { + if err := s.OriginAccessControlConfig.Validate(); err != nil { + invalidParams.AddNested("OriginAccessControlConfig", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetId sets the Id field's value. +func (s *UpdateOriginAccessControlInput) SetId(v string) *UpdateOriginAccessControlInput { + s.Id = &v + return s +} + +// SetIfMatch sets the IfMatch field's value. +func (s *UpdateOriginAccessControlInput) SetIfMatch(v string) *UpdateOriginAccessControlInput { + s.IfMatch = &v + return s +} + +// SetOriginAccessControlConfig sets the OriginAccessControlConfig field's value. +func (s *UpdateOriginAccessControlInput) SetOriginAccessControlConfig(v *OriginAccessControlConfig) *UpdateOriginAccessControlInput { + s.OriginAccessControlConfig = v + return s +} + +type UpdateOriginAccessControlOutput struct { + _ struct{} `type:"structure" payload:"OriginAccessControl"` + + // The new version of the origin access control after it has been updated. + ETag *string `location:"header" locationName:"ETag" type:"string"` + + // The origin access control after it has been updated. + OriginAccessControl *OriginAccessControl `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateOriginAccessControlOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateOriginAccessControlOutput) GoString() string { + return s.String() +} + +// SetETag sets the ETag field's value. +func (s *UpdateOriginAccessControlOutput) SetETag(v string) *UpdateOriginAccessControlOutput { + s.ETag = &v + return s +} + +// SetOriginAccessControl sets the OriginAccessControl field's value. +func (s *UpdateOriginAccessControlOutput) SetOriginAccessControl(v *OriginAccessControl) *UpdateOriginAccessControlOutput { + s.OriginAccessControl = v + return s +} + type UpdateOriginRequestPolicyInput struct { _ struct{} `locationName:"UpdateOriginRequestPolicyRequest" type:"structure" payload:"OriginRequestPolicyConfig"` @@ -31253,6 +32773,50 @@ func MinimumProtocolVersion_Values() []string { } } +const ( + // OriginAccessControlOriginTypesS3 is a OriginAccessControlOriginTypes enum value + OriginAccessControlOriginTypesS3 = "s3" +) + +// OriginAccessControlOriginTypes_Values returns all elements of the OriginAccessControlOriginTypes enum +func OriginAccessControlOriginTypes_Values() []string { + return []string{ + OriginAccessControlOriginTypesS3, + } +} + +const ( + // OriginAccessControlSigningBehaviorsNever is a OriginAccessControlSigningBehaviors enum value + OriginAccessControlSigningBehaviorsNever = "never" + + // OriginAccessControlSigningBehaviorsAlways is a OriginAccessControlSigningBehaviors enum value + OriginAccessControlSigningBehaviorsAlways = "always" + + // OriginAccessControlSigningBehaviorsNoOverride is a OriginAccessControlSigningBehaviors enum value + OriginAccessControlSigningBehaviorsNoOverride = "no-override" +) + +// OriginAccessControlSigningBehaviors_Values returns all elements of the OriginAccessControlSigningBehaviors enum +func OriginAccessControlSigningBehaviors_Values() []string { + return []string{ + OriginAccessControlSigningBehaviorsNever, + OriginAccessControlSigningBehaviorsAlways, + OriginAccessControlSigningBehaviorsNoOverride, + } +} + +const ( + // OriginAccessControlSigningProtocolsSigv4 is a OriginAccessControlSigningProtocols enum value + OriginAccessControlSigningProtocolsSigv4 = "sigv4" +) + +// OriginAccessControlSigningProtocols_Values returns all elements of the OriginAccessControlSigningProtocols enum +func OriginAccessControlSigningProtocols_Values() []string { + return []string{ + OriginAccessControlSigningProtocolsSigv4, + } +} + const ( // OriginProtocolPolicyHttpOnly is a OriginProtocolPolicy enum value OriginProtocolPolicyHttpOnly = "http-only" diff --git a/service/cloudfront/cloudfrontiface/interface.go b/service/cloudfront/cloudfrontiface/interface.go index dcf99e1296..3d5eeb06ed 100644 --- a/service/cloudfront/cloudfrontiface/interface.go +++ b/service/cloudfront/cloudfrontiface/interface.go @@ -104,6 +104,10 @@ type CloudFrontAPI interface { CreateMonitoringSubscriptionWithContext(aws.Context, *cloudfront.CreateMonitoringSubscriptionInput, ...request.Option) (*cloudfront.CreateMonitoringSubscriptionOutput, error) CreateMonitoringSubscriptionRequest(*cloudfront.CreateMonitoringSubscriptionInput) (*request.Request, *cloudfront.CreateMonitoringSubscriptionOutput) + CreateOriginAccessControl(*cloudfront.CreateOriginAccessControlInput) (*cloudfront.CreateOriginAccessControlOutput, error) + CreateOriginAccessControlWithContext(aws.Context, *cloudfront.CreateOriginAccessControlInput, ...request.Option) (*cloudfront.CreateOriginAccessControlOutput, error) + CreateOriginAccessControlRequest(*cloudfront.CreateOriginAccessControlInput) (*request.Request, *cloudfront.CreateOriginAccessControlOutput) + CreateOriginRequestPolicy(*cloudfront.CreateOriginRequestPolicyInput) (*cloudfront.CreateOriginRequestPolicyOutput, error) CreateOriginRequestPolicyWithContext(aws.Context, *cloudfront.CreateOriginRequestPolicyInput, ...request.Option) (*cloudfront.CreateOriginRequestPolicyOutput, error) CreateOriginRequestPolicyRequest(*cloudfront.CreateOriginRequestPolicyInput) (*request.Request, *cloudfront.CreateOriginRequestPolicyOutput) @@ -160,6 +164,10 @@ type CloudFrontAPI interface { DeleteMonitoringSubscriptionWithContext(aws.Context, *cloudfront.DeleteMonitoringSubscriptionInput, ...request.Option) (*cloudfront.DeleteMonitoringSubscriptionOutput, error) DeleteMonitoringSubscriptionRequest(*cloudfront.DeleteMonitoringSubscriptionInput) (*request.Request, *cloudfront.DeleteMonitoringSubscriptionOutput) + DeleteOriginAccessControl(*cloudfront.DeleteOriginAccessControlInput) (*cloudfront.DeleteOriginAccessControlOutput, error) + DeleteOriginAccessControlWithContext(aws.Context, *cloudfront.DeleteOriginAccessControlInput, ...request.Option) (*cloudfront.DeleteOriginAccessControlOutput, error) + DeleteOriginAccessControlRequest(*cloudfront.DeleteOriginAccessControlInput) (*request.Request, *cloudfront.DeleteOriginAccessControlOutput) + DeleteOriginRequestPolicy(*cloudfront.DeleteOriginRequestPolicyInput) (*cloudfront.DeleteOriginRequestPolicyOutput, error) DeleteOriginRequestPolicyWithContext(aws.Context, *cloudfront.DeleteOriginRequestPolicyInput, ...request.Option) (*cloudfront.DeleteOriginRequestPolicyOutput, error) DeleteOriginRequestPolicyRequest(*cloudfront.DeleteOriginRequestPolicyInput) (*request.Request, *cloudfront.DeleteOriginRequestPolicyOutput) @@ -244,6 +252,14 @@ type CloudFrontAPI interface { GetMonitoringSubscriptionWithContext(aws.Context, *cloudfront.GetMonitoringSubscriptionInput, ...request.Option) (*cloudfront.GetMonitoringSubscriptionOutput, error) GetMonitoringSubscriptionRequest(*cloudfront.GetMonitoringSubscriptionInput) (*request.Request, *cloudfront.GetMonitoringSubscriptionOutput) + GetOriginAccessControl(*cloudfront.GetOriginAccessControlInput) (*cloudfront.GetOriginAccessControlOutput, error) + GetOriginAccessControlWithContext(aws.Context, *cloudfront.GetOriginAccessControlInput, ...request.Option) (*cloudfront.GetOriginAccessControlOutput, error) + GetOriginAccessControlRequest(*cloudfront.GetOriginAccessControlInput) (*request.Request, *cloudfront.GetOriginAccessControlOutput) + + GetOriginAccessControlConfig(*cloudfront.GetOriginAccessControlConfigInput) (*cloudfront.GetOriginAccessControlConfigOutput, error) + GetOriginAccessControlConfigWithContext(aws.Context, *cloudfront.GetOriginAccessControlConfigInput, ...request.Option) (*cloudfront.GetOriginAccessControlConfigOutput, error) + GetOriginAccessControlConfigRequest(*cloudfront.GetOriginAccessControlConfigInput) (*request.Request, *cloudfront.GetOriginAccessControlConfigOutput) + GetOriginRequestPolicy(*cloudfront.GetOriginRequestPolicyInput) (*cloudfront.GetOriginRequestPolicyOutput, error) GetOriginRequestPolicyWithContext(aws.Context, *cloudfront.GetOriginRequestPolicyInput, ...request.Option) (*cloudfront.GetOriginRequestPolicyOutput, error) GetOriginRequestPolicyRequest(*cloudfront.GetOriginRequestPolicyInput) (*request.Request, *cloudfront.GetOriginRequestPolicyOutput) @@ -349,6 +365,10 @@ type CloudFrontAPI interface { ListKeyGroupsWithContext(aws.Context, *cloudfront.ListKeyGroupsInput, ...request.Option) (*cloudfront.ListKeyGroupsOutput, error) ListKeyGroupsRequest(*cloudfront.ListKeyGroupsInput) (*request.Request, *cloudfront.ListKeyGroupsOutput) + ListOriginAccessControls(*cloudfront.ListOriginAccessControlsInput) (*cloudfront.ListOriginAccessControlsOutput, error) + ListOriginAccessControlsWithContext(aws.Context, *cloudfront.ListOriginAccessControlsInput, ...request.Option) (*cloudfront.ListOriginAccessControlsOutput, error) + ListOriginAccessControlsRequest(*cloudfront.ListOriginAccessControlsInput) (*request.Request, *cloudfront.ListOriginAccessControlsOutput) + ListOriginRequestPolicies(*cloudfront.ListOriginRequestPoliciesInput) (*cloudfront.ListOriginRequestPoliciesOutput, error) ListOriginRequestPoliciesWithContext(aws.Context, *cloudfront.ListOriginRequestPoliciesInput, ...request.Option) (*cloudfront.ListOriginRequestPoliciesOutput, error) ListOriginRequestPoliciesRequest(*cloudfront.ListOriginRequestPoliciesInput) (*request.Request, *cloudfront.ListOriginRequestPoliciesOutput) @@ -420,6 +440,10 @@ type CloudFrontAPI interface { UpdateKeyGroupWithContext(aws.Context, *cloudfront.UpdateKeyGroupInput, ...request.Option) (*cloudfront.UpdateKeyGroupOutput, error) UpdateKeyGroupRequest(*cloudfront.UpdateKeyGroupInput) (*request.Request, *cloudfront.UpdateKeyGroupOutput) + UpdateOriginAccessControl(*cloudfront.UpdateOriginAccessControlInput) (*cloudfront.UpdateOriginAccessControlOutput, error) + UpdateOriginAccessControlWithContext(aws.Context, *cloudfront.UpdateOriginAccessControlInput, ...request.Option) (*cloudfront.UpdateOriginAccessControlOutput, error) + UpdateOriginAccessControlRequest(*cloudfront.UpdateOriginAccessControlInput) (*request.Request, *cloudfront.UpdateOriginAccessControlOutput) + UpdateOriginRequestPolicy(*cloudfront.UpdateOriginRequestPolicyInput) (*cloudfront.UpdateOriginRequestPolicyOutput, error) UpdateOriginRequestPolicyWithContext(aws.Context, *cloudfront.UpdateOriginRequestPolicyInput, ...request.Option) (*cloudfront.UpdateOriginRequestPolicyOutput, error) UpdateOriginRequestPolicyRequest(*cloudfront.UpdateOriginRequestPolicyInput) (*request.Request, *cloudfront.UpdateOriginRequestPolicyOutput) diff --git a/service/cloudfront/errors.go b/service/cloudfront/errors.go index 76f827666b..21265b1054 100644 --- a/service/cloudfront/errors.go +++ b/service/cloudfront/errors.go @@ -120,6 +120,13 @@ const ( // with the specified cache behavior. ErrCodeIllegalFieldLevelEncryptionConfigAssociationWithCacheBehavior = "IllegalFieldLevelEncryptionConfigAssociationWithCacheBehavior" + // ErrCodeIllegalOriginAccessConfiguration for service response error code + // "IllegalOriginAccessConfiguration". + // + // An origin cannot contain both an origin access control (OAC) and an origin + // access identity (OAI). + ErrCodeIllegalOriginAccessConfiguration = "IllegalOriginAccessConfiguration" + // ErrCodeIllegalUpdate for service response error code // "IllegalUpdate". // @@ -144,6 +151,13 @@ const ( // The default root object file name is too big or contains an invalid character. ErrCodeInvalidDefaultRootObject = "InvalidDefaultRootObject" + // ErrCodeInvalidDomainNameForOriginAccessControl for service response error code + // "InvalidDomainNameForOriginAccessControl". + // + // An origin access control is associated with an origin whose domain name is + // not supported. + ErrCodeInvalidDomainNameForOriginAccessControl = "InvalidDomainNameForOriginAccessControl" + // ErrCodeInvalidErrorCode for service response error code // "InvalidErrorCode". // @@ -208,6 +222,12 @@ const ( // bucket. ErrCodeInvalidOrigin = "InvalidOrigin" + // ErrCodeInvalidOriginAccessControl for service response error code + // "InvalidOriginAccessControl". + // + // The origin access control is not valid. + ErrCodeInvalidOriginAccessControl = "InvalidOriginAccessControl" + // ErrCodeInvalidOriginAccessIdentity for service response error code // "InvalidOriginAccessIdentity". // @@ -301,6 +321,12 @@ const ( // header is set. ErrCodeMissingBody = "MissingBody" + // ErrCodeMonitoringSubscriptionAlreadyExists for service response error code + // "MonitoringSubscriptionAlreadyExists". + // + // A monitoring subscription already exists for the specified distribution. + ErrCodeMonitoringSubscriptionAlreadyExists = "MonitoringSubscriptionAlreadyExists" + // ErrCodeNoSuchCachePolicy for service response error code // "NoSuchCachePolicy". // @@ -343,12 +369,24 @@ const ( // The specified invalidation does not exist. ErrCodeNoSuchInvalidation = "NoSuchInvalidation" + // ErrCodeNoSuchMonitoringSubscription for service response error code + // "NoSuchMonitoringSubscription". + // + // A monitoring subscription does not exist for the specified distribution. + ErrCodeNoSuchMonitoringSubscription = "NoSuchMonitoringSubscription" + // ErrCodeNoSuchOrigin for service response error code // "NoSuchOrigin". // // No origin exists with the specified Origin Id. ErrCodeNoSuchOrigin = "NoSuchOrigin" + // ErrCodeNoSuchOriginAccessControl for service response error code + // "NoSuchOriginAccessControl". + // + // The origin access control does not exist. + ErrCodeNoSuchOriginAccessControl = "NoSuchOriginAccessControl" + // ErrCodeNoSuchOriginRequestPolicy for service response error code // "NoSuchOriginRequestPolicy". // @@ -385,6 +423,19 @@ const ( // The specified streaming distribution does not exist. ErrCodeNoSuchStreamingDistribution = "NoSuchStreamingDistribution" + // ErrCodeOriginAccessControlAlreadyExists for service response error code + // "OriginAccessControlAlreadyExists". + // + // An origin access control with the specified parameters already exists. + ErrCodeOriginAccessControlAlreadyExists = "OriginAccessControlAlreadyExists" + + // ErrCodeOriginAccessControlInUse for service response error code + // "OriginAccessControlInUse". + // + // Cannot delete the origin access control because it's in use by one or more + // distributions. + ErrCodeOriginAccessControlInUse = "OriginAccessControlInUse" + // ErrCodeOriginAccessIdentityAlreadyExists for service response error code // "CloudFrontOriginAccessIdentityAlreadyExists". // @@ -604,6 +655,16 @@ const ( // (formerly known as limits) in the Amazon CloudFront Developer Guide. ErrCodeTooManyDistributionsAssociatedToKeyGroup = "TooManyDistributionsAssociatedToKeyGroup" + // ErrCodeTooManyDistributionsAssociatedToOriginAccessControl for service response error code + // "TooManyDistributionsAssociatedToOriginAccessControl". + // + // The maximum number of distributions have been associated with the specified + // origin access control. + // + // For more information, see Quotas (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html) + // (formerly known as limits) in the Amazon CloudFront Developer Guide. + ErrCodeTooManyDistributionsAssociatedToOriginAccessControl = "TooManyDistributionsAssociatedToOriginAccessControl" + // ErrCodeTooManyDistributionsAssociatedToOriginRequestPolicy for service response error code // "TooManyDistributionsAssociatedToOriginRequestPolicy". // @@ -753,6 +814,16 @@ const ( // per distribution. ErrCodeTooManyLambdaFunctionAssociations = "TooManyLambdaFunctionAssociations" + // ErrCodeTooManyOriginAccessControls for service response error code + // "TooManyOriginAccessControls". + // + // The number of origin access controls in your Amazon Web Services account + // exceeds the maximum allowed. + // + // For more information, see Quotas (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html) + // (formerly known as limits) in the Amazon CloudFront Developer Guide. + ErrCodeTooManyOriginAccessControls = "TooManyOriginAccessControls" + // ErrCodeTooManyOriginCustomHeaders for service response error code // "TooManyOriginCustomHeaders". // diff --git a/service/configservice/api.go b/service/configservice/api.go index 7c52ce8cc1..66b8522adb 100644 --- a/service/configservice/api.go +++ b/service/configservice/api.go @@ -1325,7 +1325,8 @@ func (c *ConfigService) DeleteRemediationConfigurationRequest(input *DeleteRemed // // - For PutConformancePack and PutOrganizationConformancePack, a conformance // pack cannot be created because you do not have permissions: To call IAM -// GetRole action or create a service-linked role. To read Amazon S3 bucket. +// GetRole action or create a service-linked role. To read Amazon S3 bucket +// or call SSM:GetDocument. // // - InvalidParameterValueException // One or more of the specified parameters are invalid. Verify that your parameters @@ -8830,7 +8831,8 @@ func (c *ConfigService) PutConfigRuleRequest(input *PutConfigRuleInput) (req *re // // - For PutConformancePack and PutOrganizationConformancePack, a conformance // pack cannot be created because you do not have permissions: To call IAM -// GetRole action or create a service-linked role. To read Amazon S3 bucket. +// GetRole action or create a service-linked role. To read Amazon S3 bucket +// or call SSM:GetDocument. // // - NoAvailableConfigurationRecorderException // There are no configuration recorders available to provide the role needed @@ -9154,9 +9156,8 @@ func (c *ConfigService) PutConformancePackRequest(input *PutConformancePackInput // your account. The service-linked role is created only when the role does // not exist in your account. // -// You must specify either the TemplateS3Uri or the TemplateBody parameter, -// but not both. If you provide both Config uses the TemplateS3Uri parameter -// and ignores the TemplateBody parameter. +// You must specify one and only one of theTemplateS3Uri, TemplateBody or TemplateSSMDocumentDetails +// parameters. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -9182,7 +9183,8 @@ func (c *ConfigService) PutConformancePackRequest(input *PutConformancePackInput // // - For PutConformancePack and PutOrganizationConformancePack, a conformance // pack cannot be created because you do not have permissions: To call IAM -// GetRole action or create a service-linked role. To read Amazon S3 bucket. +// GetRole action or create a service-linked role. To read Amazon S3 bucket +// or call SSM:GetDocument. // // - ConformancePackTemplateValidationException // You have specified a template that is not valid or supported. @@ -9728,7 +9730,8 @@ func (c *ConfigService) PutOrganizationConfigRuleRequest(input *PutOrganizationC // // - For PutConformancePack and PutOrganizationConformancePack, a conformance // pack cannot be created because you do not have permissions: To call IAM -// GetRole action or create a service-linked role. To read Amazon S3 bucket. +// GetRole action or create a service-linked role. To read Amazon S3 bucket +// or call SSM:GetDocument. // // See also, https://docs.aws.amazon.com/goto/WebAPI/config-2014-11-12/PutOrganizationConfigRule func (c *ConfigService) PutOrganizationConfigRule(input *PutOrganizationConfigRuleInput) (*PutOrganizationConfigRuleOutput, error) { @@ -9915,7 +9918,8 @@ func (c *ConfigService) PutOrganizationConformancePackRequest(input *PutOrganiza // // - For PutConformancePack and PutOrganizationConformancePack, a conformance // pack cannot be created because you do not have permissions: To call IAM -// GetRole action or create a service-linked role. To read Amazon S3 bucket. +// GetRole action or create a service-linked role. To read Amazon S3 bucket +// or call SSM:GetDocument. // // - OrganizationConformancePackTemplateValidationException // You have specified a template that is not valid or supported. @@ -10037,7 +10041,8 @@ func (c *ConfigService) PutRemediationConfigurationsRequest(input *PutRemediatio // // - For PutConformancePack and PutOrganizationConformancePack, a conformance // pack cannot be created because you do not have permissions: To call IAM -// GetRole action or create a service-linked role. To read Amazon S3 bucket. +// GetRole action or create a service-linked role. To read Amazon S3 bucket +// or call SSM:GetDocument. // // - InvalidParameterValueException // One or more of the specified parameters are invalid. Verify that your parameters @@ -10144,7 +10149,8 @@ func (c *ConfigService) PutRemediationExceptionsRequest(input *PutRemediationExc // // - For PutConformancePack and PutOrganizationConformancePack, a conformance // pack cannot be created because you do not have permissions: To call IAM -// GetRole action or create a service-linked role. To read Amazon S3 bucket. +// GetRole action or create a service-linked role. To read Amazon S3 bucket +// or call SSM:GetDocument. // // See also, https://docs.aws.amazon.com/goto/WebAPI/config-2014-11-12/PutRemediationExceptions func (c *ConfigService) PutRemediationExceptions(input *PutRemediationExceptionsInput) (*PutRemediationExceptionsOutput, error) { @@ -10263,7 +10269,8 @@ func (c *ConfigService) PutResourceConfigRequest(input *PutResourceConfigInput) // // - For PutConformancePack and PutOrganizationConformancePack, a conformance // pack cannot be created because you do not have permissions: To call IAM -// GetRole action or create a service-linked role. To read Amazon S3 bucket. +// GetRole action or create a service-linked role. To read Amazon S3 bucket +// or call SSM:GetDocument. // // - NoRunningConfigurationRecorderException // There is no configuration recorder running. @@ -11107,7 +11114,8 @@ func (c *ConfigService) StartRemediationExecutionRequest(input *StartRemediation // // - For PutConformancePack and PutOrganizationConformancePack, a conformance // pack cannot be created because you do not have permissions: To call IAM -// GetRole action or create a service-linked role. To read Amazon S3 bucket. +// GetRole action or create a service-linked role. To read Amazon S3 bucket +// or call SSM:GetDocument. // // - NoSuchRemediationConfigurationException // You specified an Config rule without a remediation configuration. @@ -14391,7 +14399,7 @@ type ConformancePackDetail struct { // ConformancePackName is a required field ConformancePackName *string `min:"1" type:"string" required:"true"` - // Amazon Web Services service that created the conformance pack. + // The Amazon Web Services service that created the conformance pack. CreatedBy *string `min:"1" type:"string"` // The name of the Amazon S3 bucket where Config stores conformance pack templates. @@ -14404,8 +14412,13 @@ type ConformancePackDetail struct { // This field is optional. DeliveryS3KeyPrefix *string `type:"string"` - // Last time when conformation pack update was requested. + // The last time a conformation pack update was requested. LastUpdateRequestedTime *time.Time `type:"timestamp"` + + // An object that contains the name or Amazon Resource Name (ARN) of the Amazon + // Web Services Systems Manager document (SSM document) and the version of the + // SSM document that is used to create a conformance pack. + TemplateSSMDocumentDetails *TemplateSSMDocumentDetails `type:"structure"` } // String returns the string representation. @@ -14474,6 +14487,12 @@ func (s *ConformancePackDetail) SetLastUpdateRequestedTime(v time.Time) *Conform return s } +// SetTemplateSSMDocumentDetails sets the TemplateSSMDocumentDetails field's value. +func (s *ConformancePackDetail) SetTemplateSSMDocumentDetails(v *TemplateSSMDocumentDetails) *ConformancePackDetail { + s.TemplateSSMDocumentDetails = v + return s +} + // Filters a conformance pack by Config rule names, compliance types, Amazon // Web Services resource types, and resource IDs. type ConformancePackEvaluationFilters struct { @@ -21703,7 +21722,8 @@ func (s *InsufficientDeliveryPolicyException) RequestID() string { // // - For PutConformancePack and PutOrganizationConformancePack, a conformance // pack cannot be created because you do not have permissions: To call IAM -// GetRole action or create a service-linked role. To read Amazon S3 bucket. +// GetRole action or create a service-linked role. To read Amazon S3 bucket +// or call SSM:GetDocument. type InsufficientPermissionsException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -27058,7 +27078,7 @@ type PutConformancePackInput struct { // A list of ConformancePackInputParameter objects. ConformancePackInputParameters []*ConformancePackInputParameter `type:"list"` - // Name of the conformance pack you want to create. + // The unique name of the conformance pack you want to deploy. // // ConformancePackName is a required field ConformancePackName *string `min:"1" type:"string" required:"true"` @@ -27073,20 +27093,26 @@ type PutConformancePackInput struct { // This field is optional. DeliveryS3KeyPrefix *string `type:"string"` - // A string containing full conformance pack template body. Structure containing - // the template body with a minimum length of 1 byte and a maximum length of - // 51,200 bytes. + // A string containing the full conformance pack template body. The structure + // containing the template body has a minimum length of 1 byte and a maximum + // length of 51,200 bytes. // // You can only use a YAML template with two resource types: Config rule (AWS::Config::ConfigRule) - // and a remediation action (AWS::Config::RemediationConfiguration). + // and remediation action (AWS::Config::RemediationConfiguration). TemplateBody *string `min:"1" type:"string"` - // Location of file containing the template body (s3://bucketname/prefix). The - // uri must point to the conformance pack template (max size: 300 KB) that is - // located in an Amazon S3 bucket in the same region as the conformance pack. + // The location of the file containing the template body (s3://bucketname/prefix). + // The uri must point to a conformance pack template (max size: 300 KB) that + // is located in an Amazon S3 bucket in the same region as the conformance pack. // // You must have access to read Amazon S3 bucket. TemplateS3Uri *string `min:"1" type:"string"` + + // An object of type TemplateSSMDocumentDetails, which contains the name or + // the Amazon Resource Name (ARN) of the Amazon Web Services Systems Manager + // document (SSM document) and the version of the SSM document that is used + // to create a conformance pack. + TemplateSSMDocumentDetails *TemplateSSMDocumentDetails `type:"structure"` } // String returns the string representation. @@ -27132,6 +27158,11 @@ func (s *PutConformancePackInput) Validate() error { } } } + if s.TemplateSSMDocumentDetails != nil { + if err := s.TemplateSSMDocumentDetails.Validate(); err != nil { + invalidParams.AddNested("TemplateSSMDocumentDetails", err.(request.ErrInvalidParams)) + } + } if invalidParams.Len() > 0 { return invalidParams @@ -27175,6 +27206,12 @@ func (s *PutConformancePackInput) SetTemplateS3Uri(v string) *PutConformancePack return s } +// SetTemplateSSMDocumentDetails sets the TemplateSSMDocumentDetails field's value. +func (s *PutConformancePackInput) SetTemplateSSMDocumentDetails(v *TemplateSSMDocumentDetails) *PutConformancePackInput { + s.TemplateSSMDocumentDetails = v + return s +} + type PutConformancePackOutput struct { _ struct{} `type:"structure"` @@ -31207,6 +31244,75 @@ func (s TagResourceOutput) GoString() string { return s.String() } +// This API allows you to create a conformance pack template with an Amazon +// Web Services Systems Manager document (SSM document). To deploy a conformance +// pack using an SSM document, you first create an SSM document with conformance +// pack content, and then provide the DocumentName (and optionally DocumentVersion) +// in the PutConformancePack API (https://docs.aws.amazon.com/config/latest/APIReference/API_PutConformancePack.html). +// +// The TemplateSSMDocumentDetails object contains the name of the SSM document +// and the version of the SSM document. +type TemplateSSMDocumentDetails struct { + _ struct{} `type:"structure"` + + // The name or Amazon Resource Name (ARN) of the SSM document to use to create + // a conformance pack. If you use the Document Name, Config checks only your + // account and region for the SSM document. If you want to use an SSM document + // from another region or account, you must provide the ARN. + // + // DocumentName is a required field + DocumentName *string `type:"string" required:"true"` + + // The version of the SSM document to use to create a conformance pack. By default, + // Config uses the latest version. + // + // This field is optional. + DocumentVersion *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TemplateSSMDocumentDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TemplateSSMDocumentDetails) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *TemplateSSMDocumentDetails) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "TemplateSSMDocumentDetails"} + if s.DocumentName == nil { + invalidParams.Add(request.NewErrParamRequired("DocumentName")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDocumentName sets the DocumentName field's value. +func (s *TemplateSSMDocumentDetails) SetDocumentName(v string) *TemplateSSMDocumentDetails { + s.DocumentName = &v + return s +} + +// SetDocumentVersion sets the DocumentVersion field's value. +func (s *TemplateSSMDocumentDetails) SetDocumentVersion(v string) *TemplateSSMDocumentDetails { + s.DocumentVersion = &v + return s +} + // You have reached the limit of the number of tags you can use. You have more // than 50 tags. type TooManyTagsException struct { diff --git a/service/configservice/errors.go b/service/configservice/errors.go index 3c5a2f4396..7946667089 100644 --- a/service/configservice/errors.go +++ b/service/configservice/errors.go @@ -37,7 +37,8 @@ const ( // // * For PutConformancePack and PutOrganizationConformancePack, a conformance // pack cannot be created because you do not have permissions: To call IAM - // GetRole action or create a service-linked role. To read Amazon S3 bucket. + // GetRole action or create a service-linked role. To read Amazon S3 bucket + // or call SSM:GetDocument. ErrCodeInsufficientPermissionsException = "InsufficientPermissionsException" // ErrCodeInvalidConfigurationRecorderNameException for service response error code diff --git a/service/iam/api.go b/service/iam/api.go index 9c3d17aba9..3ef311cb97 100644 --- a/service/iam/api.go +++ b/service/iam/api.go @@ -8051,12 +8051,13 @@ func (c *IAM) ListAccessKeysRequest(input *ListAccessKeysInput) (req *request.Re // Although each user is limited to a small number of keys, you can still paginate // the results using the MaxItems and Marker parameters. // -// If the UserName field is not specified, the user name is determined implicitly +// If the UserName is not specified, the user name is determined implicitly // based on the Amazon Web Services access key ID used to sign the request. -// This operation works for access keys under the Amazon Web Services account. -// Consequently, you can use this operation to manage Amazon Web Services account -// root user credentials even if the Amazon Web Services account has no associated -// users. +// If a temporary access key is used, then UserName is required. If a long-term +// key is assigned to the user, then UserName is not required. This operation +// works for access keys under the Amazon Web Services account. Consequently, +// you can use this operation to manage Amazon Web Services account root user +// credentials even if the Amazon Web Services account has no associated users. // // To ensure the security of your Amazon Web Services account, the secret access // key is accessible only during key and user creation. @@ -15844,10 +15845,11 @@ func (c *IAM) UpdateAccessKeyRequest(input *UpdateAccessKeyInput) (req *request. // // If the UserName is not specified, the user name is determined implicitly // based on the Amazon Web Services access key ID used to sign the request. -// This operation works for access keys under the Amazon Web Services account. -// Consequently, you can use this operation to manage Amazon Web Services account -// root user credentials even if the Amazon Web Services account has no associated -// users. +// If a temporary access key is used, then UserName is required. If a long-term +// key is assigned to the user, then UserName is not required. This operation +// works for access keys under the Amazon Web Services account. Consequently, +// you can use this operation to manage Amazon Web Services account root user +// credentials even if the Amazon Web Services account has no associated users. // // For information about rotating keys, see Managing keys and certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingCredentials.html) // in the IAM User Guide. @@ -35643,25 +35645,21 @@ type SimulateCustomPolicyInput struct { // values and the resources that you must define to run the simulation. // // Each of the EC2 scenarios requires that you specify instance, image, and - // security-group resources. If your scenario includes an EBS volume, then you + // security group resources. If your scenario includes an EBS volume, then you // must specify that volume as a resource. If the EC2 scenario includes VPC, - // then you must supply the network-interface resource. If it includes an IP + // then you must supply the network interface resource. If it includes an IP // subnet, then you must specify the subnet resource. For more information on // the EC2 scenario options, see Supported platforms (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-platforms.html) // in the Amazon EC2 User Guide. // - // * EC2-Classic-InstanceStore instance, image, security-group - // - // * EC2-Classic-EBS instance, image, security-group, volume - // - // * EC2-VPC-InstanceStore instance, image, security-group, network-interface + // * EC2-VPC-InstanceStore instance, image, security group, network interface // - // * EC2-VPC-InstanceStore-Subnet instance, image, security-group, network-interface, - // subnet + // * EC2-VPC-InstanceStore-Subnet instance, image, security group, network + // interface, subnet // - // * EC2-VPC-EBS instance, image, security-group, network-interface, volume + // * EC2-VPC-EBS instance, image, security group, network interface, volume // - // * EC2-VPC-EBS-Subnet instance, image, security-group, network-interface, + // * EC2-VPC-EBS-Subnet instance, image, security group, network interface, // subnet, volume ResourceHandlingOption *string `min:"1" type:"string"` @@ -36033,10 +36031,6 @@ type SimulatePrincipalPolicyInput struct { // the EC2 scenario options, see Supported platforms (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-platforms.html) // in the Amazon EC2 User Guide. // - // * EC2-Classic-InstanceStore instance, image, security group - // - // * EC2-Classic-EBS instance, image, security group, volume - // // * EC2-VPC-InstanceStore instance, image, security group, network interface // // * EC2-VPC-InstanceStore-Subnet instance, image, security group, network diff --git a/service/ivs/api.go b/service/ivs/api.go index 4b19698f46..aba09cd23b 100644 --- a/service/ivs/api.go +++ b/service/ivs/api.go @@ -3141,15 +3141,17 @@ type Channel struct { // exceed the allowable resolution or bitrate, the stream probably will disconnect // immediately. Default: STANDARD. Valid values: // - // * STANDARD: Multiple qualities are generated from the original input, - // to automatically give viewers the best experience for their devices and - // network conditions. Resolution can be up to 1080p and bitrate can be up - // to 8.5 Mbps. Audio is transcoded only for renditions 360p and below; above - // that, audio is passed through. + // * STANDARD: Video is transcoded: multiple qualities are generated from + // the original input, to automatically give viewers the best experience + // for their devices and network conditions. Transcoding allows higher playback + // quality across a range of download speeds. Resolution can be up to 1080p + // and bitrate can be up to 8.5 Mbps. Audio is transcoded only for renditions + // 360p and below; above that, audio is passed through. This is the default. // - // * BASIC: Amazon IVS delivers the original input to viewers. The viewer’s - // video-quality choice is limited to the original input. Resolution can - // be up to 480p and bitrate can be up to 1.5 Mbps. + // * BASIC: Video is transmuxed: Amazon IVS delivers the original input to + // viewers. The viewer’s video-quality choice is limited to the original + // input. Resolution can be up to 1080p and bitrate can be up to 1.5 Mbps + // for 480p and up to 3.5 Mbps for resolutions between 480p and 1080p. Type *string `locationName:"type" type:"string" enum:"ChannelType"` } @@ -3473,15 +3475,17 @@ type CreateChannelInput struct { // exceed the allowable resolution or bitrate, the stream probably will disconnect // immediately. Default: STANDARD. Valid values: // - // * STANDARD: Multiple qualities are generated from the original input, - // to automatically give viewers the best experience for their devices and - // network conditions. Resolution can be up to 1080p and bitrate can be up - // to 8.5 Mbps. Audio is transcoded only for renditions 360p and below; above - // that, audio is passed through. + // * STANDARD: Video is transcoded: multiple qualities are generated from + // the original input, to automatically give viewers the best experience + // for their devices and network conditions. Transcoding allows higher playback + // quality across a range of download speeds. Resolution can be up to 1080p + // and bitrate can be up to 8.5 Mbps. Audio is transcoded only for renditions + // 360p and below; above that, audio is passed through. This is the default. // - // * BASIC: Amazon IVS delivers the original input to viewers. The viewer’s - // video-quality choice is limited to the original input. Resolution can - // be up to 480p and bitrate can be up to 1.5 Mbps. + // * BASIC: Video is transmuxed: Amazon IVS delivers the original input to + // viewers. The viewer’s video-quality choice is limited to the original + // input. Resolution can be up to 1080p and bitrate can be up to 1.5 Mbps + // for 480p and up to 3.5 Mbps for resolutions between 480p and 1080p. Type *string `locationName:"type" type:"string" enum:"ChannelType"` } @@ -7179,15 +7183,17 @@ type UpdateChannelInput struct { // exceed the allowable resolution or bitrate, the stream probably will disconnect // immediately. Valid values: // - // * STANDARD: Multiple qualities are generated from the original input, - // to automatically give viewers the best experience for their devices and - // network conditions. Resolution can be up to 1080p and bitrate can be up - // to 8.5 Mbps. Audio is transcoded only for renditions 360p and below; above - // that, audio is passed through. + // * STANDARD: Video is transcoded: multiple qualities are generated from + // the original input, to automatically give viewers the best experience + // for their devices and network conditions. Transcoding allows higher playback + // quality across a range of download speeds. Resolution can be up to 1080p + // and bitrate can be up to 8.5 Mbps. Audio is transcoded only for renditions + // 360p and below; above that, audio is passed through. This is the default. // - // * BASIC: Amazon IVS delivers the original input to viewers. The viewer’s - // video-quality choice is limited to the original input. Resolution can - // be up to 480p and bitrate can be up to 1.5 Mbps. + // * BASIC: Video is transmuxed: Amazon IVS delivers the original input to + // viewers. The viewer’s video-quality choice is limited to the original + // input. Resolution can be up to 1080p and bitrate can be up to 1.5 Mbps + // for 480p and up to 3.5 Mbps for resolutions between 480p and 1080p. Type *string `locationName:"type" type:"string" enum:"ChannelType"` } diff --git a/service/ivs/doc.go b/service/ivs/doc.go index ce01088bf6..823e1de129 100644 --- a/service/ivs/doc.go +++ b/service/ivs/doc.go @@ -106,13 +106,20 @@ // (https://docs.aws.amazon.com/ivs/latest/userguide/security-iam.html) on // the Security page of the Amazon IVS User Guide. // +// Amazon Resource Names (ARNs) +// +// ARNs uniquely identify AWS resources. An ARN is required when you need to +// specify a resource unambiguously across all of AWS, such as in IAM policies +// and API calls. For more information, see Amazon Resource Names (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) +// in the AWS General Reference. +// // Channel Endpoints // // - CreateChannel — Creates a new channel and an associated stream key // to start streaming. // // - GetChannel — Gets the channel configuration for the specified channel -// ARN (Amazon Resource Name). +// ARN. // // - BatchGetChannel — Performs GetChannel on multiple ARNs simultaneously. // diff --git a/service/quicksight/api.go b/service/quicksight/api.go index 9155abcfc3..5e67b10a82 100644 --- a/service/quicksight/api.go +++ b/service/quicksight/api.go @@ -6475,8 +6475,9 @@ func (c *QuickSight) GenerateEmbedUrlForAnonymousUserRequest(input *GenerateEmbe // GenerateEmbedUrlForAnonymousUser API operation for Amazon QuickSight. // // Generates an embed URL that you can use to embed an Amazon QuickSight dashboard -// in your website, without having to register any reader users. Before you -// use this action, make sure that you have configured the dashboards and permissions. +// or visual in your website, without having to register any reader users. Before +// you use this action, make sure that you have configured the dashboards and +// permissions. // // The following rules apply to the generated URL: // @@ -14186,6 +14187,65 @@ func (s *AnonymousUserDashboardEmbeddingConfiguration) SetInitialDashboardId(v s return s } +// The experience that you are embedding. You can use this object to generate +// a url that embeds a visual into your application. +type AnonymousUserDashboardVisualEmbeddingConfiguration struct { + _ struct{} `type:"structure"` + + // The visual ID for the visual that you want the user to see. This ID is included + // in the output URL. When the URL in response is accessed, Amazon QuickSight + // renders this visual. + // + // The Amazon Resource Name (ARN) of the dashboard that the visual belongs to + // must be included in the AuthorizedResourceArns parameter. Otherwise, the + // request will fail with InvalidParameterValueException. + // + // InitialDashboardVisualId is a required field + InitialDashboardVisualId *DashboardVisualId `type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AnonymousUserDashboardVisualEmbeddingConfiguration) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AnonymousUserDashboardVisualEmbeddingConfiguration) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *AnonymousUserDashboardVisualEmbeddingConfiguration) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AnonymousUserDashboardVisualEmbeddingConfiguration"} + if s.InitialDashboardVisualId == nil { + invalidParams.Add(request.NewErrParamRequired("InitialDashboardVisualId")) + } + if s.InitialDashboardVisualId != nil { + if err := s.InitialDashboardVisualId.Validate(); err != nil { + invalidParams.AddNested("InitialDashboardVisualId", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetInitialDashboardVisualId sets the InitialDashboardVisualId field's value. +func (s *AnonymousUserDashboardVisualEmbeddingConfiguration) SetInitialDashboardVisualId(v *DashboardVisualId) *AnonymousUserDashboardVisualEmbeddingConfiguration { + s.InitialDashboardVisualId = v + return s +} + // The type of experience you want to embed. For anonymous users, you can embed // Amazon QuickSight dashboards. type AnonymousUserEmbeddingExperienceConfiguration struct { @@ -14193,6 +14253,9 @@ type AnonymousUserEmbeddingExperienceConfiguration struct { // The type of embedding experience. In this case, Amazon QuickSight dashboards. Dashboard *AnonymousUserDashboardEmbeddingConfiguration `type:"structure"` + + // The type of embedding experience. In this case, Amazon QuickSight visuals. + DashboardVisual *AnonymousUserDashboardVisualEmbeddingConfiguration `type:"structure"` } // String returns the string representation. @@ -14221,6 +14284,11 @@ func (s *AnonymousUserEmbeddingExperienceConfiguration) Validate() error { invalidParams.AddNested("Dashboard", err.(request.ErrInvalidParams)) } } + if s.DashboardVisual != nil { + if err := s.DashboardVisual.Validate(); err != nil { + invalidParams.AddNested("DashboardVisual", err.(request.ErrInvalidParams)) + } + } if invalidParams.Len() > 0 { return invalidParams @@ -14234,6 +14302,12 @@ func (s *AnonymousUserEmbeddingExperienceConfiguration) SetDashboard(v *Anonymou return s } +// SetDashboardVisual sets the DashboardVisual field's value. +func (s *AnonymousUserEmbeddingExperienceConfiguration) SetDashboardVisual(v *AnonymousUserDashboardVisualEmbeddingConfiguration) *AnonymousUserEmbeddingExperienceConfiguration { + s.DashboardVisual = v + return s +} + // Parameters for Amazon Athena. type AthenaParameters struct { _ struct{} `type:"structure"` @@ -19855,6 +19929,109 @@ func (s *DashboardVersionSummary) SetVersionNumber(v int64) *DashboardVersionSum return s } +// A structure that contains the following elements: +// +// - The DashboardId of the dashboard that has the visual that you want to +// embed. +// +// - The SheetId of the sheet that has the visual that you want to embed. +// +// - The VisualId of the visual that you want to embed. +// +// The DashboardId, SheetId, and VisualId can be found in the IDs for developers +// section of the Embed visual pane of the visual's on-visual menu of the Amazon +// QuickSight console. You can also get the DashboardId with a ListDashboards +// API operation. +type DashboardVisualId struct { + _ struct{} `type:"structure"` + + // The ID of the dashboard that has the visual that you want to embed. The DashboardId + // can be found in the IDs for developers section of the Embed visual pane of + // the visual's on-visual menu of the Amazon QuickSight console. You can also + // get the DashboardId with a ListDashboards API operation. + // + // DashboardId is a required field + DashboardId *string `min:"1" type:"string" required:"true"` + + // The ID of the sheet that the has visual that you want to embed. The SheetId + // can be found in the IDs for developers section of the Embed visual pane of + // the visual's on-visual menu of the Amazon QuickSight console. + // + // SheetId is a required field + SheetId *string `min:"1" type:"string" required:"true"` + + // The ID of the visual that you want to embed. The VisualID can be found in + // the IDs for developers section of the Embed visual pane of the visual's on-visual + // menu of the Amazon QuickSight console. + // + // VisualId is a required field + VisualId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DashboardVisualId) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DashboardVisualId) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DashboardVisualId) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DashboardVisualId"} + if s.DashboardId == nil { + invalidParams.Add(request.NewErrParamRequired("DashboardId")) + } + if s.DashboardId != nil && len(*s.DashboardId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("DashboardId", 1)) + } + if s.SheetId == nil { + invalidParams.Add(request.NewErrParamRequired("SheetId")) + } + if s.SheetId != nil && len(*s.SheetId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SheetId", 1)) + } + if s.VisualId == nil { + invalidParams.Add(request.NewErrParamRequired("VisualId")) + } + if s.VisualId != nil && len(*s.VisualId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("VisualId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDashboardId sets the DashboardId field's value. +func (s *DashboardVisualId) SetDashboardId(v string) *DashboardVisualId { + s.DashboardId = &v + return s +} + +// SetSheetId sets the SheetId field's value. +func (s *DashboardVisualId) SetSheetId(v string) *DashboardVisualId { + s.SheetId = &v + return s +} + +// SetVisualId sets the VisualId field's value. +func (s *DashboardVisualId) SetVisualId(v string) *DashboardVisualId { + s.VisualId = &v + return s +} + // The theme colors that are used for data colors in charts. The colors description // is a hexadecimal color code that consists of six alphanumerical characters, // prefixed with #, for example #37BFF5. @@ -27674,7 +27851,8 @@ type GenerateEmbedUrlForRegisteredUserInput struct { AwsAccountId *string `location:"uri" locationName:"AwsAccountId" min:"12" type:"string" required:"true"` // The experience you are embedding. For registered users, you can embed Amazon - // QuickSight dashboards or the entire Amazon QuickSight console. + // QuickSight dashboards, Amazon QuickSight visuals, the Amazon QuickSight Q + // search bar, or the entire Amazon QuickSight console. // // ExperienceConfiguration is a required field ExperienceConfiguration *RegisteredUserEmbeddingExperienceConfiguration `type:"structure" required:"true"` @@ -27770,7 +27948,8 @@ func (s *GenerateEmbedUrlForRegisteredUserInput) SetUserArn(v string) *GenerateE type GenerateEmbedUrlForRegisteredUserOutput struct { _ struct{} `type:"structure"` - // The embed URL for the Amazon QuickSight dashboard or console. + // The embed URL for the Amazon QuickSight dashboard, visual, Q search bar, + // or console. // // EmbedUrl is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by GenerateEmbedUrlForRegisteredUserOutput's @@ -34335,6 +34514,65 @@ func (s *RegisteredUserDashboardEmbeddingConfiguration) SetInitialDashboardId(v return s } +// The experience that you are embedding. You can use this object to generate +// a url that embeds a visual into your application. +type RegisteredUserDashboardVisualEmbeddingConfiguration struct { + _ struct{} `type:"structure"` + + // The visual ID for the visual that you want the user to embed. This ID is + // included in the output URL. When the URL in response is accessed, Amazon + // QuickSight renders this visual. + // + // The Amazon Resource Name (ARN) of the dashboard that the visual belongs to + // must be included in the AuthorizedResourceArns parameter. Otherwise, the + // request will fail with InvalidParameterValueException. + // + // InitialDashboardVisualId is a required field + InitialDashboardVisualId *DashboardVisualId `type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RegisteredUserDashboardVisualEmbeddingConfiguration) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RegisteredUserDashboardVisualEmbeddingConfiguration) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *RegisteredUserDashboardVisualEmbeddingConfiguration) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "RegisteredUserDashboardVisualEmbeddingConfiguration"} + if s.InitialDashboardVisualId == nil { + invalidParams.Add(request.NewErrParamRequired("InitialDashboardVisualId")) + } + if s.InitialDashboardVisualId != nil { + if err := s.InitialDashboardVisualId.Validate(); err != nil { + invalidParams.AddNested("InitialDashboardVisualId", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetInitialDashboardVisualId sets the InitialDashboardVisualId field's value. +func (s *RegisteredUserDashboardVisualEmbeddingConfiguration) SetInitialDashboardVisualId(v *DashboardVisualId) *RegisteredUserDashboardVisualEmbeddingConfiguration { + s.InitialDashboardVisualId = v + return s +} + // The type of experience you want to embed. For registered users, you can embed // Amazon QuickSight dashboards or the Amazon QuickSight console. // @@ -34347,6 +34585,9 @@ type RegisteredUserEmbeddingExperienceConfiguration struct { // The configuration details for providing a dashboard embedding experience. Dashboard *RegisteredUserDashboardEmbeddingConfiguration `type:"structure"` + // The type of embedding experience. In this case, Amazon QuickSight visuals. + DashboardVisual *RegisteredUserDashboardVisualEmbeddingConfiguration `type:"structure"` + // The configuration details for embedding the Q search bar. // // For more information about embedding the Q search bar, see Embedding Overview @@ -34408,6 +34649,11 @@ func (s *RegisteredUserEmbeddingExperienceConfiguration) Validate() error { invalidParams.AddNested("Dashboard", err.(request.ErrInvalidParams)) } } + if s.DashboardVisual != nil { + if err := s.DashboardVisual.Validate(); err != nil { + invalidParams.AddNested("DashboardVisual", err.(request.ErrInvalidParams)) + } + } if s.QSearchBar != nil { if err := s.QSearchBar.Validate(); err != nil { invalidParams.AddNested("QSearchBar", err.(request.ErrInvalidParams)) @@ -34431,6 +34677,12 @@ func (s *RegisteredUserEmbeddingExperienceConfiguration) SetDashboard(v *Registe return s } +// SetDashboardVisual sets the DashboardVisual field's value. +func (s *RegisteredUserEmbeddingExperienceConfiguration) SetDashboardVisual(v *RegisteredUserDashboardVisualEmbeddingConfiguration) *RegisteredUserEmbeddingExperienceConfiguration { + s.DashboardVisual = v + return s +} + // SetQSearchBar sets the QSearchBar field's value. func (s *RegisteredUserEmbeddingExperienceConfiguration) SetQSearchBar(v *RegisteredUserQSearchBarEmbeddingConfiguration) *RegisteredUserEmbeddingExperienceConfiguration { s.QSearchBar = v diff --git a/service/transfer/api.go b/service/transfer/api.go index a92ecb0fb8..541325ffba 100644 --- a/service/transfer/api.go +++ b/service/transfer/api.go @@ -5793,7 +5793,7 @@ type As2ConnectorConfig struct { // The algorithm that is used to encrypt the file. EncryptionAlgorithm *string `type:"string" enum:"EncryptionAlg"` - // A unique identifier for the AS2 process. + // A unique identifier for the AS2 local profile. LocalProfileId *string `min:"19" type:"string"` // Used for outbound requests (from an Transfer Family server to a partner AS2 @@ -5807,15 +5807,19 @@ type As2ConnectorConfig struct { MdnResponse *string `type:"string" enum:"MdnResponse"` // The signing algorithm for the MDN response. + // + // If set to DEFAULT (or not set at all), the value for SigningAlogorithm is + // used. MdnSigningAlgorithm *string `type:"string" enum:"MdnSigningAlg"` - // A short description to help identify the connector. + // Used as the Subject HTTP header attribute in AS2 messages that are being + // sent with the connector. MessageSubject *string `min:"1" type:"string"` - // A unique identifier for the partner for the connector. + // A unique identifier for the partner profile for the connector. PartnerProfileId *string `min:"19" type:"string"` - // The algorithm that is used to sign the AS2 transfers for this partner profile. + // The algorithm that is used to sign the AS2 messages sent with the connector. SigningAlgorithm *string `type:"string" enum:"SigningAlg"` } @@ -6316,9 +6320,16 @@ func (s *CreateAccessOutput) SetServerId(v string) *CreateAccessOutput { type CreateAgreementInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) - // role that grants access to at least the HomeDirectory of your users' Amazon - // S3 buckets. + // With AS2, you can send files by calling StartFileTransfer and specifying + // the file paths in the request parameter, SendFilePaths. We use the file’s + // parent directory (for example, for --send-file-paths /bucket/dir/file.txt, + // parent directory is /bucket/dir/) to temporarily store a processed AS2 message + // file, store the MDN when we receive them from the partner, and write a final + // JSON file containing relevant metadata of the transmission. So, the AccessRole + // needs to provide read and write access to the parent directory of the file + // location used in the StartFileTransfer request. Additionally, you need to + // provide read and write access to the parent directory of the files that you + // intend to send with StartFileTransfer. // // AccessRole is a required field AccessRole *string `min:"20" type:"string" required:"true"` @@ -6674,7 +6685,7 @@ func (s *CreateConnectorOutput) SetConnectorId(v string) *CreateConnectorOutput type CreateProfileInput struct { _ struct{} `type:"structure"` - // The As2Id is the AS2-name, as defined in the defined in the RFC 4130 (https://datatracker.ietf.org/doc/html/rfc4130). + // The As2Id is the AS2-name, as defined in the RFC 4130 (https://datatracker.ietf.org/doc/html/rfc4130). // For inbound transfers, this is the AS2-From header for the AS2 messages sent // from the partner. For outbound connectors, this is the AS2-To header for // the AS2 messages sent to the partner using the StartFileTransfer API operation. @@ -9600,9 +9611,16 @@ func (s *DescribedAccess) SetRole(v string) *DescribedAccess { type DescribedAgreement struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) - // role that grants access to at least the HomeDirectory of your users' Amazon - // S3 buckets. + // With AS2, you can send files by calling StartFileTransfer and specifying + // the file paths in the request parameter, SendFilePaths. We use the file’s + // parent directory (for example, for --send-file-paths /bucket/dir/file.txt, + // parent directory is /bucket/dir/) to temporarily store a processed AS2 message + // file, store the MDN when we receive them from the partner, and write a final + // JSON file containing relevant metadata of the transmission. So, the AccessRole + // needs to provide read and write access to the parent directory of the file + // location used in the StartFileTransfer request. Additionally, you need to + // provide read and write access to the parent directory of the files that you + // intend to send with StartFileTransfer. AccessRole *string `min:"20" type:"string"` // A unique identifier for the agreement. This identifier is returned when you @@ -9621,10 +9639,10 @@ type DescribedAgreement struct { // The name or short description that's used to identify the agreement. Description *string `min:"1" type:"string"` - // A unique identifier for the AS2 process. + // A unique identifier for the AS2 local profile. LocalProfileId *string `min:"19" type:"string"` - // A unique identifier for the partner in the agreement. + // A unique identifier for the partner profile used in the agreement. PartnerProfileId *string `min:"19" type:"string"` // A system-assigned unique identifier for a server instance. This identifier @@ -10091,7 +10109,11 @@ type DescribedProfile struct { // Arn is a required field Arn *string `min:"20" type:"string" required:"true"` - // The unique identifier for the AS2 process. + // The As2Id is the AS2-name, as defined in the RFC 4130 (https://datatracker.ietf.org/doc/html/rfc4130). + // For inbound transfers, this is the AS2-From header for the AS2 messages sent + // from the partner. For outbound connectors, this is the AS2-To header for + // the AS2 messages sent to the partner using the StartFileTransfer API operation. + // This ID cannot include spaces. As2Id *string `min:"1" type:"string"` // An array of identifiers for the imported certificates. You use this identifier @@ -10332,8 +10354,25 @@ type DescribedServer struct { // The protocol settings that are configured for your server. // - // Use the PassiveIp parameter to indicate passive mode. Enter a single IPv4 - // address, such as the public IP address of a firewall, router, or load balancer. + // * To indicate passive mode (for FTP and FTPS protocols), use the PassiveIp + // parameter. Enter a single dotted-quad IPv4 address, such as the external + // IP address of a firewall, router, or load balancer. + // + // * To ignore the error that is generated when the client attempts to use + // the SETSTAT command on a file that you are uploading to an Amazon S3 bucket, + // use the SetStatOption parameter. To have the Transfer Family server ignore + // the SETSTAT command and upload files without needing to make any changes + // to your SFTP client, set the value to ENABLE_NO_OP. If you set the SetStatOption + // parameter to ENABLE_NO_OP, Transfer Family generates a log entry to Amazon + // CloudWatch Logs, so that you can determine when the client is making a + // SETSTAT call. + // + // * To determine whether your Transfer Family server resumes recent, negotiated + // sessions through a unique session ID, use the TlsSessionResumptionMode + // parameter. + // + // * As2Transports indicates the transport method for the AS2 messages. Currently, + // only HTTP is supported. ProtocolDetails *ProtocolDetails `type:"structure"` // Specifies the file transfer protocol or protocols over which your file transfer @@ -10346,6 +10385,24 @@ type DescribedServer struct { // * FTPS (File Transfer Protocol Secure): File transfer with TLS encryption // // * FTP (File Transfer Protocol): Unencrypted file transfer + // + // * AS2 (Applicability Statement 2): used for transporting structured business-to-business + // data + // + // * If you select FTPS, you must choose a certificate stored in Certificate + // Manager (ACM) which is used to identify your server when clients connect + // to it over FTPS. + // + // * If Protocol includes either FTP or FTPS, then the EndpointType must + // be VPC and the IdentityProviderType must be AWS_DIRECTORY_SERVICE or API_GATEWAY. + // + // * If Protocol includes FTP, then AddressAllocationIds cannot be associated. + // + // * If Protocol is set only to SFTP, the EndpointType can be set to PUBLIC + // and the IdentityProviderType can be set to SERVICE_MANAGED. + // + // * If Protocol includes AS2, then the EndpointType must be VPC, and domain + // must be Amazon S3. Protocols []*string `min:"1" type:"list" enum:"Protocol"` // Specifies the name of the security policy that is attached to the server. @@ -13248,10 +13305,10 @@ type ListedAgreement struct { // UpdateAgreement operation and providing a new description. Description *string `min:"1" type:"string"` - // A unique identifier for the AS2 process. + // A unique identifier for the AS2 local profile. LocalProfileId *string `min:"19" type:"string"` - // A unique identifier for the partner process. + // A unique identifier for the partner profile. PartnerProfileId *string `min:"19" type:"string"` // The unique identifier for the agreement. @@ -13540,7 +13597,11 @@ type ListedProfile struct { // The Amazon Resource Name (ARN) of the specified profile. Arn *string `min:"20" type:"string"` - // The unique identifier for the AS2 process. + // The As2Id is the AS2-name, as defined in the RFC 4130 (https://datatracker.ietf.org/doc/html/rfc4130). + // For inbound transfers, this is the AS2-From header for the AS2 messages sent + // from the partner. For outbound connectors, this is the AS2-To header for + // the AS2 messages sent to the partner using the StartFileTransfer API operation. + // This ID cannot include spaces. As2Id *string `min:"1" type:"string"` // A unique identifier for the local or partner AS2 profile. @@ -15816,9 +15877,16 @@ func (s *UpdateAccessOutput) SetServerId(v string) *UpdateAccessOutput { type UpdateAgreementInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) - // role that grants access to at least the HomeDirectory of your users' Amazon - // S3 buckets. + // With AS2, you can send files by calling StartFileTransfer and specifying + // the file paths in the request parameter, SendFilePaths. We use the file’s + // parent directory (for example, for --send-file-paths /bucket/dir/file.txt, + // parent directory is /bucket/dir/) to temporarily store a processed AS2 message + // file, store the MDN when we receive them from the partner, and write a final + // JSON file containing relevant metadata of the transmission. So, the AccessRole + // needs to provide read and write access to the parent directory of the file + // location used in the StartFileTransfer request. Additionally, you need to + // provide read and write access to the parent directory of the files that you + // intend to send with StartFileTransfer. AccessRole *string `min:"20" type:"string"` // A unique identifier for the agreement. This identifier is returned when you @@ -15835,10 +15903,13 @@ type UpdateAgreementInput struct { // agreement. Description *string `min:"1" type:"string"` + // A unique identifier for the AS2 local profile. + // // To change the local profile identifier, provide a new value here. LocalProfileId *string `min:"19" type:"string"` - // To change the partner profile identifier, provide a new value here. + // A unique identifier for the partner profile. To change the partner profile + // identifier, provide a new value here. PartnerProfileId *string `min:"19" type:"string"` // A system-assigned unique identifier for a server instance. This is the specific @@ -16481,24 +16552,30 @@ type UpdateServerInput struct { // protocol client can connect to your server's endpoint. The available protocols // are: // - // * Secure Shell (SSH) File Transfer Protocol (SFTP): File transfer over + // * SFTP (Secure Shell (SSH) File Transfer Protocol): File transfer over // SSH // - // * File Transfer Protocol Secure (FTPS): File transfer with TLS encryption + // * FTPS (File Transfer Protocol Secure): File transfer with TLS encryption // - // * File Transfer Protocol (FTP): Unencrypted file transfer + // * FTP (File Transfer Protocol): Unencrypted file transfer // - // If you select FTPS, you must choose a certificate stored in Amazon Web ServicesCertificate - // Manager (ACM) which will be used to identify your server when clients connect - // to it over FTPS. + // * AS2 (Applicability Statement 2): used for transporting structured business-to-business + // data // - // If Protocol includes either FTP or FTPS, then the EndpointType must be VPC - // and the IdentityProviderType must be AWS_DIRECTORY_SERVICE or API_GATEWAY. + // * If you select FTPS, you must choose a certificate stored in Certificate + // Manager (ACM) which is used to identify your server when clients connect + // to it over FTPS. + // + // * If Protocol includes either FTP or FTPS, then the EndpointType must + // be VPC and the IdentityProviderType must be AWS_DIRECTORY_SERVICE or API_GATEWAY. // - // If Protocol includes FTP, then AddressAllocationIds cannot be associated. + // * If Protocol includes FTP, then AddressAllocationIds cannot be associated. + // + // * If Protocol is set only to SFTP, the EndpointType can be set to PUBLIC + // and the IdentityProviderType can be set to SERVICE_MANAGED. // - // If Protocol is set only to SFTP, the EndpointType can be set to PUBLIC and - // the IdentityProviderType can be set to SERVICE_MANAGED. + // * If Protocol includes AS2, then the EndpointType must be VPC, and domain + // must be Amazon S3. Protocols []*string `min:"1" type:"list" enum:"Protocol"` // Specifies the name of the security policy that is attached to the server. diff --git a/service/transfer/doc.go b/service/transfer/doc.go index b6163e1520..a91070bb8d 100644 --- a/service/transfer/doc.go +++ b/service/transfer/doc.go @@ -6,13 +6,15 @@ // Transfer Family is a fully managed service that enables the transfer of files // over the File Transfer Protocol (FTP), File Transfer Protocol over SSL (FTPS), // or Secure Shell (SSH) File Transfer Protocol (SFTP) directly into and out -// of Amazon Simple Storage Service (Amazon S3). Amazon Web Services helps you -// seamlessly migrate your file transfer workflows to Transfer Family by integrating -// with existing authentication systems, and providing DNS routing with Amazon -// Route 53 so nothing changes for your customers and partners, or their applications. -// With your data in Amazon S3, you can use it with Amazon Web Services for -// processing, analytics, machine learning, and archiving. Getting started with -// Transfer Family is easy since there is no infrastructure to buy and set up. +// of Amazon Simple Storage Service (Amazon S3) or Amazon EFS. Additionally, +// you can use Applicability Statement 2 (AS2) to transfer files into and out +// of Amazon S3. Amazon Web Services helps you seamlessly migrate your file +// transfer workflows to Transfer Family by integrating with existing authentication +// systems, and providing DNS routing with Amazon Route 53 so nothing changes +// for your customers and partners, or their applications. With your data in +// Amazon S3, you can use it with Amazon Web Services for processing, analytics, +// machine learning, and archiving. Getting started with Transfer Family is +// easy since there is no infrastructure to buy and set up. // // See https://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05 for more information on this service. //