diff --git a/clients/client-amplifybackend/src/models/models_0.ts b/clients/client-amplifybackend/src/models/models_0.ts index 4998b7e4de3a..57d35944f1cd 100644 --- a/clients/client-amplifybackend/src/models/models_0.ts +++ b/clients/client-amplifybackend/src/models/models_0.ts @@ -1463,6 +1463,11 @@ export namespace GetBackendRequest { } export interface GetBackendResponse { + /** + *
A stringified version of the cli.json file for your Amplify project.
+ */ + AmplifyFeatureFlags?: string; + /** *A stringified version of the current configs for your Amplify project.
*/ diff --git a/clients/client-amplifybackend/src/protocols/Aws_restJson1.ts b/clients/client-amplifybackend/src/protocols/Aws_restJson1.ts index 15211a8407b9..80938561b135 100644 --- a/clients/client-amplifybackend/src/protocols/Aws_restJson1.ts +++ b/clients/client-amplifybackend/src/protocols/Aws_restJson1.ts @@ -2191,6 +2191,7 @@ export const deserializeAws_restJson1GetBackendCommand = async ( } const contents: GetBackendCommandOutput = { $metadata: deserializeMetadata(output), + AmplifyFeatureFlags: undefined, AmplifyMetaConfig: undefined, AppId: undefined, AppName: undefined, @@ -2199,6 +2200,9 @@ export const deserializeAws_restJson1GetBackendCommand = async ( Error: undefined, }; const data: { [key: string]: any } = __expectNonNull(__expectObject(await parseBody(output.body, context)), "body"); + if (data.amplifyFeatureFlags !== undefined && data.amplifyFeatureFlags !== null) { + contents.AmplifyFeatureFlags = __expectString(data.amplifyFeatureFlags); + } if (data.amplifyMetaConfig !== undefined && data.amplifyMetaConfig !== null) { contents.AmplifyMetaConfig = __expectString(data.amplifyMetaConfig); } diff --git a/clients/client-application-auto-scaling/README.md b/clients/client-application-auto-scaling/README.md index dbcaf87a4ae4..76de7c82a355 100644 --- a/clients/client-application-auto-scaling/README.md +++ b/clients/client-application-auto-scaling/README.md @@ -41,10 +41,13 @@ resources:Amazon Managed Streaming for Apache Kafka broker storage
Amazon Neptune clusters
+Amazon SageMaker endpoint variants
Spot Fleet (Amazon EC2) requests
+Spot Fleets (Amazon EC2)
Custom resources provided by your own applications or services
diff --git a/clients/client-application-auto-scaling/src/ApplicationAutoScaling.ts b/clients/client-application-auto-scaling/src/ApplicationAutoScaling.ts index f757b6759592..425e2515107c 100644 --- a/clients/client-application-auto-scaling/src/ApplicationAutoScaling.ts +++ b/clients/client-application-auto-scaling/src/ApplicationAutoScaling.ts @@ -87,10 +87,13 @@ import { *Amazon Managed Streaming for Apache Kafka broker storage
*Amazon Neptune clusters
+ *Amazon SageMaker endpoint variants
*Spot Fleet (Amazon EC2) requests
+ *Spot Fleets (Amazon EC2)
*Custom resources provided by your own applications or services
@@ -491,6 +494,13 @@ export class ApplicationAutoScaling extends ApplicationAutoScalingClient { *To update a scalable target, specify the parameters that you want to change. Include the * parameters that identify the scalable target: resource ID, scalable dimension, and * namespace. Any parameters that you don't specify are not changed by this update request.
+ *If you call the RegisterScalableTarget
API to update an existing
+ * scalable target, Application Auto Scaling retrieves the current capacity of the resource. If it is below
+ * the minimum capacity or above the maximum capacity, Application Auto Scaling adjusts the capacity of the
+ * scalable target to place it within these bounds, even if you don't include the
+ * MinCapacity
or MaxCapacity
request parameters.
Amazon Managed Streaming for Apache Kafka broker storage
*Amazon Neptune clusters
+ *Amazon SageMaker endpoint variants
*Spot Fleet (Amazon EC2) requests
+ *Spot Fleets (Amazon EC2)
*Custom resources provided by your own applications or services
diff --git a/clients/client-application-auto-scaling/src/commands/RegisterScalableTargetCommand.ts b/clients/client-application-auto-scaling/src/commands/RegisterScalableTargetCommand.ts index c388d8ed8601..1f5b6fa62b63 100644 --- a/clients/client-application-auto-scaling/src/commands/RegisterScalableTargetCommand.ts +++ b/clients/client-application-auto-scaling/src/commands/RegisterScalableTargetCommand.ts @@ -41,6 +41,13 @@ export interface RegisterScalableTargetCommandOutput extends RegisterScalableTar *To update a scalable target, specify the parameters that you want to change. Include the * parameters that identify the scalable target: resource ID, scalable dimension, and * namespace. Any parameters that you don't specify are not changed by this update request.
+ *If you call the RegisterScalableTarget
API to update an existing
+ * scalable target, Application Auto Scaling retrieves the current capacity of the resource. If it is below
+ * the minimum capacity or above the maximum capacity, Application Auto Scaling adjusts the capacity of the
+ * scalable target to place it within these bounds, even if you don't include the
+ * MinCapacity
or MaxCapacity
request parameters.
service/default/sample-webapp
.
* Spot Fleet request - The resource type is spot-fleet-request
and the unique identifier is the
+ *
Spot Fleet - The resource type is spot-fleet-request
and the unique identifier is the
* Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.
cluster:my-db-cluster
.
* Amazon SageMaker endpoint variant - The resource type is variant
and the unique identifier is the resource ID.
+ *
SageMaker endpoint variant - The resource type is variant
and the unique identifier is the resource ID.
* Example: endpoint/my-end-point/variant/KMeansClustering
.
Amazon ElastiCache replication group - The resource type is replication-group
and the unique identifier is the replication group name.
* Example: replication-group/mycluster
.
Neptune cluster - The resource type is cluster
and the unique identifier is the cluster name. Example: cluster:mycluster
.
- * ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet request.
ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet.
* @@ -207,7 +212,7 @@ export interface DeleteScalingPolicyRequest { *
- * sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an Amazon SageMaker model endpoint variant.
sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an SageMaker model endpoint variant.
* @@ -245,6 +250,10 @@ export interface DeleteScalingPolicyRequest { *
* elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.
+ * neptune:cluster:ReadReplicaCount
- The count of read replicas in an Amazon Neptune DB cluster.
service/default/sample-webapp
.
*
* Spot Fleet request - The resource type is spot-fleet-request
and the unique identifier is the
+ *
Spot Fleet - The resource type is spot-fleet-request
and the unique identifier is the
* Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.
cluster:my-db-cluster
.
* Amazon SageMaker endpoint variant - The resource type is variant
and the unique identifier is the resource ID.
+ *
SageMaker endpoint variant - The resource type is variant
and the unique identifier is the resource ID.
* Example: endpoint/my-end-point/variant/KMeansClustering
.
Amazon ElastiCache replication group - The resource type is replication-group
and the unique identifier is the replication group name.
* Example: replication-group/mycluster
.
Neptune cluster - The resource type is cluster
and the unique identifier is the cluster name. Example: cluster:mycluster
.
- * ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet request.
ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet.
* @@ -449,7 +461,7 @@ export interface DeleteScheduledActionRequest { *
- * sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an Amazon SageMaker model endpoint variant.
sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an SageMaker model endpoint variant.
* @@ -487,6 +499,10 @@ export interface DeleteScheduledActionRequest { *
* elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.
+ * neptune:cluster:ReadReplicaCount
- The count of read replicas in an Amazon Neptune DB cluster.
service/default/sample-webapp
.
*
* Spot Fleet request - The resource type is spot-fleet-request
and the unique identifier is the
+ *
Spot Fleet - The resource type is spot-fleet-request
and the unique identifier is the
* Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.
cluster:my-db-cluster
.
* Amazon SageMaker endpoint variant - The resource type is variant
and the unique identifier is the resource ID.
+ *
SageMaker endpoint variant - The resource type is variant
and the unique identifier is the resource ID.
* Example: endpoint/my-end-point/variant/KMeansClustering
.
Amazon ElastiCache replication group - The resource type is replication-group
and the unique identifier is the replication group name.
* Example: replication-group/mycluster
.
Neptune cluster - The resource type is cluster
and the unique identifier is the cluster name. Example: cluster:mycluster
.
- * ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet request.
ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet.
* @@ -628,7 +647,7 @@ export interface DeregisterScalableTargetRequest { *
- * sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an Amazon SageMaker model endpoint variant.
sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an SageMaker model endpoint variant.
* @@ -666,6 +685,10 @@ export interface DeregisterScalableTargetRequest { *
* elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.
+ * neptune:cluster:ReadReplicaCount
- The count of read replicas in an Amazon Neptune DB cluster.
service/default/sample-webapp
.
*
* Spot Fleet request - The resource type is spot-fleet-request
and the unique identifier is the
+ *
Spot Fleet - The resource type is spot-fleet-request
and the unique identifier is the
* Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.
cluster:my-db-cluster
.
* Amazon SageMaker endpoint variant - The resource type is variant
and the unique identifier is the resource ID.
+ *
SageMaker endpoint variant - The resource type is variant
and the unique identifier is the resource ID.
* Example: endpoint/my-end-point/variant/KMeansClustering
.
Amazon ElastiCache replication group - The resource type is replication-group
and the unique identifier is the replication group name.
* Example: replication-group/mycluster
.
Neptune cluster - The resource type is cluster
and the unique identifier is the cluster name. Example: cluster:mycluster
.
- * ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet request.
ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet.
* @@ -807,7 +833,7 @@ export interface DescribeScalableTargetsRequest { *
- * sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an Amazon SageMaker model endpoint variant.
sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an SageMaker model endpoint variant.
* @@ -845,6 +871,10 @@ export interface DescribeScalableTargetsRequest { *
* elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.
+ * neptune:cluster:ReadReplicaCount
- The count of read replicas in an Amazon Neptune DB cluster.
service/default/sample-webapp
.
*
* Spot Fleet request - The resource type is spot-fleet-request
and the unique identifier is the
+ *
Spot Fleet - The resource type is spot-fleet-request
and the unique identifier is the
* Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.
cluster:my-db-cluster
.
* Amazon SageMaker endpoint variant - The resource type is variant
and the unique identifier is the resource ID.
+ *
SageMaker endpoint variant - The resource type is variant
and the unique identifier is the resource ID.
* Example: endpoint/my-end-point/variant/KMeansClustering
.
Amazon ElastiCache replication group - The resource type is replication-group
and the unique identifier is the replication group name.
* Example: replication-group/mycluster
.
Neptune cluster - The resource type is cluster
and the unique identifier is the cluster name. Example: cluster:mycluster
.
- * ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet request.
ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet.
* @@ -1030,7 +1063,7 @@ export interface ScalableTarget { *
- * sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an Amazon SageMaker model endpoint variant.
sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an SageMaker model endpoint variant.
* @@ -1068,6 +1101,10 @@ export interface ScalableTarget { *
* elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.
+ * neptune:cluster:ReadReplicaCount
- The count of read replicas in an Amazon Neptune DB cluster.
service/default/sample-webapp
.
*
* Spot Fleet request - The resource type is spot-fleet-request
and the unique identifier is the
+ *
Spot Fleet - The resource type is spot-fleet-request
and the unique identifier is the
* Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.
cluster:my-db-cluster
.
* Amazon SageMaker endpoint variant - The resource type is variant
and the unique identifier is the resource ID.
+ *
SageMaker endpoint variant - The resource type is variant
and the unique identifier is the resource ID.
* Example: endpoint/my-end-point/variant/KMeansClustering
.
Amazon ElastiCache replication group - The resource type is replication-group
and the unique identifier is the replication group name.
* Example: replication-group/mycluster
.
Neptune cluster - The resource type is cluster
and the unique identifier is the cluster name. Example: cluster:mycluster
.
- * ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet request.
ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet.
* @@ -1265,7 +1305,7 @@ export interface DescribeScalingActivitiesRequest { *
- * sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an Amazon SageMaker model endpoint variant.
sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an SageMaker model endpoint variant.
* @@ -1303,6 +1343,10 @@ export interface DescribeScalingActivitiesRequest { *
* elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.
+ * neptune:cluster:ReadReplicaCount
- The count of read replicas in an Amazon Neptune DB cluster.
service/default/sample-webapp
.
*
* Spot Fleet request - The resource type is spot-fleet-request
and the unique identifier is the
+ *
Spot Fleet - The resource type is spot-fleet-request
and the unique identifier is the
* Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.
cluster:my-db-cluster
.
* Amazon SageMaker endpoint variant - The resource type is variant
and the unique identifier is the resource ID.
+ *
SageMaker endpoint variant - The resource type is variant
and the unique identifier is the resource ID.
* Example: endpoint/my-end-point/variant/KMeansClustering
.
Amazon ElastiCache replication group - The resource type is replication-group
and the unique identifier is the replication group name.
* Example: replication-group/mycluster
.
Neptune cluster - The resource type is cluster
and the unique identifier is the cluster name. Example: cluster:mycluster
.
- * ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet request.
ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet.
* @@ -1465,7 +1512,7 @@ export interface ScalingActivity { *
- * sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an Amazon SageMaker model endpoint variant.
sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an SageMaker model endpoint variant.
* @@ -1503,6 +1550,10 @@ export interface ScalingActivity { *
* elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.
+ * neptune:cluster:ReadReplicaCount
- The count of read replicas in an Amazon Neptune DB cluster.
service/default/sample-webapp
.
*
* Spot Fleet request - The resource type is spot-fleet-request
and the unique identifier is the
+ *
Spot Fleet - The resource type is spot-fleet-request
and the unique identifier is the
* Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.
cluster:my-db-cluster
.
* Amazon SageMaker endpoint variant - The resource type is variant
and the unique identifier is the resource ID.
+ *
SageMaker endpoint variant - The resource type is variant
and the unique identifier is the resource ID.
* Example: endpoint/my-end-point/variant/KMeansClustering
.
Amazon ElastiCache replication group - The resource type is replication-group
and the unique identifier is the replication group name.
* Example: replication-group/mycluster
.
Neptune cluster - The resource type is cluster
and the unique identifier is the cluster name. Example: cluster:mycluster
.
- * ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet request.
ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet.
* @@ -1695,7 +1749,7 @@ export interface DescribeScalingPoliciesRequest { *
- * sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an Amazon SageMaker model endpoint variant.
sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an SageMaker model endpoint variant.
* @@ -1733,18 +1787,22 @@ export interface DescribeScalingPoliciesRequest { *
* elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.
+ * neptune:cluster:ReadReplicaCount
- The count of read replicas in an Amazon Neptune DB cluster.
The maximum number of scalable targets. This value can be between 1 and - * 50. The default value is 50.
+ *The maximum number of scalable targets. This value can be between 1 and 10. The default + * value is 10.
*If this parameter is used, the operation returns up to MaxResults
results
* at a time, along with a NextToken
value. To get the next set of results,
* include the NextToken
value in a subsequent call. If this parameter is not
- * used, the operation returns up to 50 results and a
- * NextToken
value, if applicable.
NextToken
value, if
+ * applicable.
*/
MaxResults?: number;
@@ -1901,22 +1959,25 @@ export interface StepScalingPolicyConfiguration {
* and a default value of 300 for the following scalable targets:
* ECS services
+ *AppStream 2.0 fleets
*Spot Fleet requests
+ *Aurora DB clusters
+ *ECS services
*EMR clusters
*AppStream 2.0 fleets
+ *Neptune clusters
*Aurora DB clusters
+ *SageMaker endpoint variants
*Amazon SageMaker endpoint variants
+ *Spot Fleets
*Custom resources
@@ -1925,21 +1986,18 @@ export interface StepScalingPolicyConfiguration { *For all other scalable targets, the default value is 0:
*DynamoDB tables
+ *Amazon Comprehend document classification and entity recognizer endpoints
*DynamoDB global secondary indexes
+ *DynamoDB tables and global secondary indexes
*Amazon Comprehend document classification and entity recognizer endpoints
+ *Amazon Keyspaces tables
*Lambda provisioned concurrency
*Amazon Keyspaces tables
- *Amazon MSK broker storage
*ECS services
+ *AppStream 2.0 fleets
+ *Aurora DB clusters
*Spot Fleet requests
+ *ECS services
*EMR clusters
*AppStream 2.0 fleets
+ *Neptune clusters
*Aurora DB clusters
+ *SageMaker endpoint variants
*Amazon SageMaker endpoint variants
+ *Spot Fleets
*Custom resources
@@ -2193,21 +2255,18 @@ export interface TargetTrackingScalingPolicyConfiguration { *For all other scalable targets, the default value is 0:
*DynamoDB tables
+ *Amazon Comprehend document classification and entity recognizer endpoints
*DynamoDB global secondary indexes
+ *DynamoDB tables and global secondary indexes
*Amazon Comprehend document classification and entity recognizer endpoints
+ *Amazon Keyspaces tables
*Lambda provisioned concurrency
*Amazon Keyspaces tables
- *Amazon MSK broker storage
*ECS services
+ *AppStream 2.0 fleets
*Spot Fleet requests
+ *Aurora DB clusters
+ *ECS services
*EMR clusters
*AppStream 2.0 fleets
+ *Neptune clusters
*Aurora DB clusters
+ *SageMaker endpoint variants
*Amazon SageMaker endpoint variants
+ *Spot Fleets
*Custom resources
@@ -2250,21 +2312,18 @@ export interface TargetTrackingScalingPolicyConfiguration { *For all other scalable targets, the default value is 0:
*DynamoDB tables
+ *Amazon Comprehend document classification and entity recognizer endpoints
*DynamoDB global secondary indexes
+ *DynamoDB tables and global secondary indexes
*Amazon Comprehend document classification and entity recognizer endpoints
+ *Amazon Keyspaces tables
*Lambda provisioned concurrency
*Amazon Keyspaces tables
- *Amazon MSK broker storage
*service/default/sample-webapp
.
* Spot Fleet request - The resource type is spot-fleet-request
and the unique identifier is the
+ *
Spot Fleet - The resource type is spot-fleet-request
and the unique identifier is the
* Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.
cluster:my-db-cluster
.
* Amazon SageMaker endpoint variant - The resource type is variant
and the unique identifier is the resource ID.
+ *
SageMaker endpoint variant - The resource type is variant
and the unique identifier is the resource ID.
* Example: endpoint/my-end-point/variant/KMeansClustering
.
Amazon ElastiCache replication group - The resource type is replication-group
and the unique identifier is the replication group name.
* Example: replication-group/mycluster
.
Neptune cluster - The resource type is cluster
and the unique identifier is the cluster name. Example: cluster:mycluster
.
- * ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet request.
ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet.
* @@ -2421,7 +2483,7 @@ export interface ScalingPolicy { *
- * sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an Amazon SageMaker model endpoint variant.
sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an SageMaker model endpoint variant.
* @@ -2459,6 +2521,10 @@ export interface ScalingPolicy { *
* elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.
+ * neptune:cluster:ReadReplicaCount
- The count of read replicas in an Amazon Neptune DB cluster.
service/default/sample-webapp
.
* Spot Fleet request - The resource type is spot-fleet-request
and the unique identifier is the
+ *
Spot Fleet - The resource type is spot-fleet-request
and the unique identifier is the
* Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.
cluster:my-db-cluster
.
* Amazon SageMaker endpoint variant - The resource type is variant
and the unique identifier is the resource ID.
+ *
SageMaker endpoint variant - The resource type is variant
and the unique identifier is the resource ID.
* Example: endpoint/my-end-point/variant/KMeansClustering
.
Amazon ElastiCache replication group - The resource type is replication-group
and the unique identifier is the replication group name.
* Example: replication-group/mycluster
.
Neptune cluster - The resource type is cluster
and the unique identifier is the cluster name. Example: cluster:mycluster
.
- * ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet request.
ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet.
* @@ -2662,7 +2731,7 @@ export interface DescribeScheduledActionsRequest { *
- * sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an Amazon SageMaker model endpoint variant.
sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an SageMaker model endpoint variant.
* @@ -2700,6 +2769,10 @@ export interface DescribeScheduledActionsRequest { *
* elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.
+ * neptune:cluster:ReadReplicaCount
- The count of read replicas in an Amazon Neptune DB cluster.
service/default/sample-webapp
.
*
* Spot Fleet request - The resource type is spot-fleet-request
and the unique identifier is the
+ *
Spot Fleet - The resource type is spot-fleet-request
and the unique identifier is the
* Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.
cluster:my-db-cluster
.
* Amazon SageMaker endpoint variant - The resource type is variant
and the unique identifier is the resource ID.
+ *
SageMaker endpoint variant - The resource type is variant
and the unique identifier is the resource ID.
* Example: endpoint/my-end-point/variant/KMeansClustering
.
Amazon ElastiCache replication group - The resource type is replication-group
and the unique identifier is the replication group name.
* Example: replication-group/mycluster
.
Neptune cluster - The resource type is cluster
and the unique identifier is the cluster name. Example: cluster:mycluster
.
- * ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet request.
ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet.
* @@ -2923,7 +2999,7 @@ export interface ScheduledAction { *
- * sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an Amazon SageMaker model endpoint variant.
sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an SageMaker model endpoint variant.
* @@ -2961,6 +3037,10 @@ export interface ScheduledAction { *
* elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.
+ * neptune:cluster:ReadReplicaCount
- The count of read replicas in an Amazon Neptune DB cluster.
service/default/sample-webapp
.
*
* Spot Fleet request - The resource type is spot-fleet-request
and the unique identifier is the
+ *
Spot Fleet - The resource type is spot-fleet-request
and the unique identifier is the
* Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.
cluster:my-db-cluster
.
* Amazon SageMaker endpoint variant - The resource type is variant
and the unique identifier is the resource ID.
+ *
SageMaker endpoint variant - The resource type is variant
and the unique identifier is the resource ID.
* Example: endpoint/my-end-point/variant/KMeansClustering
.
Amazon ElastiCache replication group - The resource type is replication-group
and the unique identifier is the replication group name.
* Example: replication-group/mycluster
.
Neptune cluster - The resource type is cluster
and the unique identifier is the cluster name. Example: cluster:mycluster
.
- * ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet request.
ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet.
* @@ -3158,7 +3241,7 @@ export interface PutScalingPolicyRequest { *
- * sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an Amazon SageMaker model endpoint variant.
sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an SageMaker model endpoint variant.
* @@ -3196,6 +3279,10 @@ export interface PutScalingPolicyRequest { *
* elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.
+ * neptune:cluster:ReadReplicaCount
- The count of read replicas in an Amazon Neptune DB cluster.
* TargetTrackingScaling
—Not supported for Amazon EMR
- * StepScaling
—Not supported for DynamoDB, Amazon Comprehend, Lambda, Amazon Keyspaces (for Apache
- * Cassandra), Amazon MSK, or Amazon ElastiCache for Redis.
StepScaling
—Not supported for DynamoDB, Amazon Comprehend, Lambda, Amazon Keyspaces, Amazon MSK, Amazon ElastiCache, or
+ * Neptune.
* For more information, see Target * tracking scaling policies and Step scaling policies in the Application Auto Scaling User Guide.
*/ @@ -3315,7 +3402,7 @@ export interface PutScheduledActionRequest { * and service name. Example:service/default/sample-webapp
.
*
* Spot Fleet request - The resource type is spot-fleet-request
and the unique identifier is the
+ *
Spot Fleet - The resource type is spot-fleet-request
and the unique identifier is the
* Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.
cluster:my-db-cluster
.
* Amazon SageMaker endpoint variant - The resource type is variant
and the unique identifier is the resource ID.
+ *
SageMaker endpoint variant - The resource type is variant
and the unique identifier is the resource ID.
* Example: endpoint/my-end-point/variant/KMeansClustering
.
Amazon ElastiCache replication group - The resource type is replication-group
and the unique identifier is the replication group name.
* Example: replication-group/mycluster
.
Neptune cluster - The resource type is cluster
and the unique identifier is the cluster name. Example: cluster:mycluster
.
- * ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet request.
ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet.
* @@ -3414,7 +3504,7 @@ export interface PutScheduledActionRequest { *
- * sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an Amazon SageMaker model endpoint variant.
sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an SageMaker model endpoint variant.
* @@ -3452,6 +3542,10 @@ export interface PutScheduledActionRequest { *
* elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.
+ * neptune:cluster:ReadReplicaCount
- The count of read replicas in an Amazon Neptune DB cluster.
service/default/sample-webapp
.
*
* Spot Fleet request - The resource type is spot-fleet-request
and the unique identifier is the
+ *
Spot Fleet - The resource type is spot-fleet-request
and the unique identifier is the
* Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.
cluster:my-db-cluster
.
* Amazon SageMaker endpoint variant - The resource type is variant
and the unique identifier is the resource ID.
+ *
SageMaker endpoint variant - The resource type is variant
and the unique identifier is the resource ID.
* Example: endpoint/my-end-point/variant/KMeansClustering
.
Amazon ElastiCache replication group - The resource type is replication-group
and the unique identifier is the replication group name.
* Example: replication-group/mycluster
.
Neptune cluster - The resource type is cluster
and the unique identifier is the cluster name. Example: cluster:mycluster
.
- * ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet request.
ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet.
* @@ -3611,7 +3708,7 @@ export interface RegisterScalableTargetRequest { *
- * sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an Amazon SageMaker model endpoint variant.
sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an SageMaker model endpoint variant.
* @@ -3649,6 +3746,10 @@ export interface RegisterScalableTargetRequest { *
* elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.
+ * neptune:cluster:ReadReplicaCount
- The count of read replicas in an Amazon Neptune DB cluster.
Creates a framework with one or more controls. A framework is a collection of controls * that you can use to evaluate your backup practices. By using pre-built customizable * controls to define your policies, you can evaluate whether your backup practices comply - * with your policies. To get insights into the compliance status of your frameworks, you can - * set up automatic daily reports.
+ * with your policies and which resources are not yet in compliance. */ public createFramework( args: CreateFrameworkCommandInput, @@ -671,6 +680,43 @@ export class Backup extends BackupClient { } } + /** + *Deletes Backup Vault Lock from a backup vault specified by a backup vault + * name.
+ *If the Vault Lock configuration is immutable, then you cannot delete Vault Lock using
+ * API operations, and you will receive an InvalidRequestException
if you attempt
+ * to do so. For more information, see Vault Lock in the
+ * Backup Developer Guide.
Deletes event notifications for the specified backup vault.
*/ @@ -2017,6 +2063,42 @@ export class Backup extends BackupClient { } } + /** + *Applies Backup Vault Lock to a backup vault, preventing attempts to delete + * any recovery point stored in or created in a backup vault. Vault Lock also prevents + * attempts to update the lifecycle policy that controls the retention period of any recovery + * point currently stored in a backup vault. If specified, Vault Lock enforces a minimum and + * maximum retention period for future backup and copy jobs that target a backup vault.
+ */ + public putBackupVaultLockConfiguration( + args: PutBackupVaultLockConfigurationCommandInput, + options?: __HttpHandlerOptions + ): PromiseTurns on notifications on a backup vault for the specified topic and events.
*/ diff --git a/clients/client-backup/src/BackupClient.ts b/clients/client-backup/src/BackupClient.ts index a6837dc69be9..245728db3f36 100644 --- a/clients/client-backup/src/BackupClient.ts +++ b/clients/client-backup/src/BackupClient.ts @@ -67,6 +67,10 @@ import { DeleteBackupVaultAccessPolicyCommandOutput, } from "./commands/DeleteBackupVaultAccessPolicyCommand"; import { DeleteBackupVaultCommandInput, DeleteBackupVaultCommandOutput } from "./commands/DeleteBackupVaultCommand"; +import { + DeleteBackupVaultLockConfigurationCommandInput, + DeleteBackupVaultLockConfigurationCommandOutput, +} from "./commands/DeleteBackupVaultLockConfigurationCommand"; import { DeleteBackupVaultNotificationsCommandInput, DeleteBackupVaultNotificationsCommandOutput, @@ -174,6 +178,10 @@ import { PutBackupVaultAccessPolicyCommandInput, PutBackupVaultAccessPolicyCommandOutput, } from "./commands/PutBackupVaultAccessPolicyCommand"; +import { + PutBackupVaultLockConfigurationCommandInput, + PutBackupVaultLockConfigurationCommandOutput, +} from "./commands/PutBackupVaultLockConfigurationCommand"; import { PutBackupVaultNotificationsCommandInput, PutBackupVaultNotificationsCommandOutput, @@ -212,6 +220,7 @@ export type ServiceInputTypes = | DeleteBackupSelectionCommandInput | DeleteBackupVaultAccessPolicyCommandInput | DeleteBackupVaultCommandInput + | DeleteBackupVaultLockConfigurationCommandInput | DeleteBackupVaultNotificationsCommandInput | DeleteFrameworkCommandInput | DeleteRecoveryPointCommandInput @@ -253,6 +262,7 @@ export type ServiceInputTypes = | ListRestoreJobsCommandInput | ListTagsCommandInput | PutBackupVaultAccessPolicyCommandInput + | PutBackupVaultLockConfigurationCommandInput | PutBackupVaultNotificationsCommandInput | StartBackupJobCommandInput | StartCopyJobCommandInput @@ -278,6 +288,7 @@ export type ServiceOutputTypes = | DeleteBackupSelectionCommandOutput | DeleteBackupVaultAccessPolicyCommandOutput | DeleteBackupVaultCommandOutput + | DeleteBackupVaultLockConfigurationCommandOutput | DeleteBackupVaultNotificationsCommandOutput | DeleteFrameworkCommandOutput | DeleteRecoveryPointCommandOutput @@ -319,6 +330,7 @@ export type ServiceOutputTypes = | ListRestoreJobsCommandOutput | ListTagsCommandOutput | PutBackupVaultAccessPolicyCommandOutput + | PutBackupVaultLockConfigurationCommandOutput | PutBackupVaultNotificationsCommandOutput | StartBackupJobCommandOutput | StartCopyJobCommandOutput diff --git a/clients/client-backup/src/commands/CreateFrameworkCommand.ts b/clients/client-backup/src/commands/CreateFrameworkCommand.ts index d68eb7300537..7bb340114216 100644 --- a/clients/client-backup/src/commands/CreateFrameworkCommand.ts +++ b/clients/client-backup/src/commands/CreateFrameworkCommand.ts @@ -25,8 +25,7 @@ export interface CreateFrameworkCommandOutput extends CreateFrameworkOutput, __M *Creates a framework with one or more controls. A framework is a collection of controls * that you can use to evaluate your backup practices. By using pre-built customizable * controls to define your policies, you can evaluate whether your backup practices comply - * with your policies. To get insights into the compliance status of your frameworks, you can - * set up automatic daily reports.
+ * with your policies and which resources are not yet in compliance. * @example * Use a bare-bones client and the command you need to make an API call. * ```javascript diff --git a/clients/client-backup/src/commands/DeleteBackupVaultLockConfigurationCommand.ts b/clients/client-backup/src/commands/DeleteBackupVaultLockConfigurationCommand.ts new file mode 100644 index 000000000000..0d33985e70ad --- /dev/null +++ b/clients/client-backup/src/commands/DeleteBackupVaultLockConfigurationCommand.ts @@ -0,0 +1,106 @@ +import { getSerdePlugin } from "@aws-sdk/middleware-serde"; +import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@aws-sdk/protocol-http"; +import { Command as $Command } from "@aws-sdk/smithy-client"; +import { + FinalizeHandlerArguments, + Handler, + HandlerExecutionContext, + HttpHandlerOptions as __HttpHandlerOptions, + MetadataBearer as __MetadataBearer, + MiddlewareStack, + SerdeContext as __SerdeContext, +} from "@aws-sdk/types"; + +import { BackupClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../BackupClient"; +import { DeleteBackupVaultLockConfigurationInput } from "../models/models_0"; +import { + deserializeAws_restJson1DeleteBackupVaultLockConfigurationCommand, + serializeAws_restJson1DeleteBackupVaultLockConfigurationCommand, +} from "../protocols/Aws_restJson1"; + +export interface DeleteBackupVaultLockConfigurationCommandInput extends DeleteBackupVaultLockConfigurationInput {} +export interface DeleteBackupVaultLockConfigurationCommandOutput extends __MetadataBearer {} + +/** + *Deletes Backup Vault Lock from a backup vault specified by a backup vault + * name.
+ *If the Vault Lock configuration is immutable, then you cannot delete Vault Lock using
+ * API operations, and you will receive an InvalidRequestException
if you attempt
+ * to do so. For more information, see Vault Lock in the
+ * Backup Developer Guide.
Applies Backup Vault Lock to a backup vault, preventing attempts to delete + * any recovery point stored in or created in a backup vault. Vault Lock also prevents + * attempts to update the lifecycle policy that controls the retention period of any recovery + * point currently stored in a backup vault. If specified, Vault Lock enforces a minimum and + * maximum retention period for future backup and copy jobs that target a backup vault.
+ * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { BackupClient, PutBackupVaultLockConfigurationCommand } from "@aws-sdk/client-backup"; // ES Modules import + * // const { BackupClient, PutBackupVaultLockConfigurationCommand } = require("@aws-sdk/client-backup"); // CommonJS import + * const client = new BackupClient(config); + * const command = new PutBackupVaultLockConfigurationCommand(input); + * const response = await client.send(command); + * ``` + * + * @see {@link PutBackupVaultLockConfigurationCommandInput} for command's `input` shape. + * @see {@link PutBackupVaultLockConfigurationCommandOutput} for command's `response` shape. + * @see {@link BackupClientResolvedConfig | config} for command's `input` shape. + * + */ +export class PutBackupVaultLockConfigurationCommand extends $Command< + PutBackupVaultLockConfigurationCommandInput, + PutBackupVaultLockConfigurationCommandOutput, + BackupClientResolvedConfig +> { + // Start section: command_properties + // End section: command_properties + + constructor(readonly input: PutBackupVaultLockConfigurationCommandInput) { + // Start section: command_constructor + super(); + // End section: command_constructor + } + + /** + * @internal + */ + resolveMiddleware( + clientStack: MiddlewareStackContains an optional backup plan display name and an array of BackupRule
* objects, each of which specifies a backup rule. Each rule in a backup plan is a separate
- * scheduled task and can back up a different selection of Amazon Web Services resources.
- *
The number of recovery points that are stored in a backup vault.
*/ NumberOfRecoveryPoints?: number; + + /** + *A Boolean value that indicates whether Backup Vault Lock applies to the
+ * selected backup vault. If true
, Vault Lock prevents delete and update
+ * operations on the recovery points in the selected vault.
The Backup Vault Lock setting that specifies the minimum retention period + * that the vault retains its recovery points. If this parameter is not specified, Vault Lock + * does not enforce a minimum retention period.
+ *If specified, any backup or copy job to the vault must have a lifecycle policy with a + * retention period equal to or longer than the minimum retention period. If the job's + * retention period is shorter than that minimum retention period, then the vault fails the + * backup or copy job, and you should either modify your lifecycle settings or use a different + * vault. Recovery points already stored in the vault prior to Vault Lock are not + * affected.
+ */ + MinRetentionDays?: number; + + /** + *The Backup Vault Lock setting that specifies the maximum retention period + * that the vault retains its recovery points. If this parameter is not specified, Vault Lock + * does not enforce a maximum retention period on the recovery points in the vault (allowing + * indefinite storage).
+ *If specified, any backup or copy job to the vault must have a lifecycle policy with a + * retention period equal to or shorter than the maximum retention period. If the job's + * retention period is longer than that maximum retention period, then the vault fails the + * backup or copy job, and you should either modify your lifecycle settings or use a different + * vault. Recovery points already stored in the vault prior to Vault Lock are not + * affected.
+ */ + MaxRetentionDays?: number; + + /** + *The date and time when Backup Vault Lock configuration becomes immutable, + * meaning it cannot be changed or deleted.
+ *If you applied Vault Lock to your vault without specifying a lock date, you can change + * your Vault Lock settings, or delete Vault Lock from the vault entirely, at any time.
+ *This value is in Unix format, Coordinated Universal Time (UTC), and accurate to + * milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 + * 12:11:30.087 AM.
+ */ + LockDate?: Date; } export namespace BackupVaultListMember { @@ -901,7 +945,14 @@ export interface ConflictException extends __SmithyException, $MetadataBearer { $fault: "client"; Code?: string; Message?: string; + /** + * + */ Type?: string; + + /** + * + */ Context?: string; } @@ -954,8 +1005,8 @@ export namespace ControlInputParameter { */ export interface ControlScope { /** - *Describes whether the control scope includes a specific resource identified by its - * unique Amazon Resource Name (ARN).
+ *The ID of the only Amazon Web Services resource that you want your control scope to + * contain.
*/ ComplianceResourceIds?: string[]; @@ -1545,10 +1596,21 @@ export interface ReportSetting { *Identifies the report template for the report. Reports are built using a report * template. The report templates are:
*
- * BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT
+ * RESOURCE_COMPLIANCE_REPORT | CONTROL_COMPLIANCE_REPORT | BACKUP_JOB_REPORT |
+ * COPY_JOB_REPORT | RESTORE_JOB_REPORT
*
The Amazon Resource Names (ARNs) of the frameworks a report covers.
+ */ + FrameworkArns?: string[]; + + /** + *The number of frameworks a report covers.
+ */ + NumberOfFrameworks?: number; } export namespace ReportSetting { @@ -1584,13 +1646,17 @@ export interface CreateReportPlanInput { *Identifies the report template for the report. Reports are built using a report * template. The report templates are:
*
- * BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT
+ * RESOURCE_COMPLIANCE_REPORT | CONTROL_COMPLIANCE_REPORT | BACKUP_JOB_REPORT |
+ * COPY_JOB_REPORT | RESTORE_JOB_REPORT
*
If the report template is RESOURCE_COMPLIANCE_REPORT
or
+ * CONTROL_COMPLIANCE_REPORT
, this API resource also describes the report
+ * coverage by Amazon Web Services Regions and frameworks.
Metadata that you can assign to help organize the frameworks that you create. Each tag + *
Metadata that you can assign to help organize the report plans that you create. Each tag * is a key-value pair.
*/ ReportPlanTags?: { [key: string]: string }; @@ -1623,6 +1689,14 @@ export interface CreateReportPlanOutput { * depends on the resource type. */ ReportPlanArn?: string; + + /** + *The date and time a backup vault is created, in Unix format and Coordinated Universal
+ * Time (UTC). The value of CreationTime
is accurate to milliseconds. For
+ * example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087
+ * AM.
The name of the backup vault from which to delete Backup Vault Lock.
+ */ + BackupVaultName: string | undefined; +} + +export namespace DeleteBackupVaultLockConfigurationInput { + /** + * @internal + */ + export const filterSensitiveLog = (obj: DeleteBackupVaultLockConfigurationInput): any => ({ + ...obj, + }); +} + export interface DeleteBackupVaultNotificationsInput { /** *The name of a logical container where backups are stored. Backup vaults are identified @@ -2147,6 +2237,52 @@ export interface DescribeBackupVaultOutput { *
The number of recovery points that are stored in a backup vault.
*/ NumberOfRecoveryPoints?: number; + + /** + *A Boolean that indicates whether Backup Vault Lock is currently protecting
+ * the backup vault. True
means that Vault Lock causes delete or update
+ * operations on the recovery points stored in the vault to fail.
The Backup Vault Lock setting that specifies the minimum retention period + * that the vault retains its recovery points. If this parameter is not specified, Vault Lock + * does not enforce a minimum retention period.
+ *If specified, any backup or copy job to the vault must have a lifecycle policy with a + * retention period equal to or longer than the minimum retention period. If the job's + * retention period is shorter than that minimum retention period, then the vault fails the + * backup or copy job, and you should either modify your lifecycle settings or use a different + * vault. Recovery points already stored in the vault prior to Vault Lock are not + * affected.
+ */ + MinRetentionDays?: number; + + /** + *The Backup Vault Lock setting that specifies the maximum retention period + * that the vault retains its recovery points. If this parameter is not specified, Vault Lock + * does not enforce a maximum retention period on the recovery points in the vault (allowing + * indefinite storage).
+ *If specified, any backup or copy job to the vault must have a lifecycle policy with a + * retention period equal to or shorter than the maximum retention period. If the job's + * retention period is longer than that maximum retention period, then the vault fails the + * backup or copy job, and you should either modify your lifecycle settings or use a different + * vault. Recovery points already stored in the vault prior to Vault Lock are not + * affected.
+ */ + MaxRetentionDays?: number; + + /** + *The date and time when Backup Vault Lock configuration cannot be changed or + * deleted.
+ *If you applied Vault Lock to your vault without specifying a lock date, you can change + * any of your Vault Lock settings, or delete Vault Lock from the vault entirely, at any + * time.
+ *This value is in Unix format, Coordinated Universal Time (UTC), and accurate to + * milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 + * 12:11:30.087 AM.
+ */ + LockDate?: Date; } export namespace DescribeBackupVaultOutput { @@ -2652,7 +2788,8 @@ export interface ReportJob { *Identifies the report template for the report. Reports are built using a report * template. The report templates are:
*
- * BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT
+ * RESOURCE_COMPLIANCE_REPORT | CONTROL_COMPLIANCE_REPORT | BACKUP_JOB_REPORT |
+ * COPY_JOB_REPORT | RESTORE_JOB_REPORT
*
Identifies the report template for the report. Reports are built using a report * template. The report templates are:
*
- * BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT
+ * RESOURCE_COMPLIANCE_REPORT | CONTROL_COMPLIANCE_REPORT | BACKUP_JOB_REPORT |
+ * COPY_JOB_REPORT | RESTORE_JOB_REPORT
*
If the report template is RESOURCE_COMPLIANCE_REPORT
or
+ * CONTROL_COMPLIANCE_REPORT
, this API resource also describes the report
+ * coverage by Amazon Web Services Regions and frameworks.
+ * Aurora
for Amazon Aurora
* DynamoDB
for Amazon DynamoDB
- * RDS
for Amazon Relational Database Service
FSX
for Amazon FSx
*
- * Aurora
for Amazon Aurora
RDS
for Amazon Relational Database Service
* @@ -4830,6 +4975,73 @@ export namespace PutBackupVaultAccessPolicyInput { }); } +export interface PutBackupVaultLockConfigurationInput { + /** + *
The Backup Vault Lock configuration that specifies the name of the backup + * vault it protects.
+ */ + BackupVaultName: string | undefined; + + /** + *The Backup Vault Lock configuration that specifies the minimum retention + * period that the vault retains its recovery points. This setting can be useful if, for + * example, your organization's policies require you to retain certain data for at least seven + * years (2555 days).
+ *If this parameter is not specified, Vault Lock will not enforce a minimum retention + * period.
+ *If this parameter is specified, any backup or copy job to the vault must have a + * lifecycle policy with a retention period equal to or longer than the minimum retention + * period. If the job's retention period is shorter than that minimum retention period, then + * the vault fails that backup or copy job, and you should either modify your lifecycle + * settings or use a different vault. Recovery points already saved in the vault prior to + * Vault Lock are not affected.
+ */ + MinRetentionDays?: number; + + /** + *The Backup Vault Lock configuration that specifies the maximum retention + * period that the vault retains its recovery points. This setting can be useful if, for + * example, your organization's policies require you to destroy certain data after retaining + * it for four years (1460 days).
+ *If this parameter is not included, Vault Lock does not enforce a maximum retention + * period on the recovery points in the vault. If this parameter is included without a value, + * Vault Lock will not enforce a maximum retention period.
+ *If this parameter is specified, any backup or copy job to the vault must have a + * lifecycle policy with a retention period equal to or shorter than the maximum retention + * period. If the job's retention period is longer than that maximum retention period, then + * the vault fails the backup or copy job, and you should either modify your lifecycle + * settings or use a different vault. Recovery points already saved in the vault prior to + * Vault Lock are not affected.
+ */ + MaxRetentionDays?: number; + + /** + *The Backup Vault Lock configuration that specifies the number of days before
+ * the lock date. For example, setting ChangeableForDays
to 30 on Jan. 1, 2022 at
+ * 8pm UTC will set the lock date to Jan. 31, 2022 at 8pm UTC.
Backup enforces a 72-hour cooling-off period before Vault Lock takes effect
+ * and becomes immutable. Therefore, you must set ChangeableForDays
to 3 or
+ * greater.
Before the lock date, you can delete Vault Lock from the vault using
+ * DeleteBackupVaultLockConfiguration
or change the Vault Lock configuration
+ * using PutBackupVaultLockConfiguration
. On and after the lock date, the Vault
+ * Lock becomes immutable and cannot be changed or deleted.
If this parameter is not specified, you can delete Vault Lock from the vault using
+ * DeleteBackupVaultLockConfiguration
or change the Vault Lock configuration
+ * using PutBackupVaultLockConfiguration
at any time.
The name of a logical container where backups are stored. Backup vaults are identified @@ -5569,8 +5781,12 @@ export interface UpdateReportPlanInput { *
Identifies the report template for the report. Reports are built using a report * template. The report templates are:
*
- * BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT
+ * RESOURCE_COMPLIANCE_REPORT | CONTROL_COMPLIANCE_REPORT | BACKUP_JOB_REPORT |
+ * COPY_JOB_REPORT | RESTORE_JOB_REPORT
*
If the report template is RESOURCE_COMPLIANCE_REPORT
or
+ * CONTROL_COMPLIANCE_REPORT
, this API resource also describes the report
+ * coverage by Amazon Web Services Regions and frameworks.
The audio artifact configuration object.
+ */ +export interface AudioArtifactsConfiguration { + /** + *The MUX type of the audio artifact configuration object.
+ */ + MuxType: AudioMuxType | string | undefined; +} + +export namespace AudioArtifactsConfiguration { + /** + * @internal + */ + export const filterSensitiveLog = (obj: AudioArtifactsConfiguration): any => ({ + ...obj, + }); +} + +export enum ContentMuxType { + ContentOnly = "ContentOnly", +} + +export enum ArtifactsState { + Disabled = "Disabled", + Enabled = "Enabled", +} + +/** + *The content artifact object.
+ */ +export interface ContentArtifactsConfiguration { + /** + *Indicates whether the content artifact is enabled or disabled.
+ */ + State: ArtifactsState | string | undefined; + + /** + *The MUX type of the artifact configuration.
+ */ + MuxType?: ContentMuxType | string; +} + +export namespace ContentArtifactsConfiguration { + /** + * @internal + */ + export const filterSensitiveLog = (obj: ContentArtifactsConfiguration): any => ({ + ...obj, + }); +} + +export enum VideoMuxType { + VideoOnly = "VideoOnly", +} + +/** + *The video artifact configuration object.
+ */ +export interface VideoArtifactsConfiguration { + /** + *Indicates whether the video artifact is enabled or disabled.
+ */ + State: ArtifactsState | string | undefined; + + /** + *The MUX type of the video artifact configuration object.
+ */ + MuxType?: VideoMuxType | string; +} + +export namespace VideoArtifactsConfiguration { + /** + * @internal + */ + export const filterSensitiveLog = (obj: VideoArtifactsConfiguration): any => ({ + ...obj, + }); +} + +/** + *The configuration for the artifacts.
+ */ +export interface ArtifactsConfiguration { + /** + *The configuration for the audio artifacts.
+ */ + Audio: AudioArtifactsConfiguration | undefined; + + /** + *The configuration for the video artifacts.
+ */ + Video: VideoArtifactsConfiguration | undefined; + + /** + *The configuration for the content artifacts.
+ */ + Content: ContentArtifactsConfiguration | undefined; +} + +export namespace ArtifactsConfiguration { + /** + * @internal + */ + export const filterSensitiveLog = (obj: ArtifactsConfiguration): any => ({ + ...obj, + }); +} + export interface AssociatePhoneNumbersWithVoiceConnectorRequest { /** *The Amazon Chime Voice Connector ID.
@@ -2125,6 +2239,80 @@ export namespace ChannelModeratorSummary { }); } +/** + *The video streams to capture for a specified media capture pipeline. The total number of video streams can't exceed 25.
+ */ +export interface SelectedVideoStreams { + /** + *The attendee IDs of the streams selected for a media capture pipeline.
+ */ + AttendeeIds?: string[]; + + /** + *The external user IDs of the streams selected for a media capture pipeline.
+ */ + ExternalUserIds?: string[]; +} + +export namespace SelectedVideoStreams { + /** + * @internal + */ + export const filterSensitiveLog = (obj: SelectedVideoStreams): any => ({ + ...obj, + ...(obj.ExternalUserIds && { ExternalUserIds: SENSITIVE_STRING }), + }); +} + +/** + *Source configuration for a specified media capture pipeline.
+ */ +export interface SourceConfiguration { + /** + *The selected video streams to capture for a specified media capture pipeline. The number of video streams can't exceed 25.
+ */ + SelectedVideoStreams?: SelectedVideoStreams; +} + +export namespace SourceConfiguration { + /** + * @internal + */ + export const filterSensitiveLog = (obj: SourceConfiguration): any => ({ + ...obj, + ...(obj.SelectedVideoStreams && { + SelectedVideoStreams: SelectedVideoStreams.filterSensitiveLog(obj.SelectedVideoStreams), + }), + }); +} + +/** + *The configuration object of the Amazon Chime SDK meeting for a specified media capture pipeline. SourceType
must be ChimeSdkMeeting
.
The source configuration for a specified media capture pipline.
+ */ + SourceConfiguration?: SourceConfiguration; + + /** + *The configuration for the artifacts in an Amazon Chime SDK meeting.
+ */ + ArtifactsConfiguration?: ArtifactsConfiguration; +} + +export namespace ChimeSdkMeetingConfiguration { + /** + * @internal + */ + export const filterSensitiveLog = (obj: ChimeSdkMeetingConfiguration): any => ({ + ...obj, + ...(obj.SourceConfiguration && { + SourceConfiguration: SourceConfiguration.filterSensitiveLog(obj.SourceConfiguration), + }), + }); +} + /** *The request could not be processed because of conflict in the current state of the * resource.
@@ -2704,6 +2892,11 @@ export interface CreateMediaCapturePipelineRequest { *The token assigned to the client making the pipeline request.
*/ ClientRequestToken?: string; + + /** + *The configuration for a specified media capture pipeline. SourceType
must be ChimeSdkMeeting
.
A media capture pipeline object. A string consisting of an ID, source type, a source ARN, a sink type, and a sink ARN.
+ *A media capture pipeline object consisting of an ID, source type, source ARN, a sink type, a sink ARN, and a configuration object.
*/ export interface MediaCapturePipeline { /** @@ -2769,6 +2965,11 @@ export interface MediaCapturePipeline { *The time at which the capture pipeline was updated, in ISO 8601 format.
*/ UpdatedTimestamp?: Date; + + /** + *The configuration for a specified media capture pipeline. SourceType
must be ChimeSdkMeeting
.
The URL of the S3 bucket used to store the captured media.
+ *The event ingestion URL.
*/ EventIngestionUrl?: string; } @@ -6686,214 +6890,3 @@ export namespace GetSipMediaApplicationRequest { ...obj, }); } - -export interface GetSipMediaApplicationResponse { - /** - *The SIP media application details.
- */ - SipMediaApplication?: SipMediaApplication; -} - -export namespace GetSipMediaApplicationResponse { - /** - * @internal - */ - export const filterSensitiveLog = (obj: GetSipMediaApplicationResponse): any => ({ - ...obj, - ...(obj.SipMediaApplication && { - SipMediaApplication: SipMediaApplication.filterSensitiveLog(obj.SipMediaApplication), - }), - }); -} - -export interface GetSipMediaApplicationLoggingConfigurationRequest { - /** - *The SIP media application ID.
- */ - SipMediaApplicationId: string | undefined; -} - -export namespace GetSipMediaApplicationLoggingConfigurationRequest { - /** - * @internal - */ - export const filterSensitiveLog = (obj: GetSipMediaApplicationLoggingConfigurationRequest): any => ({ - ...obj, - }); -} - -/** - *Logging configuration of the SIP media application.
- */ -export interface SipMediaApplicationLoggingConfiguration { - /** - *Enables application message logs for the SIP media application.
- */ - EnableSipMediaApplicationMessageLogs?: boolean; -} - -export namespace SipMediaApplicationLoggingConfiguration { - /** - * @internal - */ - export const filterSensitiveLog = (obj: SipMediaApplicationLoggingConfiguration): any => ({ - ...obj, - }); -} - -export interface GetSipMediaApplicationLoggingConfigurationResponse { - /** - *The actual logging configuration.
- */ - SipMediaApplicationLoggingConfiguration?: SipMediaApplicationLoggingConfiguration; -} - -export namespace GetSipMediaApplicationLoggingConfigurationResponse { - /** - * @internal - */ - export const filterSensitiveLog = (obj: GetSipMediaApplicationLoggingConfigurationResponse): any => ({ - ...obj, - }); -} - -export interface GetSipRuleRequest { - /** - *The SIP rule ID.
- */ - SipRuleId: string | undefined; -} - -export namespace GetSipRuleRequest { - /** - * @internal - */ - export const filterSensitiveLog = (obj: GetSipRuleRequest): any => ({ - ...obj, - }); -} - -export interface GetSipRuleResponse { - /** - *The SIP rule details.
- */ - SipRule?: SipRule; -} - -export namespace GetSipRuleResponse { - /** - * @internal - */ - export const filterSensitiveLog = (obj: GetSipRuleResponse): any => ({ - ...obj, - }); -} - -export interface GetUserRequest { - /** - *The Amazon Chime account ID.
- */ - AccountId: string | undefined; - - /** - *The user ID.
- */ - UserId: string | undefined; -} - -export namespace GetUserRequest { - /** - * @internal - */ - export const filterSensitiveLog = (obj: GetUserRequest): any => ({ - ...obj, - }); -} - -export interface GetUserResponse { - /** - *The user details.
- */ - User?: User; -} - -export namespace GetUserResponse { - /** - * @internal - */ - export const filterSensitiveLog = (obj: GetUserResponse): any => ({ - ...obj, - ...(obj.User && { User: User.filterSensitiveLog(obj.User) }), - }); -} - -export interface GetUserSettingsRequest { - /** - *The Amazon Chime account ID.
- */ - AccountId: string | undefined; - - /** - *The user ID.
- */ - UserId: string | undefined; -} - -export namespace GetUserSettingsRequest { - /** - * @internal - */ - export const filterSensitiveLog = (obj: GetUserSettingsRequest): any => ({ - ...obj, - }); -} - -/** - *Settings that allow management of telephony permissions for an Amazon Chime user, such as - * inbound and outbound calling and text messaging.
- */ -export interface TelephonySettings { - /** - *Allows or denies inbound calling.
- */ - InboundCalling: boolean | undefined; - - /** - *Allows or denies outbound calling.
- */ - OutboundCalling: boolean | undefined; - - /** - *Allows or denies SMS messaging.
- */ - SMS: boolean | undefined; -} - -export namespace TelephonySettings { - /** - * @internal - */ - export const filterSensitiveLog = (obj: TelephonySettings): any => ({ - ...obj, - }); -} - -/** - *Settings associated with an Amazon Chime user, including inbound and outbound calling and text - * messaging.
- */ -export interface UserSettings { - /** - *The telephony settings associated with the user.
- */ - Telephony: TelephonySettings | undefined; -} - -export namespace UserSettings { - /** - * @internal - */ - export const filterSensitiveLog = (obj: UserSettings): any => ({ - ...obj, - }); -} diff --git a/clients/client-chime/src/models/models_1.ts b/clients/client-chime/src/models/models_1.ts index b021fe87cc28..e04c8691da3a 100644 --- a/clients/client-chime/src/models/models_1.ts +++ b/clients/client-chime/src/models/models_1.ts @@ -50,12 +50,10 @@ import { SipMediaApplication, SipMediaApplicationCall, SipMediaApplicationEndpoint, - SipMediaApplicationLoggingConfiguration, SipRule, SipRuleTargetApplication, Tag, User, - UserSettings, UserType, VoiceConnector, VoiceConnectorGroup, @@ -63,6 +61,217 @@ import { VoiceConnectorSettings, } from "./models_0"; +export interface GetSipMediaApplicationResponse { + /** + *The SIP media application details.
+ */ + SipMediaApplication?: SipMediaApplication; +} + +export namespace GetSipMediaApplicationResponse { + /** + * @internal + */ + export const filterSensitiveLog = (obj: GetSipMediaApplicationResponse): any => ({ + ...obj, + ...(obj.SipMediaApplication && { + SipMediaApplication: SipMediaApplication.filterSensitiveLog(obj.SipMediaApplication), + }), + }); +} + +export interface GetSipMediaApplicationLoggingConfigurationRequest { + /** + *The SIP media application ID.
+ */ + SipMediaApplicationId: string | undefined; +} + +export namespace GetSipMediaApplicationLoggingConfigurationRequest { + /** + * @internal + */ + export const filterSensitiveLog = (obj: GetSipMediaApplicationLoggingConfigurationRequest): any => ({ + ...obj, + }); +} + +/** + *Logging configuration of the SIP media application.
+ */ +export interface SipMediaApplicationLoggingConfiguration { + /** + *Enables application message logs for the SIP media application.
+ */ + EnableSipMediaApplicationMessageLogs?: boolean; +} + +export namespace SipMediaApplicationLoggingConfiguration { + /** + * @internal + */ + export const filterSensitiveLog = (obj: SipMediaApplicationLoggingConfiguration): any => ({ + ...obj, + }); +} + +export interface GetSipMediaApplicationLoggingConfigurationResponse { + /** + *The actual logging configuration.
+ */ + SipMediaApplicationLoggingConfiguration?: SipMediaApplicationLoggingConfiguration; +} + +export namespace GetSipMediaApplicationLoggingConfigurationResponse { + /** + * @internal + */ + export const filterSensitiveLog = (obj: GetSipMediaApplicationLoggingConfigurationResponse): any => ({ + ...obj, + }); +} + +export interface GetSipRuleRequest { + /** + *The SIP rule ID.
+ */ + SipRuleId: string | undefined; +} + +export namespace GetSipRuleRequest { + /** + * @internal + */ + export const filterSensitiveLog = (obj: GetSipRuleRequest): any => ({ + ...obj, + }); +} + +export interface GetSipRuleResponse { + /** + *The SIP rule details.
+ */ + SipRule?: SipRule; +} + +export namespace GetSipRuleResponse { + /** + * @internal + */ + export const filterSensitiveLog = (obj: GetSipRuleResponse): any => ({ + ...obj, + }); +} + +export interface GetUserRequest { + /** + *The Amazon Chime account ID.
+ */ + AccountId: string | undefined; + + /** + *The user ID.
+ */ + UserId: string | undefined; +} + +export namespace GetUserRequest { + /** + * @internal + */ + export const filterSensitiveLog = (obj: GetUserRequest): any => ({ + ...obj, + }); +} + +export interface GetUserResponse { + /** + *The user details.
+ */ + User?: User; +} + +export namespace GetUserResponse { + /** + * @internal + */ + export const filterSensitiveLog = (obj: GetUserResponse): any => ({ + ...obj, + ...(obj.User && { User: User.filterSensitiveLog(obj.User) }), + }); +} + +export interface GetUserSettingsRequest { + /** + *The Amazon Chime account ID.
+ */ + AccountId: string | undefined; + + /** + *The user ID.
+ */ + UserId: string | undefined; +} + +export namespace GetUserSettingsRequest { + /** + * @internal + */ + export const filterSensitiveLog = (obj: GetUserSettingsRequest): any => ({ + ...obj, + }); +} + +/** + *Settings that allow management of telephony permissions for an Amazon Chime user, such as + * inbound and outbound calling and text messaging.
+ */ +export interface TelephonySettings { + /** + *Allows or denies inbound calling.
+ */ + InboundCalling: boolean | undefined; + + /** + *Allows or denies outbound calling.
+ */ + OutboundCalling: boolean | undefined; + + /** + *Allows or denies SMS messaging.
+ */ + SMS: boolean | undefined; +} + +export namespace TelephonySettings { + /** + * @internal + */ + export const filterSensitiveLog = (obj: TelephonySettings): any => ({ + ...obj, + }); +} + +/** + *Settings associated with an Amazon Chime user, including inbound and outbound calling and text + * messaging.
+ */ +export interface UserSettings { + /** + *The telephony settings associated with the user.
+ */ + Telephony: TelephonySettings | undefined; +} + +export namespace UserSettings { + /** + * @internal + */ + export const filterSensitiveLog = (obj: UserSettings): any => ({ + ...obj, + }); +} + export interface GetUserSettingsResponse { /** *The user settings.
@@ -3745,12 +3954,12 @@ export interface UpdateGlobalSettingsRequest { /** *The Amazon Chime Business Calling settings.
*/ - BusinessCalling: BusinessCallingSettings | undefined; + BusinessCalling?: BusinessCallingSettings; /** *The Amazon Chime Voice Connector settings.
*/ - VoiceConnector: VoiceConnectorSettings | undefined; + VoiceConnector?: VoiceConnectorSettings; } export namespace UpdateGlobalSettingsRequest { diff --git a/clients/client-chime/src/protocols/Aws_restJson1.ts b/clients/client-chime/src/protocols/Aws_restJson1.ts index d48582f0f55a..e266f76c8eee 100644 --- a/clients/client-chime/src/protocols/Aws_restJson1.ts +++ b/clients/client-chime/src/protocols/Aws_restJson1.ts @@ -569,7 +569,9 @@ import { AppInstanceUser, AppInstanceUserMembershipSummary, AppInstanceUserSummary, + ArtifactsConfiguration, Attendee, + AudioArtifactsConfiguration, BadRequestException, BatchChannelMemberships, BatchCreateChannelMembershipError, @@ -589,7 +591,9 @@ import { ChannelModeratorSummary, ChannelRetentionSettings, ChannelSummary, + ChimeSdkMeetingConfiguration, ConflictException, + ContentArtifactsConfiguration, ConversationRetentionSettings, CreateAttendeeError, CreateAttendeeRequestItem, @@ -626,17 +630,17 @@ import { Room, RoomMembership, RoomRetentionSettings, + SelectedVideoStreams, ServiceFailureException, ServiceUnavailableException, SigninDelegateGroup, SipMediaApplication, SipMediaApplicationCall, SipMediaApplicationEndpoint, - SipMediaApplicationLoggingConfiguration, SipRule, SipRuleTargetApplication, + SourceConfiguration, Tag, - TelephonySettings, ThrottledClientException, UnauthorizedClientException, UnprocessableEntityException, @@ -644,7 +648,7 @@ import { UpdateUserRequestItem, User, UserError, - UserSettings, + VideoArtifactsConfiguration, VoiceConnector, VoiceConnectorGroup, VoiceConnectorItem, @@ -657,11 +661,14 @@ import { OriginationRoute, PhoneNumberCountry, Proxy, + SipMediaApplicationLoggingConfiguration, StreamingConfiguration, StreamingNotificationTarget, + TelephonySettings, Termination, TerminationHealth, TranscriptionConfiguration, + UserSettings, } from "../models/models_1"; export const serializeAws_restJson1AssociatePhoneNumbersWithVoiceConnectorCommand = async ( @@ -1551,6 +1558,13 @@ export const serializeAws_restJson1CreateMediaCapturePipelineCommand = async ( `${basePath?.endsWith("/") ? basePath.slice(0, -1) : basePath || ""}` + "/media-capture-pipelines"; let body: any; body = JSON.stringify({ + ...(input.ChimeSdkMeetingConfiguration !== undefined && + input.ChimeSdkMeetingConfiguration !== null && { + ChimeSdkMeetingConfiguration: serializeAws_restJson1ChimeSdkMeetingConfiguration( + input.ChimeSdkMeetingConfiguration, + context + ), + }), ClientRequestToken: input.ClientRequestToken ?? generateIdempotencyToken(), ...(input.SinkArn !== undefined && input.SinkArn !== null && { SinkArn: input.SinkArn }), ...(input.SinkType !== undefined && input.SinkType !== null && { SinkType: input.SinkType }), @@ -26134,6 +26148,14 @@ const deserializeAws_restJson1UpdatePhoneNumberCommandError = async ( $metadata: deserializeMetadata(output), }; break; + case "ConflictException": + case "com.amazonaws.chime#ConflictException": + response = { + ...(await deserializeAws_restJson1ConflictExceptionResponse(parsedOutput, context)), + name: errorCode, + $metadata: deserializeMetadata(output), + }; + break; case "ForbiddenException": case "com.amazonaws.chime#ForbiddenException": response = { @@ -27650,6 +27672,30 @@ const serializeAws_restJson1AppInstanceStreamingConfigurationList = ( }); }; +const serializeAws_restJson1ArtifactsConfiguration = (input: ArtifactsConfiguration, context: __SerdeContext): any => { + return { + ...(input.Audio !== undefined && + input.Audio !== null && { Audio: serializeAws_restJson1AudioArtifactsConfiguration(input.Audio, context) }), + ...(input.Content !== undefined && + input.Content !== null && { + Content: serializeAws_restJson1ContentArtifactsConfiguration(input.Content, context), + }), + ...(input.Video !== undefined && + input.Video !== null && { Video: serializeAws_restJson1VideoArtifactsConfiguration(input.Video, context) }), + }; +}; + +const serializeAws_restJson1AttendeeIdList = (input: string[], context: __SerdeContext): any => { + return input + .filter((e: any) => e != null) + .map((entry) => { + if (entry === null) { + return null as any; + } + return entry; + }); +}; + const serializeAws_restJson1AttendeeTagKeyList = (input: string[], context: __SerdeContext): any => { return input .filter((e: any) => e != null) @@ -27672,6 +27718,15 @@ const serializeAws_restJson1AttendeeTagList = (input: Tag[], context: __SerdeCon }); }; +const serializeAws_restJson1AudioArtifactsConfiguration = ( + input: AudioArtifactsConfiguration, + context: __SerdeContext +): any => { + return { + ...(input.MuxType !== undefined && input.MuxType !== null && { MuxType: input.MuxType }), + }; +}; + const serializeAws_restJson1BusinessCallingSettings = ( input: BusinessCallingSettings, context: __SerdeContext @@ -27712,6 +27767,32 @@ const serializeAws_restJson1ChannelRetentionSettings = ( }; }; +const serializeAws_restJson1ChimeSdkMeetingConfiguration = ( + input: ChimeSdkMeetingConfiguration, + context: __SerdeContext +): any => { + return { + ...(input.ArtifactsConfiguration !== undefined && + input.ArtifactsConfiguration !== null && { + ArtifactsConfiguration: serializeAws_restJson1ArtifactsConfiguration(input.ArtifactsConfiguration, context), + }), + ...(input.SourceConfiguration !== undefined && + input.SourceConfiguration !== null && { + SourceConfiguration: serializeAws_restJson1SourceConfiguration(input.SourceConfiguration, context), + }), + }; +}; + +const serializeAws_restJson1ContentArtifactsConfiguration = ( + input: ContentArtifactsConfiguration, + context: __SerdeContext +): any => { + return { + ...(input.MuxType !== undefined && input.MuxType !== null && { MuxType: input.MuxType }), + ...(input.State !== undefined && input.State !== null && { State: input.State }), + }; +}; + const serializeAws_restJson1ConversationRetentionSettings = ( input: ConversationRetentionSettings, context: __SerdeContext @@ -27871,6 +27952,17 @@ const serializeAws_restJson1EngineTranscribeSettings = ( }; }; +const serializeAws_restJson1ExternalUserIdList = (input: string[], context: __SerdeContext): any => { + return input + .filter((e: any) => e != null) + .map((entry) => { + if (entry === null) { + return null as any; + } + return entry; + }); +}; + const serializeAws_restJson1GeoMatchParams = (input: GeoMatchParams, context: __SerdeContext): any => { return { ...(input.AreaCode !== undefined && input.AreaCode !== null && { AreaCode: input.AreaCode }), @@ -28018,6 +28110,17 @@ const serializeAws_restJson1RoomRetentionSettings = (input: RoomRetentionSetting }; }; +const serializeAws_restJson1SelectedVideoStreams = (input: SelectedVideoStreams, context: __SerdeContext): any => { + return { + ...(input.AttendeeIds !== undefined && + input.AttendeeIds !== null && { AttendeeIds: serializeAws_restJson1AttendeeIdList(input.AttendeeIds, context) }), + ...(input.ExternalUserIds !== undefined && + input.ExternalUserIds !== null && { + ExternalUserIds: serializeAws_restJson1ExternalUserIdList(input.ExternalUserIds, context), + }), + }; +}; + const serializeAws_restJson1SensitiveStringList = (input: string[], context: __SerdeContext): any => { return input .filter((e: any) => e != null) @@ -28134,6 +28237,15 @@ const serializeAws_restJson1SMAUpdateCallArgumentsMap = ( }, {}); }; +const serializeAws_restJson1SourceConfiguration = (input: SourceConfiguration, context: __SerdeContext): any => { + return { + ...(input.SelectedVideoStreams !== undefined && + input.SelectedVideoStreams !== null && { + SelectedVideoStreams: serializeAws_restJson1SelectedVideoStreams(input.SelectedVideoStreams, context), + }), + }; +}; + const serializeAws_restJson1StreamingConfiguration = (input: StreamingConfiguration, context: __SerdeContext): any => { return { ...(input.DataRetentionInHours !== undefined && @@ -28345,6 +28457,16 @@ const serializeAws_restJson1UserSettings = (input: UserSettings, context: __Serd }; }; +const serializeAws_restJson1VideoArtifactsConfiguration = ( + input: VideoArtifactsConfiguration, + context: __SerdeContext +): any => { + return { + ...(input.MuxType !== undefined && input.MuxType !== null && { MuxType: input.MuxType }), + ...(input.State !== undefined && input.State !== null && { State: input.State }), + }; +}; + const serializeAws_restJson1VoiceConnectorItem = (input: VoiceConnectorItem, context: __SerdeContext): any => { return { ...(input.Priority !== undefined && input.Priority !== null && { Priority: input.Priority }), @@ -28586,6 +28708,26 @@ const deserializeAws_restJson1AppInstanceUserSummary = ( } as any; }; +const deserializeAws_restJson1ArtifactsConfiguration = ( + output: any, + context: __SerdeContext +): ArtifactsConfiguration => { + return { + Audio: + output.Audio !== undefined && output.Audio !== null + ? deserializeAws_restJson1AudioArtifactsConfiguration(output.Audio, context) + : undefined, + Content: + output.Content !== undefined && output.Content !== null + ? deserializeAws_restJson1ContentArtifactsConfiguration(output.Content, context) + : undefined, + Video: + output.Video !== undefined && output.Video !== null + ? deserializeAws_restJson1VideoArtifactsConfiguration(output.Video, context) + : undefined, + } as any; +}; + const deserializeAws_restJson1Attendee = (output: any, context: __SerdeContext): Attendee => { return { AttendeeId: __expectString(output.AttendeeId), @@ -28594,6 +28736,17 @@ const deserializeAws_restJson1Attendee = (output: any, context: __SerdeContext): } as any; }; +const deserializeAws_restJson1AttendeeIdList = (output: any, context: __SerdeContext): string[] => { + return (output || []) + .filter((e: any) => e != null) + .map((entry: any) => { + if (entry === null) { + return null as any; + } + return __expectString(entry) as any; + }); +}; + const deserializeAws_restJson1AttendeeList = (output: any, context: __SerdeContext): Attendee[] => { return (output || []) .filter((e: any) => e != null) @@ -28605,6 +28758,15 @@ const deserializeAws_restJson1AttendeeList = (output: any, context: __SerdeConte }); }; +const deserializeAws_restJson1AudioArtifactsConfiguration = ( + output: any, + context: __SerdeContext +): AudioArtifactsConfiguration => { + return { + MuxType: __expectString(output.MuxType), + } as any; +}; + const deserializeAws_restJson1BatchChannelMemberships = ( output: any, context: __SerdeContext @@ -29039,6 +29201,32 @@ const deserializeAws_restJson1ChannelSummaryList = (output: any, context: __Serd }); }; +const deserializeAws_restJson1ChimeSdkMeetingConfiguration = ( + output: any, + context: __SerdeContext +): ChimeSdkMeetingConfiguration => { + return { + ArtifactsConfiguration: + output.ArtifactsConfiguration !== undefined && output.ArtifactsConfiguration !== null + ? deserializeAws_restJson1ArtifactsConfiguration(output.ArtifactsConfiguration, context) + : undefined, + SourceConfiguration: + output.SourceConfiguration !== undefined && output.SourceConfiguration !== null + ? deserializeAws_restJson1SourceConfiguration(output.SourceConfiguration, context) + : undefined, + } as any; +}; + +const deserializeAws_restJson1ContentArtifactsConfiguration = ( + output: any, + context: __SerdeContext +): ContentArtifactsConfiguration => { + return { + MuxType: __expectString(output.MuxType), + State: __expectString(output.State), + } as any; +}; + const deserializeAws_restJson1ConversationRetentionSettings = ( output: any, context: __SerdeContext @@ -29112,6 +29300,17 @@ const deserializeAws_restJson1EventsConfiguration = (output: any, context: __Ser } as any; }; +const deserializeAws_restJson1ExternalUserIdList = (output: any, context: __SerdeContext): string[] => { + return (output || []) + .filter((e: any) => e != null) + .map((entry: any) => { + if (entry === null) { + return null as any; + } + return __expectString(entry) as any; + }); +}; + const deserializeAws_restJson1GeoMatchParams = (output: any, context: __SerdeContext): GeoMatchParams => { return { AreaCode: __expectString(output.AreaCode), @@ -29165,6 +29364,10 @@ const deserializeAws_restJson1LoggingConfiguration = (output: any, context: __Se const deserializeAws_restJson1MediaCapturePipeline = (output: any, context: __SerdeContext): MediaCapturePipeline => { return { + ChimeSdkMeetingConfiguration: + output.ChimeSdkMeetingConfiguration !== undefined && output.ChimeSdkMeetingConfiguration !== null + ? deserializeAws_restJson1ChimeSdkMeetingConfiguration(output.ChimeSdkMeetingConfiguration, context) + : undefined, CreatedTimestamp: output.CreatedTimestamp !== undefined && output.CreatedTimestamp !== null ? __expectNonNull(__parseRfc3339DateTime(output.CreatedTimestamp)) @@ -29655,6 +29858,19 @@ const deserializeAws_restJson1RoomRetentionSettings = (output: any, context: __S } as any; }; +const deserializeAws_restJson1SelectedVideoStreams = (output: any, context: __SerdeContext): SelectedVideoStreams => { + return { + AttendeeIds: + output.AttendeeIds !== undefined && output.AttendeeIds !== null + ? deserializeAws_restJson1AttendeeIdList(output.AttendeeIds, context) + : undefined, + ExternalUserIds: + output.ExternalUserIds !== undefined && output.ExternalUserIds !== null + ? deserializeAws_restJson1ExternalUserIdList(output.ExternalUserIds, context) + : undefined, + } as any; +}; + const deserializeAws_restJson1SensitiveStringList = (output: any, context: __SerdeContext): string[] => { return (output || []) .filter((e: any) => e != null) @@ -29819,6 +30035,15 @@ const deserializeAws_restJson1SipRuleTargetApplicationList = ( }); }; +const deserializeAws_restJson1SourceConfiguration = (output: any, context: __SerdeContext): SourceConfiguration => { + return { + SelectedVideoStreams: + output.SelectedVideoStreams !== undefined && output.SelectedVideoStreams !== null + ? deserializeAws_restJson1SelectedVideoStreams(output.SelectedVideoStreams, context) + : undefined, + } as any; +}; + const deserializeAws_restJson1StreamingConfiguration = ( output: any, context: __SerdeContext @@ -29985,6 +30210,16 @@ const deserializeAws_restJson1UserSettings = (output: any, context: __SerdeConte } as any; }; +const deserializeAws_restJson1VideoArtifactsConfiguration = ( + output: any, + context: __SerdeContext +): VideoArtifactsConfiguration => { + return { + MuxType: __expectString(output.MuxType), + State: __expectString(output.State), + } as any; +}; + const deserializeAws_restJson1VoiceConnector = (output: any, context: __SerdeContext): VoiceConnector => { return { AwsRegion: __expectString(output.AwsRegion), diff --git a/clients/client-codebuild/src/models/models_0.ts b/clients/client-codebuild/src/models/models_0.ts index 73565e9dc5c1..5a4097dccfcb 100644 --- a/clients/client-codebuild/src/models/models_0.ts +++ b/clients/client-codebuild/src/models/models_0.ts @@ -247,6 +247,11 @@ export namespace BuildArtifacts { }); } +export enum BatchReportModeType { + REPORT_AGGREGATED_BATCH = "REPORT_AGGREGATED_BATCH", + REPORT_INDIVIDUAL_BUILDS = "REPORT_INDIVIDUAL_BUILDS", +} + /** *Specifies restrictions for the batch build.
*/ @@ -299,6 +304,23 @@ export interface ProjectBuildBatchConfig { *Specifies the maximum amount of time, in minutes, that the batch build must be completed in.
*/ timeoutInMins?: number; + + /** + *Specifies how build status reports are sent to the source provider for the batch build. This property is only used + * when the source provider for your project is Bitbucket, GitHub, or GitHub Enterprise, + * and your project is configured to report build statuses to the source provider.
+ *(Default) Aggregate all of the build statuses into a single status report.
+ *Send a separate status report for each individual build.
+ *The order to list results in. The results are sorted by build number, not the build - * identifier.
+ *The order to sort the results in. The results are sorted by build number, not the build + * identifier. If this is not specified, the results are sorted in descending order.
*Valid values include:
*
- * ASCENDING
: List the build IDs in ascending order by build
- * ID.
ASCENDING
: List the build identifiers in ascending order, by build number.
*
- * DESCENDING
: List the build IDs in descending order by build
- * ID.
DESCENDING
: List the build identifiers in descending order, by build number.
* If the project has more than 100 builds, setting the sort order will result in an @@ -5211,7 +5231,7 @@ export namespace ListBuildsForProjectInput { export interface ListBuildsForProjectOutput { /** - *
A list of build IDs for the specified build project, with each build ID representing a + *
A list of build identifiers for the specified build project, with each build ID representing a * single build.
*/ ids?: string[]; @@ -6804,7 +6824,7 @@ export interface UpdateProjectInput { artifacts?: ProjectArtifacts; /** - * An array of ProjectSource
objects.
An array of ProjectArtifact
objects.
Cancels one or more Capacity Reservation Fleets. When you cancel a Capacity Reservation + * Fleet, the following happens:
+ *The Capacity Reservation Fleet's status changes to cancelled
.
The individual Capacity Reservations in the Fleet are cancelled. Instances running + * in the Capacity Reservations at the time of cancelling the Fleet continue to run in + * shared capacity.
+ *The Fleet stops creating new Capacity Reservations.
+ *Cancels an active conversion task. The task can be the import of an instance or volume. The action removes all * artifacts of the conversion, including a partially uploaded volume or instance. If the conversion is complete or is @@ -4056,6 +4122,39 @@ export class EC2 extends EC2Client { } } + /** + *
Creates a Capacity Reservation Fleet. For more information, see Create a Capacity + * Reservation Fleet in the Amazon EC2 User Guide.
+ */ + public createCapacityReservationFleet( + args: CreateCapacityReservationFleetCommandInput, + options?: __HttpHandlerOptions + ): PromiseCreates a carrier gateway. For more information about carrier gateways, see Carrier gateways in the Amazon Web Services Wavelength Developer Guide.
*/ @@ -8891,6 +8990,38 @@ export class EC2 extends EC2Client { } } + /** + *Describes one or more Capacity Reservation Fleets.
+ */ + public describeCapacityReservationFleets( + args: DescribeCapacityReservationFleetsCommandInput, + options?: __HttpHandlerOptions + ): PromiseDescribes one or more of your Capacity Reservations. The results describe only the Capacity Reservations in the * Amazon Web Services Region that you're currently using.
@@ -15591,6 +15722,42 @@ export class EC2 extends EC2Client { } } + /** + *Modifies a Capacity Reservation Fleet.
+ *When you modify the total target capacity of a Capacity Reservation Fleet, the Fleet automatically + * creates new Capacity Reservations, or modifies or cancels existing Capacity Reservations in the Fleet + * to meet the new total target capacity. When you modify the end date for the Fleet, the end dates for + * all of the individual Capacity Reservations in the Fleet are updated accordingly.
+ */ + public modifyCapacityReservationFleet( + args: ModifyCapacityReservationFleetCommandInput, + options?: __HttpHandlerOptions + ): PromiseModifies the specified Client VPN endpoint. Modifying the DNS server resets existing client connections.
*/ diff --git a/clients/client-ec2/src/EC2Client.ts b/clients/client-ec2/src/EC2Client.ts index 32456a8fc98c..d926719cc6fd 100644 --- a/clients/client-ec2/src/EC2Client.ts +++ b/clients/client-ec2/src/EC2Client.ts @@ -165,6 +165,10 @@ import { CancelCapacityReservationCommandInput, CancelCapacityReservationCommandOutput, } from "./commands/CancelCapacityReservationCommand"; +import { + CancelCapacityReservationFleetsCommandInput, + CancelCapacityReservationFleetsCommandOutput, +} from "./commands/CancelCapacityReservationFleetsCommand"; import { CancelConversionTaskCommandInput, CancelConversionTaskCommandOutput, @@ -194,6 +198,10 @@ import { CreateCapacityReservationCommandInput, CreateCapacityReservationCommandOutput, } from "./commands/CreateCapacityReservationCommand"; +import { + CreateCapacityReservationFleetCommandInput, + CreateCapacityReservationFleetCommandOutput, +} from "./commands/CreateCapacityReservationFleetCommand"; import { CreateCarrierGatewayCommandInput, CreateCarrierGatewayCommandOutput, @@ -604,6 +612,10 @@ import { DescribeBundleTasksCommandOutput, } from "./commands/DescribeBundleTasksCommand"; import { DescribeByoipCidrsCommandInput, DescribeByoipCidrsCommandOutput } from "./commands/DescribeByoipCidrsCommand"; +import { + DescribeCapacityReservationFleetsCommandInput, + DescribeCapacityReservationFleetsCommandOutput, +} from "./commands/DescribeCapacityReservationFleetsCommand"; import { DescribeCapacityReservationsCommandInput, DescribeCapacityReservationsCommandOutput, @@ -1280,6 +1292,10 @@ import { ModifyCapacityReservationCommandInput, ModifyCapacityReservationCommandOutput, } from "./commands/ModifyCapacityReservationCommand"; +import { + ModifyCapacityReservationFleetCommandInput, + ModifyCapacityReservationFleetCommandOutput, +} from "./commands/ModifyCapacityReservationFleetCommand"; import { ModifyClientVpnEndpointCommandInput, ModifyClientVpnEndpointCommandOutput, @@ -1652,6 +1668,7 @@ export type ServiceInputTypes = | BundleInstanceCommandInput | CancelBundleTaskCommandInput | CancelCapacityReservationCommandInput + | CancelCapacityReservationFleetsCommandInput | CancelConversionTaskCommandInput | CancelExportTaskCommandInput | CancelImportTaskCommandInput @@ -1663,6 +1680,7 @@ export type ServiceInputTypes = | CopyImageCommandInput | CopySnapshotCommandInput | CreateCapacityReservationCommandInput + | CreateCapacityReservationFleetCommandInput | CreateCarrierGatewayCommandInput | CreateClientVpnEndpointCommandInput | CreateClientVpnRouteCommandInput @@ -1794,6 +1812,7 @@ export type ServiceInputTypes = | DescribeAvailabilityZonesCommandInput | DescribeBundleTasksCommandInput | DescribeByoipCidrsCommandInput + | DescribeCapacityReservationFleetsCommandInput | DescribeCapacityReservationsCommandInput | DescribeCarrierGatewaysCommandInput | DescribeClassicLinkInstancesCommandInput @@ -1984,6 +2003,7 @@ export type ServiceInputTypes = | ModifyAddressAttributeCommandInput | ModifyAvailabilityZoneGroupCommandInput | ModifyCapacityReservationCommandInput + | ModifyCapacityReservationFleetCommandInput | ModifyClientVpnEndpointCommandInput | ModifyDefaultCreditSpecificationCommandInput | ModifyEbsDefaultKmsKeyIdCommandInput @@ -2121,6 +2141,7 @@ export type ServiceOutputTypes = | BundleInstanceCommandOutput | CancelBundleTaskCommandOutput | CancelCapacityReservationCommandOutput + | CancelCapacityReservationFleetsCommandOutput | CancelConversionTaskCommandOutput | CancelExportTaskCommandOutput | CancelImportTaskCommandOutput @@ -2132,6 +2153,7 @@ export type ServiceOutputTypes = | CopyImageCommandOutput | CopySnapshotCommandOutput | CreateCapacityReservationCommandOutput + | CreateCapacityReservationFleetCommandOutput | CreateCarrierGatewayCommandOutput | CreateClientVpnEndpointCommandOutput | CreateClientVpnRouteCommandOutput @@ -2263,6 +2285,7 @@ export type ServiceOutputTypes = | DescribeAvailabilityZonesCommandOutput | DescribeBundleTasksCommandOutput | DescribeByoipCidrsCommandOutput + | DescribeCapacityReservationFleetsCommandOutput | DescribeCapacityReservationsCommandOutput | DescribeCarrierGatewaysCommandOutput | DescribeClassicLinkInstancesCommandOutput @@ -2453,6 +2476,7 @@ export type ServiceOutputTypes = | ModifyAddressAttributeCommandOutput | ModifyAvailabilityZoneGroupCommandOutput | ModifyCapacityReservationCommandOutput + | ModifyCapacityReservationFleetCommandOutput | ModifyClientVpnEndpointCommandOutput | ModifyDefaultCreditSpecificationCommandOutput | ModifyEbsDefaultKmsKeyIdCommandOutput diff --git a/clients/client-ec2/src/commands/CancelCapacityReservationFleetsCommand.ts b/clients/client-ec2/src/commands/CancelCapacityReservationFleetsCommand.ts new file mode 100644 index 000000000000..8f23aa220062 --- /dev/null +++ b/clients/client-ec2/src/commands/CancelCapacityReservationFleetsCommand.ts @@ -0,0 +1,117 @@ +import { getSerdePlugin } from "@aws-sdk/middleware-serde"; +import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@aws-sdk/protocol-http"; +import { Command as $Command } from "@aws-sdk/smithy-client"; +import { + FinalizeHandlerArguments, + Handler, + HandlerExecutionContext, + HttpHandlerOptions as __HttpHandlerOptions, + MetadataBearer as __MetadataBearer, + MiddlewareStack, + SerdeContext as __SerdeContext, +} from "@aws-sdk/types"; + +import { EC2ClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../EC2Client"; +import { CancelCapacityReservationFleetsRequest, CancelCapacityReservationFleetsResult } from "../models/models_0"; +import { + deserializeAws_ec2CancelCapacityReservationFleetsCommand, + serializeAws_ec2CancelCapacityReservationFleetsCommand, +} from "../protocols/Aws_ec2"; + +export interface CancelCapacityReservationFleetsCommandInput extends CancelCapacityReservationFleetsRequest {} +export interface CancelCapacityReservationFleetsCommandOutput + extends CancelCapacityReservationFleetsResult, + __MetadataBearer {} + +/** + *Cancels one or more Capacity Reservation Fleets. When you cancel a Capacity Reservation + * Fleet, the following happens:
+ *The Capacity Reservation Fleet's status changes to cancelled
.
The individual Capacity Reservations in the Fleet are cancelled. Instances running + * in the Capacity Reservations at the time of cancelling the Fleet continue to run in + * shared capacity.
+ *The Fleet stops creating new Capacity Reservations.
+ *Creates a Capacity Reservation Fleet. For more information, see Create a Capacity + * Reservation Fleet in the Amazon EC2 User Guide.
+ * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { EC2Client, CreateCapacityReservationFleetCommand } from "@aws-sdk/client-ec2"; // ES Modules import + * // const { EC2Client, CreateCapacityReservationFleetCommand } = require("@aws-sdk/client-ec2"); // CommonJS import + * const client = new EC2Client(config); + * const command = new CreateCapacityReservationFleetCommand(input); + * const response = await client.send(command); + * ``` + * + * @see {@link CreateCapacityReservationFleetCommandInput} for command's `input` shape. + * @see {@link CreateCapacityReservationFleetCommandOutput} for command's `response` shape. + * @see {@link EC2ClientResolvedConfig | config} for command's `input` shape. + * + */ +export class CreateCapacityReservationFleetCommand extends $Command< + CreateCapacityReservationFleetCommandInput, + CreateCapacityReservationFleetCommandOutput, + EC2ClientResolvedConfig +> { + // Start section: command_properties + // End section: command_properties + + constructor(readonly input: CreateCapacityReservationFleetCommandInput) { + // Start section: command_constructor + super(); + // End section: command_constructor + } + + /** + * @internal + */ + resolveMiddleware( + clientStack: MiddlewareStackDescribes one or more Capacity Reservation Fleets.
+ * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { EC2Client, DescribeCapacityReservationFleetsCommand } from "@aws-sdk/client-ec2"; // ES Modules import + * // const { EC2Client, DescribeCapacityReservationFleetsCommand } = require("@aws-sdk/client-ec2"); // CommonJS import + * const client = new EC2Client(config); + * const command = new DescribeCapacityReservationFleetsCommand(input); + * const response = await client.send(command); + * ``` + * + * @see {@link DescribeCapacityReservationFleetsCommandInput} for command's `input` shape. + * @see {@link DescribeCapacityReservationFleetsCommandOutput} for command's `response` shape. + * @see {@link EC2ClientResolvedConfig | config} for command's `input` shape. + * + */ +export class DescribeCapacityReservationFleetsCommand extends $Command< + DescribeCapacityReservationFleetsCommandInput, + DescribeCapacityReservationFleetsCommandOutput, + EC2ClientResolvedConfig +> { + // Start section: command_properties + // End section: command_properties + + constructor(readonly input: DescribeCapacityReservationFleetsCommandInput) { + // Start section: command_constructor + super(); + // End section: command_constructor + } + + /** + * @internal + */ + resolveMiddleware( + clientStack: MiddlewareStackModifies a Capacity Reservation Fleet.
+ *When you modify the total target capacity of a Capacity Reservation Fleet, the Fleet automatically + * creates new Capacity Reservations, or modifies or cancels existing Capacity Reservations in the Fleet + * to meet the new total target capacity. When you modify the end date for the Fleet, the end dates for + * all of the individual Capacity Reservations in the Fleet are updated accordingly.
+ * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { EC2Client, ModifyCapacityReservationFleetCommand } from "@aws-sdk/client-ec2"; // ES Modules import + * // const { EC2Client, ModifyCapacityReservationFleetCommand } = require("@aws-sdk/client-ec2"); // CommonJS import + * const client = new EC2Client(config); + * const command = new ModifyCapacityReservationFleetCommand(input); + * const response = await client.send(command); + * ``` + * + * @see {@link ModifyCapacityReservationFleetCommandInput} for command's `input` shape. + * @see {@link ModifyCapacityReservationFleetCommandOutput} for command's `response` shape. + * @see {@link EC2ClientResolvedConfig | config} for command's `input` shape. + * + */ +export class ModifyCapacityReservationFleetCommand extends $Command< + ModifyCapacityReservationFleetCommandInput, + ModifyCapacityReservationFleetCommandOutput, + EC2ClientResolvedConfig +> { + // Start section: command_properties + // End section: command_properties + + constructor(readonly input: ModifyCapacityReservationFleetCommandInput) { + // Start section: command_constructor + super(); + // End section: command_constructor + } + + /** + * @internal + */ + resolveMiddleware( + clientStack: MiddlewareStackChecks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
The IDs of the Capacity Reservation Fleets to cancel.
+ */ + CapacityReservationFleetIds: string[] | undefined; +} + +export namespace CancelCapacityReservationFleetsRequest { + /** + * @internal + */ + export const filterSensitiveLog = (obj: CancelCapacityReservationFleetsRequest): any => ({ + ...obj, + }); +} + +/** + *Describes a Capacity Reservation Fleet cancellation error.
+ */ +export interface CancelCapacityReservationFleetError { + /** + *The error code.
+ */ + Code?: string; + + /** + *The error message.
+ */ + Message?: string; +} + +export namespace CancelCapacityReservationFleetError { + /** + * @internal + */ + export const filterSensitiveLog = (obj: CancelCapacityReservationFleetError): any => ({ + ...obj, + }); +} + +/** + *Describes a Capacity Reservation Fleet that could not be cancelled.
+ */ +export interface FailedCapacityReservationFleetCancellationResult { + /** + *The ID of the Capacity Reservation Fleet that could not be cancelled.
+ */ + CapacityReservationFleetId?: string; + + /** + *Information about the Capacity Reservation Fleet cancellation error.
+ */ + CancelCapacityReservationFleetError?: CancelCapacityReservationFleetError; +} + +export namespace FailedCapacityReservationFleetCancellationResult { + /** + * @internal + */ + export const filterSensitiveLog = (obj: FailedCapacityReservationFleetCancellationResult): any => ({ + ...obj, + }); +} + +export enum CapacityReservationFleetState { + ACTIVE = "active", + CANCELLED = "cancelled", + CANCELLING = "cancelling", + EXPIRED = "expired", + EXPIRING = "expiring", + FAILED = "failed", + MODIFYING = "modifying", + PARTIALLY_FULFILLED = "partially_fulfilled", + SUBMITTED = "submitted", +} + +/** + *Describes a Capacity Reservation Fleet that was successfully cancelled.
+ */ +export interface CapacityReservationFleetCancellationState { + /** + *The current state of the Capacity Reservation Fleet.
+ */ + CurrentFleetState?: CapacityReservationFleetState | string; + + /** + *The previous state of the Capacity Reservation Fleet.
+ */ + PreviousFleetState?: CapacityReservationFleetState | string; + + /** + *The ID of the Capacity Reservation Fleet that was successfully cancelled.
+ */ + CapacityReservationFleetId?: string; +} + +export namespace CapacityReservationFleetCancellationState { + /** + * @internal + */ + export const filterSensitiveLog = (obj: CapacityReservationFleetCancellationState): any => ({ + ...obj, + }); +} + +export interface CancelCapacityReservationFleetsResult { + /** + *Information about the Capacity Reservation Fleets that were successfully cancelled.
+ */ + SuccessfulFleetCancellations?: CapacityReservationFleetCancellationState[]; + + /** + *Information about the Capacity Reservation Fleets that could not be cancelled.
+ */ + FailedFleetCancellations?: FailedCapacityReservationFleetCancellationResult[]; +} + +export namespace CancelCapacityReservationFleetsResult { + /** + * @internal + */ + export const filterSensitiveLog = (obj: CancelCapacityReservationFleetsResult): any => ({ + ...obj, + }); +} + export interface CancelConversionRequest { /** *The ID of the conversion task.
@@ -5415,6 +5546,12 @@ export interface CapacityReservation { * Reservation was created. */ OutpostArn?: string; + + /** + *The ID of the Capacity Reservation Fleet to which the Capacity Reservation belongs. + * Only valid for Capacity Reservations that were created by a Capacity Reservation Fleet.
+ */ + CapacityReservationFleetId?: string; } export namespace CapacityReservation { @@ -5442,1226 +5579,8 @@ export namespace CreateCapacityReservationResult { }); } -export interface CreateCarrierGatewayRequest { - /** - *The ID of the VPC to associate with the carrier gateway.
- */ - VpcId: string | undefined; - - /** - *The tags to associate with the carrier gateway.
- */ - TagSpecifications?: TagSpecification[]; - - /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
Unique, case-sensitive identifier that you provide to ensure the idempotency of the - * request. For more information, see How to ensure - * idempotency.
- */ - ClientToken?: string; -} - -export namespace CreateCarrierGatewayRequest { - /** - * @internal - */ - export const filterSensitiveLog = (obj: CreateCarrierGatewayRequest): any => ({ - ...obj, - }); -} - -export type CarrierGatewayState = "available" | "deleted" | "deleting" | "pending"; - -/** - *Describes a carrier gateway.
- */ -export interface CarrierGateway { - /** - *The ID of the carrier gateway.
- */ - CarrierGatewayId?: string; - - /** - *The ID of the VPC associated with the carrier gateway.
- */ - VpcId?: string; - - /** - *The state of the carrier gateway.
- */ - State?: CarrierGatewayState | string; - - /** - *The Amazon Web Services account ID of the owner of the carrier gateway.
- */ - OwnerId?: string; - - /** - *The tags assigned to the carrier gateway.
- */ - Tags?: Tag[]; -} - -export namespace CarrierGateway { - /** - * @internal - */ - export const filterSensitiveLog = (obj: CarrierGateway): any => ({ - ...obj, - }); -} - -export interface CreateCarrierGatewayResult { - /** - *Information about the carrier gateway.
- */ - CarrierGateway?: CarrierGateway; -} - -export namespace CreateCarrierGatewayResult { - /** - * @internal - */ - export const filterSensitiveLog = (obj: CreateCarrierGatewayResult): any => ({ - ...obj, - }); -} - -/** - *Describes the Active Directory to be used for client authentication.
- */ -export interface DirectoryServiceAuthenticationRequest { - /** - *The ID of the Active Directory to be used for authentication.
- */ - DirectoryId?: string; -} - -export namespace DirectoryServiceAuthenticationRequest { - /** - * @internal - */ - export const filterSensitiveLog = (obj: DirectoryServiceAuthenticationRequest): any => ({ - ...obj, - }); -} - -/** - *The IAM SAML identity provider used for federated authentication.
- */ -export interface FederatedAuthenticationRequest { - /** - *The Amazon Resource Name (ARN) of the IAM SAML identity provider.
- */ - SAMLProviderArn?: string; - - /** - *The Amazon Resource Name (ARN) of the IAM SAML identity provider for the self-service portal.
- */ - SelfServiceSAMLProviderArn?: string; -} - -export namespace FederatedAuthenticationRequest { - /** - * @internal - */ - export const filterSensitiveLog = (obj: FederatedAuthenticationRequest): any => ({ - ...obj, - }); -} - -/** - *Information about the client certificate to be used for authentication.
- */ -export interface CertificateAuthenticationRequest { - /** - *The ARN of the client certificate. The certificate must be signed by a certificate - * authority (CA) and it must be provisioned in Certificate Manager (ACM).
- */ - ClientRootCertificateChainArn?: string; -} - -export namespace CertificateAuthenticationRequest { - /** - * @internal - */ - export const filterSensitiveLog = (obj: CertificateAuthenticationRequest): any => ({ - ...obj, - }); -} - -export type ClientVpnAuthenticationType = - | "certificate-authentication" - | "directory-service-authentication" - | "federated-authentication"; - -/** - *Describes the authentication method to be used by a Client VPN endpoint. For more information, see Authentication - * in the Client VPN Administrator Guide.
- */ -export interface ClientVpnAuthenticationRequest { - /** - *The type of client authentication to be used.
- */ - Type?: ClientVpnAuthenticationType | string; - - /** - *Information about the Active Directory to be used, if applicable. You must provide this information if Type is directory-service-authentication
.
Information about the authentication certificates to be used, if applicable. You must provide this information if Type is certificate-authentication
.
Information about the IAM SAML identity provider to be used, if applicable. You must provide this information if Type is federated-authentication
.
The options for managing connection authorization for new client connections.
- */ -export interface ClientConnectOptions { - /** - *Indicates whether client connect options are enabled. The default is false
(not enabled).
The Amazon Resource Name (ARN) of the Lambda function used for connection authorization.
- */ - LambdaFunctionArn?: string; -} - -export namespace ClientConnectOptions { - /** - * @internal - */ - export const filterSensitiveLog = (obj: ClientConnectOptions): any => ({ - ...obj, - }); -} - -/** - *Describes the client connection logging options for the Client VPN endpoint.
- */ -export interface ConnectionLogOptions { - /** - *Indicates whether connection logging is enabled.
- */ - Enabled?: boolean; - - /** - *The name of the CloudWatch Logs log group. Required if connection logging is enabled.
- */ - CloudwatchLogGroup?: string; - - /** - *The name of the CloudWatch Logs log stream to which the connection data is published.
- */ - CloudwatchLogStream?: string; -} - -export namespace ConnectionLogOptions { - /** - * @internal - */ - export const filterSensitiveLog = (obj: ConnectionLogOptions): any => ({ - ...obj, - }); -} - -export type SelfServicePortal = "disabled" | "enabled"; - -export type TransportProtocol = "tcp" | "udp"; - -export interface CreateClientVpnEndpointRequest { - /** - *The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
- */ - ClientCidrBlock: string | undefined; - - /** - *The ARN of the server certificate. For more information, see - * the Certificate Manager User Guide.
- */ - ServerCertificateArn: string | undefined; - - /** - *Information about the authentication method to be used to authenticate clients.
- */ - AuthenticationOptions: ClientVpnAuthenticationRequest[] | undefined; - - /** - *Information about the client connection logging options.
- *If you enable client connection logging, data about client connections is sent to a - * Cloudwatch Logs log stream. The following information is logged:
- *Client connection requests
- *Client connection results (successful and unsuccessful)
- *Reasons for unsuccessful client connection requests
- *Client connection termination time
- *Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can - * have up to two DNS servers. If no DNS server is specified, the DNS address configured on the device is used for the DNS server.
- */ - DnsServers?: string[]; - - /** - *The transport protocol to be used by the VPN session.
- *Default value: udp
- *
The port number to assign to the Client VPN endpoint for TCP and UDP traffic.
- *Valid Values: 443
| 1194
- *
Default Value: 443
- *
A brief description of the Client VPN endpoint.
- */ - Description?: string; - - /** - *Indicates whether split-tunnel is enabled on the Client VPN endpoint.
- *By default, split-tunnel on a VPN endpoint is disabled.
- *For information about split-tunnel VPN endpoints, see Split-tunnel Client VPN endpoint in the - * Client VPN Administrator Guide.
- */ - SplitTunnel?: boolean; - - /** - *Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.
- */ - ClientToken?: string; - - /** - *The tags to apply to the Client VPN endpoint during creation.
- */ - TagSpecifications?: TagSpecification[]; - - /** - *The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.
- */ - SecurityGroupIds?: string[]; - - /** - *The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.
- */ - VpcId?: string; - - /** - *Specify whether to enable the self-service portal for the Client VPN endpoint.
- *Default Value: enabled
- *
The options for managing connection authorization for new client connections.
- */ - ClientConnectOptions?: ClientConnectOptions; -} - -export namespace CreateClientVpnEndpointRequest { - /** - * @internal - */ - export const filterSensitiveLog = (obj: CreateClientVpnEndpointRequest): any => ({ - ...obj, - }); -} - -export type ClientVpnEndpointStatusCode = "available" | "deleted" | "deleting" | "pending-associate"; - -/** - *Describes the state of a Client VPN endpoint.
- */ -export interface ClientVpnEndpointStatus { - /** - *The state of the Client VPN endpoint. Possible states include:
- *
- * pending-associate
- The Client VPN endpoint has been created but no target networks
- * have been associated. The Client VPN endpoint cannot accept connections.
- * available
- The Client VPN endpoint has been created and a target network has been
- * associated. The Client VPN endpoint can accept connections.
- * deleting
- The Client VPN endpoint is being deleted. The Client VPN endpoint cannot accept
- * connections.
- * deleted
- The Client VPN endpoint has been deleted. The Client VPN endpoint cannot accept
- * connections.
A message about the status of the Client VPN endpoint.
- */ - Message?: string; -} - -export namespace ClientVpnEndpointStatus { - /** - * @internal - */ - export const filterSensitiveLog = (obj: ClientVpnEndpointStatus): any => ({ - ...obj, - }); -} - -export interface CreateClientVpnEndpointResult { - /** - *The ID of the Client VPN endpoint.
- */ - ClientVpnEndpointId?: string; - - /** - *The current state of the Client VPN endpoint.
- */ - Status?: ClientVpnEndpointStatus; - - /** - *The DNS name to be used by clients when establishing their VPN session.
- */ - DnsName?: string; -} - -export namespace CreateClientVpnEndpointResult { - /** - * @internal - */ - export const filterSensitiveLog = (obj: CreateClientVpnEndpointResult): any => ({ - ...obj, - }); -} - -export interface CreateClientVpnRouteRequest { - /** - *The ID of the Client VPN endpoint to which to add the route.
- */ - ClientVpnEndpointId: string | undefined; - - /** - *The IPv4 address range, in CIDR notation, of the route destination. For example:
- *To add a route for Internet access, enter 0.0.0.0/0
- *
To add a route for a peered VPC, enter the peered VPC's IPv4 CIDR range
- *To add a route for an on-premises network, enter the Amazon Web Services Site-to-Site VPN connection's IPv4 CIDR range
- *To add a route for the local network, enter the client CIDR range
- *The ID of the subnet through which you want to route traffic. The specified subnet must be - * an existing target network of the Client VPN endpoint.
- *Alternatively, if you're adding a route for the local network, specify local
.
A brief description of the route.
- */ - Description?: string; - - /** - *Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.
- */ - ClientToken?: string; - - /** - *Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
Describes the state of a Client VPN endpoint route.
- */ -export interface ClientVpnRouteStatus { - /** - *The state of the Client VPN endpoint route.
- */ - Code?: ClientVpnRouteStatusCode | string; - - /** - *A message about the status of the Client VPN endpoint route, if applicable.
- */ - Message?: string; -} - -export namespace ClientVpnRouteStatus { - /** - * @internal - */ - export const filterSensitiveLog = (obj: ClientVpnRouteStatus): any => ({ - ...obj, - }); -} - -export interface CreateClientVpnRouteResult { - /** - *The current state of the route.
- */ - Status?: ClientVpnRouteStatus; -} - -export namespace CreateClientVpnRouteResult { - /** - * @internal - */ - export const filterSensitiveLog = (obj: CreateClientVpnRouteResult): any => ({ - ...obj, - }); -} - -export type GatewayType = "ipsec.1"; - -/** - *Contains the parameters for CreateCustomerGateway.
- */ -export interface CreateCustomerGatewayRequest { - /** - *For devices that support BGP, the customer gateway's BGP ASN.
- *Default: 65000
- */ - BgpAsn: number | undefined; - - /** - *The Internet-routable IP address for the customer gateway's outside interface. The - * address must be static.
- */ - PublicIp?: string; - - /** - *The Amazon Resource Name (ARN) for the customer gateway certificate.
- */ - CertificateArn?: string; - - /** - *The type of VPN connection that this customer gateway supports
- * (ipsec.1
).
The tags to apply to the customer gateway.
- */ - TagSpecifications?: TagSpecification[]; - - /** - *A name for the customer gateway device.
- *Length Constraints: Up to 255 characters.
- */ - DeviceName?: string; - - /** - *Checks whether you have the required permissions for the action, without actually
- * making the request, and provides an error response. If you have the required
- * permissions, the error response is DryRunOperation
. Otherwise, it is
- * UnauthorizedOperation
.
Describes a customer gateway.
- */ -export interface CustomerGateway { - /** - *The customer gateway's Border Gateway Protocol (BGP) Autonomous System Number - * (ASN).
- */ - BgpAsn?: string; - - /** - *The ID of the customer gateway.
- */ - CustomerGatewayId?: string; - - /** - *The Internet-routable IP address of the customer gateway's outside interface.
- */ - IpAddress?: string; - - /** - *The Amazon Resource Name (ARN) for the customer gateway certificate.
- */ - CertificateArn?: string; - - /** - *The current state of the customer gateway (pending | available | deleting |
- * deleted
).
The type of VPN connection the customer gateway supports
- * (ipsec.1
).
The name of customer gateway device.
- */ - DeviceName?: string; - - /** - *Any tags assigned to the customer gateway.
- */ - Tags?: Tag[]; -} - -export namespace CustomerGateway { - /** - * @internal - */ - export const filterSensitiveLog = (obj: CustomerGateway): any => ({ - ...obj, - }); -} - -/** - *Contains the output of CreateCustomerGateway.
- */ -export interface CreateCustomerGatewayResult { - /** - *Information about the customer gateway.
- */ - CustomerGateway?: CustomerGateway; -} - -export namespace CreateCustomerGatewayResult { - /** - * @internal - */ - export const filterSensitiveLog = (obj: CreateCustomerGatewayResult): any => ({ - ...obj, - }); -} - -export interface CreateDefaultSubnetRequest { - /** - *The Availability Zone in which to create the default subnet.
- */ - AvailabilityZone: string | undefined; - - /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
Describes a subnet.
- */ -export interface Subnet { - /** - *The Availability Zone of the subnet.
- */ - AvailabilityZone?: string; - - /** - *The AZ ID of the subnet.
- */ - AvailabilityZoneId?: string; - - /** - *The number of unused private IPv4 addresses in the subnet. The IPv4 addresses for any - * stopped instances are considered unavailable.
- */ - AvailableIpAddressCount?: number; - - /** - *The IPv4 CIDR block assigned to the subnet.
- */ - CidrBlock?: string; - - /** - *Indicates whether this is the default subnet for the Availability Zone.
- */ - DefaultForAz?: boolean; - - /** - *Indicates whether instances launched in this subnet receive a public IPv4 address.
- */ - MapPublicIpOnLaunch?: boolean; - - /** - *Indicates whether a network interface created in this subnet (including a network - * interface created by RunInstances) receives a customer-owned IPv4 address.
- */ - MapCustomerOwnedIpOnLaunch?: boolean; - - /** - *The customer-owned IPv4 address pool associated with the subnet.
- */ - CustomerOwnedIpv4Pool?: string; - - /** - *The current state of the subnet.
- */ - State?: SubnetState | string; - - /** - *The ID of the subnet.
- */ - SubnetId?: string; - - /** - *The ID of the VPC the subnet is in.
- */ - VpcId?: string; - - /** - *The ID of the Amazon Web Services account that owns the subnet.
- */ - OwnerId?: string; - - /** - *Indicates whether a network interface created in this subnet (including a network - * interface created by RunInstances) receives an IPv6 address.
- */ - AssignIpv6AddressOnCreation?: boolean; - - /** - *Information about the IPv6 CIDR blocks associated with the subnet.
- */ - Ipv6CidrBlockAssociationSet?: SubnetIpv6CidrBlockAssociation[]; - - /** - *Any tags assigned to the subnet.
- */ - Tags?: Tag[]; - - /** - *The Amazon Resource Name (ARN) of the subnet.
- */ - SubnetArn?: string; - - /** - *The Amazon Resource Name (ARN) of the Outpost.
- */ - OutpostArn?: string; -} - -export namespace Subnet { - /** - * @internal - */ - export const filterSensitiveLog = (obj: Subnet): any => ({ - ...obj, - }); -} - -export interface CreateDefaultSubnetResult { - /** - *Information about the subnet.
- */ - Subnet?: Subnet; -} - -export namespace CreateDefaultSubnetResult { - /** - * @internal - */ - export const filterSensitiveLog = (obj: CreateDefaultSubnetResult): any => ({ - ...obj, - }); -} - -export interface CreateDefaultVpcRequest { - /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
Describes a VPC.
- */ -export interface Vpc { - /** - *The primary IPv4 CIDR block for the VPC.
- */ - CidrBlock?: string; - - /** - *The ID of the set of DHCP options you've associated with the VPC.
- */ - DhcpOptionsId?: string; - - /** - *The current state of the VPC.
- */ - State?: VpcState | string; - - /** - *The ID of the VPC.
- */ - VpcId?: string; - - /** - *The ID of the Amazon Web Services account that owns the VPC.
- */ - OwnerId?: string; - - /** - *The allowed tenancy of instances launched into the VPC.
- */ - InstanceTenancy?: Tenancy | string; - - /** - *Information about the IPv6 CIDR blocks associated with the VPC.
- */ - Ipv6CidrBlockAssociationSet?: VpcIpv6CidrBlockAssociation[]; - - /** - *Information about the IPv4 CIDR blocks associated with the VPC.
- */ - CidrBlockAssociationSet?: VpcCidrBlockAssociation[]; - - /** - *Indicates whether the VPC is the default VPC.
- */ - IsDefault?: boolean; - - /** - *Any tags assigned to the VPC.
- */ - Tags?: Tag[]; -} - -export namespace Vpc { - /** - * @internal - */ - export const filterSensitiveLog = (obj: Vpc): any => ({ - ...obj, - }); -} - -export interface CreateDefaultVpcResult { - /** - *Information about the VPC.
- */ - Vpc?: Vpc; -} - -export namespace CreateDefaultVpcResult { - /** - * @internal - */ - export const filterSensitiveLog = (obj: CreateDefaultVpcResult): any => ({ - ...obj, - }); -} - -/** - *Describes a DHCP configuration option.
- */ -export interface NewDhcpConfiguration { - /** - *The name of a DHCP option.
- */ - Key?: string; - - /** - *One or more values for the DHCP option.
- */ - Values?: string[]; -} - -export namespace NewDhcpConfiguration { - /** - * @internal - */ - export const filterSensitiveLog = (obj: NewDhcpConfiguration): any => ({ - ...obj, - }); -} - -export interface CreateDhcpOptionsRequest { - /** - *A DHCP configuration option.
- */ - DhcpConfigurations: NewDhcpConfiguration[] | undefined; - - /** - *The tags to assign to the DHCP option.
- */ - TagSpecifications?: TagSpecification[]; - - /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
Describes a value for a resource attribute that is a String.
- */ -export interface AttributeValue { - /** - *The attribute value. The value is case-sensitive.
- */ - Value?: string; -} - -export namespace AttributeValue { - /** - * @internal - */ - export const filterSensitiveLog = (obj: AttributeValue): any => ({ - ...obj, - }); -} - -/** - *Describes a DHCP configuration option.
- */ -export interface DhcpConfiguration { - /** - *The name of a DHCP option.
- */ - Key?: string; - - /** - *One or more values for the DHCP option.
- */ - Values?: AttributeValue[]; -} - -export namespace DhcpConfiguration { - /** - * @internal - */ - export const filterSensitiveLog = (obj: DhcpConfiguration): any => ({ - ...obj, - }); -} - -/** - *Describes a set of DHCP options.
- */ -export interface DhcpOptions { - /** - *One or more DHCP options in the set.
- */ - DhcpConfigurations?: DhcpConfiguration[]; - - /** - *The ID of the set of DHCP options.
- */ - DhcpOptionsId?: string; - - /** - *The ID of the Amazon Web Services account that owns the DHCP options set.
- */ - OwnerId?: string; - - /** - *Any tags assigned to the DHCP options set.
- */ - Tags?: Tag[]; -} - -export namespace DhcpOptions { - /** - * @internal - */ - export const filterSensitiveLog = (obj: DhcpOptions): any => ({ - ...obj, - }); -} - -export interface CreateDhcpOptionsResult { - /** - *A set of DHCP options.
- */ - DhcpOptions?: DhcpOptions; -} - -export namespace CreateDhcpOptionsResult { - /** - * @internal - */ - export const filterSensitiveLog = (obj: CreateDhcpOptionsResult): any => ({ - ...obj, - }); -} - -export interface CreateEgressOnlyInternetGatewayRequest { - /** - *Unique, case-sensitive identifier that you provide to ensure the idempotency of the - * request. For more information, see How to ensure - * idempotency.
- */ - ClientToken?: string; - - /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The ID of the VPC for which to create the egress-only internet gateway.
- */ - VpcId: string | undefined; - - /** - *The tags to assign to the egress-only internet gateway.
- */ - TagSpecifications?: TagSpecification[]; -} - -export namespace CreateEgressOnlyInternetGatewayRequest { - /** - * @internal - */ - export const filterSensitiveLog = (obj: CreateEgressOnlyInternetGatewayRequest): any => ({ - ...obj, - }); -} - -/** - *Describes the attachment of a VPC to an internet gateway or an egress-only internet - * gateway.
- */ -export interface InternetGatewayAttachment { - /** - *The current state of the attachment. For an internet gateway, the state is
- * available
when attached to a VPC; otherwise, this value is not
- * returned.
The ID of the VPC.
- */ - VpcId?: string; -} - -export namespace InternetGatewayAttachment { - /** - * @internal - */ - export const filterSensitiveLog = (obj: InternetGatewayAttachment): any => ({ - ...obj, - }); -} - -/** - *Describes an egress-only internet gateway.
- */ -export interface EgressOnlyInternetGateway { - /** - *Information about the attachment of the egress-only internet gateway.
- */ - Attachments?: InternetGatewayAttachment[]; - - /** - *The ID of the egress-only internet gateway.
- */ - EgressOnlyInternetGatewayId?: string; - - /** - *The tags assigned to the egress-only internet gateway.
- */ - Tags?: Tag[]; -} - -export namespace EgressOnlyInternetGateway { - /** - * @internal - */ - export const filterSensitiveLog = (obj: EgressOnlyInternetGateway): any => ({ - ...obj, - }); -} - -export interface CreateEgressOnlyInternetGatewayResult { - /** - *Unique, case-sensitive identifier that you provide to ensure the idempotency of the - * request.
- */ - ClientToken?: string; - - /** - *Information about the egress-only internet gateway.
- */ - EgressOnlyInternetGateway?: EgressOnlyInternetGateway; -} - -export namespace CreateEgressOnlyInternetGatewayResult { - /** - * @internal - */ - export const filterSensitiveLog = (obj: CreateEgressOnlyInternetGatewayResult): any => ({ - ...obj, - }); -} - -export enum FleetExcessCapacityTerminationPolicy { - NO_TERMINATION = "no-termination", - TERMINATION = "termination", -} - -/** - *Describes the Amazon EC2 launch template and the launch template version that can be used by - * an EC2 Fleet to configure Amazon EC2 instances. For information about launch templates, see Launching - * an instance from a launch template in the - * Amazon EC2 User Guide.
- */ -export interface FleetLaunchTemplateSpecificationRequest { - /** - *The ID of the launch template. If you specify the template ID, you can't specify the template name.
- */ - LaunchTemplateId?: string; - - /** - *The name of the launch template. If you specify the template name, you can't specify the template ID.
- */ - LaunchTemplateName?: string; - - /** - *The launch template version number, $Latest
, or $Default
. You must specify a value, otherwise the request fails.
If the value is $Latest
, Amazon EC2 uses the latest version of the launch template.
If the value is $Default
, Amazon EC2 uses the default version of the launch template.
Information about an instance type to use in a Capacity Reservation Fleet.
+ */ +export interface ReservationFleetInstanceSpecification { + /** + *The instance type for which the Capacity Reservation Fleet reserves capacity.
+ */ + InstanceType?: _InstanceType | string; + + /** + *The type of operating system for which the Capacity Reservation Fleet reserves capacity.
+ */ + InstancePlatform?: CapacityReservationInstancePlatform | string; + + /** + *The number of capacity units provided by the specified instance type. This value, together with the + * total target capacity that you specify for the Fleet determine the number of instances for which the + * Fleet reserves capacity. Both values are based on units that make sense for your workload. For more + * information, see Total target capacity + * in the Amazon EC2 User Guide.
+ */ + Weight?: number; + + /** + *The Availability Zone in which the Capacity Reservation Fleet reserves the capacity. A Capacity + * Reservation Fleet can't span Availability Zones. All instance type specifications that you specify + * for the Fleet must use the same Availability Zone.
+ */ + AvailabilityZone?: string; + + /** + *The ID of the Availability Zone in which the Capacity Reservation Fleet reserves the capacity. A + * Capacity Reservation Fleet can't span Availability Zones. All instance type specifications that you + * specify for the Fleet must use the same Availability Zone.
+ */ + AvailabilityZoneId?: string; + + /** + *Indicates whether the Capacity Reservation Fleet supports EBS-optimized instances types. This + * optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack + * to provide optimal I/O performance. This optimization isn't available with all instance types. Additional + * usage charges apply when using EBS-optimized instance types.
+ */ + EbsOptimized?: boolean; + + /** + *The priority to assign to the instance type. This value is used to determine which of the instance types + * specified for the Fleet should be prioritized for use. A lower value indicates a high priority. For more + * information, see Instance type priority + * in the Amazon EC2 User Guide.
+ */ + Priority?: number; +} + +export namespace ReservationFleetInstanceSpecification { + /** + * @internal + */ + export const filterSensitiveLog = (obj: ReservationFleetInstanceSpecification): any => ({ + ...obj, + }); +} + +export enum FleetCapacityReservationTenancy { + default = "default", +} + +export interface CreateCapacityReservationFleetRequest { + /** + *The strategy used by the Capacity Reservation Fleet to determine which of the
+ * specified instance types to use. Currently, only the prioritized
+ * allocation strategy is supported. For more information, see
+ * Allocation strategy in the Amazon EC2 User Guide.
Valid values: prioritized
+ *
Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensure Idempotency.
+ */ + ClientToken?: string; + + /** + *Information about the instance types for which to reserve the capacity.
+ */ + InstanceTypeSpecifications: ReservationFleetInstanceSpecification[] | undefined; + + /** + *Indicates the tenancy of the Capacity Reservation Fleet. All Capacity Reservations + * in the Fleet inherit this tenancy. The Capacity Reservation Fleet can have one of + * the following tenancy settings:
+ *
+ * default
- The Capacity Reservation Fleet is created on hardware
+ * that is shared with other Amazon Web Services accounts.
+ * dedicated
- The Capacity Reservations are created on single-tenant
+ * hardware that is dedicated to a single Amazon Web Services account.
The total number of capacity units to be reserved by the Capacity Reservation Fleet. This + * value, together with the instance type weights that you assign to each instance type used by + * the Fleet determine the number of instances for which the Fleet reserves capacity. Both values + * are based on units that make sense for your workload. For more information, see + * Total target capacity in the Amazon EC2 User Guide.
+ */ + TotalTargetCapacity: number | undefined; + + /** + *The date and time at which the Capacity Reservation Fleet expires. When the Capacity
+ * Reservation Fleet expires, its state changes to expired
and all of the Capacity
+ * Reservations in the Fleet expire.
The Capacity Reservation Fleet expires within an hour after the specified time. For example,
+ * if you specify 5/31/2019
, 13:30:55
, the Capacity Reservation Fleet
+ * is guaranteed to expire between 13:30:55
and 14:30:55
on
+ * 5/31/2019
.
+ *
Indicates the type of instance launches that the Capacity Reservation Fleet accepts. All + * Capacity Reservations in the Fleet inherit this instance matching criteria.
+ *Currently, Capacity Reservation Fleets support open
instance matching criteria
+ * only. This means that instances that have matching attributes (instance type, platform, and
+ * Availability Zone) run in the Capacity Reservations automatically. Instances do not need to
+ * explicitly target a Capacity Reservation Fleet to use its reserved capacity.
The tags to assign to the Capacity Reservation Fleet. The tags are automatically assigned + * to the Capacity Reservations in the Fleet.
+ */ + TagSpecifications?: TagSpecification[]; + + /** + *Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
Information about a Capacity Reservation in a Capacity Reservation Fleet.
+ */ +export interface FleetCapacityReservation { + /** + *The ID of the Capacity Reservation.
+ */ + CapacityReservationId?: string; + + /** + *The ID of the Availability Zone in which the Capacity Reservation reserves capacity.
+ */ + AvailabilityZoneId?: string; + + /** + *The instance type for which the Capacity Reservation reserves capacity.
+ */ + InstanceType?: _InstanceType | string; + + /** + *The type of operating system for which the Capacity Reservation reserves capacity.
+ */ + InstancePlatform?: CapacityReservationInstancePlatform | string; + + /** + *The Availability Zone in which the Capacity Reservation reserves capacity.
+ */ + AvailabilityZone?: string; + + /** + *The total number of instances for which the Capacity Reservation reserves capacity.
+ */ + TotalInstanceCount?: number; + + /** + *The number of capacity units fulfilled by the Capacity Reservation. For more information, see + * + * Total target capacity in the Amazon EC2 User Guide.
+ */ + FulfilledCapacity?: number; + + /** + *Indicates whether the Capacity Reservation reserves capacity for EBS-optimized instance types.
+ */ + EbsOptimized?: boolean; + + /** + *The date and time at which the Capacity Reservation was created.
+ */ + CreateDate?: Date; + + /** + *The weight of the instance type in the Capacity Reservation Fleet. For more information, + * see + * Instance type weight in the Amazon EC2 User Guide.
+ */ + Weight?: number; + + /** + *The priority of the instance type in the Capacity Reservation Fleet. For more information, + * see + * Instance type priority in the Amazon EC2 User Guide.
+ */ + Priority?: number; +} + +export namespace FleetCapacityReservation { + /** + * @internal + */ + export const filterSensitiveLog = (obj: FleetCapacityReservation): any => ({ + ...obj, + }); +} + +export interface CreateCapacityReservationFleetResult { + /** + *The ID of the Capacity Reservation Fleet.
+ */ + CapacityReservationFleetId?: string; + + /** + *The status of the Capacity Reservation Fleet.
+ */ + State?: CapacityReservationFleetState | string; + + /** + *The total number of capacity units for which the Capacity Reservation Fleet reserves capacity.
+ */ + TotalTargetCapacity?: number; + + /** + *The requested capacity units that have been successfully reserved.
+ */ + TotalFulfilledCapacity?: number; + + /** + *The instance matching criteria for the Capacity Reservation Fleet.
+ */ + InstanceMatchCriteria?: FleetInstanceMatchCriteria | string; + + /** + *The allocation strategy used by the Capacity Reservation Fleet.
+ */ + AllocationStrategy?: string; + + /** + *The date and time at which the Capacity Reservation Fleet was created.
+ */ + CreateTime?: Date; + + /** + *The date and time at which the Capacity Reservation Fleet expires.
+ */ + EndDate?: Date; + + /** + *Indicates the tenancy of Capacity Reservation Fleet.
+ */ + Tenancy?: FleetCapacityReservationTenancy | string; + + /** + *Information about the individual Capacity Reservations in the Capacity Reservation Fleet.
+ */ + FleetCapacityReservations?: FleetCapacityReservation[]; + + /** + *The tags assigned to the Capacity Reservation Fleet.
+ */ + Tags?: Tag[]; +} + +export namespace CreateCapacityReservationFleetResult { + /** + * @internal + */ + export const filterSensitiveLog = (obj: CreateCapacityReservationFleetResult): any => ({ + ...obj, + }); +} + +export interface CreateCarrierGatewayRequest { + /** + *The ID of the VPC to associate with the carrier gateway.
+ */ + VpcId: string | undefined; + + /** + *The tags to associate with the carrier gateway.
+ */ + TagSpecifications?: TagSpecification[]; + + /** + *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Unique, case-sensitive identifier that you provide to ensure the idempotency of the + * request. For more information, see How to ensure + * idempotency.
+ */ + ClientToken?: string; +} + +export namespace CreateCarrierGatewayRequest { + /** + * @internal + */ + export const filterSensitiveLog = (obj: CreateCarrierGatewayRequest): any => ({ + ...obj, + }); +} + +export type CarrierGatewayState = "available" | "deleted" | "deleting" | "pending"; + +/** + *Describes a carrier gateway.
+ */ +export interface CarrierGateway { + /** + *The ID of the carrier gateway.
+ */ + CarrierGatewayId?: string; + + /** + *The ID of the VPC associated with the carrier gateway.
+ */ + VpcId?: string; + + /** + *The state of the carrier gateway.
+ */ + State?: CarrierGatewayState | string; + + /** + *The Amazon Web Services account ID of the owner of the carrier gateway.
+ */ + OwnerId?: string; + + /** + *The tags assigned to the carrier gateway.
+ */ + Tags?: Tag[]; +} + +export namespace CarrierGateway { + /** + * @internal + */ + export const filterSensitiveLog = (obj: CarrierGateway): any => ({ + ...obj, + }); +} + +export interface CreateCarrierGatewayResult { + /** + *Information about the carrier gateway.
+ */ + CarrierGateway?: CarrierGateway; +} + +export namespace CreateCarrierGatewayResult { + /** + * @internal + */ + export const filterSensitiveLog = (obj: CreateCarrierGatewayResult): any => ({ + ...obj, + }); +} + +/** + *Describes the Active Directory to be used for client authentication.
+ */ +export interface DirectoryServiceAuthenticationRequest { + /** + *The ID of the Active Directory to be used for authentication.
+ */ + DirectoryId?: string; +} + +export namespace DirectoryServiceAuthenticationRequest { + /** + * @internal + */ + export const filterSensitiveLog = (obj: DirectoryServiceAuthenticationRequest): any => ({ + ...obj, + }); +} + +/** + *The IAM SAML identity provider used for federated authentication.
+ */ +export interface FederatedAuthenticationRequest { + /** + *The Amazon Resource Name (ARN) of the IAM SAML identity provider.
+ */ + SAMLProviderArn?: string; + + /** + *The Amazon Resource Name (ARN) of the IAM SAML identity provider for the self-service portal.
+ */ + SelfServiceSAMLProviderArn?: string; +} + +export namespace FederatedAuthenticationRequest { + /** + * @internal + */ + export const filterSensitiveLog = (obj: FederatedAuthenticationRequest): any => ({ + ...obj, + }); +} + +/** + *Information about the client certificate to be used for authentication.
+ */ +export interface CertificateAuthenticationRequest { + /** + *The ARN of the client certificate. The certificate must be signed by a certificate + * authority (CA) and it must be provisioned in Certificate Manager (ACM).
+ */ + ClientRootCertificateChainArn?: string; +} + +export namespace CertificateAuthenticationRequest { + /** + * @internal + */ + export const filterSensitiveLog = (obj: CertificateAuthenticationRequest): any => ({ + ...obj, + }); +} + +export type ClientVpnAuthenticationType = + | "certificate-authentication" + | "directory-service-authentication" + | "federated-authentication"; + +/** + *Describes the authentication method to be used by a Client VPN endpoint. For more information, see Authentication + * in the Client VPN Administrator Guide.
+ */ +export interface ClientVpnAuthenticationRequest { + /** + *The type of client authentication to be used.
+ */ + Type?: ClientVpnAuthenticationType | string; + + /** + *Information about the Active Directory to be used, if applicable. You must provide this information if Type is directory-service-authentication
.
Information about the authentication certificates to be used, if applicable. You must provide this information if Type is certificate-authentication
.
Information about the IAM SAML identity provider to be used, if applicable. You must provide this information if Type is federated-authentication
.
The options for managing connection authorization for new client connections.
+ */ +export interface ClientConnectOptions { + /** + *Indicates whether client connect options are enabled. The default is false
(not enabled).
The Amazon Resource Name (ARN) of the Lambda function used for connection authorization.
+ */ + LambdaFunctionArn?: string; +} + +export namespace ClientConnectOptions { + /** + * @internal + */ + export const filterSensitiveLog = (obj: ClientConnectOptions): any => ({ + ...obj, + }); +} + +/** + *Describes the client connection logging options for the Client VPN endpoint.
+ */ +export interface ConnectionLogOptions { + /** + *Indicates whether connection logging is enabled.
+ */ + Enabled?: boolean; + + /** + *The name of the CloudWatch Logs log group. Required if connection logging is enabled.
+ */ + CloudwatchLogGroup?: string; + + /** + *The name of the CloudWatch Logs log stream to which the connection data is published.
+ */ + CloudwatchLogStream?: string; +} + +export namespace ConnectionLogOptions { + /** + * @internal + */ + export const filterSensitiveLog = (obj: ConnectionLogOptions): any => ({ + ...obj, + }); +} + +export type SelfServicePortal = "disabled" | "enabled"; + +export type TransportProtocol = "tcp" | "udp"; + +export interface CreateClientVpnEndpointRequest { + /** + *The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.
+ */ + ClientCidrBlock: string | undefined; + + /** + *The ARN of the server certificate. For more information, see + * the Certificate Manager User Guide.
+ */ + ServerCertificateArn: string | undefined; + + /** + *Information about the authentication method to be used to authenticate clients.
+ */ + AuthenticationOptions: ClientVpnAuthenticationRequest[] | undefined; + + /** + *Information about the client connection logging options.
+ *If you enable client connection logging, data about client connections is sent to a + * Cloudwatch Logs log stream. The following information is logged:
+ *Client connection requests
+ *Client connection results (successful and unsuccessful)
+ *Reasons for unsuccessful client connection requests
+ *Client connection termination time
+ *Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can + * have up to two DNS servers. If no DNS server is specified, the DNS address configured on the device is used for the DNS server.
+ */ + DnsServers?: string[]; + + /** + *The transport protocol to be used by the VPN session.
+ *Default value: udp
+ *
The port number to assign to the Client VPN endpoint for TCP and UDP traffic.
+ *Valid Values: 443
| 1194
+ *
Default Value: 443
+ *
A brief description of the Client VPN endpoint.
+ */ + Description?: string; + + /** + *Indicates whether split-tunnel is enabled on the Client VPN endpoint.
+ *By default, split-tunnel on a VPN endpoint is disabled.
+ *For information about split-tunnel VPN endpoints, see Split-tunnel Client VPN endpoint in the + * Client VPN Administrator Guide.
+ */ + SplitTunnel?: boolean; + + /** + *Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.
+ */ + ClientToken?: string; + + /** + *The tags to apply to the Client VPN endpoint during creation.
+ */ + TagSpecifications?: TagSpecification[]; + + /** + *The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.
+ */ + SecurityGroupIds?: string[]; + + /** + *The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.
+ */ + VpcId?: string; + + /** + *Specify whether to enable the self-service portal for the Client VPN endpoint.
+ *Default Value: enabled
+ *
The options for managing connection authorization for new client connections.
+ */ + ClientConnectOptions?: ClientConnectOptions; +} + +export namespace CreateClientVpnEndpointRequest { + /** + * @internal + */ + export const filterSensitiveLog = (obj: CreateClientVpnEndpointRequest): any => ({ + ...obj, + }); +} + +export type ClientVpnEndpointStatusCode = "available" | "deleted" | "deleting" | "pending-associate"; + +/** + *Describes the state of a Client VPN endpoint.
+ */ +export interface ClientVpnEndpointStatus { + /** + *The state of the Client VPN endpoint. Possible states include:
+ *
+ * pending-associate
- The Client VPN endpoint has been created but no target networks
+ * have been associated. The Client VPN endpoint cannot accept connections.
+ * available
- The Client VPN endpoint has been created and a target network has been
+ * associated. The Client VPN endpoint can accept connections.
+ * deleting
- The Client VPN endpoint is being deleted. The Client VPN endpoint cannot accept
+ * connections.
+ * deleted
- The Client VPN endpoint has been deleted. The Client VPN endpoint cannot accept
+ * connections.
A message about the status of the Client VPN endpoint.
+ */ + Message?: string; +} + +export namespace ClientVpnEndpointStatus { + /** + * @internal + */ + export const filterSensitiveLog = (obj: ClientVpnEndpointStatus): any => ({ + ...obj, + }); +} + +export interface CreateClientVpnEndpointResult { + /** + *The ID of the Client VPN endpoint.
+ */ + ClientVpnEndpointId?: string; + + /** + *The current state of the Client VPN endpoint.
+ */ + Status?: ClientVpnEndpointStatus; + + /** + *The DNS name to be used by clients when establishing their VPN session.
+ */ + DnsName?: string; +} + +export namespace CreateClientVpnEndpointResult { + /** + * @internal + */ + export const filterSensitiveLog = (obj: CreateClientVpnEndpointResult): any => ({ + ...obj, + }); +} + +export interface CreateClientVpnRouteRequest { + /** + *The ID of the Client VPN endpoint to which to add the route.
+ */ + ClientVpnEndpointId: string | undefined; + + /** + *The IPv4 address range, in CIDR notation, of the route destination. For example:
+ *To add a route for Internet access, enter 0.0.0.0/0
+ *
To add a route for a peered VPC, enter the peered VPC's IPv4 CIDR range
+ *To add a route for an on-premises network, enter the Amazon Web Services Site-to-Site VPN connection's IPv4 CIDR range
+ *To add a route for the local network, enter the client CIDR range
+ *The ID of the subnet through which you want to route traffic. The specified subnet must be + * an existing target network of the Client VPN endpoint.
+ *Alternatively, if you're adding a route for the local network, specify local
.
A brief description of the route.
+ */ + Description?: string; + + /** + *Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.
+ */ + ClientToken?: string; + + /** + *Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
Describes the state of a Client VPN endpoint route.
+ */ +export interface ClientVpnRouteStatus { + /** + *The state of the Client VPN endpoint route.
+ */ + Code?: ClientVpnRouteStatusCode | string; + + /** + *A message about the status of the Client VPN endpoint route, if applicable.
+ */ + Message?: string; +} + +export namespace ClientVpnRouteStatus { + /** + * @internal + */ + export const filterSensitiveLog = (obj: ClientVpnRouteStatus): any => ({ + ...obj, + }); +} + +export interface CreateClientVpnRouteResult { + /** + *The current state of the route.
+ */ + Status?: ClientVpnRouteStatus; +} + +export namespace CreateClientVpnRouteResult { + /** + * @internal + */ + export const filterSensitiveLog = (obj: CreateClientVpnRouteResult): any => ({ + ...obj, + }); +} + +export type GatewayType = "ipsec.1"; + +/** + *Contains the parameters for CreateCustomerGateway.
+ */ +export interface CreateCustomerGatewayRequest { + /** + *For devices that support BGP, the customer gateway's BGP ASN.
+ *Default: 65000
+ */ + BgpAsn: number | undefined; + + /** + *The Internet-routable IP address for the customer gateway's outside interface. The + * address must be static.
+ */ + PublicIp?: string; + + /** + *The Amazon Resource Name (ARN) for the customer gateway certificate.
+ */ + CertificateArn?: string; + + /** + *The type of VPN connection that this customer gateway supports
+ * (ipsec.1
).
The tags to apply to the customer gateway.
+ */ + TagSpecifications?: TagSpecification[]; + + /** + *A name for the customer gateway device.
+ *Length Constraints: Up to 255 characters.
+ */ + DeviceName?: string; + + /** + *Checks whether you have the required permissions for the action, without actually
+ * making the request, and provides an error response. If you have the required
+ * permissions, the error response is DryRunOperation
. Otherwise, it is
+ * UnauthorizedOperation
.
Describes a customer gateway.
+ */ +export interface CustomerGateway { + /** + *The customer gateway's Border Gateway Protocol (BGP) Autonomous System Number + * (ASN).
+ */ + BgpAsn?: string; + + /** + *The ID of the customer gateway.
+ */ + CustomerGatewayId?: string; + + /** + *The Internet-routable IP address of the customer gateway's outside interface.
+ */ + IpAddress?: string; + + /** + *The Amazon Resource Name (ARN) for the customer gateway certificate.
+ */ + CertificateArn?: string; + + /** + *The current state of the customer gateway (pending | available | deleting |
+ * deleted
).
The type of VPN connection the customer gateway supports
+ * (ipsec.1
).
The name of customer gateway device.
+ */ + DeviceName?: string; + + /** + *Any tags assigned to the customer gateway.
+ */ + Tags?: Tag[]; +} + +export namespace CustomerGateway { + /** + * @internal + */ + export const filterSensitiveLog = (obj: CustomerGateway): any => ({ + ...obj, + }); +} + +/** + *Contains the output of CreateCustomerGateway.
+ */ +export interface CreateCustomerGatewayResult { + /** + *Information about the customer gateway.
+ */ + CustomerGateway?: CustomerGateway; +} + +export namespace CreateCustomerGatewayResult { + /** + * @internal + */ + export const filterSensitiveLog = (obj: CreateCustomerGatewayResult): any => ({ + ...obj, + }); +} + +export interface CreateDefaultSubnetRequest { + /** + *The Availability Zone in which to create the default subnet.
+ */ + AvailabilityZone: string | undefined; + + /** + *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Describes a subnet.
+ */ +export interface Subnet { + /** + *The Availability Zone of the subnet.
+ */ + AvailabilityZone?: string; + + /** + *The AZ ID of the subnet.
+ */ + AvailabilityZoneId?: string; + + /** + *The number of unused private IPv4 addresses in the subnet. The IPv4 addresses for any + * stopped instances are considered unavailable.
+ */ + AvailableIpAddressCount?: number; + + /** + *The IPv4 CIDR block assigned to the subnet.
+ */ + CidrBlock?: string; + + /** + *Indicates whether this is the default subnet for the Availability Zone.
+ */ + DefaultForAz?: boolean; + + /** + *Indicates whether instances launched in this subnet receive a public IPv4 address.
+ */ + MapPublicIpOnLaunch?: boolean; + + /** + *Indicates whether a network interface created in this subnet (including a network + * interface created by RunInstances) receives a customer-owned IPv4 address.
+ */ + MapCustomerOwnedIpOnLaunch?: boolean; + + /** + *The customer-owned IPv4 address pool associated with the subnet.
+ */ + CustomerOwnedIpv4Pool?: string; + + /** + *The current state of the subnet.
+ */ + State?: SubnetState | string; + + /** + *The ID of the subnet.
+ */ + SubnetId?: string; + + /** + *The ID of the VPC the subnet is in.
+ */ + VpcId?: string; + + /** + *The ID of the Amazon Web Services account that owns the subnet.
+ */ + OwnerId?: string; + + /** + *Indicates whether a network interface created in this subnet (including a network + * interface created by RunInstances) receives an IPv6 address.
+ */ + AssignIpv6AddressOnCreation?: boolean; + + /** + *Information about the IPv6 CIDR blocks associated with the subnet.
+ */ + Ipv6CidrBlockAssociationSet?: SubnetIpv6CidrBlockAssociation[]; + + /** + *Any tags assigned to the subnet.
+ */ + Tags?: Tag[]; + + /** + *The Amazon Resource Name (ARN) of the subnet.
+ */ + SubnetArn?: string; + + /** + *The Amazon Resource Name (ARN) of the Outpost.
+ */ + OutpostArn?: string; +} + +export namespace Subnet { + /** + * @internal + */ + export const filterSensitiveLog = (obj: Subnet): any => ({ + ...obj, + }); +} + +export interface CreateDefaultSubnetResult { + /** + *Information about the subnet.
+ */ + Subnet?: Subnet; +} + +export namespace CreateDefaultSubnetResult { + /** + * @internal + */ + export const filterSensitiveLog = (obj: CreateDefaultSubnetResult): any => ({ + ...obj, + }); +} + +export interface CreateDefaultVpcRequest { + /** + *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Describes a VPC.
+ */ +export interface Vpc { + /** + *The primary IPv4 CIDR block for the VPC.
+ */ + CidrBlock?: string; + + /** + *The ID of the set of DHCP options you've associated with the VPC.
+ */ + DhcpOptionsId?: string; + + /** + *The current state of the VPC.
+ */ + State?: VpcState | string; + + /** + *The ID of the VPC.
+ */ + VpcId?: string; + + /** + *The ID of the Amazon Web Services account that owns the VPC.
+ */ + OwnerId?: string; + + /** + *The allowed tenancy of instances launched into the VPC.
+ */ + InstanceTenancy?: Tenancy | string; + + /** + *Information about the IPv6 CIDR blocks associated with the VPC.
+ */ + Ipv6CidrBlockAssociationSet?: VpcIpv6CidrBlockAssociation[]; + + /** + *Information about the IPv4 CIDR blocks associated with the VPC.
+ */ + CidrBlockAssociationSet?: VpcCidrBlockAssociation[]; + + /** + *Indicates whether the VPC is the default VPC.
+ */ + IsDefault?: boolean; + + /** + *Any tags assigned to the VPC.
+ */ + Tags?: Tag[]; +} + +export namespace Vpc { + /** + * @internal + */ + export const filterSensitiveLog = (obj: Vpc): any => ({ + ...obj, + }); +} + +export interface CreateDefaultVpcResult { + /** + *Information about the VPC.
+ */ + Vpc?: Vpc; +} + +export namespace CreateDefaultVpcResult { + /** + * @internal + */ + export const filterSensitiveLog = (obj: CreateDefaultVpcResult): any => ({ + ...obj, + }); +} + +/** + *Describes a DHCP configuration option.
+ */ +export interface NewDhcpConfiguration { + /** + *The name of a DHCP option.
+ */ + Key?: string; + + /** + *One or more values for the DHCP option.
+ */ + Values?: string[]; +} + +export namespace NewDhcpConfiguration { + /** + * @internal + */ + export const filterSensitiveLog = (obj: NewDhcpConfiguration): any => ({ + ...obj, + }); +} + +export interface CreateDhcpOptionsRequest { + /** + *A DHCP configuration option.
+ */ + DhcpConfigurations: NewDhcpConfiguration[] | undefined; + + /** + *The tags to assign to the DHCP option.
+ */ + TagSpecifications?: TagSpecification[]; + + /** + *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Describes a value for a resource attribute that is a String.
+ */ +export interface AttributeValue { + /** + *The attribute value. The value is case-sensitive.
+ */ + Value?: string; +} + +export namespace AttributeValue { + /** + * @internal + */ + export const filterSensitiveLog = (obj: AttributeValue): any => ({ + ...obj, + }); +} + +/** + *Describes a DHCP configuration option.
+ */ +export interface DhcpConfiguration { + /** + *The name of a DHCP option.
+ */ + Key?: string; + + /** + *One or more values for the DHCP option.
+ */ + Values?: AttributeValue[]; +} + +export namespace DhcpConfiguration { + /** + * @internal + */ + export const filterSensitiveLog = (obj: DhcpConfiguration): any => ({ + ...obj, + }); +} + +/** + *Describes a set of DHCP options.
+ */ +export interface DhcpOptions { + /** + *One or more DHCP options in the set.
+ */ + DhcpConfigurations?: DhcpConfiguration[]; + + /** + *The ID of the set of DHCP options.
+ */ + DhcpOptionsId?: string; + + /** + *The ID of the Amazon Web Services account that owns the DHCP options set.
+ */ + OwnerId?: string; + + /** + *Any tags assigned to the DHCP options set.
+ */ + Tags?: Tag[]; +} + +export namespace DhcpOptions { + /** + * @internal + */ + export const filterSensitiveLog = (obj: DhcpOptions): any => ({ + ...obj, + }); +} + +export interface CreateDhcpOptionsResult { + /** + *A set of DHCP options.
+ */ + DhcpOptions?: DhcpOptions; +} + +export namespace CreateDhcpOptionsResult { + /** + * @internal + */ + export const filterSensitiveLog = (obj: CreateDhcpOptionsResult): any => ({ + ...obj, + }); +} + +export interface CreateEgressOnlyInternetGatewayRequest { + /** + *Unique, case-sensitive identifier that you provide to ensure the idempotency of the + * request. For more information, see How to ensure + * idempotency.
+ */ + ClientToken?: string; + + /** + *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The ID of the VPC for which to create the egress-only internet gateway.
+ */ + VpcId: string | undefined; + + /** + *The tags to assign to the egress-only internet gateway.
+ */ + TagSpecifications?: TagSpecification[]; +} + +export namespace CreateEgressOnlyInternetGatewayRequest { + /** + * @internal + */ + export const filterSensitiveLog = (obj: CreateEgressOnlyInternetGatewayRequest): any => ({ + ...obj, + }); +} + +/** + *Describes the attachment of a VPC to an internet gateway or an egress-only internet + * gateway.
+ */ +export interface InternetGatewayAttachment { + /** + *The current state of the attachment. For an internet gateway, the state is
+ * available
when attached to a VPC; otherwise, this value is not
+ * returned.
The ID of the VPC.
+ */ + VpcId?: string; +} + +export namespace InternetGatewayAttachment { + /** + * @internal + */ + export const filterSensitiveLog = (obj: InternetGatewayAttachment): any => ({ + ...obj, + }); +} + +/** + *Describes an egress-only internet gateway.
+ */ +export interface EgressOnlyInternetGateway { + /** + *Information about the attachment of the egress-only internet gateway.
+ */ + Attachments?: InternetGatewayAttachment[]; + + /** + *The ID of the egress-only internet gateway.
+ */ + EgressOnlyInternetGatewayId?: string; + + /** + *The tags assigned to the egress-only internet gateway.
+ */ + Tags?: Tag[]; +} + +export namespace EgressOnlyInternetGateway { + /** + * @internal + */ + export const filterSensitiveLog = (obj: EgressOnlyInternetGateway): any => ({ + ...obj, + }); +} + +export interface CreateEgressOnlyInternetGatewayResult { + /** + *Unique, case-sensitive identifier that you provide to ensure the idempotency of the + * request.
+ */ + ClientToken?: string; + + /** + *Information about the egress-only internet gateway.
+ */ + EgressOnlyInternetGateway?: EgressOnlyInternetGateway; +} + +export namespace CreateEgressOnlyInternetGatewayResult { + /** + * @internal + */ + export const filterSensitiveLog = (obj: CreateEgressOnlyInternetGatewayResult): any => ({ + ...obj, + }); +} + +export enum FleetExcessCapacityTerminationPolicy { + NO_TERMINATION = "no-termination", + TERMINATION = "termination", +} + +/** + *Describes the Amazon EC2 launch template and the launch template version that can be used by + * an EC2 Fleet to configure Amazon EC2 instances. For information about launch templates, see Launching + * an instance from a launch template in the + * Amazon EC2 User Guide.
+ */ +export interface FleetLaunchTemplateSpecificationRequest { + /** + *The ID of the launch template. If you specify the template ID, you can't specify the template name.
+ */ + LaunchTemplateId?: string; + + /** + *The name of the launch template. If you specify the template name, you can't specify the template ID.
+ */ + LaunchTemplateName?: string; + + /** + *The launch template version number, $Latest
, or $Default
. You must specify a value, otherwise the request fails.
If the value is $Latest
, Amazon EC2 uses the latest version of the launch template.
If the value is $Default
, Amazon EC2 uses the default version of the launch template.
Describes the placement of an instance.
*/ @@ -8519,248 +8960,3 @@ export namespace CreateInstanceEventWindowRequest { ...obj, }); } - -export interface CreateInstanceEventWindowResult { - /** - *Information about the event window.
- */ - InstanceEventWindow?: InstanceEventWindow; -} - -export namespace CreateInstanceEventWindowResult { - /** - * @internal - */ - export const filterSensitiveLog = (obj: CreateInstanceEventWindowResult): any => ({ - ...obj, - }); -} - -export type ContainerFormat = "ova"; - -export type DiskImageFormat = "RAW" | "VHD" | "VMDK"; - -/** - *Describes an export instance task.
- */ -export interface ExportToS3TaskSpecification { - /** - *The container format used to combine disk images with metadata (such as OVF). If absent, only the disk image is - * exported.
- */ - ContainerFormat?: ContainerFormat | string; - - /** - *The format for the exported image.
- */ - DiskImageFormat?: DiskImageFormat | string; - - /** - *The Amazon S3 bucket for the destination image. The destination bucket must exist and grant
- * WRITE and READ_ACP permissions to the Amazon Web Services account vm-import-export@amazon.com
.
The image is written to a single object in the Amazon S3 bucket at the S3 key s3prefix + - * exportTaskId + '.' + diskImageFormat.
- */ - S3Prefix?: string; -} - -export namespace ExportToS3TaskSpecification { - /** - * @internal - */ - export const filterSensitiveLog = (obj: ExportToS3TaskSpecification): any => ({ - ...obj, - }); -} - -export type ExportEnvironment = "citrix" | "microsoft" | "vmware"; - -export interface CreateInstanceExportTaskRequest { - /** - *A description for the conversion task or the resource being exported. The maximum length is 255 characters.
- */ - Description?: string; - - /** - *The format and location for an export instance task.
- */ - ExportToS3Task: ExportToS3TaskSpecification | undefined; - - /** - *The ID of the instance.
- */ - InstanceId: string | undefined; - - /** - *The target virtualization environment.
- */ - TargetEnvironment: ExportEnvironment | string | undefined; - - /** - *The tags to apply to the export instance task during creation.
- */ - TagSpecifications?: TagSpecification[]; -} - -export namespace CreateInstanceExportTaskRequest { - /** - * @internal - */ - export const filterSensitiveLog = (obj: CreateInstanceExportTaskRequest): any => ({ - ...obj, - }); -} - -/** - *Describes the format and location for the export task.
- */ -export interface ExportToS3Task { - /** - *The container format used to combine disk images with metadata (such as OVF). If absent, only the disk image is - * exported.
- */ - ContainerFormat?: ContainerFormat | string; - - /** - *The format for the exported image.
- */ - DiskImageFormat?: DiskImageFormat | string; - - /** - *The Amazon S3 bucket for the destination image. The destination bucket must exist and grant
- * WRITE and READ_ACP permissions to the Amazon Web Services account vm-import-export@amazon.com
.
The encryption key for your S3 bucket.
- */ - S3Key?: string; -} - -export namespace ExportToS3Task { - /** - * @internal - */ - export const filterSensitiveLog = (obj: ExportToS3Task): any => ({ - ...obj, - }); -} - -/** - *Describes an instance to export.
- */ -export interface InstanceExportDetails { - /** - *The ID of the resource being exported.
- */ - InstanceId?: string; - - /** - *The target virtualization environment.
- */ - TargetEnvironment?: ExportEnvironment | string; -} - -export namespace InstanceExportDetails { - /** - * @internal - */ - export const filterSensitiveLog = (obj: InstanceExportDetails): any => ({ - ...obj, - }); -} - -export type ExportTaskState = "active" | "cancelled" | "cancelling" | "completed"; - -/** - *Describes an export instance task.
- */ -export interface ExportTask { - /** - *A description of the resource being exported.
- */ - Description?: string; - - /** - *The ID of the export task.
- */ - ExportTaskId?: string; - - /** - *Information about the export task.
- */ - ExportToS3Task?: ExportToS3Task; - - /** - *Information about the instance to export.
- */ - InstanceExportDetails?: InstanceExportDetails; - - /** - *The state of the export task.
- */ - State?: ExportTaskState | string; - - /** - *The status message related to the export task.
- */ - StatusMessage?: string; - - /** - *The tags for the export task.
- */ - Tags?: Tag[]; -} - -export namespace ExportTask { - /** - * @internal - */ - export const filterSensitiveLog = (obj: ExportTask): any => ({ - ...obj, - }); -} - -export interface CreateInstanceExportTaskResult { - /** - *Information about the export instance task.
- */ - ExportTask?: ExportTask; -} - -export namespace CreateInstanceExportTaskResult { - /** - * @internal - */ - export const filterSensitiveLog = (obj: CreateInstanceExportTaskResult): any => ({ - ...obj, - }); -} - -export interface CreateInternetGatewayRequest { - /** - *The tags to assign to the internet gateway.
- */ - TagSpecifications?: TagSpecification[]; - - /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
Information about the event window.
+ */ + InstanceEventWindow?: InstanceEventWindow; +} + +export namespace CreateInstanceEventWindowResult { + /** + * @internal + */ + export const filterSensitiveLog = (obj: CreateInstanceEventWindowResult): any => ({ + ...obj, + }); +} + +export type ContainerFormat = "ova"; + +export type DiskImageFormat = "RAW" | "VHD" | "VMDK"; + +/** + *Describes an export instance task.
+ */ +export interface ExportToS3TaskSpecification { + /** + *The container format used to combine disk images with metadata (such as OVF). If absent, only the disk image is + * exported.
+ */ + ContainerFormat?: ContainerFormat | string; + + /** + *The format for the exported image.
+ */ + DiskImageFormat?: DiskImageFormat | string; + + /** + *The Amazon S3 bucket for the destination image. The destination bucket must exist and grant
+ * WRITE and READ_ACP permissions to the Amazon Web Services account vm-import-export@amazon.com
.
The image is written to a single object in the Amazon S3 bucket at the S3 key s3prefix + + * exportTaskId + '.' + diskImageFormat.
+ */ + S3Prefix?: string; +} + +export namespace ExportToS3TaskSpecification { + /** + * @internal + */ + export const filterSensitiveLog = (obj: ExportToS3TaskSpecification): any => ({ + ...obj, + }); +} + +export type ExportEnvironment = "citrix" | "microsoft" | "vmware"; + +export interface CreateInstanceExportTaskRequest { + /** + *A description for the conversion task or the resource being exported. The maximum length is 255 characters.
+ */ + Description?: string; + + /** + *The format and location for an export instance task.
+ */ + ExportToS3Task: ExportToS3TaskSpecification | undefined; + + /** + *The ID of the instance.
+ */ + InstanceId: string | undefined; + + /** + *The target virtualization environment.
+ */ + TargetEnvironment: ExportEnvironment | string | undefined; + + /** + *The tags to apply to the export instance task during creation.
+ */ + TagSpecifications?: TagSpecification[]; +} + +export namespace CreateInstanceExportTaskRequest { + /** + * @internal + */ + export const filterSensitiveLog = (obj: CreateInstanceExportTaskRequest): any => ({ + ...obj, + }); +} + +/** + *Describes the format and location for the export task.
+ */ +export interface ExportToS3Task { + /** + *The container format used to combine disk images with metadata (such as OVF). If absent, only the disk image is + * exported.
+ */ + ContainerFormat?: ContainerFormat | string; + + /** + *The format for the exported image.
+ */ + DiskImageFormat?: DiskImageFormat | string; + + /** + *The Amazon S3 bucket for the destination image. The destination bucket must exist and grant
+ * WRITE and READ_ACP permissions to the Amazon Web Services account vm-import-export@amazon.com
.
The encryption key for your S3 bucket.
+ */ + S3Key?: string; +} + +export namespace ExportToS3Task { + /** + * @internal + */ + export const filterSensitiveLog = (obj: ExportToS3Task): any => ({ + ...obj, + }); +} + +/** + *Describes an instance to export.
+ */ +export interface InstanceExportDetails { + /** + *The ID of the resource being exported.
+ */ + InstanceId?: string; + + /** + *The target virtualization environment.
+ */ + TargetEnvironment?: ExportEnvironment | string; +} + +export namespace InstanceExportDetails { + /** + * @internal + */ + export const filterSensitiveLog = (obj: InstanceExportDetails): any => ({ + ...obj, + }); +} + +export type ExportTaskState = "active" | "cancelled" | "cancelling" | "completed"; + +/** + *Describes an export instance task.
+ */ +export interface ExportTask { + /** + *A description of the resource being exported.
+ */ + Description?: string; + + /** + *The ID of the export task.
+ */ + ExportTaskId?: string; + + /** + *Information about the export task.
+ */ + ExportToS3Task?: ExportToS3Task; + + /** + *Information about the instance to export.
+ */ + InstanceExportDetails?: InstanceExportDetails; + + /** + *The state of the export task.
+ */ + State?: ExportTaskState | string; + + /** + *The status message related to the export task.
+ */ + StatusMessage?: string; + + /** + *The tags for the export task.
+ */ + Tags?: Tag[]; +} + +export namespace ExportTask { + /** + * @internal + */ + export const filterSensitiveLog = (obj: ExportTask): any => ({ + ...obj, + }); +} + +export interface CreateInstanceExportTaskResult { + /** + *Information about the export instance task.
+ */ + ExportTask?: ExportTask; +} + +export namespace CreateInstanceExportTaskResult { + /** + * @internal + */ + export const filterSensitiveLog = (obj: CreateInstanceExportTaskResult): any => ({ + ...obj, + }); +} + +export interface CreateInternetGatewayRequest { + /** + *The tags to assign to the internet gateway.
+ */ + TagSpecifications?: TagSpecification[]; + + /** + *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Describes an internet gateway.
*/ @@ -9390,343 +9634,3 @@ export namespace VpnConnectionOptions { ...obj, }); } - -export type VpnStaticRouteSource = "Static"; - -export type VpnState = "available" | "deleted" | "deleting" | "pending"; - -/** - *Describes a static route for a VPN connection.
- */ -export interface VpnStaticRoute { - /** - *The CIDR block associated with the local subnet of the customer data center.
- */ - DestinationCidrBlock?: string; - - /** - *Indicates how the routes were provided.
- */ - Source?: VpnStaticRouteSource | string; - - /** - *The current state of the static route.
- */ - State?: VpnState | string; -} - -export namespace VpnStaticRoute { - /** - * @internal - */ - export const filterSensitiveLog = (obj: VpnStaticRoute): any => ({ - ...obj, - }); -} - -export type TelemetryStatus = "DOWN" | "UP"; - -/** - *Describes telemetry for a VPN tunnel.
- */ -export interface VgwTelemetry { - /** - *The number of accepted routes.
- */ - AcceptedRouteCount?: number; - - /** - *The date and time of the last change in status.
- */ - LastStatusChange?: Date; - - /** - *The Internet-routable IP address of the virtual private gateway's outside - * interface.
- */ - OutsideIpAddress?: string; - - /** - *The status of the VPN tunnel.
- */ - Status?: TelemetryStatus | string; - - /** - *If an error occurs, a description of the error.
- */ - StatusMessage?: string; - - /** - *The Amazon Resource Name (ARN) of the VPN tunnel endpoint certificate.
- */ - CertificateArn?: string; -} - -export namespace VgwTelemetry { - /** - * @internal - */ - export const filterSensitiveLog = (obj: VgwTelemetry): any => ({ - ...obj, - }); -} - -/** - *Describes a VPN connection.
- */ -export interface VpnConnection { - /** - *The configuration information for the VPN connection's customer gateway (in the native
- * XML format). This element is always present in the CreateVpnConnection
- * response; however, it's present in the DescribeVpnConnections response
- * only if the VPN connection is in the pending
or available
- * state.
The ID of the customer gateway at your end of the VPN connection.
- */ - CustomerGatewayId?: string; - - /** - *The category of the VPN connection. A value of VPN
indicates an Amazon Web Services VPN connection. A value of VPN-Classic
indicates an Amazon Web Services Classic VPN connection.
The current state of the VPN connection.
- */ - State?: VpnState | string; - - /** - *The type of VPN connection.
- */ - Type?: GatewayType | string; - - /** - *The ID of the VPN connection.
- */ - VpnConnectionId?: string; - - /** - *The ID of the virtual private gateway at the Amazon Web Services side of the VPN - * connection.
- */ - VpnGatewayId?: string; - - /** - *The ID of the transit gateway associated with the VPN connection.
- */ - TransitGatewayId?: string; - - /** - *The VPN connection options.
- */ - Options?: VpnConnectionOptions; - - /** - *The static routes associated with the VPN connection.
- */ - Routes?: VpnStaticRoute[]; - - /** - *Any tags assigned to the VPN connection.
- */ - Tags?: Tag[]; - - /** - *Information about the VPN tunnel.
- */ - VgwTelemetry?: VgwTelemetry[]; -} - -export namespace VpnConnection { - /** - * @internal - */ - export const filterSensitiveLog = (obj: VpnConnection): any => ({ - ...obj, - }); -} - -/** - *Contains the output of CreateVpnConnection.
- */ -export interface CreateVpnConnectionResult { - /** - *Information about the VPN connection.
- */ - VpnConnection?: VpnConnection; -} - -export namespace CreateVpnConnectionResult { - /** - * @internal - */ - export const filterSensitiveLog = (obj: CreateVpnConnectionResult): any => ({ - ...obj, - }); -} - -/** - *Contains the parameters for CreateVpnConnectionRoute.
- */ -export interface CreateVpnConnectionRouteRequest { - /** - *The CIDR block associated with the local subnet of the customer network.
- */ - DestinationCidrBlock: string | undefined; - - /** - *The ID of the VPN connection.
- */ - VpnConnectionId: string | undefined; -} - -export namespace CreateVpnConnectionRouteRequest { - /** - * @internal - */ - export const filterSensitiveLog = (obj: CreateVpnConnectionRouteRequest): any => ({ - ...obj, - }); -} - -/** - *Contains the parameters for CreateVpnGateway.
- */ -export interface CreateVpnGatewayRequest { - /** - *The Availability Zone for the virtual private gateway.
- */ - AvailabilityZone?: string; - - /** - *The type of VPN connection this virtual private gateway supports.
- */ - Type: GatewayType | string | undefined; - - /** - *The tags to apply to the virtual private gateway.
- */ - TagSpecifications?: TagSpecification[]; - - /** - *A private Autonomous System Number (ASN) for the Amazon side of a BGP session. If - * you're using a 16-bit ASN, it must be in the 64512 to 65534 range. If you're using a - * 32-bit ASN, it must be in the 4200000000 to 4294967294 range.
- *Default: 64512
- */ - AmazonSideAsn?: number; - - /** - *Checks whether you have the required permissions for the action, without actually
- * making the request, and provides an error response. If you have the required
- * permissions, the error response is DryRunOperation
. Otherwise, it is
- * UnauthorizedOperation
.
Describes a virtual private gateway.
- */ -export interface VpnGateway { - /** - *The Availability Zone where the virtual private gateway was created, if applicable. - * This field may be empty or not returned.
- */ - AvailabilityZone?: string; - - /** - *The current state of the virtual private gateway.
- */ - State?: VpnState | string; - - /** - *The type of VPN connection the virtual private gateway supports.
- */ - Type?: GatewayType | string; - - /** - *Any VPCs attached to the virtual private gateway.
- */ - VpcAttachments?: VpcAttachment[]; - - /** - *The ID of the virtual private gateway.
- */ - VpnGatewayId?: string; - - /** - *The private Autonomous System Number (ASN) for the Amazon side of a BGP - * session.
- */ - AmazonSideAsn?: number; - - /** - *Any tags assigned to the virtual private gateway.
- */ - Tags?: Tag[]; -} - -export namespace VpnGateway { - /** - * @internal - */ - export const filterSensitiveLog = (obj: VpnGateway): any => ({ - ...obj, - }); -} - -/** - *Contains the output of CreateVpnGateway.
- */ -export interface CreateVpnGatewayResult { - /** - *Information about the virtual private gateway.
- */ - VpnGateway?: VpnGateway; -} - -export namespace CreateVpnGatewayResult { - /** - * @internal - */ - export const filterSensitiveLog = (obj: CreateVpnGatewayResult): any => ({ - ...obj, - }); -} - -export interface DeleteCarrierGatewayRequest { - /** - *The ID of the carrier gateway.
- */ - CarrierGatewayId: string | undefined; - - /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
Describes a static route for a VPN connection.
+ */ +export interface VpnStaticRoute { + /** + *The CIDR block associated with the local subnet of the customer data center.
+ */ + DestinationCidrBlock?: string; + + /** + *Indicates how the routes were provided.
+ */ + Source?: VpnStaticRouteSource | string; + + /** + *The current state of the static route.
+ */ + State?: VpnState | string; +} + +export namespace VpnStaticRoute { + /** + * @internal + */ + export const filterSensitiveLog = (obj: VpnStaticRoute): any => ({ + ...obj, + }); +} + +export type TelemetryStatus = "DOWN" | "UP"; + +/** + *Describes telemetry for a VPN tunnel.
+ */ +export interface VgwTelemetry { + /** + *The number of accepted routes.
+ */ + AcceptedRouteCount?: number; + + /** + *The date and time of the last change in status.
+ */ + LastStatusChange?: Date; + + /** + *The Internet-routable IP address of the virtual private gateway's outside + * interface.
+ */ + OutsideIpAddress?: string; + + /** + *The status of the VPN tunnel.
+ */ + Status?: TelemetryStatus | string; + + /** + *If an error occurs, a description of the error.
+ */ + StatusMessage?: string; + + /** + *The Amazon Resource Name (ARN) of the VPN tunnel endpoint certificate.
+ */ + CertificateArn?: string; +} + +export namespace VgwTelemetry { + /** + * @internal + */ + export const filterSensitiveLog = (obj: VgwTelemetry): any => ({ + ...obj, + }); +} + +/** + *Describes a VPN connection.
+ */ +export interface VpnConnection { + /** + *The configuration information for the VPN connection's customer gateway (in the native
+ * XML format). This element is always present in the CreateVpnConnection
+ * response; however, it's present in the DescribeVpnConnections response
+ * only if the VPN connection is in the pending
or available
+ * state.
The ID of the customer gateway at your end of the VPN connection.
+ */ + CustomerGatewayId?: string; + + /** + *The category of the VPN connection. A value of VPN
indicates an Amazon Web Services VPN connection. A value of VPN-Classic
indicates an Amazon Web Services Classic VPN connection.
The current state of the VPN connection.
+ */ + State?: VpnState | string; + + /** + *The type of VPN connection.
+ */ + Type?: GatewayType | string; + + /** + *The ID of the VPN connection.
+ */ + VpnConnectionId?: string; + + /** + *The ID of the virtual private gateway at the Amazon Web Services side of the VPN + * connection.
+ */ + VpnGatewayId?: string; + + /** + *The ID of the transit gateway associated with the VPN connection.
+ */ + TransitGatewayId?: string; + + /** + *The VPN connection options.
+ */ + Options?: VpnConnectionOptions; + + /** + *The static routes associated with the VPN connection.
+ */ + Routes?: VpnStaticRoute[]; + + /** + *Any tags assigned to the VPN connection.
+ */ + Tags?: Tag[]; + + /** + *Information about the VPN tunnel.
+ */ + VgwTelemetry?: VgwTelemetry[]; +} + +export namespace VpnConnection { + /** + * @internal + */ + export const filterSensitiveLog = (obj: VpnConnection): any => ({ + ...obj, + }); +} + +/** + *Contains the output of CreateVpnConnection.
+ */ +export interface CreateVpnConnectionResult { + /** + *Information about the VPN connection.
+ */ + VpnConnection?: VpnConnection; +} + +export namespace CreateVpnConnectionResult { + /** + * @internal + */ + export const filterSensitiveLog = (obj: CreateVpnConnectionResult): any => ({ + ...obj, + }); +} + +/** + *Contains the parameters for CreateVpnConnectionRoute.
+ */ +export interface CreateVpnConnectionRouteRequest { + /** + *The CIDR block associated with the local subnet of the customer network.
+ */ + DestinationCidrBlock: string | undefined; + + /** + *The ID of the VPN connection.
+ */ + VpnConnectionId: string | undefined; +} + +export namespace CreateVpnConnectionRouteRequest { + /** + * @internal + */ + export const filterSensitiveLog = (obj: CreateVpnConnectionRouteRequest): any => ({ + ...obj, + }); +} + +/** + *Contains the parameters for CreateVpnGateway.
+ */ +export interface CreateVpnGatewayRequest { + /** + *The Availability Zone for the virtual private gateway.
+ */ + AvailabilityZone?: string; + + /** + *The type of VPN connection this virtual private gateway supports.
+ */ + Type: GatewayType | string | undefined; + + /** + *The tags to apply to the virtual private gateway.
+ */ + TagSpecifications?: TagSpecification[]; + + /** + *A private Autonomous System Number (ASN) for the Amazon side of a BGP session. If + * you're using a 16-bit ASN, it must be in the 64512 to 65534 range. If you're using a + * 32-bit ASN, it must be in the 4200000000 to 4294967294 range.
+ *Default: 64512
+ */ + AmazonSideAsn?: number; + + /** + *Checks whether you have the required permissions for the action, without actually
+ * making the request, and provides an error response. If you have the required
+ * permissions, the error response is DryRunOperation
. Otherwise, it is
+ * UnauthorizedOperation
.
Describes a virtual private gateway.
+ */ +export interface VpnGateway { + /** + *The Availability Zone where the virtual private gateway was created, if applicable. + * This field may be empty or not returned.
+ */ + AvailabilityZone?: string; + + /** + *The current state of the virtual private gateway.
+ */ + State?: VpnState | string; + + /** + *The type of VPN connection the virtual private gateway supports.
+ */ + Type?: GatewayType | string; + + /** + *Any VPCs attached to the virtual private gateway.
+ */ + VpcAttachments?: VpcAttachment[]; + + /** + *The ID of the virtual private gateway.
+ */ + VpnGatewayId?: string; + + /** + *The private Autonomous System Number (ASN) for the Amazon side of a BGP + * session.
+ */ + AmazonSideAsn?: number; + + /** + *Any tags assigned to the virtual private gateway.
+ */ + Tags?: Tag[]; +} + +export namespace VpnGateway { + /** + * @internal + */ + export const filterSensitiveLog = (obj: VpnGateway): any => ({ + ...obj, + }); +} + +/** + *Contains the output of CreateVpnGateway.
+ */ +export interface CreateVpnGatewayResult { + /** + *Information about the virtual private gateway.
+ */ + VpnGateway?: VpnGateway; +} + +export namespace CreateVpnGatewayResult { + /** + * @internal + */ + export const filterSensitiveLog = (obj: CreateVpnGatewayResult): any => ({ + ...obj, + }); +} + +export interface DeleteCarrierGatewayRequest { + /** + *The ID of the carrier gateway.
+ */ + CarrierGatewayId: string | undefined; + + /** + *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Information about the carrier gateway.
@@ -3314,11 +3661,11 @@ export namespace DescribeByoipCidrsResult { }); } -export interface DescribeCapacityReservationsRequest { +export interface DescribeCapacityReservationFleetsRequest { /** - *The ID of the Capacity Reservation.
+ *The IDs of the Capacity Reservation Fleets to describe.
*/ - CapacityReservationIds?: string[]; + CapacityReservationFleetIds?: string[]; /** *The token to use to retrieve the next page of results.
@@ -3332,23 +3679,249 @@ export interface DescribeCapacityReservationsRequest { /** *One or more filters.
- *
- * instance-type
- The type of instance for which the Capacity Reservation reserves capacity.
+ * state
- The state of the Fleet (submitted
| modifying
| active
|
+ * partially_fulfilled
| expiring
| expired
| cancelling
|
+ * cancelled
| failed
).
- * owner-id
- The ID of the Amazon Web Services account that owns the Capacity Reservation.
+ * instance-match-criteria
- The instance matching criteria for the Fleet. Only open
is supported.
- * availability-zone-id
- The Availability Zone ID of the Capacity Reservation.
+ * tenancy
- The tenancy of the Fleet (default
| dedicated
).
- * instance-platform
- The type of operating system for which the Capacity Reservation reserves capacity.
+ * allocation-strategy
- The allocation strategy used by the Fleet. Only prioritized
is supported.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
Information about a Capacity Reservation Fleet.
+ */ +export interface CapacityReservationFleet { + /** + *The ID of the Capacity Reservation Fleet.
+ */ + CapacityReservationFleetId?: string; + + /** + *The ARN of the Capacity Reservation Fleet.
+ */ + CapacityReservationFleetArn?: string; + + /** + *The state of the Capacity Reservation Fleet. Possible states include:
+ *
+ * submitted
- The Capacity Reservation Fleet request has been submitted
+ * and Amazon Elastic Compute Cloud is preparing to create the Capacity Reservations.
+ * modifying
- The Capacity Reservation Fleet is being modified. The Fleet
+ * remains in this state until the modification is complete.
+ * active
- The Capacity Reservation Fleet has fulfilled its total target
+ * capacity and it is attempting to maintain this capacity. The Fleet remains in this
+ * state until it is modified or deleted.
+ * partially_fulfilled
- The Capacity Reservation Fleet has partially
+ * fulfilled its total target capacity. There is insufficient Amazon EC2 to
+ * fulfill the total target capacity. The Fleet is attempting to asynchronously fulfill
+ * its total target capacity.
+ * expiring
- The Capacity Reservation Fleet has reach its end date and it
+ * is in the process of expiring. One or more of its Capacity reservations might still
+ * be active.
+ * expired
- The Capacity Reservation Fleet has reach its end date. The Fleet
+ * and its Capacity Reservations are expired. The Fleet can't create new Capacity
+ * Reservations.
+ * cancelling
- The Capacity Reservation Fleet is in the process of being
+ * cancelled. One or more of its Capacity reservations might still be active.
+ * cancelled
- The Capacity Reservation Fleet has been manually cancelled.
+ * The Fleet and its Capacity Reservations are cancelled and the Fleet can't create new
+ * Capacity Reservations.
+ * failed
- The Capacity Reservation Fleet failed to reserve capacity for
+ * the specified instance types.
The total number of capacity units for which the Capacity Reservation Fleet reserves capacity. + * For more information, see Total target capacity + * in the Amazon EC2 User Guide.
+ */ + TotalTargetCapacity?: number; + + /** + *The capacity units that have been fulfilled.
+ */ + TotalFulfilledCapacity?: number; + + /** + *The tenancy of the Capacity Reservation Fleet. Tenancies include:
+ *
+ * default
- The Capacity Reservation Fleet is created on hardware that is
+ * shared with other Amazon Web Services accounts.
+ * dedicated
- The Capacity Reservation Fleet is created on single-tenant
+ * hardware that is dedicated to a single Amazon Web Services account.
The date and time at which the Capacity Reservation Fleet expires.
+ */ + EndDate?: Date; + + /** + *The date and time at which the Capacity Reservation Fleet was created.
+ */ + CreateTime?: Date; + + /** + *Indicates the type of instance launches that the Capacity Reservation Fleet accepts. All + * Capacity Reservations in the Fleet inherit this instance matching criteria.
+ *Currently, Capacity Reservation Fleets support open
instance matching criteria
+ * only. This means that instances that have matching attributes (instance type, platform, and
+ * Availability Zone) run in the Capacity Reservations automatically. Instances do not need to
+ * explicitly target a Capacity Reservation Fleet to use its reserved capacity.
The strategy used by the Capacity Reservation Fleet to determine which of the specified + * instance types to use. For more information, see For more information, see + * + * Allocation strategy in the Amazon EC2 User Guide.
+ */ + AllocationStrategy?: string; + + /** + *Information about the instance types for which to reserve the capacity.
+ */ + InstanceTypeSpecifications?: FleetCapacityReservation[]; + + /** + *The tags assigned to the Capacity Reservation Fleet.
+ */ + Tags?: Tag[]; +} + +export namespace CapacityReservationFleet { + /** + * @internal + */ + export const filterSensitiveLog = (obj: CapacityReservationFleet): any => ({ + ...obj, + }); +} + +export interface DescribeCapacityReservationFleetsResult { + /** + *Information about the Capacity Reservation Fleets.
+ */ + CapacityReservationFleets?: CapacityReservationFleet[]; + + /** + *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The ID of the Capacity Reservation.
+ */ + CapacityReservationIds?: string[]; + + /** + *The token to use to retrieve the next page of results.
+ */ + NextToken?: string; + + /** + *The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the returned nextToken
value. This value can be between 5 and 500. If maxResults
is given a larger value than 500, you receive an error.
One or more filters.
+ *
+ * instance-type
- The type of instance for which the Capacity Reservation reserves capacity.
+ * owner-id
- The ID of the Amazon Web Services account that owns the Capacity Reservation.
+ * availability-zone-id
- The Availability Zone ID of the Capacity Reservation.
+ * instance-platform
- The type of operating system for which the Capacity Reservation reserves capacity.
* availability-zone
- The Availability Zone ID of the Capacity Reservation.
A list of zero or more import image tasks that are currently active or were completed or canceled in the - * previous 7 days.
- */ - ImportImageTasks?: ImportImageTask[]; - - /** - *The token to use to get the next page of results. This value is null
when there are no more results
- * to return.
Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The filters.
- */ - Filters?: Filter[]; - - /** - *A list of import snapshot task IDs.
- */ - ImportTaskIds?: string[]; - - /** - *The maximum number of results to return in a single call. To retrieve the remaining results, make another call
- * with the returned NextToken
value.
A token that indicates the next page of results.
- */ - NextToken?: string; -} - -export namespace DescribeImportSnapshotTasksRequest { - /** - * @internal - */ - export const filterSensitiveLog = (obj: DescribeImportSnapshotTasksRequest): any => ({ - ...obj, - }); -} - -/** - *Details about the import snapshot task.
- */ -export interface SnapshotTaskDetail { - /** - *The description of the snapshot.
- */ - Description?: string; - - /** - *The size of the disk in the snapshot, in GiB.
- */ - DiskImageSize?: number; - - /** - *Indicates whether the snapshot is encrypted.
- */ - Encrypted?: boolean; - - /** - *The format of the disk image from which the snapshot is created.
- */ - Format?: string; - - /** - *The identifier for the KMS key that was used to create the encrypted snapshot.
- */ - KmsKeyId?: string; - - /** - *The percentage of completion for the import snapshot task.
- */ - Progress?: string; - - /** - *The snapshot ID of the disk being imported.
- */ - SnapshotId?: string; - - /** - *A brief status for the import snapshot task.
- */ - Status?: string; - - /** - *A detailed status message for the import snapshot task.
- */ - StatusMessage?: string; - - /** - *The URL of the disk image from which the snapshot is created.
- */ - Url?: string; - - /** - *The Amazon S3 bucket for the disk image.
- */ - UserBucket?: UserBucketDetails; -} - -export namespace SnapshotTaskDetail { - /** - * @internal - */ - export const filterSensitiveLog = (obj: SnapshotTaskDetail): any => ({ - ...obj, - }); -} - -/** - *Describes an import snapshot task.
- */ -export interface ImportSnapshotTask { - /** - *A description of the import snapshot task.
- */ - Description?: string; - - /** - *The ID of the import snapshot task.
- */ - ImportTaskId?: string; - - /** - *Describes an import snapshot task.
- */ - SnapshotTaskDetail?: SnapshotTaskDetail; - - /** - *The tags for the import snapshot task.
- */ - Tags?: Tag[]; -} - -export namespace ImportSnapshotTask { - /** - * @internal - */ - export const filterSensitiveLog = (obj: ImportSnapshotTask): any => ({ - ...obj, - }); -} - -export interface DescribeImportSnapshotTasksResult { - /** - *A list of zero or more import snapshot tasks that are currently active or were completed or canceled in the - * previous 7 days.
- */ - ImportSnapshotTasks?: ImportSnapshotTask[]; - - /** - *The token to use to get the next page of results. This value is null
when there are no more results
- * to return.
The instance attribute.
- *Note: The enaSupport
attribute is not supported at this time.
Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The ID of the instance.
- */ - InstanceId: string | undefined; -} - -export namespace DescribeInstanceAttributeRequest { - /** - * @internal - */ - export const filterSensitiveLog = (obj: DescribeInstanceAttributeRequest): any => ({ - ...obj, - }); -} - -/** - *Describes a parameter used to set up an EBS volume in a block device mapping.
- */ -export interface EbsInstanceBlockDevice { - /** - *The time stamp when the attachment initiated.
- */ - AttachTime?: Date; - - /** - *Indicates whether the volume is deleted on instance termination.
- */ - DeleteOnTermination?: boolean; - - /** - *The attachment state.
- */ - Status?: AttachmentStatus | string; - - /** - *The ID of the EBS volume.
- */ - VolumeId?: string; -} - -export namespace EbsInstanceBlockDevice { - /** - * @internal - */ - export const filterSensitiveLog = (obj: EbsInstanceBlockDevice): any => ({ - ...obj, - }); -} - -/** - *Describes a block device mapping.
- */ -export interface InstanceBlockDeviceMapping { - /** - *The device name (for example, /dev/sdh
or xvdh
).
Parameters used to automatically set up EBS volumes when the instance is - * launched.
- */ - Ebs?: EbsInstanceBlockDevice; -} - -export namespace InstanceBlockDeviceMapping { - /** - * @internal - */ - export const filterSensitiveLog = (obj: InstanceBlockDeviceMapping): any => ({ - ...obj, - }); -} - -/** - *Describes a value for a resource attribute that is a Boolean value.
- */ -export interface AttributeBooleanValue { - /** - *The attribute value. The valid values are true
or false
.
Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves.
- */ -export interface EnclaveOptions { - /** - *If this parameter is set to true
, the instance is enabled for Amazon Web Services Nitro Enclaves;
- * otherwise, it is not enabled for Amazon Web Services Nitro Enclaves.
Describes an instance attribute.
- */ -export interface InstanceAttribute { - /** - *The security groups associated with the instance.
- */ - Groups?: GroupIdentifier[]; - - /** - *The block device mapping of the instance.
- */ - BlockDeviceMappings?: InstanceBlockDeviceMapping[]; - - /** - *If the value is true
, you can't terminate the instance through the Amazon
- * EC2 console, CLI, or API; otherwise, you can.
Indicates whether enhanced networking with ENA is enabled.
- */ - EnaSupport?: AttributeBooleanValue; - - /** - *To enable the instance for Amazon Web Services Nitro Enclaves, set this parameter to true
; otherwise,
- * set it to false
.
Indicates whether the instance is optimized for Amazon EBS I/O.
- */ - EbsOptimized?: AttributeBooleanValue; - - /** - *The ID of the instance.
- */ - InstanceId?: string; - - /** - *Indicates whether an instance stops or terminates when you initiate shutdown from the - * instance (using the operating system command for system shutdown).
- */ - InstanceInitiatedShutdownBehavior?: AttributeValue; - - /** - *The instance type.
- */ - InstanceType?: AttributeValue; - - /** - *The kernel ID.
- */ - KernelId?: AttributeValue; - - /** - *A list of product codes.
- */ - ProductCodes?: ProductCode[]; - - /** - *The RAM disk ID.
- */ - RamdiskId?: AttributeValue; - - /** - *The device name of the root device volume (for example,
- * /dev/sda1
).
Enable or disable source/destination checks, which ensure that the instance
- * is either the source or the destination of any traffic that it receives.
- * If the value is true
, source/destination checks are enabled;
- * otherwise, they are disabled. The default value is true
.
- * You must disable source/destination checks if the instance runs services
- * such as network address translation, routing, or firewalls.
Indicates whether enhanced networking with the Intel 82599 Virtual Function interface - * is enabled.
- */ - SriovNetSupport?: AttributeValue; - - /** - *The user data.
- */ - UserData?: AttributeValue; -} - -export namespace InstanceAttribute { - /** - * @internal - */ - export const filterSensitiveLog = (obj: InstanceAttribute): any => ({ - ...obj, - }); -} - -export interface DescribeInstanceCreditSpecificationsRequest { - /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The filters.
- *
- * instance-id
- The ID of the instance.
The instance IDs.
- *Default: Describes all your instances.
- *Constraints: Maximum 1000 explicitly specified instance IDs.
- */ - InstanceIds?: string[]; - - /** - *The maximum number of results to return in a single call. To retrieve the remaining
- * results, make another call with the returned NextToken
value. This value
- * can be between 5 and 1000. You cannot specify this parameter and the instance IDs
- * parameter in the same call.
The token to retrieve the next page of results.
- */ - NextToken?: string; -} - -export namespace DescribeInstanceCreditSpecificationsRequest { - /** - * @internal - */ - export const filterSensitiveLog = (obj: DescribeInstanceCreditSpecificationsRequest): any => ({ - ...obj, - }); -} - -/** - *Describes the credit option for CPU usage of a burstable performance instance.
- */ -export interface InstanceCreditSpecification { - /** - *The ID of the instance.
- */ - InstanceId?: string; - - /** - *The credit option for CPU usage of the instance. Valid values are
- * standard
and unlimited
.
Information about the credit option for CPU usage of an instance.
- */ - InstanceCreditSpecifications?: InstanceCreditSpecification[]; - - /** - *The token to use to retrieve the next page of results. This value is null
- * when there are no more results to return.
A list of zero or more import image tasks that are currently active or were completed or canceled in the + * previous 7 days.
+ */ + ImportImageTasks?: ImportImageTask[]; + + /** + *The token to use to get the next page of results. This value is null
when there are no more results
+ * to return.
Checks whether you have the required permissions for the action, without actually making the request,
* and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
* Otherwise, it is UnauthorizedOperation
.
The filters.
+ */ + Filters?: Filter[]; + + /** + *A list of import snapshot task IDs.
+ */ + ImportTaskIds?: string[]; + + /** + *The maximum number of results to return in a single call. To retrieve the remaining results, make another call
+ * with the returned NextToken
value.
A token that indicates the next page of results.
+ */ + NextToken?: string; } -export namespace DescribeInstanceEventNotificationAttributesRequest { +export namespace DescribeImportSnapshotTasksRequest { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeInstanceEventNotificationAttributesRequest): any => ({ + export const filterSensitiveLog = (obj: DescribeImportSnapshotTasksRequest): any => ({ ...obj, }); } -export interface DescribeInstanceEventNotificationAttributesResult { +/** + *Details about the import snapshot task.
+ */ +export interface SnapshotTaskDetail { /** - *Information about the registered tag keys.
+ *The description of the snapshot.
*/ - InstanceTagAttribute?: InstanceTagNotificationAttribute; + Description?: string; + + /** + *The size of the disk in the snapshot, in GiB.
+ */ + DiskImageSize?: number; + + /** + *Indicates whether the snapshot is encrypted.
+ */ + Encrypted?: boolean; + + /** + *The format of the disk image from which the snapshot is created.
+ */ + Format?: string; + + /** + *The identifier for the KMS key that was used to create the encrypted snapshot.
+ */ + KmsKeyId?: string; + + /** + *The percentage of completion for the import snapshot task.
+ */ + Progress?: string; + + /** + *The snapshot ID of the disk being imported.
+ */ + SnapshotId?: string; + + /** + *A brief status for the import snapshot task.
+ */ + Status?: string; + + /** + *A detailed status message for the import snapshot task.
+ */ + StatusMessage?: string; + + /** + *The URL of the disk image from which the snapshot is created.
+ */ + Url?: string; + + /** + *The Amazon S3 bucket for the disk image.
+ */ + UserBucket?: UserBucketDetails; } -export namespace DescribeInstanceEventNotificationAttributesResult { +export namespace SnapshotTaskDetail { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeInstanceEventNotificationAttributesResult): any => ({ + export const filterSensitiveLog = (obj: SnapshotTaskDetail): any => ({ ...obj, }); } /** - *Describes an import snapshot task.
*/ -export interface DescribeInstanceEventWindowsRequest { +export interface ImportSnapshotTask { + /** + *A description of the import snapshot task.
+ */ + Description?: string; + + /** + *The ID of the import snapshot task.
+ */ + ImportTaskId?: string; + + /** + *Describes an import snapshot task.
+ */ + SnapshotTaskDetail?: SnapshotTaskDetail; + + /** + *The tags for the import snapshot task.
+ */ + Tags?: Tag[]; +} + +export namespace ImportSnapshotTask { + /** + * @internal + */ + export const filterSensitiveLog = (obj: ImportSnapshotTask): any => ({ + ...obj, + }); +} + +export interface DescribeImportSnapshotTasksResult { + /** + *A list of zero or more import snapshot tasks that are currently active or were completed or canceled in the + * previous 7 days.
+ */ + ImportSnapshotTasks?: ImportSnapshotTask[]; + + /** + *The token to use to get the next page of results. This value is null
when there are no more results
+ * to return.
The instance attribute.
+ *Note: The enaSupport
attribute is not supported at this time.
Checks whether you have the required permissions for the action, without actually making the request,
* and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
@@ -137,154 +308,512 @@ export interface DescribeInstanceEventWindowsRequest {
DryRun?: boolean;
/**
- *
The IDs of the event windows.
+ *The ID of the instance.
*/ - InstanceEventWindowIds?: string[]; + InstanceId: string | undefined; +} +export namespace DescribeInstanceAttributeRequest { /** - *One or more filters.
- *
- * dedicated-host-id
- The event windows associated with the specified
- * Dedicated Host ID.
- * event-window-name
- The event windows associated with the specified
- * names.
- * instance-id
- The event windows associated with the specified instance
- * ID.
- * instance-tag
- The event windows associated with the specified tag and
- * value.
- * instance-tag-key
- The event windows associated with the specified tag
- * key, regardless of the value.
- * instance-tag-value
- The event windows associated with the specified tag
- * value, regardless of the key.
- * tag:
- The key/value combination of a tag assigned to the
- * event window. Use the tag key in the filter name and the tag value as the filter
- * value. For example, to find all resources that have a tag with the key
- * Owner
and the value CMX
, specify tag:Owner
- * for the filter name and CMX
for the filter value.
- * tag-key
- The key of a tag assigned to the event window. Use this filter
- * to find all event windows that have a tag with a specific key, regardless of the tag
- * value.
- * tag-value
- The value of a tag assigned to the event window. Use this
- * filter to find all event windows that have a tag with a specific value, regardless of
- * the tag key.
Describes a parameter used to set up an EBS volume in a block device mapping.
+ */ +export interface EbsInstanceBlockDevice { /** - *The maximum number of results to return in a single call. To retrieve the remaining
- * results, make another call with the returned NextToken
value. This value can
- * be between 20 and 500. You cannot specify this parameter and the event window IDs parameter
- * in the same call.
The time stamp when the attachment initiated.
*/ - MaxResults?: number; + AttachTime?: Date; /** - *The token to request the next page of results.
+ *Indicates whether the volume is deleted on instance termination.
*/ - NextToken?: string; + DeleteOnTermination?: boolean; + + /** + *The attachment state.
+ */ + Status?: AttachmentStatus | string; + + /** + *The ID of the EBS volume.
+ */ + VolumeId?: string; } -export namespace DescribeInstanceEventWindowsRequest { +export namespace EbsInstanceBlockDevice { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeInstanceEventWindowsRequest): any => ({ + export const filterSensitiveLog = (obj: EbsInstanceBlockDevice): any => ({ ...obj, }); } -export interface DescribeInstanceEventWindowsResult { +/** + *Describes a block device mapping.
+ */ +export interface InstanceBlockDeviceMapping { /** - *Information about the event windows.
+ *The device name (for example, /dev/sdh
or xvdh
).
The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
Parameters used to automatically set up EBS volumes when the instance is + * launched.
*/ - NextToken?: string; + Ebs?: EbsInstanceBlockDevice; } -export namespace DescribeInstanceEventWindowsResult { +export namespace InstanceBlockDeviceMapping { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeInstanceEventWindowsResult): any => ({ + export const filterSensitiveLog = (obj: InstanceBlockDeviceMapping): any => ({ ...obj, }); } -export interface DescribeInstancesRequest { +/** + *Describes a value for a resource attribute that is a Boolean value.
+ */ +export interface AttributeBooleanValue { /** - *The filters.
- *
- * affinity
- The affinity setting for an instance running on a
- * Dedicated Host (default
| host
).
- * architecture
- The instance architecture (i386
|
- * x86_64
| arm64
).
- * availability-zone
- The Availability Zone of the instance.
- * block-device-mapping.attach-time
- The attach time for an EBS
- * volume mapped to the instance, for example,
- * 2010-09-15T17:15:20.000Z
.
- * block-device-mapping.delete-on-termination
- A Boolean that
- * indicates whether the EBS volume is deleted on instance termination.
- * block-device-mapping.device-name
- The device name specified in the
- * block device mapping (for example, /dev/sdh
or
- * xvdh
).
- * block-device-mapping.status
- The status for the EBS volume
- * (attaching
| attached
| detaching
|
- * detached
).
+ *
The attribute value. The valid values are true
or false
.
Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves.
+ */ +export interface EnclaveOptions { + /** + *If this parameter is set to true
, the instance is enabled for Amazon Web Services Nitro Enclaves;
+ * otherwise, it is not enabled for Amazon Web Services Nitro Enclaves.
Describes an instance attribute.
+ */ +export interface InstanceAttribute { + /** + *The security groups associated with the instance.
+ */ + Groups?: GroupIdentifier[]; + + /** + *The block device mapping of the instance.
+ */ + BlockDeviceMappings?: InstanceBlockDeviceMapping[]; + + /** + *If the value is true
, you can't terminate the instance through the Amazon
+ * EC2 console, CLI, or API; otherwise, you can.
Indicates whether enhanced networking with ENA is enabled.
+ */ + EnaSupport?: AttributeBooleanValue; + + /** + *To enable the instance for Amazon Web Services Nitro Enclaves, set this parameter to true
; otherwise,
+ * set it to false
.
Indicates whether the instance is optimized for Amazon EBS I/O.
+ */ + EbsOptimized?: AttributeBooleanValue; + + /** + *The ID of the instance.
+ */ + InstanceId?: string; + + /** + *Indicates whether an instance stops or terminates when you initiate shutdown from the + * instance (using the operating system command for system shutdown).
+ */ + InstanceInitiatedShutdownBehavior?: AttributeValue; + + /** + *The instance type.
+ */ + InstanceType?: AttributeValue; + + /** + *The kernel ID.
+ */ + KernelId?: AttributeValue; + + /** + *A list of product codes.
+ */ + ProductCodes?: ProductCode[]; + + /** + *The RAM disk ID.
+ */ + RamdiskId?: AttributeValue; + + /** + *The device name of the root device volume (for example,
+ * /dev/sda1
).
Enable or disable source/destination checks, which ensure that the instance
+ * is either the source or the destination of any traffic that it receives.
+ * If the value is true
, source/destination checks are enabled;
+ * otherwise, they are disabled. The default value is true
.
+ * You must disable source/destination checks if the instance runs services
+ * such as network address translation, routing, or firewalls.
Indicates whether enhanced networking with the Intel 82599 Virtual Function interface + * is enabled.
+ */ + SriovNetSupport?: AttributeValue; + + /** + *The user data.
+ */ + UserData?: AttributeValue; +} + +export namespace InstanceAttribute { + /** + * @internal + */ + export const filterSensitiveLog = (obj: InstanceAttribute): any => ({ + ...obj, + }); +} + +export interface DescribeInstanceCreditSpecificationsRequest { + /** + *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The filters.
+ *
+ * instance-id
- The ID of the instance.
The instance IDs.
+ *Default: Describes all your instances.
+ *Constraints: Maximum 1000 explicitly specified instance IDs.
+ */ + InstanceIds?: string[]; + + /** + *The maximum number of results to return in a single call. To retrieve the remaining
+ * results, make another call with the returned NextToken
value. This value
+ * can be between 5 and 1000. You cannot specify this parameter and the instance IDs
+ * parameter in the same call.
The token to retrieve the next page of results.
+ */ + NextToken?: string; +} + +export namespace DescribeInstanceCreditSpecificationsRequest { + /** + * @internal + */ + export const filterSensitiveLog = (obj: DescribeInstanceCreditSpecificationsRequest): any => ({ + ...obj, + }); +} + +/** + *Describes the credit option for CPU usage of a burstable performance instance.
+ */ +export interface InstanceCreditSpecification { + /** + *The ID of the instance.
+ */ + InstanceId?: string; + + /** + *The credit option for CPU usage of the instance. Valid values are
+ * standard
and unlimited
.
Information about the credit option for CPU usage of an instance.
+ */ + InstanceCreditSpecifications?: InstanceCreditSpecification[]; + + /** + *The token to use to retrieve the next page of results. This value is null
+ * when there are no more results to return.
Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Information about the registered tag keys.
+ */ + InstanceTagAttribute?: InstanceTagNotificationAttribute; +} + +export namespace DescribeInstanceEventNotificationAttributesResult { + /** + * @internal + */ + export const filterSensitiveLog = (obj: DescribeInstanceEventNotificationAttributesResult): any => ({ + ...obj, + }); +} + +/** + *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The IDs of the event windows.
+ */ + InstanceEventWindowIds?: string[]; + + /** + *One or more filters.
+ *
+ * dedicated-host-id
- The event windows associated with the specified
+ * Dedicated Host ID.
+ * event-window-name
- The event windows associated with the specified
+ * names.
+ * instance-id
- The event windows associated with the specified instance
+ * ID.
+ * instance-tag
- The event windows associated with the specified tag and
+ * value.
+ * instance-tag-key
- The event windows associated with the specified tag
+ * key, regardless of the value.
+ * instance-tag-value
- The event windows associated with the specified tag
+ * value, regardless of the key.
+ * tag:
- The key/value combination of a tag assigned to the
+ * event window. Use the tag key in the filter name and the tag value as the filter
+ * value. For example, to find all resources that have a tag with the key
+ * Owner
and the value CMX
, specify tag:Owner
+ * for the filter name and CMX
for the filter value.
+ * tag-key
- The key of a tag assigned to the event window. Use this filter
+ * to find all event windows that have a tag with a specific key, regardless of the tag
+ * value.
+ * tag-value
- The value of a tag assigned to the event window. Use this
+ * filter to find all event windows that have a tag with a specific value, regardless of
+ * the tag key.
The maximum number of results to return in a single call. To retrieve the remaining
+ * results, make another call with the returned NextToken
value. This value can
+ * be between 20 and 500. You cannot specify this parameter and the event window IDs parameter
+ * in the same call.
The token to request the next page of results.
+ */ + NextToken?: string; +} + +export namespace DescribeInstanceEventWindowsRequest { + /** + * @internal + */ + export const filterSensitiveLog = (obj: DescribeInstanceEventWindowsRequest): any => ({ + ...obj, + }); +} + +export interface DescribeInstanceEventWindowsResult { + /** + *Information about the event windows.
+ */ + InstanceEventWindows?: InstanceEventWindow[]; + + /** + *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The filters.
+ *
+ * affinity
- The affinity setting for an instance running on a
+ * Dedicated Host (default
| host
).
+ * architecture
- The instance architecture (i386
|
+ * x86_64
| arm64
).
+ * availability-zone
- The Availability Zone of the instance.
+ * block-device-mapping.attach-time
- The attach time for an EBS
+ * volume mapped to the instance, for example,
+ * 2010-09-15T17:15:20.000Z
.
+ * block-device-mapping.delete-on-termination
- A Boolean that
+ * indicates whether the EBS volume is deleted on instance termination.
+ * block-device-mapping.device-name
- The device name specified in the
+ * block device mapping (for example, /dev/sdh
or
+ * xvdh
).
+ * block-device-mapping.status
- The status for the EBS volume
+ * (attaching
| attached
| detaching
|
+ * detached
).
* block-device-mapping.volume-id
- The volume ID of the EBS
* volume.
- * vcpu-info.default-threads-per-core
- The default number of threads per core for the instance
- * type.
- * vcpu-info.default-vcpus
- The default number of vCPUs for the instance type.
- * vcpu-info.valid-cores
- The number of cores that can be configured for the instance type.
- * vcpu-info.valid-threads-per-core
- The number of threads per core that can be configured for the instance type.
- * For example, "1" or "1,2".
The maximum number of results to return for the request in a single page. The remaining results - * can be seen by sending another request with the next token value.
- */ - MaxResults?: number; - - /** - *The token to retrieve the next page of results.
- */ - NextToken?: string; -} - -export namespace DescribeInstanceTypesRequest { - /** - * @internal - */ - export const filterSensitiveLog = (obj: DescribeInstanceTypesRequest): any => ({ - ...obj, - }); -} - -/** - *Describes the optimized EBS performance for supported instance types.
- */ -export interface EbsOptimizedInfo { - /** - *The baseline bandwidth performance for an EBS-optimized instance type, in Mbps.
- */ - BaselineBandwidthInMbps?: number; - - /** - *The baseline throughput performance for an EBS-optimized instance type, in MB/s.
- */ - BaselineThroughputInMBps?: number; - - /** - *The baseline input/output storage operations per seconds for an EBS-optimized instance type.
- */ - BaselineIops?: number; - - /** - *The maximum bandwidth performance for an EBS-optimized instance type, in Mbps.
- */ - MaximumBandwidthInMbps?: number; - - /** - *The maximum throughput performance for an EBS-optimized instance type, in MB/s.
- */ - MaximumThroughputInMBps?: number; - - /** - *The maximum input/output storage operations per second for an EBS-optimized instance type.
- */ - MaximumIops?: number; -} - -export namespace EbsOptimizedInfo { - /** - * @internal - */ - export const filterSensitiveLog = (obj: EbsOptimizedInfo): any => ({ - ...obj, - }); -} - -export type EbsOptimizedSupport = "default" | "supported" | "unsupported"; - -export type EbsEncryptionSupport = "supported" | "unsupported"; - -export enum EbsNvmeSupport { - REQUIRED = "required", - SUPPORTED = "supported", - UNSUPPORTED = "unsupported", -} - -/** - *Describes the Amazon EBS features supported by the instance type.
- */ -export interface EbsInfo { - /** - *Indicates whether the instance type is Amazon EBS-optimized. For more information, see Amazon EBS-optimized - * instances in Amazon EC2 User Guide.
- */ - EbsOptimizedSupport?: EbsOptimizedSupport | string; - - /** - *Indicates whether Amazon EBS encryption is supported.
- */ - EncryptionSupport?: EbsEncryptionSupport | string; - - /** - *Describes the optimized EBS performance for the instance type.
- */ - EbsOptimizedInfo?: EbsOptimizedInfo; - - /** - *Indicates whether non-volatile memory express (NVMe) is supported.
- */ - NvmeSupport?: EbsNvmeSupport | string; -} - -export namespace EbsInfo { - /** - * @internal - */ - export const filterSensitiveLog = (obj: EbsInfo): any => ({ - ...obj, - }); -} - -/** - *Describes the memory for the FPGA accelerator for the instance type.
- */ -export interface FpgaDeviceMemoryInfo { - /** - *The size of the memory available to the FPGA accelerator, in MiB.
- */ - SizeInMiB?: number; -} - -export namespace FpgaDeviceMemoryInfo { - /** - * @internal - */ - export const filterSensitiveLog = (obj: FpgaDeviceMemoryInfo): any => ({ - ...obj, - }); -} - -/** - *Describes the FPGA accelerator for the instance type.
- */ -export interface FpgaDeviceInfo { - /** - *The name of the FPGA accelerator.
- */ - Name?: string; - - /** - *The manufacturer of the FPGA accelerator.
- */ - Manufacturer?: string; - - /** - *The count of FPGA accelerators for the instance type.
- */ - Count?: number; - - /** - *Describes the memory for the FPGA accelerator for the instance type.
- */ - MemoryInfo?: FpgaDeviceMemoryInfo; -} - -export namespace FpgaDeviceInfo { - /** - * @internal - */ - export const filterSensitiveLog = (obj: FpgaDeviceInfo): any => ({ - ...obj, - }); -} - -/** - *Describes the FPGAs for the instance type.
- */ -export interface FpgaInfo { - /** - *Describes the FPGAs for the instance type.
- */ - Fpgas?: FpgaDeviceInfo[]; - - /** - *The total memory of all FPGA accelerators for the instance type.
- */ - TotalFpgaMemoryInMiB?: number; -} - -export namespace FpgaInfo { - /** - * @internal - */ - export const filterSensitiveLog = (obj: FpgaInfo): any => ({ - ...obj, - }); -} - -/** - *Describes the memory available to the GPU accelerator.
- */ -export interface GpuDeviceMemoryInfo { - /** - *The size of the memory available to the GPU accelerator, in MiB.
- */ - SizeInMiB?: number; -} - -export namespace GpuDeviceMemoryInfo { - /** - * @internal - */ - export const filterSensitiveLog = (obj: GpuDeviceMemoryInfo): any => ({ - ...obj, - }); -} - -/** - *Describes the GPU accelerators for the instance type.
- */ -export interface GpuDeviceInfo { - /** - *The name of the GPU accelerator.
- */ - Name?: string; - - /** - *The manufacturer of the GPU accelerator.
+ *vcpu-info.default-threads-per-core
- The default number of threads per core for the instance
+ * type.
+ *
+ * vcpu-info.default-vcpus
- The default number of vCPUs for the instance type.
+ * vcpu-info.valid-cores
- The number of cores that can be configured for the instance type.
+ * vcpu-info.valid-threads-per-core
- The number of threads per core that can be configured for the instance type.
+ * For example, "1" or "1,2".
The number of GPUs for the instance type.
+ *The maximum number of results to return for the request in a single page. The remaining results + * can be seen by sending another request with the next token value.
*/ - Count?: number; + MaxResults?: number; /** - *Describes the memory available to the GPU accelerator.
+ *The token to retrieve the next page of results.
*/ - MemoryInfo?: GpuDeviceMemoryInfo; + NextToken?: string; } -export namespace GpuDeviceInfo { +export namespace DescribeInstanceTypesRequest { /** * @internal */ - export const filterSensitiveLog = (obj: GpuDeviceInfo): any => ({ + export const filterSensitiveLog = (obj: DescribeInstanceTypesRequest): any => ({ ...obj, }); } /** - *Describes the GPU accelerators for the instance type.
+ *Describes the optimized EBS performance for supported instance types.
*/ -export interface GpuInfo { - /** - *Describes the GPU accelerators for the instance type.
- */ - Gpus?: GpuDeviceInfo[]; - - /** - *The total size of the memory for the GPU accelerators for the instance type, in MiB.
- */ - TotalGpuMemoryInMiB?: number; -} - -export namespace GpuInfo { +export interface EbsOptimizedInfo { /** - * @internal + *The baseline bandwidth performance for an EBS-optimized instance type, in Mbps.
*/ - export const filterSensitiveLog = (obj: GpuInfo): any => ({ - ...obj, - }); -} - -export enum InstanceTypeHypervisor { - NITRO = "nitro", - XEN = "xen", -} + BaselineBandwidthInMbps?: number; -/** - *Describes the Inference accelerators for the instance type.
- */ -export interface InferenceDeviceInfo { /** - *The number of Inference accelerators for the instance type.
+ *The baseline throughput performance for an EBS-optimized instance type, in MB/s.
*/ - Count?: number; + BaselineThroughputInMBps?: number; /** - *The name of the Inference accelerator.
+ *The baseline input/output storage operations per seconds for an EBS-optimized instance type.
*/ - Name?: string; + BaselineIops?: number; /** - *The manufacturer of the Inference accelerator.
+ *The maximum bandwidth performance for an EBS-optimized instance type, in Mbps.
*/ - Manufacturer?: string; -} + MaximumBandwidthInMbps?: number; -export namespace InferenceDeviceInfo { /** - * @internal + *The maximum throughput performance for an EBS-optimized instance type, in MB/s.
*/ - export const filterSensitiveLog = (obj: InferenceDeviceInfo): any => ({ - ...obj, - }); -} + MaximumThroughputInMBps?: number; -/** - *Describes the Inference accelerators for the instance type.
- */ -export interface InferenceAcceleratorInfo { /** - *Describes the Inference accelerators for the instance type.
+ *The maximum input/output storage operations per second for an EBS-optimized instance type.
*/ - Accelerators?: InferenceDeviceInfo[]; + MaximumIops?: number; } -export namespace InferenceAcceleratorInfo { +export namespace EbsOptimizedInfo { /** * @internal */ - export const filterSensitiveLog = (obj: InferenceAcceleratorInfo): any => ({ + export const filterSensitiveLog = (obj: EbsOptimizedInfo): any => ({ ...obj, }); } -export type DiskType = "hdd" | "ssd"; - -/** - *Describes the disk.
- */ -export interface DiskInfo { - /** - *The size of the disk in GB.
- */ - SizeInGB?: number; - - /** - *The number of disks with this configuration.
- */ - Count?: number; - - /** - *The type of disk.
- */ - Type?: DiskType | string; -} +export type EbsOptimizedSupport = "default" | "supported" | "unsupported"; -export namespace DiskInfo { - /** - * @internal - */ - export const filterSensitiveLog = (obj: DiskInfo): any => ({ - ...obj, - }); -} +export type EbsEncryptionSupport = "supported" | "unsupported"; -export enum EphemeralNvmeSupport { +export enum EbsNvmeSupport { REQUIRED = "required", SUPPORTED = "supported", UNSUPPORTED = "unsupported", } /** - *Describes the disks that are available for the instance type.
+ *Describes the Amazon EBS features supported by the instance type.
*/ -export interface InstanceStorageInfo { - /** - *The total size of the disks, in GB.
- */ - TotalSizeInGB?: number; - - /** - *Describes the disks that are available for the instance type.
- */ - Disks?: DiskInfo[]; - - /** - *Indicates whether non-volatile memory express (NVMe) is supported for instance store.
- */ - NvmeSupport?: EphemeralNvmeSupport | string; -} - -export namespace InstanceStorageInfo { +export interface EbsInfo { /** - * @internal + *Indicates whether the instance type is Amazon EBS-optimized. For more information, see Amazon EBS-optimized + * instances in Amazon EC2 User Guide.
*/ - export const filterSensitiveLog = (obj: InstanceStorageInfo): any => ({ - ...obj, - }); -} + EbsOptimizedSupport?: EbsOptimizedSupport | string; -/** - *Describes the memory for the instance type.
- */ -export interface MemoryInfo { /** - *The size of the memory, in MiB.
+ *Indicates whether Amazon EBS encryption is supported.
*/ - SizeInMiB?: number; -} + EncryptionSupport?: EbsEncryptionSupport | string; -export namespace MemoryInfo { /** - * @internal + *Describes the optimized EBS performance for the instance type.
*/ - export const filterSensitiveLog = (obj: MemoryInfo): any => ({ - ...obj, - }); -} + EbsOptimizedInfo?: EbsOptimizedInfo; -/** - *Describes the Elastic Fabric Adapters for the instance type.
- */ -export interface EfaInfo { /** - *The maximum number of Elastic Fabric Adapters for the instance type.
+ *Indicates whether non-volatile memory express (NVMe) is supported.
*/ - MaximumEfaInterfaces?: number; + NvmeSupport?: EbsNvmeSupport | string; } -export namespace EfaInfo { +export namespace EbsInfo { /** * @internal */ - export const filterSensitiveLog = (obj: EfaInfo): any => ({ + export const filterSensitiveLog = (obj: EbsInfo): any => ({ ...obj, }); } -export type EnaSupport = "required" | "supported" | "unsupported"; - /** - *Describes the network card support of the instance type.
+ *Describes the memory for the FPGA accelerator for the instance type.
*/ -export interface NetworkCardInfo { - /** - *The index of the network card.
- */ - NetworkCardIndex?: number; - - /** - *The network performance of the network card.
- */ - NetworkPerformance?: string; - +export interface FpgaDeviceMemoryInfo { /** - *The maximum number of network interfaces for the network card.
+ *The size of the memory available to the FPGA accelerator, in MiB.
*/ - MaximumNetworkInterfaces?: number; + SizeInMiB?: number; } -export namespace NetworkCardInfo { +export namespace FpgaDeviceMemoryInfo { /** * @internal */ - export const filterSensitiveLog = (obj: NetworkCardInfo): any => ({ + export const filterSensitiveLog = (obj: FpgaDeviceMemoryInfo): any => ({ ...obj, }); } /** - *Describes the networking features of the instance type.
+ *Describes the FPGA accelerator for the instance type.
*/ -export interface NetworkInfo { - /** - *The network performance.
- */ - NetworkPerformance?: string; - - /** - *The maximum number of network interfaces for the instance type.
- */ - MaximumNetworkInterfaces?: number; - - /** - *The maximum number of physical network cards that can be allocated to the instance.
- */ - MaximumNetworkCards?: number; - - /** - *The index of the default network card, starting at 0.
- */ - DefaultNetworkCardIndex?: number; - - /** - *Describes the network cards for the instance type.
- */ - NetworkCards?: NetworkCardInfo[]; - - /** - *The maximum number of IPv4 addresses per network interface.
- */ - Ipv4AddressesPerInterface?: number; - - /** - *The maximum number of IPv6 addresses per network interface.
- */ - Ipv6AddressesPerInterface?: number; - - /** - *Indicates whether IPv6 is supported.
- */ - Ipv6Supported?: boolean; - +export interface FpgaDeviceInfo { /** - *Indicates whether Elastic Network Adapter (ENA) is supported.
+ *The name of the FPGA accelerator.
*/ - EnaSupport?: EnaSupport | string; + Name?: string; /** - *Indicates whether Elastic Fabric Adapter (EFA) is supported.
+ *The manufacturer of the FPGA accelerator.
*/ - EfaSupported?: boolean; + Manufacturer?: string; /** - *Describes the Elastic Fabric Adapters for the instance type.
+ *The count of FPGA accelerators for the instance type.
*/ - EfaInfo?: EfaInfo; + Count?: number; /** - *Indicates whether the instance type automatically encrypts in-transit traffic between instances.
+ *Describes the memory for the FPGA accelerator for the instance type.
*/ - EncryptionInTransitSupported?: boolean; + MemoryInfo?: FpgaDeviceMemoryInfo; } -export namespace NetworkInfo { +export namespace FpgaDeviceInfo { /** * @internal */ - export const filterSensitiveLog = (obj: NetworkInfo): any => ({ + export const filterSensitiveLog = (obj: FpgaDeviceInfo): any => ({ ...obj, }); } -export type PlacementGroupStrategy = "cluster" | "partition" | "spread"; - /** - *Describes the placement group support of the instance type.
+ *Describes the FPGAs for the instance type.
*/ -export interface PlacementGroupInfo { +export interface FpgaInfo { /** - *The supported placement group types.
+ *Describes the FPGAs for the instance type.
*/ - SupportedStrategies?: (PlacementGroupStrategy | string)[]; + Fpgas?: FpgaDeviceInfo[]; + + /** + *The total memory of all FPGA accelerators for the instance type.
+ */ + TotalFpgaMemoryInMiB?: number; } -export namespace PlacementGroupInfo { +export namespace FpgaInfo { /** * @internal */ - export const filterSensitiveLog = (obj: PlacementGroupInfo): any => ({ + export const filterSensitiveLog = (obj: FpgaInfo): any => ({ ...obj, }); } -export type ArchitectureType = "arm64" | "i386" | "x86_64"; - /** - *Describes the processor used by the instance type.
+ *Describes the memory available to the GPU accelerator.
*/ -export interface ProcessorInfo { - /** - *The architectures supported by the instance type.
- */ - SupportedArchitectures?: (ArchitectureType | string)[]; - +export interface GpuDeviceMemoryInfo { /** - *The speed of the processor, in GHz.
+ *The size of the memory available to the GPU accelerator, in MiB.
*/ - SustainedClockSpeedInGhz?: number; + SizeInMiB?: number; } -export namespace ProcessorInfo { +export namespace GpuDeviceMemoryInfo { /** * @internal */ - export const filterSensitiveLog = (obj: ProcessorInfo): any => ({ + export const filterSensitiveLog = (obj: GpuDeviceMemoryInfo): any => ({ ...obj, }); } -export type BootModeType = "legacy-bios" | "uefi"; - -export type RootDeviceType = "ebs" | "instance-store"; - -export type UsageClassType = "on-demand" | "spot"; - /** - *Describes the vCPU configurations for the instance type.
+ *Describes the GPU accelerators for the instance type.
*/ -export interface VCpuInfo { - /** - *The default number of vCPUs for the instance type.
- */ - DefaultVCpus?: number; - +export interface GpuDeviceInfo { /** - *The default number of cores for the instance type.
+ *The name of the GPU accelerator.
*/ - DefaultCores?: number; + Name?: string; /** - *The default number of threads per core for the instance type.
+ *The manufacturer of the GPU accelerator.
*/ - DefaultThreadsPerCore?: number; + Manufacturer?: string; /** - *The valid number of cores that can be configured for the instance type.
+ *The number of GPUs for the instance type.
*/ - ValidCores?: number[]; + Count?: number; /** - *The valid number of threads per core that can be configured for the instance type.
+ *Describes the memory available to the GPU accelerator.
*/ - ValidThreadsPerCore?: number[]; + MemoryInfo?: GpuDeviceMemoryInfo; } -export namespace VCpuInfo { +export namespace GpuDeviceInfo { /** * @internal */ - export const filterSensitiveLog = (obj: VCpuInfo): any => ({ + export const filterSensitiveLog = (obj: GpuDeviceInfo): any => ({ ...obj, }); } /** - *Describes the instance type.
+ *Describes the GPU accelerators for the instance type.
*/ -export interface InstanceTypeInfo { - /** - *The instance type. For more information, see Instance types in the Amazon EC2 User Guide.
- */ - InstanceType?: _InstanceType | string; - +export interface GpuInfo { /** - *Indicates whether the instance type is current generation.
+ *Describes the GPU accelerators for the instance type.
*/ - CurrentGeneration?: boolean; + Gpus?: GpuDeviceInfo[]; /** - *Indicates whether the instance type is eligible for the free tier.
+ *The total size of the memory for the GPU accelerators for the instance type, in MiB.
*/ - FreeTierEligible?: boolean; + TotalGpuMemoryInMiB?: number; +} +export namespace GpuInfo { /** - *Indicates whether the instance type is offered for spot or On-Demand.
+ * @internal */ - SupportedUsageClasses?: (UsageClassType | string)[]; + export const filterSensitiveLog = (obj: GpuInfo): any => ({ + ...obj, + }); +} - /** - *The supported root device types.
- */ - SupportedRootDeviceTypes?: (RootDeviceType | string)[]; +export enum InstanceTypeHypervisor { + NITRO = "nitro", + XEN = "xen", +} +/** + *Describes the Inference accelerators for the instance type.
+ */ +export interface InferenceDeviceInfo { /** - *The supported virtualization types.
+ *The number of Inference accelerators for the instance type.
*/ - SupportedVirtualizationTypes?: (VirtualizationType | string)[]; + Count?: number; /** - *Indicates whether the instance is a bare metal instance type.
+ *The name of the Inference accelerator.
*/ - BareMetal?: boolean; + Name?: string; /** - *The hypervisor for the instance type.
+ *The manufacturer of the Inference accelerator.
*/ - Hypervisor?: InstanceTypeHypervisor | string; + Manufacturer?: string; +} +export namespace InferenceDeviceInfo { /** - *Describes the processor.
+ * @internal */ - ProcessorInfo?: ProcessorInfo; + export const filterSensitiveLog = (obj: InferenceDeviceInfo): any => ({ + ...obj, + }); +} +/** + *Describes the Inference accelerators for the instance type.
+ */ +export interface InferenceAcceleratorInfo { /** - *Describes the vCPU configurations for the instance type.
+ *Describes the Inference accelerators for the instance type.
*/ - VCpuInfo?: VCpuInfo; + Accelerators?: InferenceDeviceInfo[]; +} +export namespace InferenceAcceleratorInfo { /** - *Describes the memory for the instance type.
+ * @internal */ - MemoryInfo?: MemoryInfo; + export const filterSensitiveLog = (obj: InferenceAcceleratorInfo): any => ({ + ...obj, + }); +} - /** - *Indicates whether instance storage is supported.
- */ - InstanceStorageSupported?: boolean; +export type DiskType = "hdd" | "ssd"; +/** + *Describes the disk.
+ */ +export interface DiskInfo { /** - *Describes the instance storage for the instance type.
+ *The size of the disk in GB.
*/ - InstanceStorageInfo?: InstanceStorageInfo; + SizeInGB?: number; /** - *Describes the Amazon EBS settings for the instance type.
+ *The number of disks with this configuration.
*/ - EbsInfo?: EbsInfo; + Count?: number; /** - *Describes the network settings for the instance type.
+ *The type of disk.
*/ - NetworkInfo?: NetworkInfo; + Type?: DiskType | string; +} +export namespace DiskInfo { /** - *Describes the GPU accelerator settings for the instance type.
+ * @internal */ - GpuInfo?: GpuInfo; + export const filterSensitiveLog = (obj: DiskInfo): any => ({ + ...obj, + }); +} - /** - *Describes the FPGA accelerator settings for the instance type.
- */ - FpgaInfo?: FpgaInfo; +export enum EphemeralNvmeSupport { + REQUIRED = "required", + SUPPORTED = "supported", + UNSUPPORTED = "unsupported", +} +/** + *Describes the disks that are available for the instance type.
+ */ +export interface InstanceStorageInfo { /** - *Describes the placement group settings for the instance type.
+ *The total size of the disks, in GB.
*/ - PlacementGroupInfo?: PlacementGroupInfo; + TotalSizeInGB?: number; /** - *Describes the Inference accelerator settings for the instance type.
+ *Describes the disks that are available for the instance type.
*/ - InferenceAcceleratorInfo?: InferenceAcceleratorInfo; + Disks?: DiskInfo[]; /** - *Indicates whether On-Demand hibernation is supported.
+ *Indicates whether non-volatile memory express (NVMe) is supported for instance store.
*/ - HibernationSupported?: boolean; + NvmeSupport?: EphemeralNvmeSupport | string; +} +export namespace InstanceStorageInfo { /** - *Indicates whether the instance type is a burstable performance instance type.
+ * @internal */ - BurstablePerformanceSupported?: boolean; + export const filterSensitiveLog = (obj: InstanceStorageInfo): any => ({ + ...obj, + }); +} +/** + *Describes the memory for the instance type.
+ */ +export interface MemoryInfo { /** - *Indicates whether Dedicated Hosts are supported on the instance type.
+ *The size of the memory, in MiB.
*/ - DedicatedHostsSupported?: boolean; + SizeInMiB?: number; +} +export namespace MemoryInfo { /** - *Indicates whether auto recovery is supported.
+ * @internal */ - AutoRecoverySupported?: boolean; + export const filterSensitiveLog = (obj: MemoryInfo): any => ({ + ...obj, + }); +} +/** + *Describes the Elastic Fabric Adapters for the instance type.
+ */ +export interface EfaInfo { /** - *The supported boot modes. For more information, see Boot modes in the - * Amazon EC2 User Guide.
+ *The maximum number of Elastic Fabric Adapters for the instance type.
*/ - SupportedBootModes?: (BootModeType | string)[]; + MaximumEfaInterfaces?: number; } -export namespace InstanceTypeInfo { +export namespace EfaInfo { /** * @internal */ - export const filterSensitiveLog = (obj: InstanceTypeInfo): any => ({ + export const filterSensitiveLog = (obj: EfaInfo): any => ({ ...obj, }); } -export interface DescribeInstanceTypesResult { +export type EnaSupport = "required" | "supported" | "unsupported"; + +/** + *Describes the network card support of the instance type.
+ */ +export interface NetworkCardInfo { /** - *The instance type. For more information, see Instance types in the Amazon EC2 User Guide.
+ *The index of the network card.
*/ - InstanceTypes?: InstanceTypeInfo[]; + NetworkCardIndex?: number; /** - *The token to use to retrieve the next page of results. This value is null
when there
- * are no more results to return.
The network performance of the network card.
*/ - NextToken?: string; + NetworkPerformance?: string; + + /** + *The maximum number of network interfaces for the network card.
+ */ + MaximumNetworkInterfaces?: number; } -export namespace DescribeInstanceTypesResult { +export namespace NetworkCardInfo { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeInstanceTypesResult): any => ({ + export const filterSensitiveLog = (obj: NetworkCardInfo): any => ({ ...obj, }); } -export interface DescribeInternetGatewaysRequest { - /** - *One or more filters.
- *
- * attachment.state
- The current state of the attachment between the gateway
- * and the VPC (available
). Present only if a VPC is attached.
- * attachment.vpc-id
- The ID of an attached VPC.
- * internet-gateway-id
- The ID of the Internet gateway.
- * owner-id
- The ID of the Amazon Web Services account that owns the internet gateway.
- * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
- * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
Describes the networking features of the instance type.
+ */ +export interface NetworkInfo { /** - *One or more internet gateway IDs.
- *Default: Describes all your internet gateways.
+ *The network performance.
*/ - InternetGatewayIds?: string[]; + NetworkPerformance?: string; /** - *The token for the next page of results.
+ *The maximum number of network interfaces for the instance type.
*/ - NextToken?: string; + MaximumNetworkInterfaces?: number; /** - *The maximum number of results to return with a single call.
- * To retrieve the remaining results, make another call with the returned nextToken
value.
The maximum number of physical network cards that can be allocated to the instance.
*/ - MaxResults?: number; -} + MaximumNetworkCards?: number; -export namespace DescribeInternetGatewaysRequest { /** - * @internal + *The index of the default network card, starting at 0.
*/ - export const filterSensitiveLog = (obj: DescribeInternetGatewaysRequest): any => ({ - ...obj, - }); -} + DefaultNetworkCardIndex?: number; -export interface DescribeInternetGatewaysResult { /** - *Information about one or more internet gateways.
+ *Describes the network cards for the instance type.
*/ - InternetGateways?: InternetGateway[]; + NetworkCards?: NetworkCardInfo[]; /** - *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The maximum number of IPv4 addresses per network interface.
*/ - NextToken?: string; -} + Ipv4AddressesPerInterface?: number; -export namespace DescribeInternetGatewaysResult { /** - * @internal + *The maximum number of IPv6 addresses per network interface.
*/ - export const filterSensitiveLog = (obj: DescribeInternetGatewaysResult): any => ({ - ...obj, - }); -} + Ipv6AddressesPerInterface?: number; -export interface DescribeIpv6PoolsRequest { /** - *The IDs of the IPv6 address pools.
+ *Indicates whether IPv6 is supported.
*/ - PoolIds?: string[]; + Ipv6Supported?: boolean; /** - *The token for the next page of results.
+ *Indicates whether Elastic Network Adapter (ENA) is supported.
*/ - NextToken?: string; + EnaSupport?: EnaSupport | string; /** - *The maximum number of results to return with a single call.
- * To retrieve the remaining results, make another call with the returned nextToken
value.
Indicates whether Elastic Fabric Adapter (EFA) is supported.
*/ - MaxResults?: number; + EfaSupported?: boolean; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
Describes the Elastic Fabric Adapters for the instance type.
*/ - DryRun?: boolean; + EfaInfo?: EfaInfo; /** - *One or more filters.
- *
- * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
- * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
Indicates whether the instance type automatically encrypts in-transit traffic between instances.
*/ - Filters?: Filter[]; + EncryptionInTransitSupported?: boolean; } -export namespace DescribeIpv6PoolsRequest { +export namespace NetworkInfo { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeIpv6PoolsRequest): any => ({ + export const filterSensitiveLog = (obj: NetworkInfo): any => ({ ...obj, }); } +export type PlacementGroupStrategy = "cluster" | "partition" | "spread"; + /** - *Describes a CIDR block for an address pool.
+ *Describes the placement group support of the instance type.
*/ -export interface PoolCidrBlock { +export interface PlacementGroupInfo { /** - *The CIDR block.
+ *The supported placement group types.
*/ - Cidr?: string; + SupportedStrategies?: (PlacementGroupStrategy | string)[]; } -export namespace PoolCidrBlock { +export namespace PlacementGroupInfo { /** * @internal */ - export const filterSensitiveLog = (obj: PoolCidrBlock): any => ({ + export const filterSensitiveLog = (obj: PlacementGroupInfo): any => ({ ...obj, }); } +export type ArchitectureType = "arm64" | "i386" | "x86_64"; + /** - *Describes an IPv6 address pool.
+ *Describes the processor used by the instance type.
*/ -export interface Ipv6Pool { - /** - *The ID of the address pool.
- */ - PoolId?: string; - - /** - *The description for the address pool.
- */ - Description?: string; - +export interface ProcessorInfo { /** - *The CIDR blocks for the address pool.
+ *The architectures supported by the instance type.
*/ - PoolCidrBlocks?: PoolCidrBlock[]; + SupportedArchitectures?: (ArchitectureType | string)[]; /** - *Any tags for the address pool.
+ *The speed of the processor, in GHz.
*/ - Tags?: Tag[]; + SustainedClockSpeedInGhz?: number; } -export namespace Ipv6Pool { +export namespace ProcessorInfo { /** * @internal */ - export const filterSensitiveLog = (obj: Ipv6Pool): any => ({ + export const filterSensitiveLog = (obj: ProcessorInfo): any => ({ ...obj, }); } -export interface DescribeIpv6PoolsResult { - /** - *Information about the IPv6 address pools.
- */ - Ipv6Pools?: Ipv6Pool[]; +export type BootModeType = "legacy-bios" | "uefi"; - /** - *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
Describes the vCPU configurations for the instance type.
+ */ +export interface VCpuInfo { /** - * @internal + *The default number of vCPUs for the instance type.
*/ - export const filterSensitiveLog = (obj: DescribeIpv6PoolsResult): any => ({ - ...obj, - }); -} + DefaultVCpus?: number; -export interface DescribeKeyPairsRequest { /** - *The filters.
- *
- * key-pair-id
- The ID of the key pair.
- * fingerprint
- The fingerprint of the key pair.
- * key-name
- The name of the key pair.
- * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
- * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
The default number of cores for the instance type.
*/ - Filters?: Filter[]; + DefaultCores?: number; - /** - *The key pair names.
- *Default: Describes all of your key pairs.
+ /** + *The default number of threads per core for the instance type.
*/ - KeyNames?: string[]; + DefaultThreadsPerCore?: number; /** - *The IDs of the key pairs.
+ *The valid number of cores that can be configured for the instance type.
*/ - KeyPairIds?: string[]; + ValidCores?: number[]; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The valid number of threads per core that can be configured for the instance type.
*/ - DryRun?: boolean; + ValidThreadsPerCore?: number[]; } -export namespace DescribeKeyPairsRequest { +export namespace VCpuInfo { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeKeyPairsRequest): any => ({ + export const filterSensitiveLog = (obj: VCpuInfo): any => ({ ...obj, }); } /** - *Describes a key pair.
+ *Describes the instance type.
*/ -export interface KeyPairInfo { +export interface InstanceTypeInfo { /** - *The ID of the key pair.
+ *The instance type. For more information, see Instance types in the Amazon EC2 User Guide.
*/ - KeyPairId?: string; + InstanceType?: _InstanceType | string; /** - *If you used CreateKeyPair to create the key pair:
- *For RSA key pairs, the key fingerprint is the SHA-1 digest of the DER encoded private key. - *
- *For ED25519 key pairs, the key fingerprint is the base64-encoded SHA-256 digest, which - * is the default for OpenSSH, starting with OpenSSH 6.8.
- *If you used ImportKeyPair to provide Amazon Web Services the public key:
- *For RSA key pairs, the key fingerprint is the MD5 public key fingerprint as specified in section 4 of RFC4716.
- *For ED25519 key pairs, the key fingerprint is the base64-encoded SHA-256 - * digest, which is the default for OpenSSH, starting with OpenSSH 6.8.
- *Indicates whether the instance type is current generation.
*/ - KeyFingerprint?: string; + CurrentGeneration?: boolean; /** - *The name of the key pair.
+ *Indicates whether the instance type is eligible for the free tier.
*/ - KeyName?: string; + FreeTierEligible?: boolean; /** - *The type of key pair.
+ *Indicates whether the instance type is offered for spot or On-Demand.
*/ - KeyType?: KeyType | string; + SupportedUsageClasses?: (UsageClassType | string)[]; /** - *Any tags applied to the key pair.
+ *The supported root device types.
*/ - Tags?: Tag[]; -} + SupportedRootDeviceTypes?: (RootDeviceType | string)[]; -export namespace KeyPairInfo { /** - * @internal + *The supported virtualization types.
*/ - export const filterSensitiveLog = (obj: KeyPairInfo): any => ({ - ...obj, - }); -} + SupportedVirtualizationTypes?: (VirtualizationType | string)[]; -export interface DescribeKeyPairsResult { /** - *Information about the key pairs.
+ *Indicates whether the instance is a bare metal instance type.
*/ - KeyPairs?: KeyPairInfo[]; -} + BareMetal?: boolean; -export namespace DescribeKeyPairsResult { /** - * @internal + *The hypervisor for the instance type.
*/ - export const filterSensitiveLog = (obj: DescribeKeyPairsResult): any => ({ - ...obj, - }); -} + Hypervisor?: InstanceTypeHypervisor | string; -export interface DescribeLaunchTemplatesRequest { /** - *Checks whether you have the required permissions for the action, without actually
- * making the request, and provides an error response. If you have the required
- * permissions, the error response is DryRunOperation
. Otherwise, it is
- * UnauthorizedOperation
.
Describes the processor.
*/ - DryRun?: boolean; + ProcessorInfo?: ProcessorInfo; /** - *One or more launch template IDs.
+ *Describes the vCPU configurations for the instance type.
*/ - LaunchTemplateIds?: string[]; + VCpuInfo?: VCpuInfo; /** - *One or more launch template names.
+ *Describes the memory for the instance type.
*/ - LaunchTemplateNames?: string[]; + MemoryInfo?: MemoryInfo; /** - *One or more filters.
- *
- * create-time
- The time the launch template was created.
- * launch-template-name
- The name of the launch template.
- * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
- * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
Indicates whether instance storage is supported.
*/ - Filters?: Filter[]; + InstanceStorageSupported?: boolean; /** - *The token to request the next page of results.
+ *Describes the instance storage for the instance type.
*/ - NextToken?: string; + InstanceStorageInfo?: InstanceStorageInfo; /** - *The maximum number of results to return in a single call. To retrieve the remaining
- * results, make another call with the returned NextToken
value. This value
- * can be between 1 and 200.
Describes the Amazon EBS settings for the instance type.
*/ - MaxResults?: number; -} + EbsInfo?: EbsInfo; -export namespace DescribeLaunchTemplatesRequest { /** - * @internal + *Describes the network settings for the instance type.
*/ - export const filterSensitiveLog = (obj: DescribeLaunchTemplatesRequest): any => ({ - ...obj, - }); -} + NetworkInfo?: NetworkInfo; -export interface DescribeLaunchTemplatesResult { /** - *Information about the launch templates.
+ *Describes the GPU accelerator settings for the instance type.
*/ - LaunchTemplates?: LaunchTemplate[]; + GpuInfo?: GpuInfo; /** - *The token to use to retrieve the next page of results. This value is
- * null
when there are no more results to return.
Describes the FPGA accelerator settings for the instance type.
*/ - NextToken?: string; -} + FpgaInfo?: FpgaInfo; -export namespace DescribeLaunchTemplatesResult { /** - * @internal + *Describes the placement group settings for the instance type.
*/ - export const filterSensitiveLog = (obj: DescribeLaunchTemplatesResult): any => ({ - ...obj, - }); -} + PlacementGroupInfo?: PlacementGroupInfo; -export interface DescribeLaunchTemplateVersionsRequest { /** - *Checks whether you have the required permissions for the action, without actually
- * making the request, and provides an error response. If you have the required
- * permissions, the error response is DryRunOperation
. Otherwise, it is
- * UnauthorizedOperation
.
Describes the Inference accelerator settings for the instance type.
*/ - DryRun?: boolean; + InferenceAcceleratorInfo?: InferenceAcceleratorInfo; /** - *The ID of the launch template. To describe one or more versions of a specified launch - * template, you must specify either the launch template ID or the launch template name in - * the request. To describe all the latest or default launch template versions in your - * account, you must omit this parameter.
+ *Indicates whether On-Demand hibernation is supported.
*/ - LaunchTemplateId?: string; + HibernationSupported?: boolean; /** - *The name of the launch template. To describe one or more versions of a specified - * launch template, you must specify either the launch template ID or the launch template - * name in the request. To describe all the latest or default launch template versions in - * your account, you must omit this parameter.
+ *Indicates whether the instance type is a burstable performance instance type.
*/ - LaunchTemplateName?: string; + BurstablePerformanceSupported?: boolean; /** - *One or more versions of the launch template. Valid values depend on whether you are describing a specified launch template (by ID or name) or all launch templates in your account.
- *To describe one or more versions of a specified launch template, valid values are $Latest
, $Default
, and numbers.
To describe all launch templates in your account that are defined as the latest
- * version, the valid value is $Latest
. To describe all launch templates in
- * your account that are defined as the default version, the valid value is
- * $Default
. You can specify $Latest
and
- * $Default
in the same call. You cannot specify numbers.
Indicates whether Dedicated Hosts are supported on the instance type.
*/ - Versions?: string[]; + DedicatedHostsSupported?: boolean; /** - *The version number after which to describe launch template versions.
+ *Indicates whether auto recovery is supported.
*/ - MinVersion?: string; + AutoRecoverySupported?: boolean; /** - *The version number up to which to describe launch template versions.
+ *The supported boot modes. For more information, see Boot modes in the + * Amazon EC2 User Guide.
*/ - MaxVersion?: string; + SupportedBootModes?: (BootModeType | string)[]; +} +export namespace InstanceTypeInfo { /** - *The token to request the next page of results.
+ * @internal + */ + export const filterSensitiveLog = (obj: InstanceTypeInfo): any => ({ + ...obj, + }); +} + +export interface DescribeInstanceTypesResult { + /** + *The instance type. For more information, see Instance types in the Amazon EC2 User Guide.
+ */ + InstanceTypes?: InstanceTypeInfo[]; + + /** + *The token to use to retrieve the next page of results. This value is null
when there
+ * are no more results to return.
The maximum number of results to return in a single call. To retrieve the remaining
- * results, make another call with the returned NextToken
value. This value
- * can be between 1 and 200.
One or more filters.
*
- * create-time
- The time the launch template version was created.
- * ebs-optimized
- A boolean that indicates whether the instance
- * is optimized for Amazon EBS I/O.
- * iam-instance-profile
- The ARN of the IAM instance
- * profile.
attachment.state
- The current state of the attachment between the gateway
+ * and the VPC (available
). Present only if a VPC is attached.
*
- * image-id
- The ID of the AMI.
attachment.vpc-id
- The ID of an attached VPC.
*
- * instance-type
- The instance type.
internet-gateway-id
- The ID of the Internet gateway.
*
- * is-default-version
- A boolean that indicates whether the
- * launch template version is the default version.
owner-id
- The ID of the Amazon Web Services account that owns the internet gateway.
*
- * kernel-id
- The kernel ID.
tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
*
- * ram-disk-id
- The RAM disk ID.
tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
* Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
One or more internet gateway IDs.
+ *Default: Describes all your internet gateways.
+ */ + InternetGatewayIds?: string[]; + + /** + *The token for the next page of results.
+ */ + NextToken?: string; + + /** + *The maximum number of results to return with a single call.
+ * To retrieve the remaining results, make another call with the returned nextToken
value.
Information about the launch template versions.
+ *Information about one or more internet gateways.
*/ - LaunchTemplateVersions?: LaunchTemplateVersion[]; + InternetGateways?: InternetGateway[]; /** - *The token to use to retrieve the next page of results. This value is
- * null
when there are no more results to return.
The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The IDs of the local gateway route tables.
+ *The IDs of the IPv6 address pools.
*/ - LocalGatewayRouteTableIds?: string[]; + PoolIds?: string[]; /** - *One or more filters.
- *
- * local-gateway-id
- The ID of a local gateway.
- * local-gateway-route-table-id
- The ID of a local gateway route table.
- * outpost-arn
- The Amazon Resource Name (ARN) of the Outpost.
- * state
- The state of the local gateway route table.
The token for the next page of results.
*/ - Filters?: Filter[]; + NextToken?: string; /** *The maximum number of results to return with a single call. @@ -3739,82 +3775,97 @@ export interface DescribeLocalGatewayRouteTablesRequest { */ MaxResults?: number; - /** - *
The token for the next page of results.
- */ - NextToken?: string; - /** *Checks whether you have the required permissions for the action, without actually making the request,
* and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
* Otherwise, it is UnauthorizedOperation
.
One or more filters.
+ *
+ * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
+ * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
Describes a local gateway route table.
+ *Describes a CIDR block for an address pool.
*/ -export interface LocalGatewayRouteTable { - /** - *The ID of the local gateway route table.
- */ - LocalGatewayRouteTableId?: string; - +export interface PoolCidrBlock { /** - *The Amazon Resource Name (ARN) of the local gateway route table.
+ *The CIDR block.
*/ - LocalGatewayRouteTableArn?: string; + Cidr?: string; +} +export namespace PoolCidrBlock { /** - *The ID of the local gateway.
+ * @internal */ - LocalGatewayId?: string; + export const filterSensitiveLog = (obj: PoolCidrBlock): any => ({ + ...obj, + }); +} +/** + *Describes an IPv6 address pool.
+ */ +export interface Ipv6Pool { /** - *The Amazon Resource Name (ARN) of the Outpost.
+ *The ID of the address pool.
*/ - OutpostArn?: string; + PoolId?: string; /** - *The AWS account ID that owns the local gateway route table.
+ *The description for the address pool.
*/ - OwnerId?: string; + Description?: string; /** - *The state of the local gateway route table.
+ *The CIDR blocks for the address pool.
*/ - State?: string; + PoolCidrBlocks?: PoolCidrBlock[]; /** - *The tags assigned to the local gateway route table.
+ *Any tags for the address pool.
*/ Tags?: Tag[]; } -export namespace LocalGatewayRouteTable { +export namespace Ipv6Pool { /** * @internal */ - export const filterSensitiveLog = (obj: LocalGatewayRouteTable): any => ({ + export const filterSensitiveLog = (obj: Ipv6Pool): any => ({ ...obj, }); } -export interface DescribeLocalGatewayRouteTablesResult { +export interface DescribeIpv6PoolsResult { /** - *Information about the local gateway route tables.
+ *Information about the IPv6 address pools.
*/ - LocalGatewayRouteTables?: LocalGatewayRouteTable[]; + Ipv6Pools?: Ipv6Pool[]; /** *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The IDs of the associations.
- */ - LocalGatewayRouteTableVirtualInterfaceGroupAssociationIds?: string[]; - +export interface DescribeKeyPairsRequest { /** - *One or more filters.
+ *The filters.
*
- * local-gateway-id
- The ID of a local gateway.
+ * key-pair-id
- The ID of the key pair.
- * local-gateway-route-table-id
- The ID of the local gateway route table.
fingerprint
- The fingerprint of the key pair.
*
- * local-gateway-route-table-virtual-interface-group-association-id
- The ID of the association.
key-name
- The name of the key pair.
*
- * local-gateway-route-table-virtual-interface-group-id
- The ID of the virtual interface group.
+ * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
- * state
- The state of the association.
+ * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
The maximum number of results to return with a single call.
- * To retrieve the remaining results, make another call with the returned nextToken
value.
The key pair names.
+ *Default: Describes all of your key pairs.
*/ - MaxResults?: number; + KeyNames?: string[]; /** - *The token for the next page of results.
+ *The IDs of the key pairs.
*/ - NextToken?: string; + KeyPairIds?: string[]; /** *Checks whether you have the required permissions for the action, without actually making the request, @@ -3883,306 +3930,314 @@ export interface DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations DryRun?: boolean; } -export namespace DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsRequest { +export namespace DescribeKeyPairsRequest { /** * @internal */ - export const filterSensitiveLog = ( - obj: DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsRequest - ): any => ({ + export const filterSensitiveLog = (obj: DescribeKeyPairsRequest): any => ({ ...obj, }); } /** - *
Describes an association between a local gateway route table and a virtual interface group.
+ *Describes a key pair.
*/ -export interface LocalGatewayRouteTableVirtualInterfaceGroupAssociation { - /** - *The ID of the association.
- */ - LocalGatewayRouteTableVirtualInterfaceGroupAssociationId?: string; - - /** - *The ID of the virtual interface group.
- */ - LocalGatewayVirtualInterfaceGroupId?: string; - - /** - *The ID of the local gateway.
- */ - LocalGatewayId?: string; - +export interface KeyPairInfo { /** - *The ID of the local gateway route table.
+ *The ID of the key pair.
*/ - LocalGatewayRouteTableId?: string; + KeyPairId?: string; /** - *The Amazon Resource Name (ARN) of the local gateway route table for the virtual interface group.
+ *If you used CreateKeyPair to create the key pair:
+ *For RSA key pairs, the key fingerprint is the SHA-1 digest of the DER encoded private key. + *
+ *For ED25519 key pairs, the key fingerprint is the base64-encoded SHA-256 digest, which + * is the default for OpenSSH, starting with OpenSSH 6.8.
+ *If you used ImportKeyPair to provide Amazon Web Services the public key:
+ *For RSA key pairs, the key fingerprint is the MD5 public key fingerprint as specified in section 4 of RFC4716.
+ *For ED25519 key pairs, the key fingerprint is the base64-encoded SHA-256 + * digest, which is the default for OpenSSH, starting with OpenSSH 6.8.
+ *The AWS account ID that owns the local gateway virtual interface group association.
+ *The name of the key pair.
*/ - OwnerId?: string; + KeyName?: string; /** - *The state of the association.
+ *The type of key pair.
*/ - State?: string; + KeyType?: KeyType | string; /** - *The tags assigned to the association.
+ *Any tags applied to the key pair.
*/ Tags?: Tag[]; } -export namespace LocalGatewayRouteTableVirtualInterfaceGroupAssociation { +export namespace KeyPairInfo { /** * @internal */ - export const filterSensitiveLog = (obj: LocalGatewayRouteTableVirtualInterfaceGroupAssociation): any => ({ + export const filterSensitiveLog = (obj: KeyPairInfo): any => ({ ...obj, }); } -export interface DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsResult { - /** - *Information about the associations.
- */ - LocalGatewayRouteTableVirtualInterfaceGroupAssociations?: LocalGatewayRouteTableVirtualInterfaceGroupAssociation[]; - +export interface DescribeKeyPairsResult { /** - *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
Information about the key pairs.
*/ - NextToken?: string; + KeyPairs?: KeyPairInfo[]; } -export namespace DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsResult { +export namespace DescribeKeyPairsResult { /** * @internal */ - export const filterSensitiveLog = ( - obj: DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsResult - ): any => ({ + export const filterSensitiveLog = (obj: DescribeKeyPairsResult): any => ({ ...obj, }); } -export interface DescribeLocalGatewayRouteTableVpcAssociationsRequest { +export interface DescribeLaunchTemplatesRequest { /** - *The IDs of the associations.
+ *Checks whether you have the required permissions for the action, without actually
+ * making the request, and provides an error response. If you have the required
+ * permissions, the error response is DryRunOperation
. Otherwise, it is
+ * UnauthorizedOperation
.
One or more launch template IDs.
+ */ + LaunchTemplateIds?: string[]; + + /** + *One or more launch template names.
+ */ + LaunchTemplateNames?: string[]; /** *One or more filters.
- *
- * local-gateway-id
- The ID of a local gateway.
- * local-gateway-route-table-id
- The ID of the local gateway route table.
+ * create-time
- The time the launch template was created.
- * local-gateway-route-table-vpc-association-id
- The ID of the association.
+ * launch-template-name
- The name of the launch template.
- * state
- The state of the association.
+ * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
- * vpc-id
- The ID of the VPC.
+ * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
The maximum number of results to return with a single call.
- * To retrieve the remaining results, make another call with the returned nextToken
value.
The token for the next page of results.
+ *The token to request the next page of results.
*/ NextToken?: string; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The maximum number of results to return in a single call. To retrieve the remaining
+ * results, make another call with the returned NextToken
value. This value
+ * can be between 1 and 200.
Information about the associations.
+ *Information about the launch templates.
*/ - LocalGatewayRouteTableVpcAssociations?: LocalGatewayRouteTableVpcAssociation[]; + LaunchTemplates?: LaunchTemplate[]; /** - *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The token to use to retrieve the next page of results. This value is
+ * null
when there are no more results to return.
One or more filters.
- *
- * local-gateway-id
- The ID of a local gateway.
- * local-gateway-route-table-id
- The ID of the local gateway route table.
- * local-gateway-route-table-virtual-interface-group-association-id
- The ID of the association.
- * local-gateway-route-table-virtual-interface-group-id
- The ID of the virtual interface group.
- * outpost-arn
- The Amazon Resource Name (ARN) of the Outpost.
- * state
- The state of the association.
One or more filters.
- */ - Filters?: Filter[]; - +export interface DescribeLaunchTemplateVersionsRequest { /** - *The maximum number of results to return with a single call.
- * To retrieve the remaining results, make another call with the returned nextToken
value.
Checks whether you have the required permissions for the action, without actually
+ * making the request, and provides an error response. If you have the required
+ * permissions, the error response is DryRunOperation
. Otherwise, it is
+ * UnauthorizedOperation
.
The token for the next page of results.
+ *The ID of the launch template. To describe one or more versions of a specified launch + * template, you must specify either the launch template ID or the launch template name in + * the request. To describe all the latest or default launch template versions in your + * account, you must omit this parameter.
*/ - NextToken?: string; + LaunchTemplateId?: string; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The name of the launch template. To describe one or more versions of a specified + * launch template, you must specify either the launch template ID or the launch template + * name in the request. To describe all the latest or default launch template versions in + * your account, you must omit this parameter.
*/ - DryRun?: boolean; -} + LaunchTemplateName?: string; -export namespace DescribeLocalGatewaysRequest { /** - * @internal + *One or more versions of the launch template. Valid values depend on whether you are describing a specified launch template (by ID or name) or all launch templates in your account.
+ *To describe one or more versions of a specified launch template, valid values are $Latest
, $Default
, and numbers.
To describe all launch templates in your account that are defined as the latest
+ * version, the valid value is $Latest
. To describe all launch templates in
+ * your account that are defined as the default version, the valid value is
+ * $Default
. You can specify $Latest
and
+ * $Default
in the same call. You cannot specify numbers.
Describes a local gateway.
- */ -export interface LocalGateway { /** - *The ID of the local gateway.
+ *The version number after which to describe launch template versions.
*/ - LocalGatewayId?: string; + MinVersion?: string; /** - *The Amazon Resource Name (ARN) of the Outpost.
+ *The version number up to which to describe launch template versions.
*/ - OutpostArn?: string; + MaxVersion?: string; /** - *The AWS account ID that owns the local gateway.
+ *The token to request the next page of results.
*/ - OwnerId?: string; + NextToken?: string; /** - *The state of the local gateway.
+ *The maximum number of results to return in a single call. To retrieve the remaining
+ * results, make another call with the returned NextToken
value. This value
+ * can be between 1 and 200.
The tags assigned to the local gateway.
+ *One or more filters.
+ *
+ * create-time
- The time the launch template version was created.
+ * ebs-optimized
- A boolean that indicates whether the instance
+ * is optimized for Amazon EBS I/O.
+ * iam-instance-profile
- The ARN of the IAM instance
+ * profile.
+ * image-id
- The ID of the AMI.
+ * instance-type
- The instance type.
+ * is-default-version
- A boolean that indicates whether the
+ * launch template version is the default version.
+ * kernel-id
- The kernel ID.
+ * ram-disk-id
- The RAM disk ID.
Information about the local gateways.
+ *Information about the launch template versions.
*/ - LocalGateways?: LocalGateway[]; + LaunchTemplateVersions?: LaunchTemplateVersion[]; /** - *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The token to use to retrieve the next page of results. This value is
+ * null
when there are no more results to return.
The IDs of the virtual interface groups.
+ *The IDs of the local gateway route tables.
*/ - LocalGatewayVirtualInterfaceGroupIds?: string[]; + LocalGatewayRouteTableIds?: string[]; /** *One or more filters.
@@ -4193,11 +4248,15 @@ export interface DescribeLocalGatewayVirtualInterfaceGroupsRequest { * *
- * local-gateway-virtual-interface-id
- The ID of the virtual interface.
local-gateway-route-table-id
- The ID of a local gateway route table.
*
- * local-gateway-virtual-interface-group-id
- The ID of the virtual interface group.
outpost-arn
- The Amazon Resource Name (ARN) of the Outpost.
+ *
+ * state
- The state of the local gateway route table.
Describes a local gateway virtual interface group.
+ *Describes a local gateway route table.
*/ -export interface LocalGatewayVirtualInterfaceGroup { +export interface LocalGatewayRouteTable { /** - *The ID of the virtual interface group.
+ *The ID of the local gateway route table.
*/ - LocalGatewayVirtualInterfaceGroupId?: string; + LocalGatewayRouteTableId?: string; /** - *The IDs of the virtual interfaces.
+ *The Amazon Resource Name (ARN) of the local gateway route table.
*/ - LocalGatewayVirtualInterfaceIds?: string[]; + LocalGatewayRouteTableArn?: string; /** *The ID of the local gateway.
@@ -4251,30 +4310,40 @@ export interface LocalGatewayVirtualInterfaceGroup { LocalGatewayId?: string; /** - *The AWS account ID that owns the local gateway virtual interface group.
+ *The Amazon Resource Name (ARN) of the Outpost.
+ */ + OutpostArn?: string; + + /** + *The AWS account ID that owns the local gateway route table.
*/ OwnerId?: string; /** - *The tags assigned to the virtual interface group.
+ *The state of the local gateway route table.
+ */ + State?: string; + + /** + *The tags assigned to the local gateway route table.
*/ Tags?: Tag[]; } -export namespace LocalGatewayVirtualInterfaceGroup { +export namespace LocalGatewayRouteTable { /** * @internal */ - export const filterSensitiveLog = (obj: LocalGatewayVirtualInterfaceGroup): any => ({ + export const filterSensitiveLog = (obj: LocalGatewayRouteTable): any => ({ ...obj, }); } -export interface DescribeLocalGatewayVirtualInterfaceGroupsResult { +export interface DescribeLocalGatewayRouteTablesResult { /** - *The virtual interface groups.
+ *Information about the local gateway route tables.
*/ - LocalGatewayVirtualInterfaceGroups?: LocalGatewayVirtualInterfaceGroup[]; + LocalGatewayRouteTables?: LocalGatewayRouteTable[]; /** *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The IDs of the virtual interfaces.
+ *The IDs of the associations.
*/ - LocalGatewayVirtualInterfaceIds?: string[]; + LocalGatewayRouteTableVirtualInterfaceGroupAssociationIds?: string[]; /** *One or more filters.
+ *
+ * local-gateway-id
- The ID of a local gateway.
+ * local-gateway-route-table-id
- The ID of the local gateway route table.
+ * local-gateway-route-table-virtual-interface-group-association-id
- The ID of the association.
+ * local-gateway-route-table-virtual-interface-group-id
- The ID of the virtual interface group.
+ * state
- The state of the association.
Describes a local gateway virtual interface.
+ *Describes an association between a local gateway route table and a virtual interface group.
*/ -export interface LocalGatewayVirtualInterface { - /** - *The ID of the virtual interface.
- */ - LocalGatewayVirtualInterfaceId?: string; - +export interface LocalGatewayRouteTableVirtualInterfaceGroupAssociation { /** - *The ID of the local gateway.
+ *The ID of the association.
*/ - LocalGatewayId?: string; + LocalGatewayRouteTableVirtualInterfaceGroupAssociationId?: string; /** - *The ID of the VLAN.
+ *The ID of the virtual interface group.
*/ - Vlan?: number; + LocalGatewayVirtualInterfaceGroupId?: string; /** - *The local address.
+ *The ID of the local gateway.
*/ - LocalAddress?: string; + LocalGatewayId?: string; /** - *The peer address.
+ *The ID of the local gateway route table.
*/ - PeerAddress?: string; + LocalGatewayRouteTableId?: string; /** - *The Border Gateway Protocol (BGP) Autonomous System Number (ASN) of the local gateway.
+ *The Amazon Resource Name (ARN) of the local gateway route table for the virtual interface group.
*/ - LocalBgpAsn?: number; + LocalGatewayRouteTableArn?: string; /** - *The peer BGP ASN.
+ *The AWS account ID that owns the local gateway virtual interface group association.
*/ - PeerBgpAsn?: number; + OwnerId?: string; /** - *The AWS account ID that owns the local gateway virtual interface.
+ *The state of the association.
*/ - OwnerId?: string; + State?: string; /** - *The tags assigned to the virtual interface.
+ *The tags assigned to the association.
*/ Tags?: Tag[]; } -export namespace LocalGatewayVirtualInterface { +export namespace LocalGatewayRouteTableVirtualInterfaceGroupAssociation { /** * @internal */ - export const filterSensitiveLog = (obj: LocalGatewayVirtualInterface): any => ({ + export const filterSensitiveLog = (obj: LocalGatewayRouteTableVirtualInterfaceGroupAssociation): any => ({ ...obj, }); } -export interface DescribeLocalGatewayVirtualInterfacesResult { +export interface DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsResult { /** - *Information about the virtual interfaces.
+ *Information about the associations.
*/ - LocalGatewayVirtualInterfaces?: LocalGatewayVirtualInterface[]; + LocalGatewayRouteTableVirtualInterfaceGroupAssociations?: LocalGatewayRouteTableVirtualInterfaceGroupAssociation[]; /** *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The IDs of the associations.
*/ - DryRun?: boolean; + LocalGatewayRouteTableVpcAssociationIds?: string[]; /** *One or more filters.
- *
- * owner-id
- The ID of the prefix list owner.
local-gateway-id
- The ID of a local gateway.
*
- * prefix-list-id
- The ID of the prefix list.
local-gateway-route-table-id
- The ID of the local gateway route table.
*
- * prefix-list-name
- The name of the prefix list.
local-gateway-route-table-vpc-association-id
- The ID of the association.
+ *
+ * state
- The state of the association.
+ * vpc-id
- The ID of the VPC.
One or more prefix list IDs.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
Information about the associations.
*/ - NextToken?: string; + LocalGatewayRouteTableVpcAssociations?: LocalGatewayRouteTableVpcAssociation[]; /** - *Information about the prefix lists.
+ *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
One or more filters.
*
- * moving-status
- The status of the Elastic IP address
- * (MovingToVpc
| RestoringToClassic
).
local-gateway-id
- The ID of a local gateway.
+ *
+ * local-gateway-route-table-id
- The ID of the local gateway route table.
+ * local-gateway-route-table-virtual-interface-group-association-id
- The ID of the association.
+ * local-gateway-route-table-virtual-interface-group-id
- The ID of the virtual interface group.
+ * outpost-arn
- The Amazon Resource Name (ARN) of the Outpost.
+ * state
- The state of the association.
Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
One or more filters.
*/ - DryRun?: boolean; + Filters?: Filter[]; /** - *The maximum number of results to return for the request in a single page. The remaining
- * results of the initial request can be seen by sending another request with the returned
- * NextToken
value. This value can be between 5 and 1000; if
- * MaxResults
is given a value outside of this range, an error is returned.
Default: If no value is provided, the default is 1000.
+ *The maximum number of results to return with a single call.
+ * To retrieve the remaining results, make another call with the returned nextToken
value.
One or more Elastic IP addresses.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Describes a local gateway.
+ */ +export interface LocalGateway { + /** + *The ID of the local gateway.
+ */ + LocalGatewayId?: string; + /** - * @internal + *The Amazon Resource Name (ARN) of the Outpost.
*/ - export const filterSensitiveLog = (obj: DescribeMovingAddressesRequest): any => ({ - ...obj, - }); -} + OutpostArn?: string; -export type MoveStatus = "movingToVpc" | "restoringToClassic"; + /** + *The AWS account ID that owns the local gateway.
+ */ + OwnerId?: string; -/** - *Describes the status of a moving Elastic IP address.
- */ -export interface MovingAddressStatus { /** - *The status of the Elastic IP address that's being moved to the EC2-VPC platform, or restored to the EC2-Classic platform.
+ *The state of the local gateway.
*/ - MoveStatus?: MoveStatus | string; + State?: string; /** - *The Elastic IP address.
+ *The tags assigned to the local gateway.
*/ - PublicIp?: string; + Tags?: Tag[]; } -export namespace MovingAddressStatus { +export namespace LocalGateway { /** * @internal */ - export const filterSensitiveLog = (obj: MovingAddressStatus): any => ({ + export const filterSensitiveLog = (obj: LocalGateway): any => ({ ...obj, }); } -export interface DescribeMovingAddressesResult { +export interface DescribeLocalGatewaysResult { /** - *The status for each Elastic IP address.
+ *Information about the local gateways.
*/ - MovingAddressStatuses?: MovingAddressStatus[]; + LocalGateways?: LocalGateway[]; /** *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The IDs of the virtual interface groups.
*/ - DryRun?: boolean; + LocalGatewayVirtualInterfaceGroupIds?: string[]; /** *One or more filters.
*
- * nat-gateway-id
- The ID of the NAT gateway.
- * state
- The state of the NAT gateway (pending
|
- * failed
| available
| deleting
| deleted
).
local-gateway-id
- The ID of a local gateway.
*
- * subnet-id
- The ID of the subnet in which the NAT gateway resides.
local-gateway-virtual-interface-id
- The ID of the virtual interface.
*
- * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
- * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
- * vpc-id
- The ID of the VPC in which the NAT gateway resides.
local-gateway-virtual-interface-group-id
- The ID of the virtual interface group.
* The maximum number of results to return with a single call. @@ -4627,168 +4738,72 @@ export interface DescribeNatGatewaysRequest { */ MaxResults?: number; - /** - *
One or more NAT gateway IDs.
- */ - NatGatewayIds?: string[]; - /** *The token for the next page of results.
*/ NextToken?: string; -} - -export namespace DescribeNatGatewaysRequest { - /** - * @internal - */ - export const filterSensitiveLog = (obj: DescribeNatGatewaysRequest): any => ({ - ...obj, - }); -} - -export interface DescribeNatGatewaysResult { - /** - *Information about the NAT gateways.
- */ - NatGateways?: NatGateway[]; /** - *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Describes a local gateway virtual interface group.
+ */ +export interface LocalGatewayVirtualInterfaceGroup { /** - *One or more filters.
- *
- * association.association-id
- The ID of an association ID for the ACL.
- * association.network-acl-id
- The ID of the network ACL involved in the association.
- * association.subnet-id
- The ID of the subnet involved in the association.
- * default
- Indicates whether the ACL is the default network ACL for the VPC.
- * entry.cidr
- The IPv4 CIDR range specified in the entry.
- * entry.icmp.code
- The ICMP code specified in the entry, if any.
- * entry.icmp.type
- The ICMP type specified in the entry, if any.
- * entry.ipv6-cidr
- The IPv6 CIDR range specified in the entry.
- * entry.port-range.from
- The start of the port range specified in the entry.
- * entry.port-range.to
- The end of the port range specified in the entry.
- * entry.protocol
- The protocol specified in the entry (tcp
| udp
| icmp
or a protocol number).
- * entry.rule-action
- Allows or denies the matching traffic (allow
| deny
).
- * entry.rule-number
- The number of an entry (in other words, rule) in
- * the set of ACL entries.
- * network-acl-id
- The ID of the network ACL.
- * owner-id
- The ID of the Amazon Web Services account that owns the network ACL.
- * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
- * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
- * vpc-id
- The ID of the VPC for the network ACL.
The ID of the virtual interface group.
*/ - Filters?: Filter[]; + LocalGatewayVirtualInterfaceGroupId?: string; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The IDs of the virtual interfaces.
*/ - DryRun?: boolean; + LocalGatewayVirtualInterfaceIds?: string[]; /** - *One or more network ACL IDs.
- *Default: Describes all your network ACLs.
+ *The ID of the local gateway.
*/ - NetworkAclIds?: string[]; + LocalGatewayId?: string; /** - *The token for the next page of results.
+ *The AWS account ID that owns the local gateway virtual interface group.
*/ - NextToken?: string; + OwnerId?: string; /** - *The maximum number of results to return with a single call.
- * To retrieve the remaining results, make another call with the returned nextToken
value.
The tags assigned to the virtual interface group.
*/ - MaxResults?: number; + Tags?: Tag[]; } -export namespace DescribeNetworkAclsRequest { +export namespace LocalGatewayVirtualInterfaceGroup { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeNetworkAclsRequest): any => ({ + export const filterSensitiveLog = (obj: LocalGatewayVirtualInterfaceGroup): any => ({ ...obj, }); } -export interface DescribeNetworkAclsResult { +export interface DescribeLocalGatewayVirtualInterfaceGroupsResult { /** - *Information about one or more network ACLs.
+ *The virtual interface groups.
*/ - NetworkAcls?: NetworkAcl[]; + LocalGatewayVirtualInterfaceGroups?: LocalGatewayVirtualInterfaceGroup[]; /** *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The ID of the network insights analyses. You must specify either analysis IDs or a path ID.
- */ - NetworkInsightsAnalysisIds?: string[]; - - /** - *The ID of the path. You must specify either a path ID or analysis IDs.
- */ - NetworkInsightsPathId?: string; - - /** - *The time when the network insights analyses started.
- */ - AnalysisStartTime?: Date; - +export interface DescribeLocalGatewayVirtualInterfacesRequest { /** - *The time when the network insights analyses ended.
+ *The IDs of the virtual interfaces.
*/ - AnalysisEndTime?: Date; + LocalGatewayVirtualInterfaceIds?: string[]; /** - *The filters. The following are possible values:
- *PathFound - A Boolean value that indicates whether a feasible path is found.
- *Status - The status of the analysis (running | succeeded | failed).
- *One or more filters.
*/ Filters?: Filter[]; /** *The maximum number of results to return with a single call.
- * To retrieve the remaining results, make another call with the returned nextToken
value.
nextToken
value.
*/
MaxResults?: number;
+ /**
+ * The token for the next page of results.
+ */ + NextToken?: string; + /** *Checks whether you have the required permissions for the action, without actually making the request,
* and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
* Otherwise, it is UnauthorizedOperation
.
The token for the next page of results.
- */ - NextToken?: string; } -export namespace DescribeNetworkInsightsAnalysesRequest { +export namespace DescribeLocalGatewayVirtualInterfacesRequest { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeNetworkInsightsAnalysesRequest): any => ({ + export const filterSensitiveLog = (obj: DescribeLocalGatewayVirtualInterfacesRequest): any => ({ ...obj, }); } /** - *Describes a path component.
+ *Describes a local gateway virtual interface.
*/ -export interface AnalysisComponent { +export interface LocalGatewayVirtualInterface { /** - *The ID of the component.
+ *The ID of the virtual interface.
*/ - Id?: string; + LocalGatewayVirtualInterfaceId?: string; /** - *The Amazon Resource Name (ARN) of the component.
+ *The ID of the local gateway.
*/ - Arn?: string; -} + LocalGatewayId?: string; -export namespace AnalysisComponent { /** - * @internal + *The ID of the VLAN.
*/ - export const filterSensitiveLog = (obj: AnalysisComponent): any => ({ - ...obj, - }); -} + Vlan?: number; -/** - *Describes a network access control (ACL) rule.
- */ -export interface AnalysisAclRule { /** - *The IPv4 address range, in CIDR notation.
+ *The local address.
*/ - Cidr?: string; + LocalAddress?: string; /** - *Indicates whether the rule is an outbound rule.
+ *The peer address.
*/ - Egress?: boolean; + PeerAddress?: string; /** - *The range of ports.
+ *The Border Gateway Protocol (BGP) Autonomous System Number (ASN) of the local gateway.
*/ - PortRange?: PortRange; + LocalBgpAsn?: number; /** - *The protocol.
+ *The peer BGP ASN.
*/ - Protocol?: string; + PeerBgpAsn?: number; /** - *Indicates whether to allow or deny traffic that matches the rule.
+ *The AWS account ID that owns the local gateway virtual interface.
*/ - RuleAction?: string; + OwnerId?: string; /** - *The rule number.
+ *The tags assigned to the virtual interface.
*/ - RuleNumber?: number; + Tags?: Tag[]; } -export namespace AnalysisAclRule { +export namespace LocalGatewayVirtualInterface { /** * @internal */ - export const filterSensitiveLog = (obj: AnalysisAclRule): any => ({ + export const filterSensitiveLog = (obj: LocalGatewayVirtualInterface): any => ({ ...obj, }); } -/** - *Describes a load balancer listener.
- */ -export interface AnalysisLoadBalancerListener { +export interface DescribeLocalGatewayVirtualInterfacesResult { /** - *The port on which the load balancer is listening.
+ *Information about the virtual interfaces.
*/ - LoadBalancerPort?: number; + LocalGatewayVirtualInterfaces?: LocalGatewayVirtualInterface[]; /** - *[Classic Load Balancers] The back-end port for the listener.
+ *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
Describes a load balancer target.
- */ -export interface AnalysisLoadBalancerTarget { +export interface DescribeManagedPrefixListsRequest { /** - *The IP address.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The Availability Zone.
+ *One or more filters.
+ *
+ * owner-id
- The ID of the prefix list owner.
+ * prefix-list-id
- The ID of the prefix list.
+ * prefix-list-name
- The name of the prefix list.
Information about the instance.
+ *The maximum number of results to return with a single call.
+ * To retrieve the remaining results, make another call with the returned nextToken
value.
The port on which the target is listening.
+ *The token for the next page of results.
*/ - Port?: number; + NextToken?: string; + + /** + *One or more prefix list IDs.
+ */ + PrefixListIds?: string[]; } -export namespace AnalysisLoadBalancerTarget { +export namespace DescribeManagedPrefixListsRequest { /** * @internal */ - export const filterSensitiveLog = (obj: AnalysisLoadBalancerTarget): any => ({ + export const filterSensitiveLog = (obj: DescribeManagedPrefixListsRequest): any => ({ ...obj, }); } -/** - *Describes a route table route.
- */ -export interface AnalysisRouteTableRoute { - /** - *The destination IPv4 address, in CIDR notation.
- */ - DestinationCidr?: string; - - /** - *The prefix of the Amazon Web Service.
- */ - DestinationPrefixListId?: string; - +export interface DescribeManagedPrefixListsResult { /** - *The ID of an egress-only internet gateway.
+ *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The ID of the gateway, such as an internet gateway or virtual private gateway.
+ *Information about the prefix lists.
*/ - GatewayId?: string; + PrefixLists?: ManagedPrefixList[]; +} +export namespace DescribeManagedPrefixListsResult { /** - *The ID of the instance, such as a NAT instance.
+ * @internal */ - InstanceId?: string; + export const filterSensitiveLog = (obj: DescribeManagedPrefixListsResult): any => ({ + ...obj, + }); +} +export interface DescribeMovingAddressesRequest { /** - *The ID of a NAT gateway.
+ *One or more filters.
+ *
+ * moving-status
- The status of the Elastic IP address
+ * (MovingToVpc
| RestoringToClassic
).
The ID of a network interface.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Describes how the route was created. The following are possible values:
- *
- * CreateRouteTable
- The route was automatically created when the route table was created.
- * CreateRoute
- The route was manually added to the route table.
- * EnableVgwRoutePropagation
- The route was propagated by route propagation.
The maximum number of results to return for the request in a single page. The remaining
+ * results of the initial request can be seen by sending another request with the returned
+ * NextToken
value. This value can be between 5 and 1000; if
+ * MaxResults
is given a value outside of this range, an error is returned.
Default: If no value is provided, the default is 1000.
*/ - Origin?: string; + MaxResults?: number; /** - *The ID of a transit gateway.
+ *The token for the next page of results.
*/ - TransitGatewayId?: string; + NextToken?: string; /** - *The ID of a VPC peering connection.
+ *One or more Elastic IP addresses.
*/ - VpcPeeringConnectionId?: string; + PublicIps?: string[]; } -export namespace AnalysisRouteTableRoute { +export namespace DescribeMovingAddressesRequest { /** * @internal */ - export const filterSensitiveLog = (obj: AnalysisRouteTableRoute): any => ({ + export const filterSensitiveLog = (obj: DescribeMovingAddressesRequest): any => ({ ...obj, }); } +export type MoveStatus = "movingToVpc" | "restoringToClassic"; + /** - *Describes a security group rule.
+ *Describes the status of a moving Elastic IP address.
*/ -export interface AnalysisSecurityGroupRule { - /** - *The IPv4 address range, in CIDR notation.
- */ - Cidr?: string; - +export interface MovingAddressStatus { /** - *The direction. The following are possible values:
- *egress
- *ingress
- *The status of the Elastic IP address that's being moved to the EC2-VPC platform, or restored to the EC2-Classic platform.
*/ - Direction?: string; + MoveStatus?: MoveStatus | string; /** - *The security group ID.
+ *The Elastic IP address.
*/ - SecurityGroupId?: string; + PublicIp?: string; +} +export namespace MovingAddressStatus { /** - *The port range.
+ * @internal */ - PortRange?: PortRange; + export const filterSensitiveLog = (obj: MovingAddressStatus): any => ({ + ...obj, + }); +} +export interface DescribeMovingAddressesResult { /** - *The prefix list ID.
+ *The status for each Elastic IP address.
*/ - PrefixListId?: string; + MovingAddressStatuses?: MovingAddressStatus[]; /** - *The protocol name.
+ *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
Describes an explanation code for an unreachable path. For more information, see Reachability Analyzer explanation codes.
- */ -export interface Explanation { - /** - *The network ACL.
- */ - Acl?: AnalysisComponent; - - /** - *The network ACL rule.
- */ - AclRule?: AnalysisAclRule; - +export interface DescribeNatGatewaysRequest { /** - *The IPv4 address, in CIDR notation.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The IPv4 addresses, in CIDR notation.
+ *One or more filters.
+ *
+ * nat-gateway-id
- The ID of the NAT gateway.
+ * state
- The state of the NAT gateway (pending
|
+ * failed
| available
| deleting
| deleted
).
+ * subnet-id
- The ID of the subnet in which the NAT gateway resides.
+ * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
+ * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
+ * vpc-id
- The ID of the VPC in which the NAT gateway resides.
The resource to which the component is attached.
+ *The maximum number of results to return with a single call.
+ * To retrieve the remaining results, make another call with the returned nextToken
value.
The Availability Zones.
+ *One or more NAT gateway IDs.
*/ - AvailabilityZones?: string[]; + NatGatewayIds?: string[]; /** - *The CIDR ranges.
+ *The token for the next page of results.
*/ - Cidrs?: string[]; + NextToken?: string; +} +export namespace DescribeNatGatewaysRequest { /** - *The component.
+ * @internal */ - Component?: AnalysisComponent; + export const filterSensitiveLog = (obj: DescribeNatGatewaysRequest): any => ({ + ...obj, + }); +} +export interface DescribeNatGatewaysResult { /** - *The customer gateway.
+ *Information about the NAT gateways.
*/ - CustomerGateway?: AnalysisComponent; + NatGateways?: NatGateway[]; /** - *The destination.
+ *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The destination VPC.
+ * @internal */ - DestinationVpc?: AnalysisComponent; + export const filterSensitiveLog = (obj: DescribeNatGatewaysResult): any => ({ + ...obj, + }); +} +export interface DescribeNetworkAclsRequest { /** - *The direction. The following are possible values:
- *One or more filters.
+ *egress
- *
+ * association.association-id
- The ID of an association ID for the ACL.
ingress
- *
+ * association.network-acl-id
- The ID of the network ACL involved in the association.
+ * association.subnet-id
- The ID of the subnet involved in the association.
+ * default
- Indicates whether the ACL is the default network ACL for the VPC.
+ * entry.cidr
- The IPv4 CIDR range specified in the entry.
+ * entry.icmp.code
- The ICMP code specified in the entry, if any.
+ * entry.icmp.type
- The ICMP type specified in the entry, if any.
+ * entry.ipv6-cidr
- The IPv6 CIDR range specified in the entry.
+ * entry.port-range.from
- The start of the port range specified in the entry.
+ * entry.port-range.to
- The end of the port range specified in the entry.
+ * entry.protocol
- The protocol specified in the entry (tcp
| udp
| icmp
or a protocol number).
+ * entry.rule-action
- Allows or denies the matching traffic (allow
| deny
).
+ * entry.rule-number
- The number of an entry (in other words, rule) in
+ * the set of ACL entries.
+ * network-acl-id
- The ID of the network ACL.
+ * owner-id
- The ID of the Amazon Web Services account that owns the network ACL.
+ * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
+ * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
+ * vpc-id
- The ID of the VPC for the network ACL.
The explanation code.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The route table.
+ *One or more network ACL IDs.
+ *Default: Describes all your network ACLs.
*/ - IngressRouteTable?: AnalysisComponent; + NetworkAclIds?: string[]; /** - *The internet gateway.
+ *The token for the next page of results.
*/ - InternetGateway?: AnalysisComponent; + NextToken?: string; /** - *The Amazon Resource Name (ARN) of the load balancer.
+ *The maximum number of results to return with a single call.
+ * To retrieve the remaining results, make another call with the returned nextToken
value.
The listener for a Classic Load Balancer.
+ * @internal */ - ClassicLoadBalancerListener?: AnalysisLoadBalancerListener; + export const filterSensitiveLog = (obj: DescribeNetworkAclsRequest): any => ({ + ...obj, + }); +} +export interface DescribeNetworkAclsResult { /** - *The listener port of the load balancer.
+ *Information about one or more network ACLs.
*/ - LoadBalancerListenerPort?: number; + NetworkAcls?: NetworkAcl[]; /** - *The target.
+ *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The target group.
+ * @internal */ - LoadBalancerTargetGroup?: AnalysisComponent; + export const filterSensitiveLog = (obj: DescribeNetworkAclsResult): any => ({ + ...obj, + }); +} +export interface DescribeNetworkInsightsAnalysesRequest { /** - *The target groups.
+ *The ID of the network insights analyses. You must specify either analysis IDs or a path ID.
*/ - LoadBalancerTargetGroups?: AnalysisComponent[]; + NetworkInsightsAnalysisIds?: string[]; /** - *The target port.
+ *The ID of the path. You must specify either a path ID or analysis IDs.
*/ - LoadBalancerTargetPort?: number; + NetworkInsightsPathId?: string; /** - *The load balancer listener.
+ *The time when the network insights analyses started.
*/ - ElasticLoadBalancerListener?: AnalysisComponent; + AnalysisStartTime?: Date; /** - *The missing component.
+ *The time when the network insights analyses ended.
*/ - MissingComponent?: string; + AnalysisEndTime?: Date; + + /** + *The filters. The following are possible values:
+ *PathFound - A Boolean value that indicates whether a feasible path is found.
+ *Status - The status of the analysis (running | succeeded | failed).
+ *The NAT gateway.
+ *The maximum number of results to return with a single call.
+ * To retrieve the remaining results, make another call with the returned nextToken
value.
The network interface.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The packet field.
+ *The token for the next page of results.
*/ - PacketField?: string; + NextToken?: string; +} +export namespace DescribeNetworkInsightsAnalysesRequest { /** - *The VPC peering connection.
+ * @internal */ - VpcPeeringConnection?: AnalysisComponent; + export const filterSensitiveLog = (obj: DescribeNetworkInsightsAnalysesRequest): any => ({ + ...obj, + }); +} +/** + *Describes a path component.
+ */ +export interface AnalysisComponent { /** - *The port.
+ *The ID of the component.
*/ - Port?: number; + Id?: string; /** - *The port ranges.
+ *The Amazon Resource Name (ARN) of the component.
*/ - PortRanges?: PortRange[]; + Arn?: string; +} +export namespace AnalysisComponent { /** - *The prefix list.
+ * @internal */ - PrefixList?: AnalysisComponent; + export const filterSensitiveLog = (obj: AnalysisComponent): any => ({ + ...obj, + }); +} +/** + *Describes a network access control (ACL) rule.
+ */ +export interface AnalysisAclRule { /** - *The protocols.
+ *The IPv4 address range, in CIDR notation.
*/ - Protocols?: string[]; + Cidr?: string; /** - *The route table route.
+ *Indicates whether the rule is an outbound rule.
*/ - RouteTableRoute?: AnalysisRouteTableRoute; + Egress?: boolean; /** - *The route table.
+ *The range of ports.
*/ - RouteTable?: AnalysisComponent; + PortRange?: PortRange; /** - *The security group.
+ *The protocol.
*/ - SecurityGroup?: AnalysisComponent; + Protocol?: string; /** - *The security group rule.
+ *Indicates whether to allow or deny traffic that matches the rule.
*/ - SecurityGroupRule?: AnalysisSecurityGroupRule; + RuleAction?: string; /** - *The security groups.
+ *The rule number.
*/ - SecurityGroups?: AnalysisComponent[]; + RuleNumber?: number; +} +export namespace AnalysisAclRule { /** - *The source VPC.
+ * @internal */ - SourceVpc?: AnalysisComponent; + export const filterSensitiveLog = (obj: AnalysisAclRule): any => ({ + ...obj, + }); +} +/** + *Describes a load balancer listener.
+ */ +export interface AnalysisLoadBalancerListener { /** - *The state.
+ *The port on which the load balancer is listening.
*/ - State?: string; + LoadBalancerPort?: number; /** - *The subnet.
+ *[Classic Load Balancers] The back-end port for the listener.
*/ - Subnet?: AnalysisComponent; + InstancePort?: number; +} +export namespace AnalysisLoadBalancerListener { /** - *The route table for the subnet.
+ * @internal */ - SubnetRouteTable?: AnalysisComponent; + export const filterSensitiveLog = (obj: AnalysisLoadBalancerListener): any => ({ + ...obj, + }); +} +/** + *Describes a load balancer target.
+ */ +export interface AnalysisLoadBalancerTarget { /** - *The component VPC.
+ *The IP address.
*/ - Vpc?: AnalysisComponent; + Address?: string; /** - *The VPC endpoint.
+ *The Availability Zone.
*/ - VpcEndpoint?: AnalysisComponent; + AvailabilityZone?: string; /** - *The VPN connection.
+ *Information about the instance.
*/ - VpnConnection?: AnalysisComponent; + Instance?: AnalysisComponent; /** - *The VPN gateway.
+ *The port on which the target is listening.
*/ - VpnGateway?: AnalysisComponent; + Port?: number; } -export namespace Explanation { +export namespace AnalysisLoadBalancerTarget { /** * @internal */ - export const filterSensitiveLog = (obj: Explanation): any => ({ + export const filterSensitiveLog = (obj: AnalysisLoadBalancerTarget): any => ({ ...obj, }); } /** - *Describes a header. Reflects any changes made by a component as traffic passes through. - * The fields of an inbound header are null except for the first component of a path.
+ *Describes a route table route.
*/ -export interface AnalysisPacketHeader { +export interface AnalysisRouteTableRoute { /** - *The destination addresses.
+ *The destination IPv4 address, in CIDR notation.
*/ - DestinationAddresses?: string[]; + DestinationCidr?: string; /** - *The destination port ranges.
+ *The prefix of the Amazon Web Service.
*/ - DestinationPortRanges?: PortRange[]; + DestinationPrefixListId?: string; /** - *The protocol.
+ *The ID of an egress-only internet gateway.
*/ - Protocol?: string; + EgressOnlyInternetGatewayId?: string; /** - *The source addresses.
+ *The ID of the gateway, such as an internet gateway or virtual private gateway.
*/ - SourceAddresses?: string[]; + GatewayId?: string; /** - *The source port ranges.
+ *The ID of the instance, such as a NAT instance.
*/ - SourcePortRanges?: PortRange[]; -} + InstanceId?: string; -export namespace AnalysisPacketHeader { /** - * @internal + *The ID of a NAT gateway.
*/ - export const filterSensitiveLog = (obj: AnalysisPacketHeader): any => ({ - ...obj, - }); -} + NatGatewayId?: string; -/** - *Describes a path component.
- */ -export interface PathComponent { /** - *The sequence number.
+ *The ID of a network interface.
*/ - SequenceNumber?: number; + NetworkInterfaceId?: string; /** - *The network ACL rule.
+ *Describes how the route was created. The following are possible values:
+ *
+ * CreateRouteTable
- The route was automatically created when the route table was created.
+ * CreateRoute
- The route was manually added to the route table.
+ * EnableVgwRoutePropagation
- The route was propagated by route propagation.
The component.
+ *The ID of a transit gateway.
*/ - Component?: AnalysisComponent; + TransitGatewayId?: string; /** - *The destination VPC.
+ *The ID of a VPC peering connection.
*/ - DestinationVpc?: AnalysisComponent; + VpcPeeringConnectionId?: string; +} +export namespace AnalysisRouteTableRoute { /** - *The outbound header.
+ * @internal */ - OutboundHeader?: AnalysisPacketHeader; + export const filterSensitiveLog = (obj: AnalysisRouteTableRoute): any => ({ + ...obj, + }); +} +/** + *Describes a security group rule.
+ */ +export interface AnalysisSecurityGroupRule { /** - *The inbound header.
+ *The IPv4 address range, in CIDR notation.
*/ - InboundHeader?: AnalysisPacketHeader; + Cidr?: string; /** - *The route table route.
+ *The direction. The following are possible values:
+ *egress
+ *ingress
+ *The security group rule.
+ *The security group ID.
*/ - SecurityGroupRule?: AnalysisSecurityGroupRule; + SecurityGroupId?: string; /** - *The source VPC.
+ *The port range.
*/ - SourceVpc?: AnalysisComponent; + PortRange?: PortRange; /** - *The subnet.
+ *The prefix list ID.
*/ - Subnet?: AnalysisComponent; + PrefixListId?: string; /** - *The component VPC.
+ *The protocol name.
*/ - Vpc?: AnalysisComponent; + Protocol?: string; } -export namespace PathComponent { +export namespace AnalysisSecurityGroupRule { /** * @internal */ - export const filterSensitiveLog = (obj: PathComponent): any => ({ + export const filterSensitiveLog = (obj: AnalysisSecurityGroupRule): any => ({ ...obj, }); } -export type AnalysisStatus = "failed" | "running" | "succeeded"; - /** - *Describes a network insights analysis.
+ *Describes an explanation code for an unreachable path. For more information, see Reachability Analyzer explanation codes.
*/ -export interface NetworkInsightsAnalysis { +export interface Explanation { + /** + *The network ACL.
+ */ + Acl?: AnalysisComponent; + /** - *The ID of the network insights analysis.
+ *The network ACL rule.
*/ - NetworkInsightsAnalysisId?: string; + AclRule?: AnalysisAclRule; /** - *The Amazon Resource Name (ARN) of the network insights analysis.
+ *The IPv4 address, in CIDR notation.
*/ - NetworkInsightsAnalysisArn?: string; + Address?: string; /** - *The ID of the path.
+ *The IPv4 addresses, in CIDR notation.
*/ - NetworkInsightsPathId?: string; + Addresses?: string[]; /** - *The Amazon Resource Names (ARN) of the Amazon Web Services resources that the path must traverse.
+ *The resource to which the component is attached.
*/ - FilterInArns?: string[]; + AttachedTo?: AnalysisComponent; /** - *The time the analysis started.
+ *The Availability Zones.
*/ - StartDate?: Date; + AvailabilityZones?: string[]; /** - *The status of the network insights analysis.
+ *The CIDR ranges.
*/ - Status?: AnalysisStatus | string; + Cidrs?: string[]; /** - *The status message, if the status is failed
.
The component.
*/ - StatusMessage?: string; + Component?: AnalysisComponent; /** - *Indicates whether the destination is reachable from the source.
+ *The customer gateway.
*/ - NetworkPathFound?: boolean; + CustomerGateway?: AnalysisComponent; /** - *The components in the path from source to destination.
+ *The destination.
*/ - ForwardPathComponents?: PathComponent[]; + Destination?: AnalysisComponent; /** - *The components in the path from destination to source.
+ *The destination VPC.
*/ - ReturnPathComponents?: PathComponent[]; + DestinationVpc?: AnalysisComponent; /** - *The explanations. For more information, see Reachability Analyzer explanation codes.
+ *The direction. The following are possible values:
+ *egress
+ *ingress
+ *Potential intermediate components.
+ *The explanation code.
*/ - AlternatePathHints?: AlternatePathHint[]; + ExplanationCode?: string; /** - *The tags.
+ *The route table.
*/ - Tags?: Tag[]; -} + IngressRouteTable?: AnalysisComponent; -export namespace NetworkInsightsAnalysis { /** - * @internal + *The internet gateway.
*/ - export const filterSensitiveLog = (obj: NetworkInsightsAnalysis): any => ({ - ...obj, - }); -} + InternetGateway?: AnalysisComponent; -export interface DescribeNetworkInsightsAnalysesResult { /** - *Information about the network insights analyses.
+ *The Amazon Resource Name (ARN) of the load balancer.
*/ - NetworkInsightsAnalyses?: NetworkInsightsAnalysis[]; + LoadBalancerArn?: string; /** - *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The listener for a Classic Load Balancer.
*/ - NextToken?: string; -} + ClassicLoadBalancerListener?: AnalysisLoadBalancerListener; -export namespace DescribeNetworkInsightsAnalysesResult { /** - * @internal + *The listener port of the load balancer.
*/ - export const filterSensitiveLog = (obj: DescribeNetworkInsightsAnalysesResult): any => ({ - ...obj, - }); -} + LoadBalancerListenerPort?: number; -export interface DescribeNetworkInsightsPathsRequest { /** - *The IDs of the paths.
+ *The target.
*/ - NetworkInsightsPathIds?: string[]; + LoadBalancerTarget?: AnalysisLoadBalancerTarget; /** - *The filters. The following are possible values:
- *Destination - The ID of the resource.
- *DestinationPort - The destination port.
- *Name - The path name.
- *Protocol - The protocol.
- *Source - The ID of the resource.
- *The target group.
*/ - Filters?: Filter[]; + LoadBalancerTargetGroup?: AnalysisComponent; /** - *The maximum number of results to return with a single call.
- * To retrieve the remaining results, make another call with the returned nextToken
value.
The target groups.
*/ - MaxResults?: number; + LoadBalancerTargetGroups?: AnalysisComponent[]; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The target port.
*/ - DryRun?: boolean; + LoadBalancerTargetPort?: number; /** - *The token for the next page of results.
+ *The load balancer listener.
*/ - NextToken?: string; -} + ElasticLoadBalancerListener?: AnalysisComponent; -export namespace DescribeNetworkInsightsPathsRequest { /** - * @internal + *The missing component.
*/ - export const filterSensitiveLog = (obj: DescribeNetworkInsightsPathsRequest): any => ({ - ...obj, - }); -} + MissingComponent?: string; -export interface DescribeNetworkInsightsPathsResult { /** - *Information about the paths.
+ *The NAT gateway.
*/ - NetworkInsightsPaths?: NetworkInsightsPath[]; + NatGateway?: AnalysisComponent; /** - *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The network interface.
*/ - NextToken?: string; -} + NetworkInterface?: AnalysisComponent; -export namespace DescribeNetworkInsightsPathsResult { /** - * @internal + *The packet field.
*/ - export const filterSensitiveLog = (obj: DescribeNetworkInsightsPathsResult): any => ({ - ...obj, - }); -} + PacketField?: string; -export type NetworkInterfaceAttribute = "attachment" | "description" | "groupSet" | "sourceDestCheck"; + /** + *The VPC peering connection.
+ */ + VpcPeeringConnection?: AnalysisComponent; -/** - *Contains the parameters for DescribeNetworkInterfaceAttribute.
- */ -export interface DescribeNetworkInterfaceAttributeRequest { /** - *The attribute of the network interface. This parameter is required.
+ *The port.
*/ - Attribute?: NetworkInterfaceAttribute | string; + Port?: number; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The port ranges.
*/ - DryRun?: boolean; + PortRanges?: PortRange[]; /** - *The ID of the network interface.
+ *The prefix list.
*/ - NetworkInterfaceId: string | undefined; -} + PrefixList?: AnalysisComponent; -export namespace DescribeNetworkInterfaceAttributeRequest { /** - * @internal + *The protocols.
*/ - export const filterSensitiveLog = (obj: DescribeNetworkInterfaceAttributeRequest): any => ({ - ...obj, - }); -} + Protocols?: string[]; -/** - *Contains the output of DescribeNetworkInterfaceAttribute.
- */ -export interface DescribeNetworkInterfaceAttributeResult { /** - *The attachment (if any) of the network interface.
+ *The route table route.
*/ - Attachment?: NetworkInterfaceAttachment; + RouteTableRoute?: AnalysisRouteTableRoute; /** - *The description of the network interface.
+ *The route table.
*/ - Description?: AttributeValue; + RouteTable?: AnalysisComponent; /** - *The security groups associated with the network interface.
+ *The security group.
*/ - Groups?: GroupIdentifier[]; + SecurityGroup?: AnalysisComponent; /** - *The ID of the network interface.
+ *The security group rule.
*/ - NetworkInterfaceId?: string; + SecurityGroupRule?: AnalysisSecurityGroupRule; /** - *Indicates whether source/destination checking is enabled.
+ *The security groups.
*/ - SourceDestCheck?: AttributeBooleanValue; -} + SecurityGroups?: AnalysisComponent[]; -export namespace DescribeNetworkInterfaceAttributeResult { /** - * @internal + *The source VPC.
*/ - export const filterSensitiveLog = (obj: DescribeNetworkInterfaceAttributeResult): any => ({ - ...obj, - }); -} + SourceVpc?: AnalysisComponent; -/** - *Contains the parameters for DescribeNetworkInterfacePermissions.
- */ -export interface DescribeNetworkInterfacePermissionsRequest { /** - *One or more network interface permission IDs.
+ *The state.
*/ - NetworkInterfacePermissionIds?: string[]; + State?: string; /** - *One or more filters.
- *
- * network-interface-permission.network-interface-permission-id
- The ID of the
- * permission.
- * network-interface-permission.network-interface-id
- The ID of
- * the network interface.
- * network-interface-permission.aws-account-id
- The Amazon Web Services account ID.
- * network-interface-permission.aws-service
- The Amazon Web Service.
- * network-interface-permission.permission
- The type of
- * permission (INSTANCE-ATTACH
|
- * EIP-ASSOCIATE
).
The subnet.
*/ - Filters?: Filter[]; + Subnet?: AnalysisComponent; /** - *The token to request the next page of results.
+ *The route table for the subnet.
*/ - NextToken?: string; + SubnetRouteTable?: AnalysisComponent; /** - *The maximum number of results to return in a single call. To retrieve the remaining results,
- * make another call with the returned NextToken
value. If this parameter is not specified, up to 50 results are returned by default.
The component VPC.
*/ - MaxResults?: number; -} + Vpc?: AnalysisComponent; -export namespace DescribeNetworkInterfacePermissionsRequest { /** - * @internal + *The VPC endpoint.
*/ - export const filterSensitiveLog = (obj: DescribeNetworkInterfacePermissionsRequest): any => ({ - ...obj, - }); -} + VpcEndpoint?: AnalysisComponent; -/** - *Contains the output for DescribeNetworkInterfacePermissions.
- */ -export interface DescribeNetworkInterfacePermissionsResult { /** - *The network interface permissions.
+ *The VPN connection.
*/ - NetworkInterfacePermissions?: NetworkInterfacePermission[]; + VpnConnection?: AnalysisComponent; /** - *The token to use to retrieve the next page of results.
+ *The VPN gateway.
*/ - NextToken?: string; + VpnGateway?: AnalysisComponent; } -export namespace DescribeNetworkInterfacePermissionsResult { +export namespace Explanation { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeNetworkInterfacePermissionsResult): any => ({ + export const filterSensitiveLog = (obj: Explanation): any => ({ ...obj, }); } /** - *Contains the parameters for DescribeNetworkInterfaces.
+ *Describes a header. Reflects any changes made by a component as traffic passes through. + * The fields of an inbound header are null except for the first component of a path.
*/ -export interface DescribeNetworkInterfacesRequest { +export interface AnalysisPacketHeader { /** - *One or more filters.
- *
- * addresses.private-ip-address
- The private IPv4 addresses
- * associated with the network interface.
- * addresses.primary
- Whether the private IPv4 address is the primary
- * IP address associated with the network interface.
- * addresses.association.public-ip
- The association ID returned when
- * the network interface was associated with the Elastic IP address
- * (IPv4).
- * addresses.association.owner-id
- The owner ID of the addresses associated with the network interface.
- * association.association-id
- The association ID returned when the
- * network interface was associated with an IPv4 address.
- * association.allocation-id
- The allocation ID returned when you
- * allocated the Elastic IP address (IPv4) for your network interface.
- * association.ip-owner-id
- The owner of the Elastic IP address
- * (IPv4) associated with the network interface.
- * association.public-ip
- The address of the Elastic IP address
- * (IPv4) bound to the network interface.
- * association.public-dns-name
- The public DNS name for the network
- * interface (IPv4).
- * attachment.attachment-id
- The ID of the interface attachment.
- * attachment.attach-time
- The time that the network interface was attached to an instance.
- * attachment.delete-on-termination
- Indicates whether the attachment is deleted when an instance is terminated.
- * attachment.device-index
- The device index to which the network interface is attached.
- * attachment.instance-id
- The ID of the instance to which the network interface is attached.
- * attachment.instance-owner-id
- The owner ID of the instance to which the network interface is attached.
- * attachment.status
- The status of the attachment (attaching
| attached
| detaching
| detached
).
- * availability-zone
- The Availability Zone of the network interface.
- * description
- The description of the network interface.
- * group-id
- The ID of a security group associated with the network interface.
- * group-name
- The name of a security group associated with the network interface.
- * ipv6-addresses.ipv6-address
- An IPv6 address associated with
- * the network interface.
- * mac-address
- The MAC address of the network interface.
- * network-interface-id
- The ID of the network interface.
- * owner-id
- The Amazon Web Services account ID of the network interface owner.
- * private-ip-address
- The private IPv4 address or addresses of the
- * network interface.
- * private-dns-name
- The private DNS name of the network interface (IPv4).
- * requester-id
- The alias or Amazon Web Services account ID of the principal or service that created the network interface.
- * requester-managed
- Indicates whether the network interface is being managed by an Amazon Web Service
- * (for example, Amazon Web Services Management Console, Auto Scaling, and so on).
- * source-dest-check
- Indicates whether the network interface performs source/destination checking.
- * A value of true
means checking is enabled, and false
means checking is disabled.
- * The value must be false
for the network interface to perform network address translation (NAT) in your VPC.
- * status
- The status of the network interface. If the network interface is not attached to an instance, the status is available
;
- * if a network interface is attached to an instance the status is in-use
.
- * subnet-id
- The ID of the subnet for the network interface.
- * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
- * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
- * vpc-id
- The ID of the VPC for the network interface.
The destination addresses.
*/ - Filters?: Filter[]; + DestinationAddresses?: string[]; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The destination port ranges.
*/ - DryRun?: boolean; + DestinationPortRanges?: PortRange[]; /** - *One or more network interface IDs.
- *Default: Describes all your network interfaces.
+ *The protocol.
*/ - NetworkInterfaceIds?: string[]; + Protocol?: string; /** - *The token to retrieve the next page of results.
+ *The source addresses.
*/ - NextToken?: string; + SourceAddresses?: string[]; /** - *The maximum number of items to return for this request. The request returns a token that you - * can specify in a subsequent call to get the next set of results. You cannot specify this - * parameter and the network interface IDs parameter in the same request.
+ *The source port ranges.
*/ - MaxResults?: number; + SourcePortRanges?: PortRange[]; } -export namespace DescribeNetworkInterfacesRequest { +export namespace AnalysisPacketHeader { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeNetworkInterfacesRequest): any => ({ + export const filterSensitiveLog = (obj: AnalysisPacketHeader): any => ({ ...obj, }); } /** - *Contains the output of DescribeNetworkInterfaces.
+ *Describes a path component.
*/ -export interface DescribeNetworkInterfacesResult { +export interface PathComponent { /** - *Information about one or more network interfaces.
+ *The sequence number.
*/ - NetworkInterfaces?: NetworkInterface[]; + SequenceNumber?: number; /** - *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The network ACL rule.
*/ - NextToken?: string; -} + AclRule?: AnalysisAclRule; + + /** + *The component.
+ */ + Component?: AnalysisComponent; + + /** + *The destination VPC.
+ */ + DestinationVpc?: AnalysisComponent; + + /** + *The outbound header.
+ */ + OutboundHeader?: AnalysisPacketHeader; + + /** + *The inbound header.
+ */ + InboundHeader?: AnalysisPacketHeader; -export namespace DescribeNetworkInterfacesResult { /** - * @internal + *The route table route.
*/ - export const filterSensitiveLog = (obj: DescribeNetworkInterfacesResult): any => ({ - ...obj, - }); -} + RouteTableRoute?: AnalysisRouteTableRoute; -export interface DescribePlacementGroupsRequest { /** - *The filters.
- *
- * group-name
- The name of the placement group.
- * state
- The state of the placement group (pending
|
- * available
| deleting
|
- * deleted
).
- * strategy
- The strategy of the placement group
- * (cluster
| spread
|
- * partition
).
- * tag:
- The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value.
- * For example, to find all resources that have a tag with the key Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
- * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources that have a tag with a specific key, regardless of the tag value.
The security group rule.
*/ - Filters?: Filter[]; + SecurityGroupRule?: AnalysisSecurityGroupRule; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The source VPC.
*/ - DryRun?: boolean; + SourceVpc?: AnalysisComponent; /** - *The names of the placement groups.
- *Default: Describes all your placement groups, or only those otherwise - * specified.
+ *The subnet.
*/ - GroupNames?: string[]; + Subnet?: AnalysisComponent; /** - *The IDs of the placement groups.
+ *The component VPC.
*/ - GroupIds?: string[]; + Vpc?: AnalysisComponent; } -export namespace DescribePlacementGroupsRequest { +export namespace PathComponent { /** * @internal */ - export const filterSensitiveLog = (obj: DescribePlacementGroupsRequest): any => ({ + export const filterSensitiveLog = (obj: PathComponent): any => ({ ...obj, }); } -export interface DescribePlacementGroupsResult { +export type AnalysisStatus = "failed" | "running" | "succeeded"; + +/** + *Describes a network insights analysis.
+ */ +export interface NetworkInsightsAnalysis { /** - *Information about the placement groups.
+ *The ID of the network insights analysis.
*/ - PlacementGroups?: PlacementGroup[]; -} + NetworkInsightsAnalysisId?: string; -export namespace DescribePlacementGroupsResult { /** - * @internal + *The Amazon Resource Name (ARN) of the network insights analysis.
*/ - export const filterSensitiveLog = (obj: DescribePlacementGroupsResult): any => ({ - ...obj, - }); -} + NetworkInsightsAnalysisArn?: string; -export interface DescribePrefixListsRequest { /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The ID of the path.
*/ - DryRun?: boolean; + NetworkInsightsPathId?: string; /** - *One or more filters.
- *
- * prefix-list-id
: The ID of a prefix list.
- * prefix-list-name
: The name of a prefix list.
The Amazon Resource Names (ARN) of the Amazon Web Services resources that the path must traverse.
*/ - Filters?: Filter[]; + FilterInArns?: string[]; /** - *The maximum number of results to return with a single call.
- * To retrieve the remaining results, make another call with the returned nextToken
value.
The time the analysis started.
*/ - MaxResults?: number; + StartDate?: Date; /** - *The token for the next page of results.
+ *The status of the network insights analysis.
*/ - NextToken?: string; + Status?: AnalysisStatus | string; /** - *One or more prefix list IDs.
+ *The status message, if the status is failed
.
Indicates whether the destination is reachable from the source.
*/ - export const filterSensitiveLog = (obj: DescribePrefixListsRequest): any => ({ - ...obj, - }); -} + NetworkPathFound?: boolean; -/** - *Describes prefixes for Amazon Web Services services.
- */ -export interface PrefixList { /** - *The IP address range of the Amazon Web Service.
+ *The components in the path from source to destination.
*/ - Cidrs?: string[]; + ForwardPathComponents?: PathComponent[]; /** - *The ID of the prefix.
+ *The components in the path from destination to source.
*/ - PrefixListId?: string; + ReturnPathComponents?: PathComponent[]; /** - *The name of the prefix.
+ *The explanations. For more information, see Reachability Analyzer explanation codes.
*/ - PrefixListName?: string; + Explanations?: Explanation[]; + + /** + *Potential intermediate components.
+ */ + AlternatePathHints?: AlternatePathHint[]; + + /** + *The tags.
+ */ + Tags?: Tag[]; } -export namespace PrefixList { +export namespace NetworkInsightsAnalysis { /** * @internal */ - export const filterSensitiveLog = (obj: PrefixList): any => ({ + export const filterSensitiveLog = (obj: NetworkInsightsAnalysis): any => ({ ...obj, }); } -export interface DescribePrefixListsResult { +export interface DescribeNetworkInsightsAnalysesResult { /** - *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
Information about the network insights analyses.
*/ - NextToken?: string; + NetworkInsightsAnalyses?: NetworkInsightsAnalysis[]; /** - *All available prefix lists.
+ *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The IDs of the paths.
*/ - DryRun?: boolean; + NetworkInsightsPathIds?: string[]; /** - *The type of resource: bundle
|
- * conversion-task
| customer-gateway
| dhcp-options
|
- * elastic-ip-allocation
| elastic-ip-association
|
- * export-task
| flow-log
| image
|
- * import-task
| instance
| internet-gateway
|
- * network-acl
| network-acl-association
|
- * network-interface
| network-interface-attachment
|
- * prefix-list
| reservation
| route-table
|
- * route-table-association
| security-group
|
- * snapshot
| subnet
|
- * subnet-cidr-block-association
| volume
| vpc
- * | vpc-cidr-block-association
| vpc-endpoint
|
- * vpc-peering-connection
| vpn-connection
| vpn-gateway
- *
The filters. The following are possible values:
+ *Destination - The ID of the resource.
+ *DestinationPort - The destination port.
+ *Name - The path name.
+ *Protocol - The protocol.
+ *Source - The ID of the resource.
+ *The maximum number of results to return in a single call. To retrieve the remaining - * results, make another call with the returned NextToken value.
+ *The maximum number of results to return with a single call.
+ * To retrieve the remaining results, make another call with the returned nextToken
value.
The token to request the next page of results.
- */ - NextToken?: string; -} - -export namespace DescribePrincipalIdFormatRequest { - /** - * @internal - */ - export const filterSensitiveLog = (obj: DescribePrincipalIdFormatRequest): any => ({ - ...obj, - }); -} - -/** - *PrincipalIdFormat description
- */ -export interface PrincipalIdFormat { - /** - *PrincipalIdFormatARN description
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
PrincipalIdFormatStatuses description
+ *The token for the next page of results.
*/ - Statuses?: IdFormat[]; + NextToken?: string; } -export namespace PrincipalIdFormat { +export namespace DescribeNetworkInsightsPathsRequest { /** * @internal */ - export const filterSensitiveLog = (obj: PrincipalIdFormat): any => ({ + export const filterSensitiveLog = (obj: DescribeNetworkInsightsPathsRequest): any => ({ ...obj, }); } -export interface DescribePrincipalIdFormatResult { +export interface DescribeNetworkInsightsPathsResult { /** - *Information about the ID format settings for the ARN.
+ *Information about the paths.
*/ - Principals?: PrincipalIdFormat[]; + NetworkInsightsPaths?: NetworkInsightsPath[]; /** - *The token to use to retrieve the next page of results. This value is null when there are no more results to return.
+ *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The IDs of the address pools.
- */ - PoolIds?: string[]; +export type NetworkInterfaceAttribute = "attachment" | "description" | "groupSet" | "sourceDestCheck"; +/** + *Contains the parameters for DescribeNetworkInterfaceAttribute.
+ */ +export interface DescribeNetworkInterfaceAttributeRequest { /** - *The token for the next page of results.
+ *The attribute of the network interface. This parameter is required.
*/ - NextToken?: string; + Attribute?: NetworkInterfaceAttribute | string; /** - *The maximum number of results to return with a single call.
- * To retrieve the remaining results, make another call with the returned nextToken
value.
Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
One or more filters.
- *
- * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
- * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
The ID of the network interface.
*/ - Filters?: Filter[]; + NetworkInterfaceId: string | undefined; } -export namespace DescribePublicIpv4PoolsRequest { +export namespace DescribeNetworkInterfaceAttributeRequest { /** * @internal */ - export const filterSensitiveLog = (obj: DescribePublicIpv4PoolsRequest): any => ({ + export const filterSensitiveLog = (obj: DescribeNetworkInterfaceAttributeRequest): any => ({ ...obj, }); } /** - *Describes an address range of an IPv4 address pool.
+ *Contains the output of DescribeNetworkInterfaceAttribute.
*/ -export interface PublicIpv4PoolRange { +export interface DescribeNetworkInterfaceAttributeResult { /** - *The first IP address in the range.
+ *The attachment (if any) of the network interface.
*/ - FirstAddress?: string; + Attachment?: NetworkInterfaceAttachment; /** - *The last IP address in the range.
+ *The description of the network interface.
*/ - LastAddress?: string; + Description?: AttributeValue; /** - *The number of addresses in the range.
+ *The security groups associated with the network interface.
*/ - AddressCount?: number; + Groups?: GroupIdentifier[]; /** - *The number of available addresses in the range.
+ *The ID of the network interface.
*/ - AvailableAddressCount?: number; + NetworkInterfaceId?: string; + + /** + *Indicates whether source/destination checking is enabled.
+ */ + SourceDestCheck?: AttributeBooleanValue; } -export namespace PublicIpv4PoolRange { +export namespace DescribeNetworkInterfaceAttributeResult { /** * @internal */ - export const filterSensitiveLog = (obj: PublicIpv4PoolRange): any => ({ + export const filterSensitiveLog = (obj: DescribeNetworkInterfaceAttributeResult): any => ({ ...obj, }); } /** - *Describes an IPv4 address pool.
+ *Contains the parameters for DescribeNetworkInterfacePermissions.
*/ -export interface PublicIpv4Pool { - /** - *The ID of the address pool.
- */ - PoolId?: string; - - /** - *A description of the address pool.
- */ - Description?: string; - - /** - *The address ranges.
- */ - PoolAddressRanges?: PublicIpv4PoolRange[]; - +export interface DescribeNetworkInterfacePermissionsRequest { /** - *The total number of addresses.
+ *One or more network interface permission IDs.
*/ - TotalAddressCount?: number; + NetworkInterfacePermissionIds?: string[]; /** - *The total number of available addresses.
+ *One or more filters.
+ *
+ * network-interface-permission.network-interface-permission-id
- The ID of the
+ * permission.
+ * network-interface-permission.network-interface-id
- The ID of
+ * the network interface.
+ * network-interface-permission.aws-account-id
- The Amazon Web Services account ID.
+ * network-interface-permission.aws-service
- The Amazon Web Service.
+ * network-interface-permission.permission
- The type of
+ * permission (INSTANCE-ATTACH
|
+ * EIP-ASSOCIATE
).
The name of the location from which the address pool is advertised. - * A network border group is a unique set of Availability Zones or Local Zones - * from where Amazon Web Services advertises public IP addresses.
+ *The token to request the next page of results.
*/ - NetworkBorderGroup?: string; + NextToken?: string; /** - *Any tags for the address pool.
+ *The maximum number of results to return in a single call. To retrieve the remaining results,
+ * make another call with the returned NextToken
value. If this parameter is not specified, up to 50 results are returned by default.
Contains the output for DescribeNetworkInterfacePermissions.
+ */ +export interface DescribeNetworkInterfacePermissionsResult { /** - *Information about the address pools.
+ *The network interface permissions.
*/ - PublicIpv4Pools?: PublicIpv4Pool[]; + NetworkInterfacePermissions?: NetworkInterfacePermission[]; /** - *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The token to use to retrieve the next page of results.
*/ NextToken?: string; } -export namespace DescribePublicIpv4PoolsResult { +export namespace DescribeNetworkInterfacePermissionsResult { /** * @internal */ - export const filterSensitiveLog = (obj: DescribePublicIpv4PoolsResult): any => ({ + export const filterSensitiveLog = (obj: DescribeNetworkInterfacePermissionsResult): any => ({ ...obj, }); } -export interface DescribeRegionsRequest { +/** + *Contains the parameters for DescribeNetworkInterfaces.
+ */ +export interface DescribeNetworkInterfacesRequest { /** - *The filters.
- *One or more filters.
+ *
+ * addresses.private-ip-address
- The private IPv4 addresses
+ * associated with the network interface.
+ * addresses.primary
- Whether the private IPv4 address is the primary
+ * IP address associated with the network interface.
+ * addresses.association.public-ip
- The association ID returned when
+ * the network interface was associated with the Elastic IP address
+ * (IPv4).
+ * addresses.association.owner-id
- The owner ID of the addresses associated with the network interface.
+ * association.association-id
- The association ID returned when the
+ * network interface was associated with an IPv4 address.
+ * association.allocation-id
- The allocation ID returned when you
+ * allocated the Elastic IP address (IPv4) for your network interface.
+ * association.ip-owner-id
- The owner of the Elastic IP address
+ * (IPv4) associated with the network interface.
+ * association.public-ip
- The address of the Elastic IP address
+ * (IPv4) bound to the network interface.
+ * association.public-dns-name
- The public DNS name for the network
+ * interface (IPv4).
+ * attachment.attachment-id
- The ID of the interface attachment.
+ * attachment.attach-time
- The time that the network interface was attached to an instance.
+ * attachment.delete-on-termination
- Indicates whether the attachment is deleted when an instance is terminated.
+ * attachment.device-index
- The device index to which the network interface is attached.
+ * attachment.instance-id
- The ID of the instance to which the network interface is attached.
+ * attachment.instance-owner-id
- The owner ID of the instance to which the network interface is attached.
+ * attachment.status
- The status of the attachment (attaching
| attached
| detaching
| detached
).
+ * availability-zone
- The Availability Zone of the network interface.
+ * description
- The description of the network interface.
+ * group-id
- The ID of a security group associated with the network interface.
+ * group-name
- The name of a security group associated with the network interface.
+ * ipv6-addresses.ipv6-address
- An IPv6 address associated with
+ * the network interface.
- * endpoint
- The endpoint of the Region (for example, ec2.us-east-1.amazonaws.com
).
+ * mac-address
- The MAC address of the network interface.
- * opt-in-status
- The opt-in status of the Region (opt-in-not-required
| opted-in
|
- * not-opted-in
).
+ * network-interface-id
- The ID of the network interface.
- * region-name
- The name of the Region (for example, us-east-1
).
+ * owner-id
- The Amazon Web Services account ID of the network interface owner.
+ * private-ip-address
- The private IPv4 address or addresses of the
+ * network interface.
+ * private-dns-name
- The private DNS name of the network interface (IPv4).
+ * requester-id
- The alias or Amazon Web Services account ID of the principal or service that created the network interface.
+ * requester-managed
- Indicates whether the network interface is being managed by an Amazon Web Service
+ * (for example, Amazon Web Services Management Console, Auto Scaling, and so on).
+ * source-dest-check
- Indicates whether the network interface performs source/destination checking.
+ * A value of true
means checking is enabled, and false
means checking is disabled.
+ * The value must be false
for the network interface to perform network address translation (NAT) in your VPC.
+ * status
- The status of the network interface. If the network interface is not attached to an instance, the status is available
;
+ * if a network interface is attached to an instance the status is in-use
.
+ * subnet-id
- The ID of the subnet for the network interface.
+ * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
+ * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
+ * vpc-id
- The ID of the VPC for the network interface.
The names of the Regions. You can specify any Regions, whether they are enabled and disabled for your account.
- */ - RegionNames?: string[]; - /** *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
*/
DryRun?: boolean;
/**
- * Indicates whether to display all Regions, including Regions that are disabled for your account.
- */ - AllRegions?: boolean; -} - -export namespace DescribeRegionsRequest { - /** - * @internal - */ - export const filterSensitiveLog = (obj: DescribeRegionsRequest): any => ({ - ...obj, - }); -} - -/** - *Describes a Region.
- */ -export interface Region { - /** - *The Region service endpoint.
- */ - Endpoint?: string; - - /** - *The name of the Region.
- */ - RegionName?: string; - - /** - *The Region opt-in status. The possible values are opt-in-not-required
, opted-in
, and
- * not-opted-in
.
Information about the Regions.
- */ - Regions?: Region[]; -} - -export namespace DescribeRegionsResult { - /** - * @internal - */ - export const filterSensitiveLog = (obj: DescribeRegionsResult): any => ({ - ...obj, - }); -} - -export interface DescribeReplaceRootVolumeTasksRequest { - /** - *The ID of the root volume replacement task to view.
- */ - ReplaceRootVolumeTaskIds?: string[]; - - /** - *Filter to use:
- *
- * instance-id
- The ID of the instance for which the root volume replacement task was created.
The maximum number of results to return with a single call.
- * To retrieve the remaining results, make another call with the returned nextToken
value.
One or more network interface IDs.
+ *Default: Describes all your network interfaces.
*/ - MaxResults?: number; + NetworkInterfaceIds?: string[]; /** - *The token for the next page of results.
+ *The token to retrieve the next page of results.
*/ NextToken?: string; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The maximum number of items to return for this request. The request returns a token that you + * can specify in a subsequent call to get the next set of results. You cannot specify this + * parameter and the network interface IDs parameter in the same request.
*/ - DryRun?: boolean; + MaxResults?: number; } -export namespace DescribeReplaceRootVolumeTasksRequest { +export namespace DescribeNetworkInterfacesRequest { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeReplaceRootVolumeTasksRequest): any => ({ + export const filterSensitiveLog = (obj: DescribeNetworkInterfacesRequest): any => ({ ...obj, }); } -export interface DescribeReplaceRootVolumeTasksResult { +/** + *Contains the output of DescribeNetworkInterfaces.
+ */ +export interface DescribeNetworkInterfacesResult { /** - *Information about the root volume replacement task.
+ *Information about one or more network interfaces.
*/ - ReplaceRootVolumeTasks?: ReplaceRootVolumeTask[]; + NetworkInterfaces?: NetworkInterface[]; /** *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
Contains the parameters for DescribeReservedInstances.
- */ -export interface DescribeReservedInstancesRequest { +export interface DescribePlacementGroupsRequest { /** - *One or more filters.
- *
- * availability-zone
- The Availability Zone where the Reserved Instance can be used.
- * duration
- The duration of the Reserved Instance (one year or three years), in seconds (31536000
| 94608000
).
- * end
- The time when the Reserved Instance expires (for example, 2015-08-07T11:54:42.000Z).
- * fixed-price
- The purchase price of the Reserved Instance (for example, 9800.0).
- * instance-type
- The instance type that is covered by the reservation.
- * scope
- The scope of the Reserved Instance (Region
or Availability Zone
).
- * product-description
- The Reserved Instance product platform
- * description. Instances that include (Amazon VPC)
in the product platform
- * description will only be displayed to EC2-Classic account holders and are for use with
- * Amazon VPC (Linux/UNIX
| Linux/UNIX (Amazon VPC)
| SUSE
- * Linux
| SUSE Linux (Amazon VPC)
| Red Hat Enterprise
- * Linux
| Red Hat Enterprise Linux (Amazon VPC)
| Red Hat
- * Enterprise Linux with HA (Amazon VPC)
| Windows
| Windows
- * (Amazon VPC)
| Windows with SQL Server Standard
| Windows with
- * SQL Server Standard (Amazon VPC)
| Windows with SQL Server Web
|
- * Windows with SQL Server Web (Amazon VPC)
| Windows with SQL Server
- * Enterprise
| Windows with SQL Server Enterprise (Amazon
- * VPC)
).
The filters.
+ *
- * reserved-instances-id
- The ID of the Reserved Instance.
+ * group-name
- The name of the placement group.
- * start
- The time at which the Reserved Instance purchase request was placed (for example, 2014-08-07T11:54:42.000Z).
+ * state
- The state of the placement group (pending
|
+ * available
| deleting
|
+ * deleted
).
- * state
- The state of the Reserved Instance (payment-pending
| active
| payment-failed
| retired
).
+ * strategy
- The strategy of the placement group
+ * (cluster
| spread
|
+ * partition
).
@@ -6693,654 +6593,655 @@ export interface DescribeReservedInstancesRequest { *
- * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
- * usage-price
- The usage price of the Reserved Instance, per hour (for example, 0.84).
tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources that have a tag with a specific key, regardless of the tag value.
* Describes whether the Reserved Instance is Standard or Convertible.
- */ - OfferingClass?: OfferingClassType | string; - - /** - *One or more Reserved Instance IDs.
- *Default: Describes all your Reserved Instances, or only those otherwise specified.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The names of the placement groups.
+ *Default: Describes all your placement groups, or only those otherwise + * specified.
*/ - DryRun?: boolean; + GroupNames?: string[]; /** - *The Reserved Instance offering type. If you are using tools that predate the 2011-11-01 API
- * version, you only have access to the Medium Utilization
Reserved Instance
- * offering type.
The IDs of the placement groups.
*/ - OfferingType?: OfferingTypeValues | string; + GroupIds?: string[]; } -export namespace DescribeReservedInstancesRequest { +export namespace DescribePlacementGroupsRequest { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeReservedInstancesRequest): any => ({ + export const filterSensitiveLog = (obj: DescribePlacementGroupsRequest): any => ({ ...obj, }); } -export type RIProductDescription = "Linux/UNIX" | "Linux/UNIX (Amazon VPC)" | "Windows" | "Windows (Amazon VPC)"; - -export type RecurringChargeFrequency = "Hourly"; - -/** - *Describes a recurring charge.
- */ -export interface RecurringCharge { - /** - *The amount of the recurring charge.
- */ - Amount?: number; - +export interface DescribePlacementGroupsResult { /** - *The frequency of the recurring charge.
+ *Information about the placement groups.
*/ - Frequency?: RecurringChargeFrequency | string; + PlacementGroups?: PlacementGroup[]; } -export namespace RecurringCharge { +export namespace DescribePlacementGroupsResult { /** * @internal */ - export const filterSensitiveLog = (obj: RecurringCharge): any => ({ + export const filterSensitiveLog = (obj: DescribePlacementGroupsResult): any => ({ ...obj, }); } -export enum Scope { - AVAILABILITY_ZONE = "Availability Zone", - REGIONAL = "Region", -} - -export type ReservedInstanceState = - | "active" - | "payment-failed" - | "payment-pending" - | "queued" - | "queued-deleted" - | "retired"; - -/** - *Describes a Reserved Instance.
- */ -export interface ReservedInstances { - /** - *The Availability Zone in which the Reserved Instance can be used.
- */ - AvailabilityZone?: string; - +export interface DescribePrefixListsRequest { /** - *The duration of the Reserved Instance, in seconds.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The time when the Reserved Instance expires.
+ *One or more filters.
+ *
+ * prefix-list-id
: The ID of a prefix list.
+ * prefix-list-name
: The name of a prefix list.
The purchase price of the Reserved Instance.
+ *The maximum number of results to return with a single call.
+ * To retrieve the remaining results, make another call with the returned nextToken
value.
The number of reservations purchased.
+ *The token for the next page of results.
*/ - InstanceCount?: number; + NextToken?: string; /** - *The instance type on which the Reserved Instance can be used.
+ *One or more prefix list IDs.
*/ - InstanceType?: _InstanceType | string; + PrefixListIds?: string[]; +} +export namespace DescribePrefixListsRequest { /** - *The Reserved Instance product platform description.
+ * @internal */ - ProductDescription?: RIProductDescription | string; + export const filterSensitiveLog = (obj: DescribePrefixListsRequest): any => ({ + ...obj, + }); +} +/** + *Describes prefixes for Amazon Web Services services.
+ */ +export interface PrefixList { /** - *The ID of the Reserved Instance.
+ *The IP address range of the Amazon Web Service.
*/ - ReservedInstancesId?: string; + Cidrs?: string[]; /** - *The date and time the Reserved Instance started.
+ *The ID of the prefix.
*/ - Start?: Date; + PrefixListId?: string; /** - *The state of the Reserved Instance purchase.
+ *The name of the prefix.
*/ - State?: ReservedInstanceState | string; + PrefixListName?: string; +} +export namespace PrefixList { /** - *The usage price of the Reserved Instance, per hour.
+ * @internal */ - UsagePrice?: number; + export const filterSensitiveLog = (obj: PrefixList): any => ({ + ...obj, + }); +} +export interface DescribePrefixListsResult { /** - *The currency of the Reserved Instance. It's specified using ISO 4217 standard currency codes.
- * At this time, the only supported currency is USD
.
The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The tenancy of the instance.
+ *All available prefix lists.
*/ - InstanceTenancy?: Tenancy | string; + PrefixLists?: PrefixList[]; +} +export namespace DescribePrefixListsResult { /** - *The offering class of the Reserved Instance.
+ * @internal */ - OfferingClass?: OfferingClassType | string; + export const filterSensitiveLog = (obj: DescribePrefixListsResult): any => ({ + ...obj, + }); +} +export interface DescribePrincipalIdFormatRequest { /** - *The Reserved Instance offering type.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The recurring charge tag assigned to the resource.
+ *The type of resource: bundle
|
+ * conversion-task
| customer-gateway
| dhcp-options
|
+ * elastic-ip-allocation
| elastic-ip-association
|
+ * export-task
| flow-log
| image
|
+ * import-task
| instance
| internet-gateway
|
+ * network-acl
| network-acl-association
|
+ * network-interface
| network-interface-attachment
|
+ * prefix-list
| reservation
| route-table
|
+ * route-table-association
| security-group
|
+ * snapshot
| subnet
|
+ * subnet-cidr-block-association
| volume
| vpc
+ * | vpc-cidr-block-association
| vpc-endpoint
|
+ * vpc-peering-connection
| vpn-connection
| vpn-gateway
+ *
The scope of the Reserved Instance.
+ *The maximum number of results to return in a single call. To retrieve the remaining + * results, make another call with the returned NextToken value.
*/ - Scope?: Scope | string; + MaxResults?: number; /** - *Any tags assigned to the resource.
+ *The token to request the next page of results.
*/ - Tags?: Tag[]; + NextToken?: string; } -export namespace ReservedInstances { +export namespace DescribePrincipalIdFormatRequest { /** * @internal */ - export const filterSensitiveLog = (obj: ReservedInstances): any => ({ + export const filterSensitiveLog = (obj: DescribePrincipalIdFormatRequest): any => ({ ...obj, }); } /** - *Contains the output for DescribeReservedInstances.
+ *PrincipalIdFormat description
*/ -export interface DescribeReservedInstancesResult { +export interface PrincipalIdFormat { /** - *A list of Reserved Instances.
+ *PrincipalIdFormatARN description
*/ - ReservedInstances?: ReservedInstances[]; -} + Arn?: string; -export namespace DescribeReservedInstancesResult { /** - * @internal + *PrincipalIdFormatStatuses description
*/ - export const filterSensitiveLog = (obj: DescribeReservedInstancesResult): any => ({ - ...obj, - }); + Statuses?: IdFormat[]; } -/** - *Contains the parameters for DescribeReservedInstancesListings.
- */ -export interface DescribeReservedInstancesListingsRequest { +export namespace PrincipalIdFormat { /** - *One or more filters.
- *
- * reserved-instances-id
- The ID of the Reserved Instances.
- * reserved-instances-listing-id
- The ID of the Reserved Instances listing.
- * status
- The status of the Reserved Instance listing (pending
| active
|
- * cancelled
| closed
).
- * status-message
- The reason for the status.
One or more Reserved Instance IDs.
+ *Information about the ID format settings for the ARN.
*/ - ReservedInstancesId?: string; + Principals?: PrincipalIdFormat[]; /** - *One or more Reserved Instance listing IDs.
+ *The token to use to retrieve the next page of results. This value is null when there are no more results to return.
*/ - ReservedInstancesListingId?: string; + NextToken?: string; } -export namespace DescribeReservedInstancesListingsRequest { +export namespace DescribePrincipalIdFormatResult { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeReservedInstancesListingsRequest): any => ({ + export const filterSensitiveLog = (obj: DescribePrincipalIdFormatResult): any => ({ ...obj, }); } -/** - *Contains the output of DescribeReservedInstancesListings.
- */ -export interface DescribeReservedInstancesListingsResult { +export interface DescribePublicIpv4PoolsRequest { /** - *Information about the Reserved Instance listing.
+ *The IDs of the address pools.
*/ - ReservedInstancesListings?: ReservedInstancesListing[]; -} + PoolIds?: string[]; -export namespace DescribeReservedInstancesListingsResult { /** - * @internal + *The token for the next page of results.
*/ - export const filterSensitiveLog = (obj: DescribeReservedInstancesListingsResult): any => ({ - ...obj, - }); -} + NextToken?: string; + + /** + *The maximum number of results to return with a single call.
+ * To retrieve the remaining results, make another call with the returned nextToken
value.
Contains the parameters for DescribeReservedInstancesModifications.
- */ -export interface DescribeReservedInstancesModificationsRequest { /** *One or more filters.
- *
- * client-token
- The idempotency token for the modification request.
- * create-date
- The time when the modification request was created.
- * effective-date
- The time when the modification becomes effective.
- * modification-result.reserved-instances-id
- The ID for the Reserved Instances created as part of the modification request. This ID is only available when the status of the modification is fulfilled
.
- * modification-result.target-configuration.availability-zone
- The Availability Zone for the new Reserved Instances.
- * modification-result.target-configuration.instance-count
- The number of new Reserved Instances.
- * modification-result.target-configuration.instance-type
- The instance type of the new Reserved Instances.
- * modification-result.target-configuration.platform
- The network platform of the new Reserved Instances (EC2-Classic
| EC2-VPC
).
- * reserved-instances-id
- The ID of the Reserved Instances modified.
- * reserved-instances-modification-id
- The ID of the modification request.
- * status
- The status of the Reserved Instances modification request
- * (processing
| fulfilled
| failed
).
- * status-message
- The reason for the status.
+ * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
- * update-date
- The time when the modification request was last updated.
+ * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
IDs for the submitted modification request.
+ * @internal */ - ReservedInstancesModificationIds?: string[]; + export const filterSensitiveLog = (obj: DescribePublicIpv4PoolsRequest): any => ({ + ...obj, + }); +} + +/** + *Describes an address range of an IPv4 address pool.
+ */ +export interface PublicIpv4PoolRange { + /** + *The first IP address in the range.
+ */ + FirstAddress?: string; /** - *The token to retrieve the next page of results.
+ *The last IP address in the range.
*/ - NextToken?: string; + LastAddress?: string; + + /** + *The number of addresses in the range.
+ */ + AddressCount?: number; + + /** + *The number of available addresses in the range.
+ */ + AvailableAddressCount?: number; } -export namespace DescribeReservedInstancesModificationsRequest { +export namespace PublicIpv4PoolRange { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeReservedInstancesModificationsRequest): any => ({ + export const filterSensitiveLog = (obj: PublicIpv4PoolRange): any => ({ ...obj, }); } /** - *Describes the configuration settings for the modified Reserved Instances.
+ *Describes an IPv4 address pool.
*/ -export interface ReservedInstancesConfiguration { +export interface PublicIpv4Pool { /** - *The Availability Zone for the modified Reserved Instances.
+ *The ID of the address pool.
*/ - AvailabilityZone?: string; + PoolId?: string; /** - *The number of modified Reserved Instances.
- *This is a required field for a request.
- *A description of the address pool.
*/ - InstanceCount?: number; + Description?: string; /** - *The instance type for the modified Reserved Instances.
+ *The address ranges.
*/ - InstanceType?: _InstanceType | string; + PoolAddressRanges?: PublicIpv4PoolRange[]; /** - *The network platform of the modified Reserved Instances, which is either EC2-Classic or EC2-VPC.
+ *The total number of addresses.
*/ - Platform?: string; + TotalAddressCount?: number; /** - *Whether the Reserved Instance is applied to instances in a Region or instances in a specific Availability Zone.
+ *The total number of available addresses.
*/ - Scope?: Scope | string; + TotalAvailableAddressCount?: number; + + /** + *The name of the location from which the address pool is advertised. + * A network border group is a unique set of Availability Zones or Local Zones + * from where Amazon Web Services advertises public IP addresses.
+ */ + NetworkBorderGroup?: string; + + /** + *Any tags for the address pool.
+ */ + Tags?: Tag[]; } -export namespace ReservedInstancesConfiguration { +export namespace PublicIpv4Pool { /** * @internal */ - export const filterSensitiveLog = (obj: ReservedInstancesConfiguration): any => ({ + export const filterSensitiveLog = (obj: PublicIpv4Pool): any => ({ ...obj, }); } -/** - *Describes the modification request/s.
- */ -export interface ReservedInstancesModificationResult { +export interface DescribePublicIpv4PoolsResult { /** - *The ID for the Reserved Instances that were created as part of the modification request. This field is only available when the modification is fulfilled.
+ *Information about the address pools.
*/ - ReservedInstancesId?: string; + PublicIpv4Pools?: PublicIpv4Pool[]; /** - *The target Reserved Instances configurations supplied as part of the modification request.
+ *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
Describes the ID of a Reserved Instance.
- */ -export interface ReservedInstancesId { +export interface DescribeRegionsRequest { /** - *The ID of the Reserved Instance.
+ *The filters.
+ *
+ * endpoint
- The endpoint of the Region (for example, ec2.us-east-1.amazonaws.com
).
+ * opt-in-status
- The opt-in status of the Region (opt-in-not-required
| opted-in
|
+ * not-opted-in
).
+ * region-name
- The name of the Region (for example, us-east-1
).
The names of the Regions. You can specify any Regions, whether they are enabled and disabled for your account.
+ */ + RegionNames?: string[]; + + /** + *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Indicates whether to display all Regions, including Regions that are disabled for your account.
+ */ + AllRegions?: boolean; } -export namespace ReservedInstancesId { +export namespace DescribeRegionsRequest { /** * @internal */ - export const filterSensitiveLog = (obj: ReservedInstancesId): any => ({ + export const filterSensitiveLog = (obj: DescribeRegionsRequest): any => ({ ...obj, }); } /** - *Describes a Reserved Instance modification.
+ *Describes a Region.
*/ -export interface ReservedInstancesModification { +export interface Region { /** - *A unique, case-sensitive key supplied by the client to ensure that the request is idempotent. - * For more information, see Ensuring - * Idempotency.
+ *The Region service endpoint.
+ */ + Endpoint?: string; + + /** + *The name of the Region.
+ */ + RegionName?: string; + + /** + *The Region opt-in status. The possible values are opt-in-not-required
, opted-in
, and
+ * not-opted-in
.
The time when the modification request was created.
+ * @internal */ - CreateDate?: Date; + export const filterSensitiveLog = (obj: Region): any => ({ + ...obj, + }); +} +export interface DescribeRegionsResult { /** - *The time for the modification to become effective.
+ *Information about the Regions.
*/ - EffectiveDate?: Date; + Regions?: Region[]; +} +export namespace DescribeRegionsResult { /** - *Contains target configurations along with their corresponding new Reserved Instance IDs.
+ * @internal */ - ModificationResults?: ReservedInstancesModificationResult[]; + export const filterSensitiveLog = (obj: DescribeRegionsResult): any => ({ + ...obj, + }); +} +export interface DescribeReplaceRootVolumeTasksRequest { /** - *The IDs of one or more Reserved Instances.
+ *The ID of the root volume replacement task to view.
*/ - ReservedInstancesIds?: ReservedInstancesId[]; + ReplaceRootVolumeTaskIds?: string[]; /** - *A unique ID for the Reserved Instance modification.
+ *Filter to use:
+ *
+ * instance-id
- The ID of the instance for which the root volume replacement task was created.
The status of the Reserved Instances modification request.
+ *The maximum number of results to return with a single call.
+ * To retrieve the remaining results, make another call with the returned nextToken
value.
The reason for the status.
+ *The token for the next page of results.
*/ - StatusMessage?: string; + NextToken?: string; /** - *The time when the modification request was last updated.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Contains the output of DescribeReservedInstancesModifications.
- */ -export interface DescribeReservedInstancesModificationsResult { +export interface DescribeReplaceRootVolumeTasksResult { /** - *The token to use to retrieve the next page of results. This value is null
when
- * there are no more results to return.
Information about the root volume replacement task.
*/ - NextToken?: string; + ReplaceRootVolumeTasks?: ReplaceRootVolumeTask[]; /** - *The Reserved Instance modification information.
+ *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
Contains the parameters for DescribeReservedInstancesOfferings.
+ *Contains the parameters for DescribeReservedInstances.
*/ -export interface DescribeReservedInstancesOfferingsRequest { - /** - *The Availability Zone in which the Reserved Instance can be used.
- */ - AvailabilityZone?: string; - +export interface DescribeReservedInstancesRequest { /** *One or more filters.
*
- * availability-zone
- The Availability Zone where the Reserved Instance can be
- * used.
availability-zone
- The Availability Zone where the Reserved Instance can be used.
*
- * duration
- The duration of the Reserved Instance (for example, one year or
- * three years), in seconds (31536000
| 94608000
).
duration
- The duration of the Reserved Instance (one year or three years), in seconds (31536000
| 94608000
).
*
- * fixed-price
- The purchase price of the Reserved Instance (for example,
- * 9800.0).
end
- The time when the Reserved Instance expires (for example, 2015-08-07T11:54:42.000Z).
*
- * instance-type
- The instance type that is covered by the
- * reservation.
fixed-price
- The purchase price of the Reserved Instance (for example, 9800.0).
*
- * marketplace
- Set to true
to show only Reserved Instance
- * Marketplace offerings. When this filter is not used, which is the default behavior, all
- * offerings from both Amazon Web Services and the Reserved Instance Marketplace are listed.
instance-type
- The instance type that is covered by the reservation.
*
- * product-description
- The Reserved Instance product platform description.
- * Instances that include (Amazon VPC)
in the product platform description will
- * only be displayed to EC2-Classic account holders and are for use with Amazon VPC.
- * (Linux/UNIX
| Linux/UNIX (Amazon VPC)
| SUSE
+ *
scope
- The scope of the Reserved Instance (Region
or Availability Zone
).
+ * product-description
- The Reserved Instance product platform
+ * description. Instances that include (Amazon VPC)
in the product platform
+ * description will only be displayed to EC2-Classic account holders and are for use with
+ * Amazon VPC (Linux/UNIX
| Linux/UNIX (Amazon VPC)
| SUSE
* Linux
| SUSE Linux (Amazon VPC)
| Red Hat Enterprise
* Linux
| Red Hat Enterprise Linux (Amazon VPC)
| Red Hat
* Enterprise Linux with HA (Amazon VPC)
| Windows
| Windows
* (Amazon VPC)
| Windows with SQL Server Standard
| Windows with
* SQL Server Standard (Amazon VPC)
| Windows with SQL Server Web
|
- * Windows with SQL Server Web (Amazon VPC)
| Windows with SQL Server
- * Enterprise
| Windows with SQL Server Enterprise (Amazon VPC)
)
Windows with SQL Server Web (Amazon VPC)
| Windows with SQL Server
+ * Enterprise
| Windows with SQL Server Enterprise (Amazon
+ * VPC)
).
*
- * reserved-instances-offering-id
- The Reserved Instances offering
- * ID.
reserved-instances-id
- The ID of the Reserved Instance.
*
- * scope
- The scope of the Reserved Instance (Availability Zone
or
- * Region
).
start
- The time at which the Reserved Instance purchase request was placed (for example, 2014-08-07T11:54:42.000Z).
*
- * usage-price
- The usage price of the Reserved Instance, per hour (for
- * example, 0.84).
state
- The state of the Reserved Instance (payment-pending
| active
| payment-failed
| retired
).
+ *
+ * tag:
- The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value.
+ * For example, to find all resources that have a tag with the key Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
+ * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
+ * usage-price
- The usage price of the Reserved Instance, per hour (for example, 0.84).
Include Reserved Instance Marketplace offerings in the response.
- */ - IncludeMarketplace?: boolean; - - /** - *The instance type that the reservation will cover (for example, m1.small
). For more information, see
- * Instance types in the
- * Amazon EC2 User Guide.
The maximum duration (in seconds) to filter when searching for offerings.
- *Default: 94608000 (3 years)
- */ - MaxDuration?: number; - - /** - *The maximum number of instances to filter when searching for offerings.
- *Default: 20
- */ - MaxInstanceCount?: number; - - /** - *The minimum duration (in seconds) to filter when searching for offerings.
- *Default: 2592000 (1 month)
- */ - MinDuration?: number; - - /** - *The offering class of the Reserved Instance. Can be standard
or convertible
.
Describes whether the Reserved Instance is Standard or Convertible.
*/ OfferingClass?: OfferingClassType | string; /** - *The Reserved Instance product platform description. Instances that include (Amazon
- * VPC)
in the description are for use with Amazon VPC.
One or more Reserved Instances offering IDs.
+ *One or more Reserved Instance IDs.
+ *Default: Describes all your Reserved Instances, or only those otherwise specified.
*/ - ReservedInstancesOfferingIds?: string[]; + ReservedInstancesIds?: string[]; /** *Checks whether you have the required permissions for the action, without actually making the request, @@ -7349,75 +7250,68 @@ export interface DescribeReservedInstancesOfferingsRequest { */ DryRun?: boolean; - /** - *
The tenancy of the instances covered by the reservation. A Reserved Instance with a tenancy
- * of dedicated
is applied to instances that run in a VPC on single-tenant hardware
- * (i.e., Dedicated Instances).
- * Important: The host
value cannot be used with this parameter. Use the default
or dedicated
values only.
Default: default
- *
The maximum number of results to return for the request in a single page. The remaining
- * results of the initial request can be seen by sending another request with the returned
- * NextToken
value. The maximum is 100.
Default: 100
- */ - MaxResults?: number; - - /** - *The token to retrieve the next page of results.
- */ - NextToken?: string; - /** *The Reserved Instance offering type. If you are using tools that predate the 2011-11-01 API
* version, you only have access to the Medium Utilization
Reserved Instance
- * offering type.
Describes a Reserved Instance offering.
+ *Describes a recurring charge.
*/ -export interface PricingDetail { +export interface RecurringCharge { /** - *The number of reservations available for the price.
+ *The amount of the recurring charge.
*/ - Count?: number; + Amount?: number; /** - *The price per instance.
+ *The frequency of the recurring charge.
*/ - Price?: number; + Frequency?: RecurringChargeFrequency | string; } -export namespace PricingDetail { +export namespace RecurringCharge { /** * @internal */ - export const filterSensitiveLog = (obj: PricingDetail): any => ({ + export const filterSensitiveLog = (obj: RecurringCharge): any => ({ ...obj, }); } +export enum Scope { + AVAILABILITY_ZONE = "Availability Zone", + REGIONAL = "Region", +} + +export type ReservedInstanceState = + | "active" + | "payment-failed" + | "payment-pending" + | "queued" + | "queued-deleted" + | "retired"; + /** - *Describes a Reserved Instance offering.
+ *Describes a Reserved Instance.
*/ -export interface ReservedInstancesOffering { +export interface ReservedInstances { /** *The Availability Zone in which the Reserved Instance can be used.
*/ @@ -7428,11 +7322,21 @@ export interface ReservedInstancesOffering { */ Duration?: number; + /** + *The time when the Reserved Instance expires.
+ */ + End?: Date; + /** *The purchase price of the Reserved Instance.
*/ FixedPrice?: number; + /** + *The number of reservations purchased.
+ */ + InstanceCount?: number; + /** *The instance type on which the Reserved Instance can be used.
*/ @@ -7444,10 +7348,19 @@ export interface ReservedInstancesOffering { ProductDescription?: RIProductDescription | string; /** - *The ID of the Reserved Instance offering. This is the offering ID used in GetReservedInstancesExchangeQuote - * to confirm that an exchange can be made.
+ *The ID of the Reserved Instance.
*/ - ReservedInstancesOfferingId?: string; + ReservedInstancesId?: string; + + /** + *The date and time the Reserved Instance started.
+ */ + Start?: Date; + + /** + *The state of the Reserved Instance purchase.
+ */ + State?: ReservedInstanceState | string; /** *The usage price of the Reserved Instance, per hour.
@@ -7455,9 +7368,8 @@ export interface ReservedInstancesOffering { UsagePrice?: number; /** - *The currency of the Reserved Instance offering you are purchasing. It's
- * specified using ISO 4217 standard currency codes. At this time,
- * the only supported currency is USD
.
The currency of the Reserved Instance. It's specified using ISO 4217 standard currency codes.
+ * At this time, the only supported currency is USD
.
Indicates whether the offering is available through the Reserved Instance Marketplace (resale) or Amazon Web Services.
- * If it's a Reserved Instance Marketplace offering, this is true
.
If convertible
it can be exchanged for Reserved Instances of
- * the same or higher monetary value, with different configurations. If standard
, it is not
- * possible to perform an exchange.
The offering class of the Reserved Instance.
*/ OfferingClass?: OfferingClassType | string; @@ -7484,1000 +7388,788 @@ export interface ReservedInstancesOffering { */ OfferingType?: OfferingTypeValues | string; - /** - *The pricing details of the Reserved Instance offering.
- */ - PricingDetails?: PricingDetail[]; - /** *The recurring charge tag assigned to the resource.
*/ RecurringCharges?: RecurringCharge[]; /** - *Whether the Reserved Instance is applied to instances in a Region or an Availability Zone.
+ *The scope of the Reserved Instance.
*/ Scope?: Scope | string; + + /** + *Any tags assigned to the resource.
+ */ + Tags?: Tag[]; } -export namespace ReservedInstancesOffering { +export namespace ReservedInstances { /** * @internal */ - export const filterSensitiveLog = (obj: ReservedInstancesOffering): any => ({ + export const filterSensitiveLog = (obj: ReservedInstances): any => ({ ...obj, }); } /** - *Contains the output of DescribeReservedInstancesOfferings.
+ *Contains the output for DescribeReservedInstances.
*/ -export interface DescribeReservedInstancesOfferingsResult { - /** - *A list of Reserved Instances offerings.
- */ - ReservedInstancesOfferings?: ReservedInstancesOffering[]; - +export interface DescribeReservedInstancesResult { /** - *The token to use to retrieve the next page of results. This value is null
when
- * there are no more results to return.
A list of Reserved Instances.
*/ - NextToken?: string; + ReservedInstances?: ReservedInstances[]; } -export namespace DescribeReservedInstancesOfferingsResult { +export namespace DescribeReservedInstancesResult { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeReservedInstancesOfferingsResult): any => ({ + export const filterSensitiveLog = (obj: DescribeReservedInstancesResult): any => ({ ...obj, }); } -export interface DescribeRouteTablesRequest { +/** + *Contains the parameters for DescribeReservedInstancesListings.
+ */ +export interface DescribeReservedInstancesListingsRequest { /** *One or more filters.
- *
- * association.route-table-association-id
- The ID of an association
- * ID for the route table.
- * association.route-table-id
- The ID of the route table involved in
- * the association.
- * association.subnet-id
- The ID of the subnet involved in the
- * association.
- * association.main
- Indicates whether the route table is the main
- * route table for the VPC (true
| false
). Route tables
- * that do not have an association ID are not returned in the response.
- * owner-id
- The ID of the Amazon Web Services account that owns the route table.
- * route-table-id
- The ID of the route table.
- * route.destination-cidr-block
- The IPv4 CIDR range specified in a
- * route in the table.
- * route.destination-ipv6-cidr-block
- The IPv6 CIDR range specified in a route in the route table.
- * route.destination-prefix-list-id
- The ID (prefix) of the Amazon Web Service
- * specified in a route in the table.
- * route.egress-only-internet-gateway-id
- The ID of an
- * egress-only Internet gateway specified in a route in the route table.
- * route.gateway-id
- The ID of a gateway specified in a route in the table.
- * route.instance-id
- The ID of an instance specified in a route in the table.
- * route.nat-gateway-id
- The ID of a NAT gateway.
- * route.transit-gateway-id
- The ID of a transit gateway.
- * route.origin
- Describes how the route was created.
- * CreateRouteTable
indicates that the route was automatically
- * created when the route table was created; CreateRoute
indicates
- * that the route was manually added to the route table;
- * EnableVgwRoutePropagation
indicates that the route was
- * propagated by route propagation.
- * route.state
- The state of a route in the route table
- * (active
| blackhole
). The blackhole state
- * indicates that the route's target isn't available (for example, the specified
- * gateway isn't attached to the VPC, the specified NAT instance has been
- * terminated, and so on).
- * route.vpc-peering-connection-id
- The ID of a VPC peering
- * connection specified in a route in the table.
+ * reserved-instances-id
- The ID of the Reserved Instances.
- * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
+ * reserved-instances-listing-id
- The ID of the Reserved Instances listing.
- * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
+ * status
- The status of the Reserved Instance listing (pending
| active
|
+ * cancelled
| closed
).
- * vpc-id
- The ID of the VPC for the route table.
+ * status-message
- The reason for the status.
Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
One or more route table IDs.
- *Default: Describes all your route tables.
- */ - RouteTableIds?: string[]; - - /** - *The token for the next page of results.
- */ - NextToken?: string; - - /** - *The maximum number of results to return with a single call.
- * To retrieve the remaining results, make another call with the returned nextToken
value.
Contains the output of DescribeRouteTables.
- */ -export interface DescribeRouteTablesResult { - /** - *Information about one or more route tables.
- */ - RouteTables?: RouteTable[]; - - /** - *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
Describes the time period for a Scheduled Instance to start its first schedule. The time period must span less than one day.
- */ -export interface SlotDateTimeRangeRequest { /** - *The earliest date and time, in UTC, for the Scheduled Instance to start.
+ *One or more Reserved Instance IDs.
*/ - EarliestTime: Date | undefined; + ReservedInstancesId?: string; /** - *The latest date and time, in UTC, for the Scheduled Instance to start. This value must be later than or equal to the earliest date and at most three months in the future.
+ *One or more Reserved Instance listing IDs.
*/ - LatestTime: Date | undefined; + ReservedInstancesListingId?: string; } -export namespace SlotDateTimeRangeRequest { +export namespace DescribeReservedInstancesListingsRequest { /** * @internal */ - export const filterSensitiveLog = (obj: SlotDateTimeRangeRequest): any => ({ + export const filterSensitiveLog = (obj: DescribeReservedInstancesListingsRequest): any => ({ ...obj, }); } /** - *Describes the recurring schedule for a Scheduled Instance.
+ *Contains the output of DescribeReservedInstancesListings.
*/ -export interface ScheduledInstanceRecurrenceRequest { - /** - *The frequency (Daily
, Weekly
, or Monthly
).
The interval quantity. The interval unit depends on the value of Frequency
. For example, every 2
- * weeks or every 2 months.
The days. For a monthly schedule, this is one or more days of the month (1-31). For a weekly schedule, this is one or more days of the week (1-7, where 1 is Sunday). You can't specify this value with a daily schedule. If the occurrence is relative to the end of the month, you can specify only a single day.
- */ - OccurrenceDays?: number[]; - - /** - *Indicates whether the occurrence is relative to the end of the specified week or month. You can't specify this value with a daily schedule.
- */ - OccurrenceRelativeToEnd?: boolean; - +export interface DescribeReservedInstancesListingsResult { /** - *The unit for OccurrenceDays
(DayOfWeek
or DayOfMonth
).
- * This value is required for a monthly schedule.
- * You can't specify DayOfWeek
with a weekly schedule.
- * You can't specify this value with a daily schedule.
Information about the Reserved Instance listing.
*/ - OccurrenceUnit?: string; + ReservedInstancesListings?: ReservedInstancesListing[]; } -export namespace ScheduledInstanceRecurrenceRequest { +export namespace DescribeReservedInstancesListingsResult { /** * @internal */ - export const filterSensitiveLog = (obj: ScheduledInstanceRecurrenceRequest): any => ({ + export const filterSensitiveLog = (obj: DescribeReservedInstancesListingsResult): any => ({ ...obj, }); } /** - *Contains the parameters for DescribeScheduledInstanceAvailability.
+ *Contains the parameters for DescribeReservedInstancesModifications.
*/ -export interface DescribeScheduledInstanceAvailabilityRequest { - /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The filters.
+ *One or more filters.
*
- * availability-zone
- The Availability Zone (for example, us-west-2a
).
client-token
- The idempotency token for the modification request.
*
- * instance-type
- The instance type (for example, c4.large
).
create-date
- The time when the modification request was created.
*
- * network-platform
- The network platform (EC2-Classic
or EC2-VPC
).
effective-date
- The time when the modification becomes effective.
*
- * platform
- The platform (Linux/UNIX
or Windows
).
modification-result.reserved-instances-id
- The ID for the Reserved Instances created as part of the modification request. This ID is only available when the status of the modification is fulfilled
.
+ *
+ * modification-result.target-configuration.availability-zone
- The Availability Zone for the new Reserved Instances.
+ * modification-result.target-configuration.instance-count
- The number of new Reserved Instances.
+ * modification-result.target-configuration.instance-type
- The instance type of the new Reserved Instances.
+ * modification-result.target-configuration.platform
- The network platform of the new Reserved Instances (EC2-Classic
| EC2-VPC
).
+ * reserved-instances-id
- The ID of the Reserved Instances modified.
+ * reserved-instances-modification-id
- The ID of the modification request.
+ * status
- The status of the Reserved Instances modification request
+ * (processing
| fulfilled
| failed
).
+ * status-message
- The reason for the status.
+ * update-date
- The time when the modification request was last updated.
The time period for the first schedule to start.
- */ - FirstSlotStartTimeRange: SlotDateTimeRangeRequest | undefined; - - /** - *The maximum number of results to return in a single call.
- * This value can be between 5 and 300. The default value is 300.
- * To retrieve the remaining results, make another call with the returned
- * NextToken
value.
The maximum available duration, in hours. This value must be greater than MinSlotDurationInHours
- * and less than 1,720.
The minimum available duration, in hours. The minimum required duration is 1,200 hours per year. For example, the minimum daily schedule is 4 hours, the minimum weekly schedule is 24 hours, and the minimum monthly schedule is 100 hours.
+ *IDs for the submitted modification request.
*/ - MinSlotDurationInHours?: number; + ReservedInstancesModificationIds?: string[]; /** - *The token for the next set of results.
+ *The token to retrieve the next page of results.
*/ NextToken?: string; - - /** - *The schedule recurrence.
- */ - Recurrence: ScheduledInstanceRecurrenceRequest | undefined; } -export namespace DescribeScheduledInstanceAvailabilityRequest { +export namespace DescribeReservedInstancesModificationsRequest { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeScheduledInstanceAvailabilityRequest): any => ({ + export const filterSensitiveLog = (obj: DescribeReservedInstancesModificationsRequest): any => ({ ...obj, }); } /** - *Describes the recurring schedule for a Scheduled Instance.
+ *Describes the configuration settings for the modified Reserved Instances.
*/ -export interface ScheduledInstanceRecurrence { +export interface ReservedInstancesConfiguration { /** - *The frequency (Daily
, Weekly
, or Monthly
).
The Availability Zone for the modified Reserved Instances.
*/ - Frequency?: string; + AvailabilityZone?: string; /** - *The interval quantity. The interval unit depends on the value of frequency
. For example, every 2
- * weeks or every 2 months.
The number of modified Reserved Instances.
+ *This is a required field for a request.
+ *The days. For a monthly schedule, this is one or more days of the month (1-31). For a weekly schedule, this is one or more days of the week (1-7, where 1 is Sunday).
+ *The instance type for the modified Reserved Instances.
*/ - OccurrenceDaySet?: number[]; + InstanceType?: _InstanceType | string; /** - *Indicates whether the occurrence is relative to the end of the specified week or month.
+ *The network platform of the modified Reserved Instances, which is either EC2-Classic or EC2-VPC.
*/ - OccurrenceRelativeToEnd?: boolean; + Platform?: string; /** - *The unit for occurrenceDaySet
(DayOfWeek
or DayOfMonth
).
Whether the Reserved Instance is applied to instances in a Region or instances in a specific Availability Zone.
*/ - OccurrenceUnit?: string; + Scope?: Scope | string; } -export namespace ScheduledInstanceRecurrence { +export namespace ReservedInstancesConfiguration { /** * @internal */ - export const filterSensitiveLog = (obj: ScheduledInstanceRecurrence): any => ({ + export const filterSensitiveLog = (obj: ReservedInstancesConfiguration): any => ({ ...obj, }); } /** - *Describes a schedule that is available for your Scheduled Instances.
+ *Describes the modification request/s.
*/ -export interface ScheduledInstanceAvailability { - /** - *The Availability Zone.
- */ - AvailabilityZone?: string; - - /** - *The number of available instances.
- */ - AvailableInstanceCount?: number; - +export interface ReservedInstancesModificationResult { /** - *The time period for the first schedule to start.
+ *The ID for the Reserved Instances that were created as part of the modification request. This field is only available when the modification is fulfilled.
*/ - FirstSlotStartTime?: Date; + ReservedInstancesId?: string; /** - *The hourly price for a single instance.
+ *The target Reserved Instances configurations supplied as part of the modification request.
*/ - HourlyPrice?: string; + TargetConfiguration?: ReservedInstancesConfiguration; +} +export namespace ReservedInstancesModificationResult { /** - *The instance type. You can specify one of the C3, C4, M4, or R3 instance types.
+ * @internal */ - InstanceType?: string; + export const filterSensitiveLog = (obj: ReservedInstancesModificationResult): any => ({ + ...obj, + }); +} +/** + *Describes the ID of a Reserved Instance.
+ */ +export interface ReservedInstancesId { /** - *The maximum term. The only possible value is 365 days.
+ *The ID of the Reserved Instance.
*/ - MaxTermDurationInDays?: number; + ReservedInstancesId?: string; +} +export namespace ReservedInstancesId { /** - *The minimum term. The only possible value is 365 days.
+ * @internal */ - MinTermDurationInDays?: number; + export const filterSensitiveLog = (obj: ReservedInstancesId): any => ({ + ...obj, + }); +} +/** + *Describes a Reserved Instance modification.
+ */ +export interface ReservedInstancesModification { /** - *The network platform (EC2-Classic
or EC2-VPC
).
A unique, case-sensitive key supplied by the client to ensure that the request is idempotent. + * For more information, see Ensuring + * Idempotency.
*/ - NetworkPlatform?: string; + ClientToken?: string; /** - *The platform (Linux/UNIX
or Windows
).
The time when the modification request was created.
*/ - Platform?: string; + CreateDate?: Date; /** - *The purchase token. This token expires in two hours.
+ *The time for the modification to become effective.
*/ - PurchaseToken?: string; + EffectiveDate?: Date; /** - *The schedule recurrence.
+ *Contains target configurations along with their corresponding new Reserved Instance IDs.
*/ - Recurrence?: ScheduledInstanceRecurrence; + ModificationResults?: ReservedInstancesModificationResult[]; /** - *The number of hours in the schedule.
+ *The IDs of one or more Reserved Instances.
*/ - SlotDurationInHours?: number; + ReservedInstancesIds?: ReservedInstancesId[]; /** - *The total number of hours for a single instance for the entire term.
+ *A unique ID for the Reserved Instance modification.
*/ - TotalScheduledInstanceHours?: number; -} + ReservedInstancesModificationId?: string; -export namespace ScheduledInstanceAvailability { /** - * @internal + *The status of the Reserved Instances modification request.
*/ - export const filterSensitiveLog = (obj: ScheduledInstanceAvailability): any => ({ - ...obj, - }); -} + Status?: string; -/** - *Contains the output of DescribeScheduledInstanceAvailability.
- */ -export interface DescribeScheduledInstanceAvailabilityResult { /** - *The token required to retrieve the next set of results. This value is null
when there are no more results to return.
The reason for the status.
*/ - NextToken?: string; + StatusMessage?: string; /** - *Information about the available Scheduled Instances.
+ *The time when the modification request was last updated.
*/ - ScheduledInstanceAvailabilitySet?: ScheduledInstanceAvailability[]; + UpdateDate?: Date; } -export namespace DescribeScheduledInstanceAvailabilityResult { +export namespace ReservedInstancesModification { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeScheduledInstanceAvailabilityResult): any => ({ + export const filterSensitiveLog = (obj: ReservedInstancesModification): any => ({ ...obj, }); } /** - *Describes the time period for a Scheduled Instance to start its first schedule.
+ *Contains the output of DescribeReservedInstancesModifications.
*/ -export interface SlotStartTimeRangeRequest { +export interface DescribeReservedInstancesModificationsResult { /** - *The earliest date and time, in UTC, for the Scheduled Instance to start.
+ *The token to use to retrieve the next page of results. This value is null
when
+ * there are no more results to return.
The latest date and time, in UTC, for the Scheduled Instance to start.
+ *The Reserved Instance modification information.
*/ - LatestTime?: Date; + ReservedInstancesModifications?: ReservedInstancesModification[]; } -export namespace SlotStartTimeRangeRequest { +export namespace DescribeReservedInstancesModificationsResult { /** * @internal */ - export const filterSensitiveLog = (obj: SlotStartTimeRangeRequest): any => ({ + export const filterSensitiveLog = (obj: DescribeReservedInstancesModificationsResult): any => ({ ...obj, }); } /** - *Contains the parameters for DescribeScheduledInstances.
+ *Contains the parameters for DescribeReservedInstancesOfferings.
*/ -export interface DescribeScheduledInstancesRequest { +export interface DescribeReservedInstancesOfferingsRequest { /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The Availability Zone in which the Reserved Instance can be used.
*/ - DryRun?: boolean; + AvailabilityZone?: string; /** - *The filters.
+ *One or more filters.
*
- * availability-zone
- The Availability Zone (for example, us-west-2a
).
availability-zone
- The Availability Zone where the Reserved Instance can be
+ * used.
*
- * instance-type
- The instance type (for example, c4.large
).
duration
- The duration of the Reserved Instance (for example, one year or
+ * three years), in seconds (31536000
| 94608000
).
*
- * network-platform
- The network platform (EC2-Classic
or EC2-VPC
).
fixed-price
- The purchase price of the Reserved Instance (for example,
+ * 9800.0).
*
- * platform
- The platform (Linux/UNIX
or Windows
).
instance-type
- The instance type that is covered by the
+ * reservation.
+ *
+ * marketplace
- Set to true
to show only Reserved Instance
+ * Marketplace offerings. When this filter is not used, which is the default behavior, all
+ * offerings from both Amazon Web Services and the Reserved Instance Marketplace are listed.
+ * product-description
- The Reserved Instance product platform description.
+ * Instances that include (Amazon VPC)
in the product platform description will
+ * only be displayed to EC2-Classic account holders and are for use with Amazon VPC.
+ * (Linux/UNIX
| Linux/UNIX (Amazon VPC)
| SUSE
+ * Linux
| SUSE Linux (Amazon VPC)
| Red Hat Enterprise
+ * Linux
| Red Hat Enterprise Linux (Amazon VPC)
| Red Hat
+ * Enterprise Linux with HA (Amazon VPC)
| Windows
| Windows
+ * (Amazon VPC)
| Windows with SQL Server Standard
| Windows with
+ * SQL Server Standard (Amazon VPC)
| Windows with SQL Server Web
|
+ * Windows with SQL Server Web (Amazon VPC)
| Windows with SQL Server
+ * Enterprise
| Windows with SQL Server Enterprise (Amazon VPC)
)
+ * reserved-instances-offering-id
- The Reserved Instances offering
+ * ID.
+ * scope
- The scope of the Reserved Instance (Availability Zone
or
+ * Region
).
+ * usage-price
- The usage price of the Reserved Instance, per hour (for
+ * example, 0.84).
The maximum number of results to return in a single call.
- * This value can be between 5 and 300. The default value is 100.
- * To retrieve the remaining results, make another call with the returned
- * NextToken
value.
The token for the next set of results.
- */ - NextToken?: string; - - /** - *The Scheduled Instance IDs.
- */ - ScheduledInstanceIds?: string[]; - - /** - *The time period for the first schedule to start.
- */ - SlotStartTimeRange?: SlotStartTimeRangeRequest; -} - -export namespace DescribeScheduledInstancesRequest { - /** - * @internal - */ - export const filterSensitiveLog = (obj: DescribeScheduledInstancesRequest): any => ({ - ...obj, - }); -} - -/** - *Describes a Scheduled Instance.
- */ -export interface ScheduledInstance { - /** - *The Availability Zone.
- */ - AvailabilityZone?: string; - - /** - *The date when the Scheduled Instance was purchased.
- */ - CreateDate?: Date; - - /** - *The hourly price for a single instance.
+ *Include Reserved Instance Marketplace offerings in the response.
*/ - HourlyPrice?: string; + IncludeMarketplace?: boolean; /** - *The number of instances.
+ *The instance type that the reservation will cover (for example, m1.small
). For more information, see
+ * Instance types in the
+ * Amazon EC2 User Guide.
The instance type.
+ *The maximum duration (in seconds) to filter when searching for offerings.
+ *Default: 94608000 (3 years)
*/ - InstanceType?: string; + MaxDuration?: number; /** - *The network platform (EC2-Classic
or EC2-VPC
).
The maximum number of instances to filter when searching for offerings.
+ *Default: 20
*/ - NetworkPlatform?: string; + MaxInstanceCount?: number; /** - *The time for the next schedule to start.
+ *The minimum duration (in seconds) to filter when searching for offerings.
+ *Default: 2592000 (1 month)
*/ - NextSlotStartTime?: Date; + MinDuration?: number; /** - *The platform (Linux/UNIX
or Windows
).
The offering class of the Reserved Instance. Can be standard
or convertible
.
The time that the previous schedule ended or will end.
+ *The Reserved Instance product platform description. Instances that include (Amazon
+ * VPC)
in the description are for use with Amazon VPC.
The schedule recurrence.
+ *One or more Reserved Instances offering IDs.
*/ - Recurrence?: ScheduledInstanceRecurrence; + ReservedInstancesOfferingIds?: string[]; /** - *The Scheduled Instance ID.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The number of hours in the schedule.
+ *The tenancy of the instances covered by the reservation. A Reserved Instance with a tenancy
+ * of dedicated
is applied to instances that run in a VPC on single-tenant hardware
+ * (i.e., Dedicated Instances).
+ * Important: The host
value cannot be used with this parameter. Use the default
or dedicated
values only.
Default: default
+ *
The end date for the Scheduled Instance.
+ *The maximum number of results to return for the request in a single page. The remaining
+ * results of the initial request can be seen by sending another request with the returned
+ * NextToken
value. The maximum is 100.
Default: 100
*/ - TermEndDate?: Date; + MaxResults?: number; /** - *The start date for the Scheduled Instance.
+ *The token to retrieve the next page of results.
*/ - TermStartDate?: Date; + NextToken?: string; /** - *The total number of hours for a single instance for the entire term.
+ *The Reserved Instance offering type. If you are using tools that predate the 2011-11-01 API
+ * version, you only have access to the Medium Utilization
Reserved Instance
+ * offering type.
Contains the output of DescribeScheduledInstances.
+ *Describes a Reserved Instance offering.
*/ -export interface DescribeScheduledInstancesResult { +export interface PricingDetail { /** - *The token required to retrieve the next set of results. This value is null
when there are no more results to return.
The number of reservations available for the price.
*/ - NextToken?: string; + Count?: number; /** - *Information about the Scheduled Instances.
+ *The price per instance.
*/ - ScheduledInstanceSet?: ScheduledInstance[]; + Price?: number; } -export namespace DescribeScheduledInstancesResult { +export namespace PricingDetail { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeScheduledInstancesResult): any => ({ + export const filterSensitiveLog = (obj: PricingDetail): any => ({ ...obj, }); } -export interface DescribeSecurityGroupReferencesRequest { +/** + *Describes a Reserved Instance offering.
+ */ +export interface ReservedInstancesOffering { /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The Availability Zone in which the Reserved Instance can be used.
+ */ + AvailabilityZone?: string; + + /** + *The duration of the Reserved Instance, in seconds.
*/ - DryRun?: boolean; + Duration?: number; /** - *The IDs of the security groups in your account.
+ *The purchase price of the Reserved Instance.
*/ - GroupId: string[] | undefined; -} + FixedPrice?: number; -export namespace DescribeSecurityGroupReferencesRequest { /** - * @internal + *The instance type on which the Reserved Instance can be used.
*/ - export const filterSensitiveLog = (obj: DescribeSecurityGroupReferencesRequest): any => ({ - ...obj, - }); -} + InstanceType?: _InstanceType | string; -/** - *Describes a VPC with a security group that references your security group.
- */ -export interface SecurityGroupReference { /** - *The ID of your security group.
+ *The Reserved Instance product platform description.
*/ - GroupId?: string; + ProductDescription?: RIProductDescription | string; /** - *The ID of the VPC with the referencing security group.
+ *The ID of the Reserved Instance offering. This is the offering ID used in GetReservedInstancesExchangeQuote + * to confirm that an exchange can be made.
*/ - ReferencingVpcId?: string; + ReservedInstancesOfferingId?: string; /** - *The ID of the VPC peering connection.
+ *The usage price of the Reserved Instance, per hour.
*/ - VpcPeeringConnectionId?: string; -} + UsagePrice?: number; -export namespace SecurityGroupReference { /** - * @internal + *The currency of the Reserved Instance offering you are purchasing. It's
+ * specified using ISO 4217 standard currency codes. At this time,
+ * the only supported currency is USD
.
Information about the VPCs with the referencing security groups.
+ *The tenancy of the instance.
*/ - SecurityGroupReferenceSet?: SecurityGroupReference[]; -} + InstanceTenancy?: Tenancy | string; -export namespace DescribeSecurityGroupReferencesResult { /** - * @internal + *Indicates whether the offering is available through the Reserved Instance Marketplace (resale) or Amazon Web Services.
+ * If it's a Reserved Instance Marketplace offering, this is true
.
One or more filters.
- *
- * group-id
- The ID of the security group.
- * security-group-rule-id
- The ID of the security group rule.
- * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
If convertible
it can be exchanged for Reserved Instances of
+ * the same or higher monetary value, with different configurations. If standard
, it is not
+ * possible to perform an exchange.
The IDs of the security group rules.
+ *The Reserved Instance offering type.
*/ - SecurityGroupRuleIds?: string[]; + OfferingType?: OfferingTypeValues | string; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The pricing details of the Reserved Instance offering.
*/ - DryRun?: boolean; + PricingDetails?: PricingDetail[]; /** - *The token for the next page of results.
+ *The recurring charge tag assigned to the resource.
*/ - NextToken?: string; + RecurringCharges?: RecurringCharge[]; /** - *The maximum number of results to return in a single call. To retrieve the remaining
- * results, make another request with the returned NextToken
value. This value
- * can be between 5 and 1000. If this parameter is not specified, then all results are
- * returned.
Whether the Reserved Instance is applied to instances in a Region or an Availability Zone.
*/ - MaxResults?: number; + Scope?: Scope | string; } -export namespace DescribeSecurityGroupRulesRequest { +export namespace ReservedInstancesOffering { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeSecurityGroupRulesRequest): any => ({ + export const filterSensitiveLog = (obj: ReservedInstancesOffering): any => ({ ...obj, }); } -export interface DescribeSecurityGroupRulesResult { +/** + *Contains the output of DescribeReservedInstancesOfferings.
+ */ +export interface DescribeReservedInstancesOfferingsResult { /** - *Information about security group rules.
+ *A list of Reserved Instances offerings.
*/ - SecurityGroupRules?: SecurityGroupRule[]; + ReservedInstancesOfferings?: ReservedInstancesOffering[]; /** - *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The token to use to retrieve the next page of results. This value is null
when
+ * there are no more results to return.
The filters. If using multiple filters for rules, the results include security groups for which any combination of rules - not necessarily a single rule - match all filters.
- *
- * description
- The description of the security group.
- * egress.ip-permission.cidr
- An IPv4 CIDR block for an outbound
- * security group rule.
- * egress.ip-permission.from-port
- For an outbound rule, the
- * start of port range for the TCP and UDP protocols, or an ICMP type
- * number.
- * egress.ip-permission.group-id
- The ID of a security group
- * that has been referenced in an outbound security group rule.
- * egress.ip-permission.group-name
- The name of a security group
- * that is referenced in an outbound security group rule.
One or more filters.
+ *
- * egress.ip-permission.ipv6-cidr
- An IPv6 CIDR block for an
- * outbound security group rule.
+ * association.route-table-association-id
- The ID of an association
+ * ID for the route table.
- * egress.ip-permission.prefix-list-id
- The ID of a prefix list to which a security group rule allows outbound access.
+ * association.route-table-id
- The ID of the route table involved in
+ * the association.
- * egress.ip-permission.protocol
- The IP protocol for an
- * outbound security group rule (tcp
| udp
|
- * icmp
, a protocol number, or -1 for all protocols).
+ * association.subnet-id
- The ID of the subnet involved in the
+ * association.
- * egress.ip-permission.to-port
- For an outbound rule, the end
- * of port range for the TCP and UDP protocols, or an ICMP code.
+ * association.main
- Indicates whether the route table is the main
+ * route table for the VPC (true
| false
). Route tables
+ * that do not have an association ID are not returned in the response.
- * egress.ip-permission.user-id
- The ID of an Amazon Web Services account that
- * has been referenced in an outbound security group rule.
+ * owner-id
- The ID of the Amazon Web Services account that owns the route table.
- * group-id
- The ID of the security group.
+ * route-table-id
- The ID of the route table.
- * group-name
- The name of the security group.
+ * route.destination-cidr-block
- The IPv4 CIDR range specified in a
+ * route in the table.
- * ip-permission.cidr
- An IPv4 CIDR block for an inbound security
- * group rule.
+ * route.destination-ipv6-cidr-block
- The IPv6 CIDR range specified in a route in the route table.
- * ip-permission.from-port
- For an inbound rule, the start of port
- * range for the TCP and UDP protocols, or an ICMP type number.
+ * route.destination-prefix-list-id
- The ID (prefix) of the Amazon Web Service
+ * specified in a route in the table.
- * ip-permission.group-id
- The ID of a security group that has been
- * referenced in an inbound security group rule.
+ * route.egress-only-internet-gateway-id
- The ID of an
+ * egress-only Internet gateway specified in a route in the route table.
- * ip-permission.group-name
- The name of a security group that is
- * referenced in an inbound security group rule.
+ * route.gateway-id
- The ID of a gateway specified in a route in the table.
- * ip-permission.ipv6-cidr
- An IPv6 CIDR block for an inbound security
- * group rule.
+ * route.instance-id
- The ID of an instance specified in a route in the table.
- * ip-permission.prefix-list-id
- The ID of a prefix list from which a security group rule allows inbound access.
+ * route.nat-gateway-id
- The ID of a NAT gateway.
- * ip-permission.protocol
- The IP protocol for an inbound security
- * group rule (tcp
| udp
| icmp
, a
- * protocol number, or -1 for all protocols).
+ * route.transit-gateway-id
- The ID of a transit gateway.
- * ip-permission.to-port
- For an inbound rule, the end of port range
- * for the TCP and UDP protocols, or an ICMP code.
+ * route.origin
- Describes how the route was created.
+ * CreateRouteTable
indicates that the route was automatically
+ * created when the route table was created; CreateRoute
indicates
+ * that the route was manually added to the route table;
+ * EnableVgwRoutePropagation
indicates that the route was
+ * propagated by route propagation.
- * ip-permission.user-id
- The ID of an Amazon Web Services account that has been
- * referenced in an inbound security group rule.
+ * route.state
- The state of a route in the route table
+ * (active
| blackhole
). The blackhole state
+ * indicates that the route's target isn't available (for example, the specified
+ * gateway isn't attached to the VPC, the specified NAT instance has been
+ * terminated, and so on).
- * owner-id
- The Amazon Web Services account ID of the owner of the security group.
+ * route.vpc-peering-connection-id
- The ID of a VPC peering
+ * connection specified in a route in the table.
+ *
* tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
+ *
* tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
- * vpc-id
- The ID of the VPC specified when the security group was created.
+ * vpc-id
- The ID of the VPC for the route table.
The IDs of the security groups. Required for security groups in a nondefault VPC.
- *Default: Describes all of your security groups.
- */ - GroupIds?: string[]; - - /** - *[EC2-Classic and default VPC only] The names of the security groups. You can specify either
- * the security group name or the security group ID. For security groups in a nondefault VPC, use
- * the group-name
filter to describe security groups by name.
Default: Describes all of your security groups.
- */ - GroupNames?: string[]; - /** *Checks whether you have the required permissions for the action, without actually making the request,
* and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
@@ -8486,87 +8178,40 @@ export interface DescribeSecurityGroupsRequest {
DryRun?: boolean;
/**
- *
The token to request the next page of results.
+ *One or more route table IDs.
+ *Default: Describes all your route tables.
+ */ + RouteTableIds?: string[]; + + /** + *The token for the next page of results.
*/ NextToken?: string; /** - *The maximum number of results to return in a single call. To retrieve the remaining
- * results, make another request with the returned NextToken
value. This value
- * can be between 5 and 1000. If this parameter is not specified, then all results are
- * returned.
The maximum number of results to return with a single call.
+ * To retrieve the remaining results, make another call with the returned nextToken
value.
Describes a security group.
+ *Contains the output of DescribeRouteTables.
*/ -export interface SecurityGroup { - /** - *A description of the security group.
- */ - Description?: string; - - /** - *The name of the security group.
- */ - GroupName?: string; - - /** - *The inbound rules associated with the security group.
- */ - IpPermissions?: IpPermission[]; - - /** - *The Amazon Web Services account ID of the owner of the security group.
- */ - OwnerId?: string; - - /** - *The ID of the security group.
- */ - GroupId?: string; - - /** - *[VPC only] The outbound rules associated with the security group.
- */ - IpPermissionsEgress?: IpPermission[]; - - /** - *Any tags assigned to the security group.
- */ - Tags?: Tag[]; - - /** - *[VPC only] The ID of the VPC for the security group.
- */ - VpcId?: string; -} - -export namespace SecurityGroup { - /** - * @internal - */ - export const filterSensitiveLog = (obj: SecurityGroup): any => ({ - ...obj, - }); -} - -export interface DescribeSecurityGroupsResult { +export interface DescribeRouteTablesResult { /** - *Information about the security groups.
+ *Information about one or more route tables.
*/ - SecurityGroups?: SecurityGroup[]; + RouteTables?: RouteTable[]; /** *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The snapshot attribute you would like to view.
- */ - Attribute: SnapshotAttributeName | string | undefined; - +/** + *Describes the time period for a Scheduled Instance to start its first schedule. The time period must span less than one day.
+ */ +export interface SlotDateTimeRangeRequest { /** - *The ID of the EBS snapshot.
+ *The earliest date and time, in UTC, for the Scheduled Instance to start.
*/ - SnapshotId: string | undefined; + EarliestTime: Date | undefined; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The latest date and time, in UTC, for the Scheduled Instance to start. This value must be later than or equal to the earliest date and at most three months in the future.
*/ - DryRun?: boolean; + LatestTime: Date | undefined; } -export namespace DescribeSnapshotAttributeRequest { +export namespace SlotDateTimeRangeRequest { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeSnapshotAttributeRequest): any => ({ + export const filterSensitiveLog = (obj: SlotDateTimeRangeRequest): any => ({ ...obj, }); } /** - *Describes the user or group to be added or removed from the list of create volume - * permissions for a volume.
+ *Describes the recurring schedule for a Scheduled Instance.
*/ -export interface CreateVolumePermission { - /** - *The group to be added or removed. The possible value is all
.
The ID of the Amazon Web Services account to be added or removed.
+ *The frequency (Daily
, Weekly
, or Monthly
).
The interval quantity. The interval unit depends on the value of Frequency
. For example, every 2
+ * weeks or every 2 months.
The users and groups that have the permissions for creating volumes from the - * snapshot.
+ *The days. For a monthly schedule, this is one or more days of the month (1-31). For a weekly schedule, this is one or more days of the week (1-7, where 1 is Sunday). You can't specify this value with a daily schedule. If the occurrence is relative to the end of the month, you can specify only a single day.
*/ - CreateVolumePermissions?: CreateVolumePermission[]; + OccurrenceDays?: number[]; /** - *The product codes.
+ *Indicates whether the occurrence is relative to the end of the specified week or month. You can't specify this value with a daily schedule.
*/ - ProductCodes?: ProductCode[]; + OccurrenceRelativeToEnd?: boolean; /** - *The ID of the EBS snapshot.
+ *The unit for OccurrenceDays
(DayOfWeek
or DayOfMonth
).
+ * This value is required for a monthly schedule.
+ * You can't specify DayOfWeek
with a weekly schedule.
+ * You can't specify this value with a daily schedule.
The filters.
- *
- * description
- A description of the snapshot.
- * encrypted
- Indicates whether the snapshot is encrypted
- * (true
| false
)
- * owner-alias
- The owner alias, from an Amazon-maintained list
- * (amazon
).
- * This is not the user-configured Amazon Web Services account alias set using the IAM console.
- * We recommend that you use the related parameter instead of this filter.
- * owner-id
- The Amazon Web Services account ID of the owner. We recommend that
- * you use the related parameter instead of this filter.
- * progress
- The progress of the snapshot, as a percentage (for example,
- * 80%).
- * snapshot-id
- The snapshot ID.
- * start-time
- The time stamp when the snapshot was initiated.
- * status
- The status of the snapshot (pending
|
- * completed
| error
).
Contains the parameters for DescribeScheduledInstanceAvailability.
+ */ +export interface DescribeScheduledInstanceAvailabilityRequest { + /** + *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The filters.
+ *
- * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
availability-zone
- The Availability Zone (for example, us-west-2a
).
*
- * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
instance-type
- The instance type (for example, c4.large
).
*
- * volume-id
- The ID of the volume the snapshot is for.
network-platform
- The network platform (EC2-Classic
or EC2-VPC
).
*
- * volume-size
- The size of the volume, in GiB.
platform
- The platform (Linux/UNIX
or Windows
).
* The maximum number of snapshot results returned by DescribeSnapshots
in
- * paginated output. When this parameter is used, DescribeSnapshots
only returns
- * MaxResults
results in a single page along with a NextToken
- * response element. The remaining results of the initial request can be seen by sending another
- * DescribeSnapshots
request with the returned NextToken
value. This
- * value can be between 5 and 1,000; if MaxResults
is given a value larger than 1,000,
- * only 1,000 results are returned. If this parameter is not used, then
- * DescribeSnapshots
returns all results. You cannot specify this parameter and
- * the snapshot IDs parameter in the same request.
The time period for the first schedule to start.
*/ - MaxResults?: number; + FirstSlotStartTimeRange: SlotDateTimeRangeRequest | undefined; /** - *The NextToken
value returned from a previous paginated
- * DescribeSnapshots
request where MaxResults
was used and the
- * results exceeded the value of that parameter. Pagination continues from the end of the
- * previous results that returned the NextToken
value. This value is
- * null
when there are no more results to return.
The maximum number of results to return in a single call.
+ * This value can be between 5 and 300. The default value is 300.
+ * To retrieve the remaining results, make another call with the returned
+ * NextToken
value.
Scopes the results to snapshots with the specified owners. You can specify a combination of
- * Amazon Web Services account IDs, self
, and amazon
.
The maximum available duration, in hours. This value must be greater than MinSlotDurationInHours
+ * and less than 1,720.
The IDs of the Amazon Web Services accounts that can create volumes from the snapshot.
+ *The minimum available duration, in hours. The minimum required duration is 1,200 hours per year. For example, the minimum daily schedule is 4 hours, the minimum weekly schedule is 24 hours, and the minimum monthly schedule is 100 hours.
*/ - RestorableByUserIds?: string[]; + MinSlotDurationInHours?: number; /** - *The snapshot IDs.
- *Default: Describes the snapshots for which you have create volume permissions.
+ *The token for the next set of results.
*/ - SnapshotIds?: string[]; + NextToken?: string; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The schedule recurrence.
*/ - DryRun?: boolean; + Recurrence: ScheduledInstanceRecurrenceRequest | undefined; } -export namespace DescribeSnapshotsRequest { +export namespace DescribeScheduledInstanceAvailabilityRequest { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeSnapshotsRequest): any => ({ + export const filterSensitiveLog = (obj: DescribeScheduledInstanceAvailabilityRequest): any => ({ ...obj, }); } -export interface DescribeSnapshotsResult { +/** + *Describes the recurring schedule for a Scheduled Instance.
+ */ +export interface ScheduledInstanceRecurrence { /** - *Information about the snapshots.
+ *The frequency (Daily
, Weekly
, or Monthly
).
The NextToken
value to include in a future DescribeSnapshots
- * request. When the results of a DescribeSnapshots
request exceed
- * MaxResults
, this value can be used to retrieve the next page of results. This
- * value is null
when there are no more results to return.
The interval quantity. The interval unit depends on the value of frequency
. For example, every 2
+ * weeks or every 2 months.
The days. For a monthly schedule, this is one or more days of the month (1-31). For a weekly schedule, this is one or more days of the week (1-7, where 1 is Sunday).
*/ - export const filterSensitiveLog = (obj: DescribeSnapshotsResult): any => ({ - ...obj, - }); -} + OccurrenceDaySet?: number[]; -/** - *Contains the parameters for DescribeSpotDatafeedSubscription.
- */ -export interface DescribeSpotDatafeedSubscriptionRequest { /** - *Checks whether you have the required permissions for the action, without actually
- * making the request, and provides an error response. If you have the required
- * permissions, the error response is DryRunOperation
. Otherwise, it is
- * UnauthorizedOperation
.
Indicates whether the occurrence is relative to the end of the specified week or month.
*/ - DryRun?: boolean; + OccurrenceRelativeToEnd?: boolean; + + /** + *The unit for occurrenceDaySet
(DayOfWeek
or DayOfMonth
).
Contains the output of DescribeSpotDatafeedSubscription.
+ *Describes a schedule that is available for your Scheduled Instances.
*/ -export interface DescribeSpotDatafeedSubscriptionResult { +export interface ScheduledInstanceAvailability { /** - *The Spot Instance data feed subscription.
+ *The Availability Zone.
*/ - SpotDatafeedSubscription?: SpotDatafeedSubscription; -} + AvailabilityZone?: string; -export namespace DescribeSpotDatafeedSubscriptionResult { /** - * @internal + *The number of available instances.
*/ - export const filterSensitiveLog = (obj: DescribeSpotDatafeedSubscriptionResult): any => ({ - ...obj, - }); -} + AvailableInstanceCount?: number; -/** - *Contains the parameters for DescribeSpotFleetInstances.
- */ -export interface DescribeSpotFleetInstancesRequest { /** - *Checks whether you have the required permissions for the action, without actually
- * making the request, and provides an error response. If you have the required
- * permissions, the error response is DryRunOperation
. Otherwise, it is
- * UnauthorizedOperation
.
The time period for the first schedule to start.
*/ - DryRun?: boolean; + FirstSlotStartTime?: Date; /** - *The maximum number of results to return in a single call. Specify a value between 1
- * and 1000. The default value is 1000. To retrieve the remaining results, make another
- * call with the returned NextToken
value.
The hourly price for a single instance.
*/ - MaxResults?: number; + HourlyPrice?: string; /** - *The token for the next set of results.
+ *The instance type. You can specify one of the C3, C4, M4, or R3 instance types.
*/ - NextToken?: string; + InstanceType?: string; /** - *The ID of the Spot Fleet request.
+ *The maximum term. The only possible value is 365 days.
*/ - SpotFleetRequestId: string | undefined; -} + MaxTermDurationInDays?: number; -export namespace DescribeSpotFleetInstancesRequest { /** - * @internal + *The minimum term. The only possible value is 365 days.
*/ - export const filterSensitiveLog = (obj: DescribeSpotFleetInstancesRequest): any => ({ - ...obj, - }); -} + MinTermDurationInDays?: number; -/** - *Contains the output of DescribeSpotFleetInstances.
- */ -export interface DescribeSpotFleetInstancesResponse { /** - *The running instances. This list is refreshed periodically and might be out of - * date.
+ *The network platform (EC2-Classic
or EC2-VPC
).
The token required to retrieve the next set of results. This value is
- * null
when there are no more results to return.
The platform (Linux/UNIX
or Windows
).
The ID of the Spot Fleet request.
+ *The purchase token. This token expires in two hours.
*/ - SpotFleetRequestId?: string; + PurchaseToken?: string; + + /** + *The schedule recurrence.
+ */ + Recurrence?: ScheduledInstanceRecurrence; + + /** + *The number of hours in the schedule.
+ */ + SlotDurationInHours?: number; + + /** + *The total number of hours for a single instance for the entire term.
+ */ + TotalScheduledInstanceHours?: number; } -export namespace DescribeSpotFleetInstancesResponse { +export namespace ScheduledInstanceAvailability { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeSpotFleetInstancesResponse): any => ({ + export const filterSensitiveLog = (obj: ScheduledInstanceAvailability): any => ({ ...obj, }); } -export enum EventType { - BATCH_CHANGE = "fleetRequestChange", - ERROR = "error", - INFORMATION = "information", - INSTANCE_CHANGE = "instanceChange", -} - /** - *Contains the parameters for DescribeSpotFleetRequestHistory.
+ *Contains the output of DescribeScheduledInstanceAvailability.
*/ -export interface DescribeSpotFleetRequestHistoryRequest { - /** - *Checks whether you have the required permissions for the action, without actually
- * making the request, and provides an error response. If you have the required
- * permissions, the error response is DryRunOperation
. Otherwise, it is
- * UnauthorizedOperation
.
The type of events to describe. By default, all events are described.
+ *The token required to retrieve the next set of results. This value is null
when there are no more results to return.
The maximum number of results to return in a single call. Specify a value between 1
- * and 1000. The default value is 1000. To retrieve the remaining results, make another
- * call with the returned NextToken
value.
Information about the available Scheduled Instances.
*/ - MaxResults?: number; + ScheduledInstanceAvailabilitySet?: ScheduledInstanceAvailability[]; +} +export namespace DescribeScheduledInstanceAvailabilityResult { /** - *The token for the next set of results.
+ * @internal */ - NextToken?: string; + export const filterSensitiveLog = (obj: DescribeScheduledInstanceAvailabilityResult): any => ({ + ...obj, + }); +} +/** + *Describes the time period for a Scheduled Instance to start its first schedule.
+ */ +export interface SlotStartTimeRangeRequest { /** - *The ID of the Spot Fleet request.
+ *The earliest date and time, in UTC, for the Scheduled Instance to start.
*/ - SpotFleetRequestId: string | undefined; + EarliestTime?: Date; /** - *The starting date and time for the events, in UTC format (for example, - * YYYY-MM-DDTHH:MM:SSZ).
+ *The latest date and time, in UTC, for the Scheduled Instance to start.
*/ - StartTime: Date | undefined; + LatestTime?: Date; } -export namespace DescribeSpotFleetRequestHistoryRequest { +export namespace SlotStartTimeRangeRequest { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeSpotFleetRequestHistoryRequest): any => ({ + export const filterSensitiveLog = (obj: SlotStartTimeRangeRequest): any => ({ ...obj, }); } /** - *Describes an event in the history of the Spot Fleet request.
+ *Contains the parameters for DescribeScheduledInstances.
*/ -export interface HistoryRecord { +export interface DescribeScheduledInstancesRequest { /** - *Information about the event.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The event type.
- *The filters.
+ *
- * error
- An error with the Spot Fleet request.
+ * availability-zone
- The Availability Zone (for example, us-west-2a
).
- * fleetRequestChange
- A change in the status or configuration of
- * the Spot Fleet request.
+ * instance-type
- The instance type (for example, c4.large
).
- * instanceChange
- An instance was launched or terminated.
+ * network-platform
- The network platform (EC2-Classic
or EC2-VPC
).
- * Information
- An informational event.
+ * platform
- The platform (Linux/UNIX
or Windows
).
The date and time of the event, in UTC format (for example, - * YYYY-MM-DDTHH:MM:SSZ).
+ *The maximum number of results to return in a single call.
+ * This value can be between 5 and 300. The default value is 100.
+ * To retrieve the remaining results, make another call with the returned
+ * NextToken
value.
The token for the next set of results.
+ */ + NextToken?: string; + + /** + *The Scheduled Instance IDs.
+ */ + ScheduledInstanceIds?: string[]; + + /** + *The time period for the first schedule to start.
+ */ + SlotStartTimeRange?: SlotStartTimeRangeRequest; } -export namespace HistoryRecord { +export namespace DescribeScheduledInstancesRequest { /** * @internal */ - export const filterSensitiveLog = (obj: HistoryRecord): any => ({ + export const filterSensitiveLog = (obj: DescribeScheduledInstancesRequest): any => ({ ...obj, }); } /** - *Contains the output of DescribeSpotFleetRequestHistory.
+ *Describes a Scheduled Instance.
*/ -export interface DescribeSpotFleetRequestHistoryResponse { +export interface ScheduledInstance { /** - *Information about the events in the history of the Spot Fleet request.
+ *The Availability Zone.
*/ - HistoryRecords?: HistoryRecord[]; + AvailabilityZone?: string; /** - *The last date and time for the events, in UTC format (for example, - * YYYY-MM-DDTHH:MM:SSZ). - * All records up to this time were retrieved.
- *If nextToken
indicates that there are more results, this value is not
- * present.
The date when the Scheduled Instance was purchased.
*/ - LastEvaluatedTime?: Date; + CreateDate?: Date; /** - *The token required to retrieve the next set of results. This value is
- * null
when there are no more results to return.
The hourly price for a single instance.
*/ - NextToken?: string; + HourlyPrice?: string; /** - *The ID of the Spot Fleet request.
+ *The number of instances.
*/ - SpotFleetRequestId?: string; + InstanceCount?: number; /** - *The starting date and time for the events, in UTC format (for example, - * YYYY-MM-DDTHH:MM:SSZ).
+ *The instance type.
*/ - StartTime?: Date; -} + InstanceType?: string; -export namespace DescribeSpotFleetRequestHistoryResponse { /** - * @internal + *The network platform (EC2-Classic
or EC2-VPC
).
Contains the parameters for DescribeSpotFleetRequests.
- */ -export interface DescribeSpotFleetRequestsRequest { /** - *Checks whether you have the required permissions for the action, without actually
- * making the request, and provides an error response. If you have the required
- * permissions, the error response is DryRunOperation
. Otherwise, it is
- * UnauthorizedOperation
.
The time for the next schedule to start.
*/ - DryRun?: boolean; + NextSlotStartTime?: Date; /** - *The maximum number of results to return in a single call. Specify a value between 1
- * and 1000. The default value is 1000. To retrieve the remaining results, make another
- * call with the returned NextToken
value.
The platform (Linux/UNIX
or Windows
).
The token for the next set of results.
+ *The time that the previous schedule ended or will end.
*/ - NextToken?: string; + PreviousSlotEndTime?: Date; /** - *The IDs of the Spot Fleet requests.
+ *The schedule recurrence.
*/ - SpotFleetRequestIds?: string[]; -} + Recurrence?: ScheduledInstanceRecurrence; -export namespace DescribeSpotFleetRequestsRequest { /** - * @internal + *The Scheduled Instance ID.
*/ - export const filterSensitiveLog = (obj: DescribeSpotFleetRequestsRequest): any => ({ - ...obj, - }); -} + ScheduledInstanceId?: string; -export enum ExcessCapacityTerminationPolicy { - DEFAULT = "default", - NO_TERMINATION = "noTermination", -} + /** + *The number of hours in the schedule.
+ */ + SlotDurationInHours?: number; -/** - *Describes whether monitoring is enabled.
- */ -export interface SpotFleetMonitoring { /** - *Enables monitoring for the instance.
- *Default: false
- *
The end date for the Scheduled Instance.
*/ - Enabled?: boolean; + TermEndDate?: Date; + + /** + *The start date for the Scheduled Instance.
+ */ + TermStartDate?: Date; + + /** + *The total number of hours for a single instance for the entire term.
+ */ + TotalScheduledInstanceHours?: number; } -export namespace SpotFleetMonitoring { +export namespace ScheduledInstance { /** * @internal */ - export const filterSensitiveLog = (obj: SpotFleetMonitoring): any => ({ + export const filterSensitiveLog = (obj: ScheduledInstance): any => ({ ...obj, }); } /** - *Describes a network interface.
+ *Contains the output of DescribeScheduledInstances.
*/ -export interface InstanceNetworkInterfaceSpecification { +export interface DescribeScheduledInstancesResult { /** - *Indicates whether to assign a public IPv4 address to an instance you launch in a VPC. The
- * public IP address can only be assigned to a network interface for eth0, and can only be
- * assigned to a new network interface, not an existing one. You cannot specify more than one
- * network interface in the request. If launching into a default subnet, the default value is
- * true
.
The token required to retrieve the next set of results. This value is null
when there are no more results to return.
If set to true
, the interface is deleted when the instance is terminated. You can
- * specify true
only if creating a new network interface when launching an
- * instance.
Information about the Scheduled Instances.
*/ - DeleteOnTermination?: boolean; + ScheduledInstanceSet?: ScheduledInstance[]; +} +export namespace DescribeScheduledInstancesResult { /** - *The description of the network interface. Applies only if creating a network interface when launching an instance.
+ * @internal */ - Description?: string; + export const filterSensitiveLog = (obj: DescribeScheduledInstancesResult): any => ({ + ...obj, + }); +} +export interface DescribeSecurityGroupReferencesRequest { /** - *The position of the network interface in the attachment order. - * A primary network interface has a device index of 0.
- *If you specify a network interface when launching an instance, - * you must specify the device index.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The IDs of the security groups for the network interface. Applies only if creating a network interface when launching an instance.
+ *The IDs of the security groups in your account.
*/ - Groups?: string[]; + GroupId: string[] | undefined; +} +export namespace DescribeSecurityGroupReferencesRequest { /** - *A number of IPv6 addresses to assign to the network interface. Amazon EC2 chooses - * the IPv6 addresses from the range of the subnet. You cannot specify this option and the - * option to assign specific IPv6 addresses in the same request. You can specify this - * option if you've specified a minimum number of instances to launch.
+ * @internal */ - Ipv6AddressCount?: number; + export const filterSensitiveLog = (obj: DescribeSecurityGroupReferencesRequest): any => ({ + ...obj, + }); +} +/** + *Describes a VPC with a security group that references your security group.
+ */ +export interface SecurityGroupReference { /** - *One or more IPv6 addresses to assign to the network interface. You cannot specify - * this option and the option to assign a number of IPv6 addresses in the same request. You - * cannot specify this option if you've specified a minimum number of instances to - * launch.
+ *The ID of your security group.
*/ - Ipv6Addresses?: InstanceIpv6Address[]; + GroupId?: string; /** - *The ID of the network interface.
- *If you are creating a Spot Fleet, omit this parameter because you can’t specify a network interface ID in a launch specification.
+ *The ID of the VPC with the referencing security group.
*/ - NetworkInterfaceId?: string; + ReferencingVpcId?: string; /** - *The private IPv4 address of the network interface. Applies only if creating a network interface when launching an instance. You cannot specify this option if you're launching - * more than one instance in a RunInstances request.
+ *The ID of the VPC peering connection.
*/ - PrivateIpAddress?: string; + VpcPeeringConnectionId?: string; +} + +export namespace SecurityGroupReference { + /** + * @internal + */ + export const filterSensitiveLog = (obj: SecurityGroupReference): any => ({ + ...obj, + }); +} +export interface DescribeSecurityGroupReferencesResult { /** - *One or more private IPv4 addresses to assign to the network interface. Only one private IPv4 address can be designated as primary. You cannot specify this option if you're - * launching more than one instance in a RunInstances request.
+ *Information about the VPCs with the referencing security groups.
*/ - PrivateIpAddresses?: PrivateIpAddressSpecification[]; + SecurityGroupReferenceSet?: SecurityGroupReference[]; +} +export namespace DescribeSecurityGroupReferencesResult { /** - *The number of secondary private IPv4 addresses. You can't specify this option and specify more than one private IP address using the private IP addresses option. You cannot specify this option if you're - * launching more than one instance in a RunInstances request.
+ * @internal */ - SecondaryPrivateIpAddressCount?: number; + export const filterSensitiveLog = (obj: DescribeSecurityGroupReferencesResult): any => ({ + ...obj, + }); +} +export interface DescribeSecurityGroupRulesRequest { /** - *The ID of the subnet associated with the network interface. Applies only if creating a network interface when launching an instance.
+ *One or more filters.
+ *
+ * group-id
- The ID of the security group.
+ * security-group-rule-id
- The ID of the security group rule.
+ * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
Indicates whether to assign a carrier IP address to the network interface.
- *You can only assign a carrier IP address to a network interface that is in a subnet in a Wavelength Zone. - * For more information about carrier IP addresses, see Carrier IP addresses in the Amazon Web Services Wavelength Developer Guide.
+ *The IDs of the security group rules.
*/ - AssociateCarrierIpAddress?: boolean; + SecurityGroupRuleIds?: string[]; /** - *The type of network interface.
- *To create an Elastic Fabric Adapter (EFA), specify
- * efa
. For more information, see Elastic Fabric Adapter in the
- * Amazon Elastic Compute Cloud User Guide.
Valid values: interface
| efa
- *
Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The index of the network card. Some instance types support multiple network cards. - * The primary network interface must be assigned to network card index 0. - * The default is network card index 0.
- *If you are using RequestSpotInstances to create Spot Instances, omit this parameter because - * you can’t specify the network card index when using this API. To specify the network - * card index, use RunInstances.
+ *The token for the next page of results.
*/ - NetworkCardIndex?: number; + NextToken?: string; /** - *One or more IPv4 delegated prefixes to be assigned to the network interface. You cannot
- * use this option if you use the Ipv4PrefixCount
option.
The maximum number of results to return in a single call. To retrieve the remaining
+ * results, make another request with the returned NextToken
value. This value
+ * can be between 5 and 1000. If this parameter is not specified, then all results are
+ * returned.
The number of IPv4 delegated prefixes to be automatically assigned to the network interface.
- * You cannot use this option if you use the Ipv4Prefix
option.
One or more IPv6 delegated prefixes to be assigned to the network interface. You cannot
- * use this option if you use the Ipv6PrefixCount
option.
Information about security group rules.
*/ - Ipv6Prefixes?: Ipv6PrefixSpecificationRequest[]; + SecurityGroupRules?: SecurityGroupRule[]; /** - *The number of IPv6 delegated prefixes to be automatically assigned to the network interface.
- * You cannot use this option if you use the Ipv6Prefix
option.
The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
Describes Spot Instance placement.
- */ -export interface SpotPlacement { +export interface DescribeSecurityGroupsRequest { /** - *The Availability Zone.
- *[Spot Fleet only] To specify multiple Availability Zones, separate them using commas; - * for example, "us-west-2a, us-west-2b".
+ *The filters. If using multiple filters for rules, the results include security groups for which any combination of rules - not necessarily a single rule - match all filters.
+ *
+ * description
- The description of the security group.
+ * egress.ip-permission.cidr
- An IPv4 CIDR block for an outbound
+ * security group rule.
+ * egress.ip-permission.from-port
- For an outbound rule, the
+ * start of port range for the TCP and UDP protocols, or an ICMP type
+ * number.
+ * egress.ip-permission.group-id
- The ID of a security group
+ * that has been referenced in an outbound security group rule.
+ * egress.ip-permission.group-name
- The name of a security group
+ * that is referenced in an outbound security group rule.
+ * egress.ip-permission.ipv6-cidr
- An IPv6 CIDR block for an
+ * outbound security group rule.
+ * egress.ip-permission.prefix-list-id
- The ID of a prefix list to which a security group rule allows outbound access.
+ * egress.ip-permission.protocol
- The IP protocol for an
+ * outbound security group rule (tcp
| udp
|
+ * icmp
, a protocol number, or -1 for all protocols).
+ * egress.ip-permission.to-port
- For an outbound rule, the end
+ * of port range for the TCP and UDP protocols, or an ICMP code.
+ * egress.ip-permission.user-id
- The ID of an Amazon Web Services account that
+ * has been referenced in an outbound security group rule.
+ * group-id
- The ID of the security group.
+ * group-name
- The name of the security group.
+ * ip-permission.cidr
- An IPv4 CIDR block for an inbound security
+ * group rule.
+ * ip-permission.from-port
- For an inbound rule, the start of port
+ * range for the TCP and UDP protocols, or an ICMP type number.
+ * ip-permission.group-id
- The ID of a security group that has been
+ * referenced in an inbound security group rule.
+ * ip-permission.group-name
- The name of a security group that is
+ * referenced in an inbound security group rule.
+ * ip-permission.ipv6-cidr
- An IPv6 CIDR block for an inbound security
+ * group rule.
+ * ip-permission.prefix-list-id
- The ID of a prefix list from which a security group rule allows inbound access.
+ * ip-permission.protocol
- The IP protocol for an inbound security
+ * group rule (tcp
| udp
| icmp
, a
+ * protocol number, or -1 for all protocols).
+ * ip-permission.to-port
- For an inbound rule, the end of port range
+ * for the TCP and UDP protocols, or an ICMP code.
+ * ip-permission.user-id
- The ID of an Amazon Web Services account that has been
+ * referenced in an inbound security group rule.
+ * owner-id
- The Amazon Web Services account ID of the owner of the security group.
+ * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
+ * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
+ * vpc-id
- The ID of the VPC specified when the security group was created.
The name of the placement group.
+ *The IDs of the security groups. Required for security groups in a nondefault VPC.
+ *Default: Describes all of your security groups.
*/ - GroupName?: string; + GroupIds?: string[]; /** - *The tenancy of the instance (if the instance is running in a VPC). An instance with a
- * tenancy of dedicated
runs on single-tenant hardware. The host
- * tenancy is not supported for Spot Instances.
[EC2-Classic and default VPC only] The names of the security groups. You can specify either
+ * the security group name or the security group ID. For security groups in a nondefault VPC, use
+ * the group-name
filter to describe security groups by name.
Default: Describes all of your security groups.
*/ - Tenancy?: Tenancy | string; -} + GroupNames?: string[]; -export namespace SpotPlacement { /** - * @internal + *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The tags for a Spot Fleet resource.
- */ -export interface SpotFleetTagSpecification { /** - *The type of resource. Currently, the only resource type that is supported is
- * instance
. To tag the Spot Fleet request on creation, use the
- * TagSpecifications
parameter in
- * SpotFleetRequestConfigData
- * .
The token to request the next page of results.
*/ - ResourceType?: ResourceType | string; + NextToken?: string; /** - *The tags.
+ *The maximum number of results to return in a single call. To retrieve the remaining
+ * results, make another request with the returned NextToken
value. This value
+ * can be between 5 and 1000. If this parameter is not specified, then all results are
+ * returned.
Describes the launch specification for one or more Spot Instances. If you include
- * On-Demand capacity in your fleet request or want to specify an EFA network device, you
- * can't use SpotFleetLaunchSpecification
; you must use LaunchTemplateConfig.
Describes a security group.
*/ -export interface SpotFleetLaunchSpecification { +export interface SecurityGroup { /** - *One or more security groups. When requesting instances in a VPC, you must specify the IDs of the security groups. When requesting instances in EC2-Classic, you can specify the names or the IDs of the security groups.
+ *A description of the security group.
*/ - SecurityGroups?: GroupIdentifier[]; + Description?: string; /** - *Deprecated.
+ *The name of the security group.
*/ - AddressingType?: string; + GroupName?: string; /** - *One or more block devices that are mapped to the Spot Instances. You can't specify both - * a snapshot ID and an encryption value. This is because only blank volumes can be - * encrypted on creation. If a snapshot is the basis for a volume, it is not blank and its - * encryption status is used for the volume encryption status.
+ *The inbound rules associated with the security group.
*/ - BlockDeviceMappings?: BlockDeviceMapping[]; + IpPermissions?: IpPermission[]; /** - *Indicates whether the instances are optimized for EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal EBS I/O performance. This optimization isn't available with all instance types. Additional usage charges apply when using an EBS Optimized instance.
- *Default: false
- *
The Amazon Web Services account ID of the owner of the security group.
*/ - EbsOptimized?: boolean; + OwnerId?: string; /** - *The IAM instance profile.
+ *The ID of the security group.
*/ - IamInstanceProfile?: IamInstanceProfileSpecification; + GroupId?: string; /** - *The ID of the AMI.
+ *[VPC only] The outbound rules associated with the security group.
*/ - ImageId?: string; + IpPermissionsEgress?: IpPermission[]; /** - *The instance type.
+ *Any tags assigned to the security group.
*/ - InstanceType?: _InstanceType | string; + Tags?: Tag[]; /** - *The ID of the kernel.
+ *[VPC only] The ID of the VPC for the security group.
*/ - KernelId?: string; + VpcId?: string; +} +export namespace SecurityGroup { /** - *The name of the key pair.
+ * @internal */ - KeyName?: string; + export const filterSensitiveLog = (obj: SecurityGroup): any => ({ + ...obj, + }); +} +export interface DescribeSecurityGroupsResult { /** - *Enable or disable monitoring for the instances.
+ *Information about the security groups.
*/ - Monitoring?: SpotFleetMonitoring; + SecurityGroups?: SecurityGroup[]; /** - *One or more network interfaces. If you specify a network interface, you must specify - * subnet IDs and security group IDs using the network interface.
- *
- * SpotFleetLaunchSpecification
currently does not support Elastic Fabric Adapter (EFA). To specify an EFA, you must use LaunchTemplateConfig.
The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The placement information.
+ * @internal */ - Placement?: SpotPlacement; + export const filterSensitiveLog = (obj: DescribeSecurityGroupsResult): any => ({ + ...obj, + }); +} + +export type SnapshotAttributeName = "createVolumePermission" | "productCodes"; +export interface DescribeSnapshotAttributeRequest { /** - *The ID of the RAM disk. Some kernels require additional drivers at launch. Check the kernel - * requirements for information about whether you need to specify a RAM disk. To find kernel - * requirements, refer to the Amazon Web Services Resource Center and search for the kernel ID.
+ *The snapshot attribute you would like to view.
*/ - RamdiskId?: string; + Attribute: SnapshotAttributeName | string | undefined; /** - *The maximum price per unit hour that you are willing to pay for a Spot Instance.
- * If this value is not specified, the default is the Spot price specified for the fleet.
- * To determine the Spot price per unit hour, divide the Spot price by the
- * value of WeightedCapacity
.
The ID of the EBS snapshot.
*/ - SpotPrice?: string; + SnapshotId: string | undefined; /** - *The IDs of the subnets in which to launch the instances. To specify multiple subnets, separate - * them using commas; for example, "subnet-1234abcdeexample1, subnet-0987cdef6example2".
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The Base64-encoded user data that instances use when starting up.
+ * @internal */ - UserData?: string; + export const filterSensitiveLog = (obj: DescribeSnapshotAttributeRequest): any => ({ + ...obj, + }); +} +/** + *Describes the user or group to be added or removed from the list of create volume + * permissions for a volume.
+ */ +export interface CreateVolumePermission { /** - *The number of units provided by the specified instance type. These are the same units that you chose to set the target capacity in terms of instances, or a performance characteristic such as vCPUs, memory, or I/O.
- *If the target capacity divided by this value is not a whole number, Amazon EC2 rounds the number of instances to the next whole number. If this value is not specified, the default is 1.
+ *The group to be added or removed. The possible value is all
.
The tags to apply during creation.
+ *The ID of the Amazon Web Services account to be added or removed.
*/ - TagSpecifications?: SpotFleetTagSpecification[]; + UserId?: string; } -export namespace SpotFleetLaunchSpecification { +export namespace CreateVolumePermission { /** * @internal */ - export const filterSensitiveLog = (obj: SpotFleetLaunchSpecification): any => ({ + export const filterSensitiveLog = (obj: CreateVolumePermission): any => ({ ...obj, }); } -/** - *Describes overrides for a launch template.
- */ -export interface LaunchTemplateOverrides { +export interface DescribeSnapshotAttributeResult { /** - *The instance type.
+ *The users and groups that have the permissions for creating volumes from the + * snapshot.
*/ - InstanceType?: _InstanceType | string; + CreateVolumePermissions?: CreateVolumePermission[]; /** - *The maximum price per unit hour that you are willing to pay for a Spot - * Instance.
+ *The product codes.
*/ - SpotPrice?: string; + ProductCodes?: ProductCode[]; /** - *The ID of the subnet in which to launch the instances.
+ *The ID of the EBS snapshot.
*/ - SubnetId?: string; + SnapshotId?: string; +} +export namespace DescribeSnapshotAttributeResult { /** - *The Availability Zone in which to launch the instances.
+ * @internal */ - AvailabilityZone?: string; + export const filterSensitiveLog = (obj: DescribeSnapshotAttributeResult): any => ({ + ...obj, + }); +} +export interface DescribeSnapshotsRequest { /** - *The number of units provided by the specified instance type.
+ *The filters.
+ *
+ * description
- A description of the snapshot.
+ * encrypted
- Indicates whether the snapshot is encrypted
+ * (true
| false
)
+ * owner-alias
- The owner alias, from an Amazon-maintained list
+ * (amazon
).
+ * This is not the user-configured Amazon Web Services account alias set using the IAM console.
+ * We recommend that you use the related parameter instead of this filter.
+ * owner-id
- The Amazon Web Services account ID of the owner. We recommend that
+ * you use the related parameter instead of this filter.
+ * progress
- The progress of the snapshot, as a percentage (for example,
+ * 80%).
+ * snapshot-id
- The snapshot ID.
+ * start-time
- The time stamp when the snapshot was initiated.
+ * status
- The status of the snapshot (pending
|
+ * completed
| error
).
+ * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
+ * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
+ * volume-id
- The ID of the volume the snapshot is for.
+ * volume-size
- The size of the volume, in GiB.
The maximum number of snapshot results returned by DescribeSnapshots
in
+ * paginated output. When this parameter is used, DescribeSnapshots
only returns
+ * MaxResults
results in a single page along with a NextToken
+ * response element. The remaining results of the initial request can be seen by sending another
+ * DescribeSnapshots
request with the returned NextToken
value. This
+ * value can be between 5 and 1,000; if MaxResults
is given a value larger than 1,000,
+ * only 1,000 results are returned. If this parameter is not used, then
+ * DescribeSnapshots
returns all results. You cannot specify this parameter and
+ * the snapshot IDs parameter in the same request.
The NextToken
value returned from a previous paginated
+ * DescribeSnapshots
request where MaxResults
was used and the
+ * results exceeded the value of that parameter. Pagination continues from the end of the
+ * previous results that returned the NextToken
value. This value is
+ * null
when there are no more results to return.
The priority for the launch template override. The highest priority is launched - * first.
- *If OnDemandAllocationStrategy
is set to prioritized
, Spot Fleet
- * uses priority to determine which launch template override to use first in fulfilling
- * On-Demand capacity.
If the Spot AllocationStrategy
is set to
- * capacityOptimizedPrioritized
, Spot Fleet uses priority on a best-effort basis
- * to determine which launch template override to use in fulfilling Spot capacity, but
- * optimizes for capacity first.
Valid values are whole numbers starting at 0
. The lower the number, the
- * higher the priority. If no number is set, the launch template override has the lowest
- * priority. You can set the same priority for different launch template overrides.
Scopes the results to snapshots with the specified owners. You can specify a combination of
+ * Amazon Web Services account IDs, self
, and amazon
.
The IDs of the Amazon Web Services accounts that can create volumes from the snapshot.
*/ - export const filterSensitiveLog = (obj: LaunchTemplateOverrides): any => ({ - ...obj, - }); -} + RestorableByUserIds?: string[]; -/** - *Describes a launch template and overrides.
- */ -export interface LaunchTemplateConfig { /** - *The launch template.
+ *The snapshot IDs.
+ *Default: Describes the snapshots for which you have create volume permissions.
*/ - LaunchTemplateSpecification?: FleetLaunchTemplateSpecification; + SnapshotIds?: string[]; /** - *Any parameters that you specify override the same parameters in the launch - * template.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Describes a Classic Load Balancer.
- */ -export interface ClassicLoadBalancer { +export interface DescribeSnapshotsResult { /** - *The name of the load balancer.
+ *Information about the snapshots.
*/ - Name?: string; + Snapshots?: Snapshot[]; + + /** + *The NextToken
value to include in a future DescribeSnapshots
+ * request. When the results of a DescribeSnapshots
request exceed
+ * MaxResults
, this value can be used to retrieve the next page of results. This
+ * value is null
when there are no more results to return.
Describes the Classic Load Balancers to attach to a Spot Fleet. Spot Fleet registers - * the running Spot Instances with these Classic Load Balancers.
+ *Contains the parameters for DescribeSpotDatafeedSubscription.
*/ -export interface ClassicLoadBalancersConfig { +export interface DescribeSpotDatafeedSubscriptionRequest { /** - *One or more Classic Load Balancers.
+ *Checks whether you have the required permissions for the action, without actually
+ * making the request, and provides an error response. If you have the required
+ * permissions, the error response is DryRunOperation
. Otherwise, it is
+ * UnauthorizedOperation
.
Describes a load balancer target group.
+ *Contains the output of DescribeSpotDatafeedSubscription.
*/ -export interface TargetGroup { +export interface DescribeSpotDatafeedSubscriptionResult { /** - *The Amazon Resource Name (ARN) of the target group.
+ *The Spot Instance data feed subscription.
*/ - Arn?: string; + SpotDatafeedSubscription?: SpotDatafeedSubscription; } -export namespace TargetGroup { +export namespace DescribeSpotDatafeedSubscriptionResult { /** * @internal */ - export const filterSensitiveLog = (obj: TargetGroup): any => ({ + export const filterSensitiveLog = (obj: DescribeSpotDatafeedSubscriptionResult): any => ({ ...obj, }); } /** - *Describes the target groups to attach to a Spot Fleet. Spot Fleet registers the - * running Spot Instances with these target groups.
+ *Contains the parameters for DescribeSpotFleetInstances.
*/ -export interface TargetGroupsConfig { +export interface DescribeSpotFleetInstancesRequest { /** - *One or more target groups.
+ *Checks whether you have the required permissions for the action, without actually
+ * making the request, and provides an error response. If you have the required
+ * permissions, the error response is DryRunOperation
. Otherwise, it is
+ * UnauthorizedOperation
.
The maximum number of results to return in a single call. Specify a value between 1
+ * and 1000. The default value is 1000. To retrieve the remaining results, make another
+ * call with the returned NextToken
value.
Describes the Classic Load Balancers and target groups to attach to a Spot Fleet - * request.
- */ -export interface LoadBalancersConfig { /** - *The Classic Load Balancers.
+ *The token for the next set of results.
*/ - ClassicLoadBalancersConfig?: ClassicLoadBalancersConfig; + NextToken?: string; /** - *The target groups.
+ *The ID of the Spot Fleet request.
*/ - TargetGroupsConfig?: TargetGroupsConfig; + SpotFleetRequestId: string | undefined; } -export namespace LoadBalancersConfig { +export namespace DescribeSpotFleetInstancesRequest { /** * @internal */ - export const filterSensitiveLog = (obj: LoadBalancersConfig): any => ({ + export const filterSensitiveLog = (obj: DescribeSpotFleetInstancesRequest): any => ({ ...obj, }); } -export enum OnDemandAllocationStrategy { - LOWEST_PRICE = "lowestPrice", - PRIORITIZED = "prioritized", -} - -export enum ReplacementStrategy { - LAUNCH = "launch", -} - /** - *The Spot Instance replacement strategy to use when Amazon EC2 emits a signal that your - * Spot Instance is at an elevated risk of being interrupted. For more information, see - * Capacity rebalancing in the Amazon EC2 User Guide for Linux Instances.
+ *Contains the output of DescribeSpotFleetInstances.
*/ -export interface SpotCapacityRebalance { +export interface DescribeSpotFleetInstancesResponse { /** - *The replacement strategy to use. Only available for fleets of type
- * maintain
. You must specify a value, otherwise you get an error.
To allow Spot Fleet to launch a replacement Spot Instance when an instance rebalance
- * notification is emitted for a Spot Instance in the fleet, specify
- * launch
.
When a replacement instance is launched, the instance marked for rebalance is not - * automatically terminated. You can terminate it, or you can leave it running. You are - * charged for all instances while they are running.
- *The running instances. This list is refreshed periodically and might be out of + * date.
*/ - ReplacementStrategy?: ReplacementStrategy | string; -} + ActiveInstances?: ActiveInstance[]; -export namespace SpotCapacityRebalance { /** - * @internal + *The token required to retrieve the next set of results. This value is
+ * null
when there are no more results to return.
The strategies for managing your Spot Instances that are at an elevated risk of being - * interrupted.
- */ -export interface SpotMaintenanceStrategies { /** - *The strategy to use when Amazon EC2 emits a signal that your Spot Instance is at an - * elevated risk of being interrupted.
+ *The ID of the Spot Fleet request.
*/ - CapacityRebalance?: SpotCapacityRebalance; + SpotFleetRequestId?: string; } -export namespace SpotMaintenanceStrategies { +export namespace DescribeSpotFleetInstancesResponse { /** * @internal */ - export const filterSensitiveLog = (obj: SpotMaintenanceStrategies): any => ({ + export const filterSensitiveLog = (obj: DescribeSpotFleetInstancesResponse): any => ({ ...obj, }); } +export enum EventType { + BATCH_CHANGE = "fleetRequestChange", + ERROR = "error", + INFORMATION = "information", + INSTANCE_CHANGE = "instanceChange", +} + /** - *Describes the configuration of a Spot Fleet request.
+ *Contains the parameters for DescribeSpotFleetRequestHistory.
*/ -export interface SpotFleetRequestConfigData { - /** - *Indicates how to allocate the target Spot Instance capacity across the Spot Instance pools specified by - * the Spot Fleet request.
- *If the allocation strategy is lowestPrice
, Spot Fleet launches instances from
- * the Spot Instance pools with the lowest price. This is the default allocation strategy.
If the allocation strategy is diversified
, Spot Fleet launches instances from
- * all the Spot Instance pools that you specify.
If the allocation strategy is capacityOptimized
(recommended), Spot Fleet
- * launches instances from Spot Instance pools with optimal capacity for the number of instances
- * that are launching. To give certain instance types a higher chance of launching first,
- * use capacityOptimizedPrioritized
. Set a priority for each instance type by
- * using the Priority
parameter for LaunchTemplateOverrides
. You
- * can assign the same priority to different LaunchTemplateOverrides
. EC2
- * implements the priorities on a best-effort basis, but optimizes for capacity first.
- * capacityOptimizedPrioritized
is supported only if your Spot Fleet uses a
- * launch template. Note that if the OnDemandAllocationStrategy
is set to
- * prioritized
, the same priority is applied when fulfilling On-Demand
- * capacity.
The order of the launch template overrides to use in fulfilling On-Demand capacity. If
- * you specify lowestPrice
, Spot Fleet uses price to determine the order, launching
- * the lowest price first. If you specify prioritized
, Spot Fleet uses the priority
- * that you assign to each Spot Fleet launch template override, launching the highest priority
- * first. If you do not specify a value, Spot Fleet defaults to lowestPrice
.
The strategies for managing your Spot Instances that are at an elevated risk of being - * interrupted.
- */ - SpotMaintenanceStrategies?: SpotMaintenanceStrategies; - - /** - *A unique, case-sensitive identifier that you provide to ensure the idempotency of your - * listings. This helps to avoid duplicate listings. For more information, see Ensuring Idempotency.
- */ - ClientToken?: string; - +export interface DescribeSpotFleetRequestHistoryRequest { /** - *Indicates whether running Spot Instances should be terminated if you decrease the - * target capacity of the Spot Fleet request below the current size of the Spot - * Fleet.
+ *Checks whether you have the required permissions for the action, without actually
+ * making the request, and provides an error response. If you have the required
+ * permissions, the error response is DryRunOperation
. Otherwise, it is
+ * UnauthorizedOperation
.
The number of units fulfilled by this request compared to the set target capacity. You - * cannot set this value.
+ *The type of events to describe. By default, all events are described.
*/ - FulfilledCapacity?: number; + EventType?: EventType | string; /** - *The number of On-Demand units fulfilled by this request compared to the set target - * On-Demand capacity.
+ *The maximum number of results to return in a single call. Specify a value between 1
+ * and 1000. The default value is 1000. To retrieve the remaining results, make another
+ * call with the returned NextToken
value.
The Amazon Resource Name (ARN) of an Identity and Access Management (IAM) role that
- * grants the Spot Fleet the permission to request, launch, terminate, and tag instances on
- * your behalf. For more information, see Spot
- * Fleet prerequisites in the Amazon EC2 User Guide for Linux Instances. Spot Fleet
- * can terminate Spot Instances on your behalf when you cancel its Spot Fleet request using
- * CancelSpotFleetRequests or when the Spot Fleet request expires, if you set
- * TerminateInstancesWithExpiration
.
The token for the next set of results.
*/ - IamFleetRole: string | undefined; + NextToken?: string; /** - *The launch specifications for the Spot Fleet request. If you specify
- * LaunchSpecifications
, you can't specify
- * LaunchTemplateConfigs
. If you include On-Demand capacity in your
- * request, you must use LaunchTemplateConfigs
.
The ID of the Spot Fleet request.
*/ - LaunchSpecifications?: SpotFleetLaunchSpecification[]; + SpotFleetRequestId: string | undefined; /** - *The launch template and overrides. If you specify LaunchTemplateConfigs
,
- * you can't specify LaunchSpecifications
. If you include On-Demand capacity
- * in your request, you must use LaunchTemplateConfigs
.
The starting date and time for the events, in UTC format (for example, + * YYYY-MM-DDTHH:MM:SSZ).
*/ - LaunchTemplateConfigs?: LaunchTemplateConfig[]; + StartTime: Date | undefined; +} +export namespace DescribeSpotFleetRequestHistoryRequest { /** - *The maximum price per unit hour that you are willing to pay for a Spot Instance. The - * default is the On-Demand price.
+ * @internal */ - SpotPrice?: string; + export const filterSensitiveLog = (obj: DescribeSpotFleetRequestHistoryRequest): any => ({ + ...obj, + }); +} +/** + *Describes an event in the history of the Spot Fleet request.
+ */ +export interface HistoryRecord { /** - *The number of units to request for the Spot Fleet. You can choose to set the target
- * capacity in terms of instances or a performance characteristic that is important to your
- * application workload, such as vCPUs, memory, or I/O. If the request type is
- * maintain
, you can specify a target capacity of 0 and add capacity
- * later.
Information about the event.
*/ - TargetCapacity: number | undefined; + EventInformation?: EventInformation; /** - *The number of On-Demand units to request. You can choose to set the target capacity in
- * terms of instances or a performance characteristic that is important to your application
- * workload, such as vCPUs, memory, or I/O. If the request type is maintain
,
- * you can specify a target capacity of 0 and add capacity later.
The event type.
+ *
+ * error
- An error with the Spot Fleet request.
+ * fleetRequestChange
- A change in the status or configuration of
+ * the Spot Fleet request.
+ * instanceChange
- An instance was launched or terminated.
+ * Information
- An informational event.
The maximum amount per hour for On-Demand Instances that you're willing to pay. You
- * can use the onDemandMaxTotalPrice
parameter, the
- * spotMaxTotalPrice
parameter, or both parameters to ensure that your
- * fleet cost does not exceed your budget. If you set a maximum price per hour for the
- * On-Demand Instances and Spot Instances in your request, Spot Fleet will launch instances until it reaches the
- * maximum amount you're willing to pay. When the maximum amount you're willing to pay is
- * reached, the fleet stops launching instances even if it hasn’t met the target
- * capacity.
The date and time of the event, in UTC format (for example, + * YYYY-MM-DDTHH:MM:SSZ).
*/ - OnDemandMaxTotalPrice?: string; + Timestamp?: Date; +} +export namespace HistoryRecord { /** - *The maximum amount per hour for Spot Instances that you're willing to pay. You can use
- * the spotdMaxTotalPrice
parameter, the onDemandMaxTotalPrice
- * parameter, or both parameters to ensure that your fleet cost does not exceed your
- * budget. If you set a maximum price per hour for the On-Demand Instances and Spot Instances in your request,
- * Spot Fleet will launch instances until it reaches the maximum amount you're willing to pay.
- * When the maximum amount you're willing to pay is reached, the fleet stops launching
- * instances even if it hasn’t met the target capacity.
Contains the output of DescribeSpotFleetRequestHistory.
+ */ +export interface DescribeSpotFleetRequestHistoryResponse { /** - *Indicates whether running Spot Instances are terminated when the Spot Fleet request - * expires.
+ *Information about the events in the history of the Spot Fleet request.
*/ - TerminateInstancesWithExpiration?: boolean; + HistoryRecords?: HistoryRecord[]; /** - *The type of request. Indicates whether the Spot Fleet only requests the target
- * capacity or also attempts to maintain it. When this value is request
, the
- * Spot Fleet only places the required requests. It does not attempt to replenish Spot
- * Instances if capacity is diminished, nor does it submit requests in alternative Spot
- * pools if capacity is not available. When this value is maintain
, the Spot
- * Fleet maintains the target capacity. The Spot Fleet places the required requests to meet
- * capacity and automatically replenishes any interrupted instances. Default:
- * maintain
. instant
is listed but is not used by Spot
- * Fleet.
The last date and time for the events, in UTC format (for example, + * YYYY-MM-DDTHH:MM:SSZ). + * All records up to this time were retrieved.
+ *If nextToken
indicates that there are more results, this value is not
+ * present.
The start date and time of the request, in UTC format - * (YYYY-MM-DDTHH:MM:SSZ). - * By default, Amazon EC2 starts fulfilling the request immediately.
+ *The token required to retrieve the next set of results. This value is
+ * null
when there are no more results to return.
The end date and time of the request, in UTC format - * (YYYY-MM-DDTHH:MM:SSZ). - * After the end date and time, no new Spot Instance requests are placed or able to fulfill - * the request. If no value is specified, the Spot Fleet request remains until you cancel - * it.
+ *The ID of the Spot Fleet request.
*/ - ValidUntil?: Date; + SpotFleetRequestId?: string; /** - *Indicates whether Spot Fleet should replace unhealthy instances.
+ *The starting date and time for the events, in UTC format (for example, + * YYYY-MM-DDTHH:MM:SSZ).
*/ - ReplaceUnhealthyInstances?: boolean; + StartTime?: Date; +} +export namespace DescribeSpotFleetRequestHistoryResponse { /** - *The behavior when a Spot Instance is interrupted. The default is
- * terminate
.
Contains the parameters for DescribeSpotFleetRequests.
+ */ +export interface DescribeSpotFleetRequestsRequest { /** - *One or more Classic Load Balancers and target groups to attach to the Spot Fleet - * request. Spot Fleet registers the running Spot Instances with the specified Classic Load - * Balancers and target groups.
- *With Network Load Balancers, Spot Fleet cannot register instances that have the - * following instance types: C1, CC1, CC2, CG1, CG2, CR1, CS1, G1, G2, HI1, HS1, M1, M2, - * M3, and T1.
+ *Checks whether you have the required permissions for the action, without actually
+ * making the request, and provides an error response. If you have the required
+ * permissions, the error response is DryRunOperation
. Otherwise, it is
+ * UnauthorizedOperation
.
The number of Spot pools across which to allocate your target Spot capacity. Valid
- * only when Spot AllocationStrategy is set to
- * lowest-price
. Spot Fleet selects the cheapest Spot pools and evenly
- * allocates your target Spot capacity across the number of Spot pools that you
- * specify.
Note that Spot Fleet attempts to draw Spot Instances from the number of pools that you specify on a - * best effort basis. If a pool runs out of Spot capacity before fulfilling your target - * capacity, Spot Fleet will continue to fulfill your request by drawing from the next cheapest - * pool. To ensure that your target capacity is met, you might receive Spot Instances from more than - * the number of pools that you specified. Similarly, if most of the pools have no Spot - * capacity, you might receive your full target capacity from fewer than the number of - * pools that you specified.
+ *The maximum number of results to return in a single call. Specify a value between 1
+ * and 1000. The default value is 1000. To retrieve the remaining results, make another
+ * call with the returned NextToken
value.
Reserved.
+ *The token for the next set of results.
*/ - Context?: string; + NextToken?: string; /** - *The key-value pair for tagging the Spot Fleet request on creation. The value for
- * ResourceType
must be spot-fleet-request
, otherwise the
- * Spot Fleet request fails. To tag instances at launch, specify the tags in the launch
- * template (valid only if you use LaunchTemplateConfigs
) or in
- * the
- * SpotFleetTagSpecification
- * (valid only if you use
- * LaunchSpecifications
). For information about tagging after launch, see
- * Tagging Your Resources.
The IDs of the Spot Fleet requests.
*/ - TagSpecifications?: TagSpecification[]; + SpotFleetRequestIds?: string[]; } -export namespace SpotFleetRequestConfigData { +export namespace DescribeSpotFleetRequestsRequest { /** * @internal */ - export const filterSensitiveLog = (obj: SpotFleetRequestConfigData): any => ({ + export const filterSensitiveLog = (obj: DescribeSpotFleetRequestsRequest): any => ({ ...obj, }); } +export enum ExcessCapacityTerminationPolicy { + DEFAULT = "default", + NO_TERMINATION = "noTermination", +} + /** - *Describes a Spot Fleet request.
+ *Describes whether monitoring is enabled.
*/ -export interface SpotFleetRequestConfig { +export interface SpotFleetMonitoring { /** - *The progress of the Spot Fleet request.
- * If there is an error, the status is error
.
- * After all requests are placed, the status is pending_fulfillment
.
- * If the size of the fleet is equal to or greater than its target capacity, the status is fulfilled
.
- * If the size of the fleet is decreased, the status is pending_termination
- * while Spot Instances are terminating.
Enables monitoring for the instance.
+ *Default: false
+ *
The creation date and time of the request.
+ * @internal */ - CreateTime?: Date; + export const filterSensitiveLog = (obj: SpotFleetMonitoring): any => ({ + ...obj, + }); +} +/** + *Describes a network interface.
+ */ +export interface InstanceNetworkInterfaceSpecification { /** - *The configuration of the Spot Fleet request.
+ *Indicates whether to assign a public IPv4 address to an instance you launch in a VPC. The
+ * public IP address can only be assigned to a network interface for eth0, and can only be
+ * assigned to a new network interface, not an existing one. You cannot specify more than one
+ * network interface in the request. If launching into a default subnet, the default value is
+ * true
.
The ID of the Spot Fleet request.
+ *If set to true
, the interface is deleted when the instance is terminated. You can
+ * specify true
only if creating a new network interface when launching an
+ * instance.
The state of the Spot Fleet request.
+ *The description of the network interface. Applies only if creating a network interface when launching an instance.
*/ - SpotFleetRequestState?: BatchState | string; + Description?: string; /** - *The tags for a Spot Fleet resource.
+ *The position of the network interface in the attachment order. + * A primary network interface has a device index of 0.
+ *If you specify a network interface when launching an instance, + * you must specify the device index.
*/ - Tags?: Tag[]; -} + DeviceIndex?: number; -export namespace SpotFleetRequestConfig { /** - * @internal + *The IDs of the security groups for the network interface. Applies only if creating a network interface when launching an instance.
*/ - export const filterSensitiveLog = (obj: SpotFleetRequestConfig): any => ({ - ...obj, - }); -} + Groups?: string[]; -/** - *Contains the output of DescribeSpotFleetRequests.
- */ -export interface DescribeSpotFleetRequestsResponse { /** - *The token required to retrieve the next set of results. This value is
- * null
when there are no more results to return.
A number of IPv6 addresses to assign to the network interface. Amazon EC2 chooses + * the IPv6 addresses from the range of the subnet. You cannot specify this option and the + * option to assign specific IPv6 addresses in the same request. You can specify this + * option if you've specified a minimum number of instances to launch.
*/ - NextToken?: string; + Ipv6AddressCount?: number; /** - *Information about the configuration of your Spot Fleet.
+ *One or more IPv6 addresses to assign to the network interface. You cannot specify + * this option and the option to assign a number of IPv6 addresses in the same request. You + * cannot specify this option if you've specified a minimum number of instances to + * launch.
*/ - SpotFleetRequestConfigs?: SpotFleetRequestConfig[]; -} + Ipv6Addresses?: InstanceIpv6Address[]; -export namespace DescribeSpotFleetRequestsResponse { /** - * @internal + *The ID of the network interface.
+ *If you are creating a Spot Fleet, omit this parameter because you can’t specify a network interface ID in a launch specification.
*/ - export const filterSensitiveLog = (obj: DescribeSpotFleetRequestsResponse): any => ({ - ...obj, - }); -} - -/** - *Contains the parameters for DescribeSpotInstanceRequests.
- */ -export interface DescribeSpotInstanceRequestsRequest { - /** - *One or more filters.
- *
- * availability-zone-group
- The Availability Zone group.
- * create-time
- The time stamp when the Spot Instance request was
- * created.
- * fault-code
- The fault code related to the request.
- * fault-message
- The fault message related to the request.
- * instance-id
- The ID of the instance that fulfilled the
- * request.
- * launch-group
- The Spot Instance launch group.
- * launch.block-device-mapping.delete-on-termination
- Indicates
- * whether the EBS volume is deleted on instance termination.
- * launch.block-device-mapping.device-name
- The device name for the
- * volume in the block device mapping (for example, /dev/sdh
or
- * xvdh
).
- * launch.block-device-mapping.snapshot-id
- The ID of the snapshot
- * for the EBS volume.
- * launch.block-device-mapping.volume-size
- The size of the EBS
- * volume, in GiB.
- * launch.block-device-mapping.volume-type
- The type of EBS volume:
- * gp2
for General Purpose SSD, io1
or
- * io2
for Provisioned IOPS SSD, st1
for Throughput
- * Optimized HDD, sc1
for Cold HDD, or standard
for
- * Magnetic.
- * launch.group-id
- The ID of the security group for the
- * instance.
- * launch.group-name
- The name of the security group for the
- * instance.
- * launch.image-id
- The ID of the AMI.
- * launch.instance-type
- The type of instance (for example,
- * m3.medium
).
- * launch.kernel-id
- The kernel ID.
- * launch.key-name
- The name of the key pair the instance launched
- * with.
- * launch.monitoring-enabled
- Whether detailed monitoring is
- * enabled for the Spot Instance.
- * launch.ramdisk-id
- The RAM disk ID.
- * launched-availability-zone
- The Availability Zone in which the
- * request is launched.
- * network-interface.addresses.primary
- Indicates whether the IP
- * address is the primary private IP address.
- * network-interface.delete-on-termination
- Indicates whether the
- * network interface is deleted when the instance is terminated.
- * network-interface.description
- A description of the network
- * interface.
- * network-interface.device-index
- The index of the device for the
- * network interface attachment on the instance.
- * network-interface.group-id
- The ID of the security group
- * associated with the network interface.
- * network-interface.network-interface-id
- The ID of the network
- * interface.
- * network-interface.private-ip-address
- The primary private IP
- * address of the network interface.
- * network-interface.subnet-id
- The ID of the subnet for the
- * instance.
- * product-description
- The product description associated with the
- * instance (Linux/UNIX
| Windows
).
- * spot-instance-request-id
- The Spot Instance request ID.
- * spot-price
- The maximum hourly price for any Spot Instance
- * launched to fulfill the request.
- * state
- The state of the Spot Instance request (open
- * | active
| closed
| cancelled
|
- * failed
). Spot request status information can help you track
- * your Amazon EC2 Spot Instance requests. For more information, see Spot
- * request status in the Amazon EC2 User Guide for Linux Instances.
- * status-code
- The short code describing the most recent
- * evaluation of your Spot Instance request.
- * status-message
- The message explaining the status of the Spot
- * Instance request.
- * tag:
- The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value.
- * For example, to find all resources that have a tag with the key Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
- * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
- * type
- The type of Spot Instance request (one-time
|
- * persistent
).
- * valid-from
- The start date of the request.
- * valid-until
- The end date of the request.
The private IPv4 address of the network interface. Applies only if creating a network interface when launching an instance. You cannot specify this option if you're launching + * more than one instance in a RunInstances request.
*/ - Filters?: Filter[]; + PrivateIpAddress?: string; /** - *Checks whether you have the required permissions for the action, without actually
- * making the request, and provides an error response. If you have the required
- * permissions, the error response is DryRunOperation
. Otherwise, it is
- * UnauthorizedOperation
.
One or more private IPv4 addresses to assign to the network interface. Only one private IPv4 address can be designated as primary. You cannot specify this option if you're + * launching more than one instance in a RunInstances request.
*/ - DryRun?: boolean; + PrivateIpAddresses?: PrivateIpAddressSpecification[]; /** - *One or more Spot Instance request IDs.
+ *The number of secondary private IPv4 addresses. You can't specify this option and specify more than one private IP address using the private IP addresses option. You cannot specify this option if you're + * launching more than one instance in a RunInstances request.
*/ - SpotInstanceRequestIds?: string[]; + SecondaryPrivateIpAddressCount?: number; /** - *The token to request the next set of results. This value is null
when
- * there are no more results to return.
The ID of the subnet associated with the network interface. Applies only if creating a network interface when launching an instance.
*/ - NextToken?: string; + SubnetId?: string; /** - *The maximum number of results to return in a single call. Specify a value between 5
- * and 1000. To retrieve the remaining results, make another call with the returned
- * NextToken
value.
Indicates whether to assign a carrier IP address to the network interface.
+ *You can only assign a carrier IP address to a network interface that is in a subnet in a Wavelength Zone. + * For more information about carrier IP addresses, see Carrier IP addresses in the Amazon Web Services Wavelength Developer Guide.
*/ - MaxResults?: number; + AssociateCarrierIpAddress?: boolean; + + /** + *The type of network interface.
+ *To create an Elastic Fabric Adapter (EFA), specify
+ * efa
. For more information, see Elastic Fabric Adapter in the
+ * Amazon Elastic Compute Cloud User Guide.
Valid values: interface
| efa
+ *
The index of the network card. Some instance types support multiple network cards. + * The primary network interface must be assigned to network card index 0. + * The default is network card index 0.
+ *If you are using RequestSpotInstances to create Spot Instances, omit this parameter because + * you can’t specify the network card index when using this API. To specify the network + * card index, use RunInstances.
+ */ + NetworkCardIndex?: number; + + /** + *One or more IPv4 delegated prefixes to be assigned to the network interface. You cannot
+ * use this option if you use the Ipv4PrefixCount
option.
The number of IPv4 delegated prefixes to be automatically assigned to the network interface.
+ * You cannot use this option if you use the Ipv4Prefix
option.
One or more IPv6 delegated prefixes to be assigned to the network interface. You cannot
+ * use this option if you use the Ipv6PrefixCount
option.
The number of IPv6 delegated prefixes to be automatically assigned to the network interface.
+ * You cannot use this option if you use the Ipv6Prefix
option.
Describes the monitoring of an instance.
+ *Describes Spot Instance placement.
*/ -export interface RunInstancesMonitoringEnabled { +export interface SpotPlacement { /** - *Indicates whether detailed monitoring is enabled. Otherwise, basic monitoring is - * enabled.
+ *The Availability Zone.
+ *[Spot Fleet only] To specify multiple Availability Zones, separate them using commas; + * for example, "us-west-2a, us-west-2b".
*/ - Enabled: boolean | undefined; + AvailabilityZone?: string; + + /** + *The name of the placement group.
+ */ + GroupName?: string; + + /** + *The tenancy of the instance (if the instance is running in a VPC). An instance with a
+ * tenancy of dedicated
runs on single-tenant hardware. The host
+ * tenancy is not supported for Spot Instances.
Describes the launch specification for an instance.
+ *The tags for a Spot Fleet resource.
*/ -export interface LaunchSpecification { +export interface SpotFleetTagSpecification { /** - *The Base64-encoded user data for the instance.
+ *The type of resource. Currently, the only resource type that is supported is
+ * instance
. To tag the Spot Fleet request on creation, use the
+ * TagSpecifications
parameter in
+ * SpotFleetRequestConfigData
+ * .
The tags.
+ */ + Tags?: Tag[]; +} + +export namespace SpotFleetTagSpecification { + /** + * @internal + */ + export const filterSensitiveLog = (obj: SpotFleetTagSpecification): any => ({ + ...obj, + }); +} +/** + *Describes the launch specification for one or more Spot Instances. If you include
+ * On-Demand capacity in your fleet request or want to specify an EFA network device, you
+ * can't use SpotFleetLaunchSpecification
; you must use LaunchTemplateConfig.
One or more security groups. When requesting instances in a VPC, you must specify the IDs of the security groups. When requesting instances in EC2-Classic, you can specify the names or the IDs of the security groups.
*/ @@ -10298,12 +9888,15 @@ export interface LaunchSpecification { AddressingType?: string; /** - *One or more block device mapping entries.
+ *One or more block devices that are mapped to the Spot Instances. You can't specify both + * a snapshot ID and an encryption value. This is because only blank volumes can be + * encrypted on creation. If a snapshot is the basis for a volume, it is not blank and its + * encryption status is used for the volume encryption status.
*/ BlockDeviceMappings?: BlockDeviceMapping[]; /** - *Indicates whether the instance is optimized for EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal EBS I/O performance. This optimization isn't available with all instance types. Additional usage charges apply when using an EBS Optimized instance.
+ *Indicates whether the instances are optimized for EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal EBS I/O performance. This optimization isn't available with all instance types. Additional usage charges apply when using an EBS Optimized instance.
*Default: false
*
Enable or disable monitoring for the instances.
+ */ + Monitoring?: SpotFleetMonitoring; + /** *One or more network interfaces. If you specify a network interface, you must specify - * subnet IDs and security group IDs using the network interface.
+ * subnet IDs and security group IDs using the network interface. + *
+ * SpotFleetLaunchSpecification
currently does not support Elastic Fabric Adapter (EFA). To specify an EFA, you must use LaunchTemplateConfig.
The placement information for the instance.
+ *The placement information.
*/ Placement?: SpotPlacement; /** - *The ID of the RAM disk.
+ *The ID of the RAM disk. Some kernels require additional drivers at launch. Check the kernel + * requirements for information about whether you need to specify a RAM disk. To find kernel + * requirements, refer to the Amazon Web Services Resource Center and search for the kernel ID.
+ */ + RamdiskId?: string; + + /** + *The maximum price per unit hour that you are willing to pay for a Spot Instance.
+ * If this value is not specified, the default is the Spot price specified for the fleet.
+ * To determine the Spot price per unit hour, divide the Spot price by the
+ * value of WeightedCapacity
.
The IDs of the subnets in which to launch the instances. To specify multiple subnets, separate + * them using commas; for example, "subnet-1234abcdeexample1, subnet-0987cdef6example2".
+ */ + SubnetId?: string; + + /** + *The Base64-encoded user data that instances use when starting up.
+ */ + UserData?: string; + + /** + *The number of units provided by the specified instance type. These are the same units that you chose to set the target capacity in terms of instances, or a performance characteristic such as vCPUs, memory, or I/O.
+ *If the target capacity divided by this value is not a whole number, Amazon EC2 rounds the number of instances to the next whole number. If this value is not specified, the default is 1.
+ */ + WeightedCapacity?: number; + + /** + *The tags to apply during creation.
+ */ + TagSpecifications?: SpotFleetTagSpecification[]; +} + +export namespace SpotFleetLaunchSpecification { + /** + * @internal + */ + export const filterSensitiveLog = (obj: SpotFleetLaunchSpecification): any => ({ + ...obj, + }); +} + +/** + *Describes overrides for a launch template.
+ */ +export interface LaunchTemplateOverrides { + /** + *The instance type.
+ */ + InstanceType?: _InstanceType | string; + + /** + *The maximum price per unit hour that you are willing to pay for a Spot + * Instance.
+ */ + SpotPrice?: string; + + /** + *The ID of the subnet in which to launch the instances.
+ */ + SubnetId?: string; + + /** + *The Availability Zone in which to launch the instances.
+ */ + AvailabilityZone?: string; + + /** + *The number of units provided by the specified instance type.
+ */ + WeightedCapacity?: number; + + /** + *The priority for the launch template override. The highest priority is launched + * first.
+ *If OnDemandAllocationStrategy
is set to prioritized
, Spot Fleet
+ * uses priority to determine which launch template override to use first in fulfilling
+ * On-Demand capacity.
If the Spot AllocationStrategy
is set to
+ * capacityOptimizedPrioritized
, Spot Fleet uses priority on a best-effort basis
+ * to determine which launch template override to use in fulfilling Spot capacity, but
+ * optimizes for capacity first.
Valid values are whole numbers starting at 0
. The lower the number, the
+ * higher the priority. If no number is set, the launch template override has the lowest
+ * priority. You can set the same priority for different launch template overrides.
Describes a launch template and overrides.
+ */ +export interface LaunchTemplateConfig { /** - *The ID of the subnet in which to launch the instance.
+ *The launch template.
*/ - SubnetId?: string; + LaunchTemplateSpecification?: FleetLaunchTemplateSpecification; /** - *Describes the monitoring of an instance.
+ *Any parameters that you specify override the same parameters in the launch + * template.
*/ - Monitoring?: RunInstancesMonitoringEnabled; + Overrides?: LaunchTemplateOverrides[]; } -export namespace LaunchSpecification { +export namespace LaunchTemplateConfig { /** * @internal */ - export const filterSensitiveLog = (obj: LaunchSpecification): any => ({ + export const filterSensitiveLog = (obj: LaunchTemplateConfig): any => ({ ...obj, }); } -export type SpotInstanceState = "active" | "cancelled" | "closed" | "failed" | "open"; - /** - *Describes the status of a Spot Instance request.
+ *Describes a Classic Load Balancer.
*/ -export interface SpotInstanceStatus { +export interface ClassicLoadBalancer { /** - *The status code. For a list of status codes, see Spot status codes in the Amazon EC2 User Guide for Linux Instances.
+ *The name of the load balancer.
*/ - Code?: string; + Name?: string; +} +export namespace ClassicLoadBalancer { /** - *The description for the status code.
+ * @internal */ - Message?: string; + export const filterSensitiveLog = (obj: ClassicLoadBalancer): any => ({ + ...obj, + }); +} +/** + *Describes the Classic Load Balancers to attach to a Spot Fleet. Spot Fleet registers + * the running Spot Instances with these Classic Load Balancers.
+ */ +export interface ClassicLoadBalancersConfig { /** - *The date and time of the most recent status update, in UTC format (for example, - * YYYY-MM-DDTHH:MM:SSZ).
+ *One or more Classic Load Balancers.
*/ - UpdateTime?: Date; + ClassicLoadBalancers?: ClassicLoadBalancer[]; } -export namespace SpotInstanceStatus { +export namespace ClassicLoadBalancersConfig { /** * @internal */ - export const filterSensitiveLog = (obj: SpotInstanceStatus): any => ({ + export const filterSensitiveLog = (obj: ClassicLoadBalancersConfig): any => ({ ...obj, }); } /** - *Describes a Spot Instance request.
+ *Describes a load balancer target group.
*/ -export interface SpotInstanceRequest { +export interface TargetGroup { /** - *Deprecated.
+ *The Amazon Resource Name (ARN) of the target group.
*/ - ActualBlockHourlyPrice?: string; + Arn?: string; +} +export namespace TargetGroup { /** - *The Availability Zone group. If you specify the same Availability Zone group for all Spot Instance requests, all Spot Instances are launched in the same Availability Zone.
+ * @internal */ - AvailabilityZoneGroup?: string; + export const filterSensitiveLog = (obj: TargetGroup): any => ({ + ...obj, + }); +} +/** + *Describes the target groups to attach to a Spot Fleet. Spot Fleet registers the + * running Spot Instances with these target groups.
+ */ +export interface TargetGroupsConfig { /** - *Deprecated.
+ *One or more target groups.
*/ - BlockDurationMinutes?: number; + TargetGroups?: TargetGroup[]; +} +export namespace TargetGroupsConfig { /** - *The date and time when the Spot Instance request was created, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).
+ * @internal */ - CreateTime?: Date; + export const filterSensitiveLog = (obj: TargetGroupsConfig): any => ({ + ...obj, + }); +} +/** + *Describes the Classic Load Balancers and target groups to attach to a Spot Fleet + * request.
+ */ +export interface LoadBalancersConfig { /** - *The fault codes for the Spot Instance request, if any.
+ *The Classic Load Balancers.
*/ - Fault?: SpotInstanceStateFault; + ClassicLoadBalancersConfig?: ClassicLoadBalancersConfig; /** - *The instance ID, if an instance has been launched to fulfill the Spot Instance request.
+ *The target groups.
*/ - InstanceId?: string; + TargetGroupsConfig?: TargetGroupsConfig; +} +export namespace LoadBalancersConfig { /** - *The instance launch group. Launch groups are Spot Instances that launch together and terminate together.
+ * @internal */ - LaunchGroup?: string; + export const filterSensitiveLog = (obj: LoadBalancersConfig): any => ({ + ...obj, + }); +} - /** - *Additional information for launching instances.
- */ - LaunchSpecification?: LaunchSpecification; +export enum OnDemandAllocationStrategy { + LOWEST_PRICE = "lowestPrice", + PRIORITIZED = "prioritized", +} - /** - *The Availability Zone in which the request is launched.
- */ - LaunchedAvailabilityZone?: string; +export enum ReplacementStrategy { + LAUNCH = "launch", +} +/** + *The Spot Instance replacement strategy to use when Amazon EC2 emits a signal that your + * Spot Instance is at an elevated risk of being interrupted. For more information, see + * Capacity rebalancing in the Amazon EC2 User Guide for Linux Instances.
+ */ +export interface SpotCapacityRebalance { /** - *The product description associated with the Spot Instance.
+ *The replacement strategy to use. Only available for fleets of type
+ * maintain
. You must specify a value, otherwise you get an error.
To allow Spot Fleet to launch a replacement Spot Instance when an instance rebalance
+ * notification is emitted for a Spot Instance in the fleet, specify
+ * launch
.
When a replacement instance is launched, the instance marked for rebalance is not + * automatically terminated. You can terminate it, or you can leave it running. You are + * charged for all instances while they are running.
+ *The ID of the Spot Instance request.
+ * @internal */ - SpotInstanceRequestId?: string; + export const filterSensitiveLog = (obj: SpotCapacityRebalance): any => ({ + ...obj, + }); +} +/** + *The strategies for managing your Spot Instances that are at an elevated risk of being + * interrupted.
+ */ +export interface SpotMaintenanceStrategies { /** - *The maximum price per hour that you are willing to pay for a Spot Instance.
+ *The strategy to use when Amazon EC2 emits a signal that your Spot Instance is at an + * elevated risk of being interrupted.
*/ - SpotPrice?: string; + CapacityRebalance?: SpotCapacityRebalance; +} +export namespace SpotMaintenanceStrategies { /** - *The state of the Spot Instance request. Spot status information helps track your Spot - * Instance requests. For more information, see Spot status in the - * Amazon EC2 User Guide for Linux Instances.
+ * @internal */ - State?: SpotInstanceState | string; + export const filterSensitiveLog = (obj: SpotMaintenanceStrategies): any => ({ + ...obj, + }); +} +/** + *Describes the configuration of a Spot Fleet request.
+ */ +export interface SpotFleetRequestConfigData { /** - *The status code and status message describing the Spot Instance request.
+ *Indicates how to allocate the target Spot Instance capacity across the Spot Instance pools specified by + * the Spot Fleet request.
+ *If the allocation strategy is lowestPrice
, Spot Fleet launches instances from
+ * the Spot Instance pools with the lowest price. This is the default allocation strategy.
If the allocation strategy is diversified
, Spot Fleet launches instances from
+ * all the Spot Instance pools that you specify.
If the allocation strategy is capacityOptimized
(recommended), Spot Fleet
+ * launches instances from Spot Instance pools with optimal capacity for the number of instances
+ * that are launching. To give certain instance types a higher chance of launching first,
+ * use capacityOptimizedPrioritized
. Set a priority for each instance type by
+ * using the Priority
parameter for LaunchTemplateOverrides
. You
+ * can assign the same priority to different LaunchTemplateOverrides
. EC2
+ * implements the priorities on a best-effort basis, but optimizes for capacity first.
+ * capacityOptimizedPrioritized
is supported only if your Spot Fleet uses a
+ * launch template. Note that if the OnDemandAllocationStrategy
is set to
+ * prioritized
, the same priority is applied when fulfilling On-Demand
+ * capacity.
Any tags assigned to the resource.
+ *The order of the launch template overrides to use in fulfilling On-Demand capacity. If
+ * you specify lowestPrice
, Spot Fleet uses price to determine the order, launching
+ * the lowest price first. If you specify prioritized
, Spot Fleet uses the priority
+ * that you assign to each Spot Fleet launch template override, launching the highest priority
+ * first. If you do not specify a value, Spot Fleet defaults to lowestPrice
.
The Spot Instance request type.
+ *The strategies for managing your Spot Instances that are at an elevated risk of being + * interrupted.
*/ - Type?: SpotInstanceType | string; + SpotMaintenanceStrategies?: SpotMaintenanceStrategies; /** - *The start date of the request, in UTC format (for example, - * YYYY-MM-DDTHH:MM:SSZ). - * The request becomes active at this date and time.
+ *A unique, case-sensitive identifier that you provide to ensure the idempotency of your + * listings. This helps to avoid duplicate listings. For more information, see Ensuring Idempotency.
*/ - ValidFrom?: Date; + ClientToken?: string; /** - *The end date of the request, in UTC format - * (YYYY-MM-DDTHH:MM:SSZ).
- *For a persistent request, the request remains active until the validUntil
date
- * and time is reached. Otherwise, the request remains active until you cancel it.
- *
For a one-time request, the request remains active until all instances launch,
- * the request is canceled, or the validUntil
date and time is reached. By default, the
- * request is valid for 7 days from the date the request was created.
Indicates whether running Spot Instances should be terminated if you decrease the + * target capacity of the Spot Fleet request below the current size of the Spot + * Fleet.
*/ - ValidUntil?: Date; + ExcessCapacityTerminationPolicy?: ExcessCapacityTerminationPolicy | string; /** - *The behavior when a Spot Instance is interrupted.
+ *The number of units fulfilled by this request compared to the set target capacity. You + * cannot set this value.
*/ - InstanceInterruptionBehavior?: InstanceInterruptionBehavior | string; -} + FulfilledCapacity?: number; -export namespace SpotInstanceRequest { /** - * @internal - */ - export const filterSensitiveLog = (obj: SpotInstanceRequest): any => ({ - ...obj, - }); -} + *The number of On-Demand units fulfilled by this request compared to the set target + * On-Demand capacity.
+ */ + OnDemandFulfilledCapacity?: number; -/** - *Contains the output of DescribeSpotInstanceRequests.
- */ -export interface DescribeSpotInstanceRequestsResult { /** - *One or more Spot Instance requests.
+ *The Amazon Resource Name (ARN) of an Identity and Access Management (IAM) role that
+ * grants the Spot Fleet the permission to request, launch, terminate, and tag instances on
+ * your behalf. For more information, see Spot
+ * Fleet prerequisites in the Amazon EC2 User Guide for Linux Instances. Spot Fleet
+ * can terminate Spot Instances on your behalf when you cancel its Spot Fleet request using
+ * CancelSpotFleetRequests or when the Spot Fleet request expires, if you set
+ * TerminateInstancesWithExpiration
.
The token to use to retrieve the next set of results. This value is null
- * when there are no more results to return.
The launch specifications for the Spot Fleet request. If you specify
+ * LaunchSpecifications
, you can't specify
+ * LaunchTemplateConfigs
. If you include On-Demand capacity in your
+ * request, you must use LaunchTemplateConfigs
.
The launch template and overrides. If you specify LaunchTemplateConfigs
,
+ * you can't specify LaunchSpecifications
. If you include On-Demand capacity
+ * in your request, you must use LaunchTemplateConfigs
.
Contains the parameters for DescribeSpotPriceHistory.
- */ -export interface DescribeSpotPriceHistoryRequest { /** - *One or more filters.
- *
- * availability-zone
- The Availability Zone for which prices should
- * be returned.
- * instance-type
- The type of instance (for example,
- * m3.medium
).
- * product-description
- The product description for the Spot price
- * (Linux/UNIX
| Red Hat Enterprise Linux
|
- * SUSE Linux
| Windows
| Linux/UNIX (Amazon
- * VPC)
| Red Hat Enterprise Linux (Amazon VPC)
|
- * SUSE Linux (Amazon VPC)
| Windows (Amazon
- * VPC)
).
- * spot-price
- The Spot price. The value must match exactly (or use
- * wildcards; greater than or less than comparison is not supported).
- * timestamp
- The time stamp of the Spot price history, in UTC format
- * (for example,
- * YYYY-MM-DDTHH:MM:SSZ).
- * You can use wildcards (* and ?). Greater than or less than comparison is not
- * supported.
The maximum price per unit hour that you are willing to pay for a Spot Instance. The + * default is the On-Demand price.
*/ - Filters?: Filter[]; + SpotPrice?: string; /** - *Filters the results by the specified Availability Zone.
+ *The number of units to request for the Spot Fleet. You can choose to set the target
+ * capacity in terms of instances or a performance characteristic that is important to your
+ * application workload, such as vCPUs, memory, or I/O. If the request type is
+ * maintain
, you can specify a target capacity of 0 and add capacity
+ * later.
Checks whether you have the required permissions for the action, without actually
- * making the request, and provides an error response. If you have the required
- * permissions, the error response is DryRunOperation
. Otherwise, it is
- * UnauthorizedOperation
.
The number of On-Demand units to request. You can choose to set the target capacity in
+ * terms of instances or a performance characteristic that is important to your application
+ * workload, such as vCPUs, memory, or I/O. If the request type is maintain
,
+ * you can specify a target capacity of 0 and add capacity later.
The date and time, up to the current date, from which to stop retrieving the price - * history data, in UTC format (for example, - * YYYY-MM-DDTHH:MM:SSZ).
+ *The maximum amount per hour for On-Demand Instances that you're willing to pay. You
+ * can use the onDemandMaxTotalPrice
parameter, the
+ * spotMaxTotalPrice
parameter, or both parameters to ensure that your
+ * fleet cost does not exceed your budget. If you set a maximum price per hour for the
+ * On-Demand Instances and Spot Instances in your request, Spot Fleet will launch instances until it reaches the
+ * maximum amount you're willing to pay. When the maximum amount you're willing to pay is
+ * reached, the fleet stops launching instances even if it hasn’t met the target
+ * capacity.
Filters the results by the specified instance types.
+ *The maximum amount per hour for Spot Instances that you're willing to pay. You can use
+ * the spotdMaxTotalPrice
parameter, the onDemandMaxTotalPrice
+ * parameter, or both parameters to ensure that your fleet cost does not exceed your
+ * budget. If you set a maximum price per hour for the On-Demand Instances and Spot Instances in your request,
+ * Spot Fleet will launch instances until it reaches the maximum amount you're willing to pay.
+ * When the maximum amount you're willing to pay is reached, the fleet stops launching
+ * instances even if it hasn’t met the target capacity.
The maximum number of results to return in a single call. Specify a value between 1
- * and 1000. The default value is 1000. To retrieve the remaining results, make another
- * call with the returned NextToken
value.
Indicates whether running Spot Instances are terminated when the Spot Fleet request + * expires.
*/ - MaxResults?: number; + TerminateInstancesWithExpiration?: boolean; /** - *The token for the next set of results.
+ *The type of request. Indicates whether the Spot Fleet only requests the target
+ * capacity or also attempts to maintain it. When this value is request
, the
+ * Spot Fleet only places the required requests. It does not attempt to replenish Spot
+ * Instances if capacity is diminished, nor does it submit requests in alternative Spot
+ * pools if capacity is not available. When this value is maintain
, the Spot
+ * Fleet maintains the target capacity. The Spot Fleet places the required requests to meet
+ * capacity and automatically replenishes any interrupted instances. Default:
+ * maintain
. instant
is listed but is not used by Spot
+ * Fleet.
Filters the results by the specified basic product descriptions.
+ *The start date and time of the request, in UTC format + * (YYYY-MM-DDTHH:MM:SSZ). + * By default, Amazon EC2 starts fulfilling the request immediately.
*/ - ProductDescriptions?: string[]; + ValidFrom?: Date; /** - *The date and time, up to the past 90 days, from which to start retrieving the price - * history data, in UTC format (for example, - * YYYY-MM-DDTHH:MM:SSZ).
+ *The end date and time of the request, in UTC format + * (YYYY-MM-DDTHH:MM:SSZ). + * After the end date and time, no new Spot Instance requests are placed or able to fulfill + * the request. If no value is specified, the Spot Fleet request remains until you cancel + * it.
*/ - StartTime?: Date; -} + ValidUntil?: Date; -export namespace DescribeSpotPriceHistoryRequest { /** - * @internal + *Indicates whether Spot Fleet should replace unhealthy instances.
*/ - export const filterSensitiveLog = (obj: DescribeSpotPriceHistoryRequest): any => ({ - ...obj, - }); -} + ReplaceUnhealthyInstances?: boolean; -/** - *Describes the maximum price per hour that you are willing to pay for a Spot - * Instance.
- */ -export interface SpotPrice { /** - *The Availability Zone.
+ *The behavior when a Spot Instance is interrupted. The default is
+ * terminate
.
The instance type.
+ *One or more Classic Load Balancers and target groups to attach to the Spot Fleet + * request. Spot Fleet registers the running Spot Instances with the specified Classic Load + * Balancers and target groups.
+ *With Network Load Balancers, Spot Fleet cannot register instances that have the + * following instance types: C1, CC1, CC2, CG1, CG2, CR1, CS1, G1, G2, HI1, HS1, M1, M2, + * M3, and T1.
*/ - InstanceType?: _InstanceType | string; + LoadBalancersConfig?: LoadBalancersConfig; /** - *A general description of the AMI.
+ *The number of Spot pools across which to allocate your target Spot capacity. Valid
+ * only when Spot AllocationStrategy is set to
+ * lowest-price
. Spot Fleet selects the cheapest Spot pools and evenly
+ * allocates your target Spot capacity across the number of Spot pools that you
+ * specify.
Note that Spot Fleet attempts to draw Spot Instances from the number of pools that you specify on a + * best effort basis. If a pool runs out of Spot capacity before fulfilling your target + * capacity, Spot Fleet will continue to fulfill your request by drawing from the next cheapest + * pool. To ensure that your target capacity is met, you might receive Spot Instances from more than + * the number of pools that you specified. Similarly, if most of the pools have no Spot + * capacity, you might receive your full target capacity from fewer than the number of + * pools that you specified.
*/ - ProductDescription?: RIProductDescription | string; + InstancePoolsToUseCount?: number; /** - *The maximum price per hour that you are willing to pay for a Spot Instance.
+ *Reserved.
*/ - SpotPrice?: string; + Context?: string; /** - *The date and time the request was created, in UTC format (for example, - * YYYY-MM-DDTHH:MM:SSZ).
+ *The key-value pair for tagging the Spot Fleet request on creation. The value for
+ * ResourceType
must be spot-fleet-request
, otherwise the
+ * Spot Fleet request fails. To tag instances at launch, specify the tags in the launch
+ * template (valid only if you use LaunchTemplateConfigs
) or in
+ * the
+ * SpotFleetTagSpecification
+ * (valid only if you use
+ * LaunchSpecifications
). For information about tagging after launch, see
+ * Tagging Your Resources.
Contains the output of DescribeSpotPriceHistory.
+ *Describes a Spot Fleet request.
*/ -export interface DescribeSpotPriceHistoryResult { - /** - *The token required to retrieve the next set of results. This value is null or an empty - * string when there are no more results to return.
- */ - NextToken?: string; - +export interface SpotFleetRequestConfig { /** - *The historical Spot prices.
+ *The progress of the Spot Fleet request.
+ * If there is an error, the status is error
.
+ * After all requests are placed, the status is pending_fulfillment
.
+ * If the size of the fleet is equal to or greater than its target capacity, the status is fulfilled
.
+ * If the size of the fleet is decreased, the status is pending_termination
+ * while Spot Instances are terminating.
The creation date and time of the request.
*/ - export const filterSensitiveLog = (obj: DescribeSpotPriceHistoryResult): any => ({ - ...obj, - }); -} + CreateTime?: Date; -export interface DescribeStaleSecurityGroupsRequest { /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The configuration of the Spot Fleet request.
*/ - DryRun?: boolean; + SpotFleetRequestConfig?: SpotFleetRequestConfigData; /** - *The maximum number of items to return for this request. The request returns a token that you can specify in a subsequent call to get the next set of results.
+ *The ID of the Spot Fleet request.
*/ - MaxResults?: number; + SpotFleetRequestId?: string; /** - *The token for the next set of items to return. (You received this token from a prior call.)
+ *The state of the Spot Fleet request.
*/ - NextToken?: string; + SpotFleetRequestState?: BatchState | string; /** - *The ID of the VPC.
+ *The tags for a Spot Fleet resource.
*/ - VpcId: string | undefined; + Tags?: Tag[]; } -export namespace DescribeStaleSecurityGroupsRequest { +export namespace SpotFleetRequestConfig { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeStaleSecurityGroupsRequest): any => ({ + export const filterSensitiveLog = (obj: SpotFleetRequestConfig): any => ({ ...obj, }); } /** - *Describes a stale rule in a security group.
+ *Contains the output of DescribeSpotFleetRequests.
*/ -export interface StaleIpPermission { - /** - *The start of the port range for the TCP and UDP protocols, or an ICMP type number. A value of
- * -1
indicates all ICMP types.
The IP protocol name (for tcp
, udp
, and icmp
) or number (see Protocol Numbers).
The IP ranges. Not applicable for stale security group rules.
- */ - IpRanges?: string[]; - - /** - *The prefix list IDs. Not applicable for stale security group rules.
- */ - PrefixListIds?: string[]; - +export interface DescribeSpotFleetRequestsResponse { /** - *The end of the port range for the TCP and UDP protocols, or an ICMP type number. A value of
- * -1
indicates all ICMP types.
The token required to retrieve the next set of results. This value is
+ * null
when there are no more results to return.
The security group pairs. Returns the ID of the referenced security group and VPC, and the ID and status of the VPC peering connection.
+ *Information about the configuration of your Spot Fleet.
*/ - UserIdGroupPairs?: UserIdGroupPair[]; + SpotFleetRequestConfigs?: SpotFleetRequestConfig[]; } -export namespace StaleIpPermission { +export namespace DescribeSpotFleetRequestsResponse { /** * @internal */ - export const filterSensitiveLog = (obj: StaleIpPermission): any => ({ + export const filterSensitiveLog = (obj: DescribeSpotFleetRequestsResponse): any => ({ ...obj, }); } /** - *Describes a stale security group (a security group that contains stale rules).
+ *Contains the parameters for DescribeSpotInstanceRequests.
*/ -export interface StaleSecurityGroup { - /** - *The description of the security group.
- */ - Description?: string; - +export interface DescribeSpotInstanceRequestsRequest { /** - *The ID of the security group.
+ *One or more filters.
+ *
+ * availability-zone-group
- The Availability Zone group.
+ * create-time
- The time stamp when the Spot Instance request was
+ * created.
+ * fault-code
- The fault code related to the request.
+ * fault-message
- The fault message related to the request.
+ * instance-id
- The ID of the instance that fulfilled the
+ * request.
+ * launch-group
- The Spot Instance launch group.
+ * launch.block-device-mapping.delete-on-termination
- Indicates
+ * whether the EBS volume is deleted on instance termination.
+ * launch.block-device-mapping.device-name
- The device name for the
+ * volume in the block device mapping (for example, /dev/sdh
or
+ * xvdh
).
+ * launch.block-device-mapping.snapshot-id
- The ID of the snapshot
+ * for the EBS volume.
+ * launch.block-device-mapping.volume-size
- The size of the EBS
+ * volume, in GiB.
+ * launch.block-device-mapping.volume-type
- The type of EBS volume:
+ * gp2
for General Purpose SSD, io1
or
+ * io2
for Provisioned IOPS SSD, st1
for Throughput
+ * Optimized HDD, sc1
for Cold HDD, or standard
for
+ * Magnetic.
+ * launch.group-id
- The ID of the security group for the
+ * instance.
+ * launch.group-name
- The name of the security group for the
+ * instance.
+ * launch.image-id
- The ID of the AMI.
+ * launch.instance-type
- The type of instance (for example,
+ * m3.medium
).
+ * launch.kernel-id
- The kernel ID.
+ * launch.key-name
- The name of the key pair the instance launched
+ * with.
+ * launch.monitoring-enabled
- Whether detailed monitoring is
+ * enabled for the Spot Instance.
+ * launch.ramdisk-id
- The RAM disk ID.
+ * launched-availability-zone
- The Availability Zone in which the
+ * request is launched.
+ * network-interface.addresses.primary
- Indicates whether the IP
+ * address is the primary private IP address.
+ * network-interface.delete-on-termination
- Indicates whether the
+ * network interface is deleted when the instance is terminated.
+ * network-interface.description
- A description of the network
+ * interface.
+ * network-interface.device-index
- The index of the device for the
+ * network interface attachment on the instance.
+ * network-interface.group-id
- The ID of the security group
+ * associated with the network interface.
+ * network-interface.network-interface-id
- The ID of the network
+ * interface.
+ * network-interface.private-ip-address
- The primary private IP
+ * address of the network interface.
+ * network-interface.subnet-id
- The ID of the subnet for the
+ * instance.
+ * product-description
- The product description associated with the
+ * instance (Linux/UNIX
| Windows
).
+ * spot-instance-request-id
- The Spot Instance request ID.
+ * spot-price
- The maximum hourly price for any Spot Instance
+ * launched to fulfill the request.
+ * state
- The state of the Spot Instance request (open
+ * | active
| closed
| cancelled
|
+ * failed
). Spot request status information can help you track
+ * your Amazon EC2 Spot Instance requests. For more information, see Spot
+ * request status in the Amazon EC2 User Guide for Linux Instances.
+ * status-code
- The short code describing the most recent
+ * evaluation of your Spot Instance request.
+ * status-message
- The message explaining the status of the Spot
+ * Instance request.
+ * tag:
- The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value.
+ * For example, to find all resources that have a tag with the key Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
+ * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
+ * type
- The type of Spot Instance request (one-time
|
+ * persistent
).
+ * valid-from
- The start date of the request.
+ * valid-until
- The end date of the request.
The name of the security group.
+ *Checks whether you have the required permissions for the action, without actually
+ * making the request, and provides an error response. If you have the required
+ * permissions, the error response is DryRunOperation
. Otherwise, it is
+ * UnauthorizedOperation
.
Information about the stale inbound rules in the security group.
+ *One or more Spot Instance request IDs.
*/ - StaleIpPermissions?: StaleIpPermission[]; + SpotInstanceRequestIds?: string[]; /** - *Information about the stale outbound rules in the security group.
+ *The token to request the next set of results. This value is null
when
+ * there are no more results to return.
The ID of the VPC for the security group.
+ *The maximum number of results to return in a single call. Specify a value between 5
+ * and 1000. To retrieve the remaining results, make another call with the returned
+ * NextToken
value.
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
- */ - NextToken?: string; - +/** + *Describes the monitoring of an instance.
+ */ +export interface RunInstancesMonitoringEnabled { /** - *Information about the stale security groups.
+ *Indicates whether detailed monitoring is enabled. Otherwise, basic monitoring is + * enabled.
*/ - StaleSecurityGroupSet?: StaleSecurityGroup[]; + Enabled: boolean | undefined; } -export namespace DescribeStaleSecurityGroupsResult { +export namespace RunInstancesMonitoringEnabled { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeStaleSecurityGroupsResult): any => ({ + export const filterSensitiveLog = (obj: RunInstancesMonitoringEnabled): any => ({ ...obj, }); } -export interface DescribeStoreImageTasksRequest { +/** + *Describes the launch specification for an instance.
+ */ +export interface LaunchSpecification { /** - *The AMI IDs for which to show progress. Up to 20 AMI IDs can be included in a request.
+ *The Base64-encoded user data for the instance.
*/ - ImageIds?: string[]; + UserData?: string; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
One or more security groups. When requesting instances in a VPC, you must specify the IDs of the security groups. When requesting instances in EC2-Classic, you can specify the names or the IDs of the security groups.
*/ - DryRun?: boolean; + SecurityGroups?: GroupIdentifier[]; /** - *The filters.
- *
- * task-state
- Returns tasks in a certain state (InProgress
|
- * Completed
| Failed
)
- * bucket
- Returns task information for tasks that targeted a specific
- * bucket. For the filter value, specify the bucket name.
Deprecated.
*/ - Filters?: Filter[]; + AddressingType?: string; /** - *The token for the next page of results.
+ *One or more block device mapping entries.
*/ - NextToken?: string; + BlockDeviceMappings?: BlockDeviceMapping[]; /** - *The maximum number of results to return in a single call. To retrieve the remaining
- * results, make another call with the returned NextToken
value. This value can be
- * between 1 and 200. You cannot specify this parameter and the ImageIDs
parameter
- * in the same call.
Indicates whether the instance is optimized for EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal EBS I/O performance. This optimization isn't available with all instance types. Additional usage charges apply when using an EBS Optimized instance.
+ *Default: false
+ *
The IAM instance profile.
*/ - export const filterSensitiveLog = (obj: DescribeStoreImageTasksRequest): any => ({ - ...obj, - }); -} + IamInstanceProfile?: IamInstanceProfileSpecification; -/** - *The information about the AMI store task, including the progress of the task.
- */ -export interface StoreImageTaskResult { /** - *The ID of the AMI that is being stored.
+ *The ID of the AMI.
*/ - AmiId?: string; + ImageId?: string; /** - *The time the task started.
+ *The instance type.
*/ - TaskStartTime?: Date; + InstanceType?: _InstanceType | string; /** - *The name of the Amazon S3 bucket that contains the stored AMI object.
+ *The ID of the kernel.
*/ - Bucket?: string; + KernelId?: string; /** - *The name of the stored AMI object in the bucket.
+ *The name of the key pair.
*/ - S3objectKey?: string; + KeyName?: string; /** - *The progress of the task as a percentage.
+ *One or more network interfaces. If you specify a network interface, you must specify + * subnet IDs and security group IDs using the network interface.
*/ - ProgressPercentage?: number; + NetworkInterfaces?: InstanceNetworkInterfaceSpecification[]; /** - *The state of the store task (InProgress
, Completed
, or
- * Failed
).
The placement information for the instance.
*/ - StoreTaskState?: string; + Placement?: SpotPlacement; /** - *If the tasks fails, the reason for the failure is returned. If the task succeeds,
- * null
is returned.
The ID of the RAM disk.
*/ - StoreTaskFailureReason?: string; + RamdiskId?: string; + + /** + *The ID of the subnet in which to launch the instance.
+ */ + SubnetId?: string; + + /** + *Describes the monitoring of an instance.
+ */ + Monitoring?: RunInstancesMonitoringEnabled; } -export namespace StoreImageTaskResult { +export namespace LaunchSpecification { /** * @internal */ - export const filterSensitiveLog = (obj: StoreImageTaskResult): any => ({ + export const filterSensitiveLog = (obj: LaunchSpecification): any => ({ ...obj, }); } -export interface DescribeStoreImageTasksResult { - /** - *The information about the AMI store tasks.
- */ - StoreImageTaskResults?: StoreImageTaskResult[]; +export type SpotInstanceState = "active" | "cancelled" | "closed" | "failed" | "open"; +/** + *Describes the status of a Spot Instance request.
+ */ +export interface SpotInstanceStatus { /** - *The token to use to retrieve the next page of results. This value is null
- * when there are no more results to return.
The status code. For a list of status codes, see Spot status codes in the Amazon EC2 User Guide for Linux Instances.
*/ - NextToken?: string; -} + Code?: string; -export namespace DescribeStoreImageTasksResult { /** - * @internal + *The description for the status code.
*/ - export const filterSensitiveLog = (obj: DescribeStoreImageTasksResult): any => ({ - ...obj, - }); -} + Message?: string; -export interface DescribeSubnetsRequest { /** - *One or more filters.
- *
- * availability-zone
- The Availability Zone for the subnet. You can also use
- * availabilityZone
as the filter name.
- * availability-zone-id
- The ID of the Availability Zone for the subnet.
- * You can also use availabilityZoneId
as the filter name.
- * available-ip-address-count
- The number of IPv4 addresses in the
- * subnet that are available.
- * cidr-block
- The IPv4 CIDR block of the subnet. The CIDR block you
- * specify must exactly match the subnet's CIDR block for information to be
- * returned for the subnet. You can also use cidr
or
- * cidrBlock
as the filter names.
- * default-for-az
- Indicates whether this is the default subnet for the
- * Availability Zone. You can also use defaultForAz
as the filter name.
- * ipv6-cidr-block-association.ipv6-cidr-block
- An IPv6 CIDR
- * block associated with the subnet.
- * ipv6-cidr-block-association.association-id
- An association ID
- * for an IPv6 CIDR block associated with the subnet.
- * ipv6-cidr-block-association.state
- The state of an IPv6 CIDR
- * block associated with the subnet.
- * outpost-arn
- The Amazon Resource Name (ARN) of the Outpost.
- * owner-id
- The ID of the Amazon Web Services account that owns the subnet.
- * state
- The state of the subnet (pending
| available
).
- * subnet-arn
- The Amazon Resource Name (ARN) of the subnet.
- * subnet-id
- The ID of the subnet.
- * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
- * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
- * vpc-id
- The ID of the VPC for the subnet.
The date and time of the most recent status update, in UTC format (for example, + * YYYY-MM-DDTHH:MM:SSZ).
+ */ + UpdateTime?: Date; +} + +export namespace SpotInstanceStatus { + /** + * @internal */ - Filters?: Filter[]; + export const filterSensitiveLog = (obj: SpotInstanceStatus): any => ({ + ...obj, + }); +} +/** + *Describes a Spot Instance request.
+ */ +export interface SpotInstanceRequest { /** - *One or more subnet IDs.
- *Default: Describes all your subnets.
+ *Deprecated.
*/ - SubnetIds?: string[]; + ActualBlockHourlyPrice?: string; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The Availability Zone group. If you specify the same Availability Zone group for all Spot Instance requests, all Spot Instances are launched in the same Availability Zone.
*/ - DryRun?: boolean; + AvailabilityZoneGroup?: string; /** - *The token for the next page of results.
+ *Deprecated.
*/ - NextToken?: string; + BlockDurationMinutes?: number; /** - *The maximum number of results to return with a single call.
- * To retrieve the remaining results, make another call with the returned nextToken
value.
The date and time when the Spot Instance request was created, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).
*/ - MaxResults?: number; -} + CreateTime?: Date; -export namespace DescribeSubnetsRequest { /** - * @internal + *The fault codes for the Spot Instance request, if any.
*/ - export const filterSensitiveLog = (obj: DescribeSubnetsRequest): any => ({ - ...obj, - }); -} + Fault?: SpotInstanceStateFault; -export interface DescribeSubnetsResult { /** - *Information about one or more subnets.
+ *The instance ID, if an instance has been launched to fulfill the Spot Instance request.
*/ - Subnets?: Subnet[]; + InstanceId?: string; /** - *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The instance launch group. Launch groups are Spot Instances that launch together and terminate together.
*/ - NextToken?: string; -} + LaunchGroup?: string; -export namespace DescribeSubnetsResult { /** - * @internal + *Additional information for launching instances.
*/ - export const filterSensitiveLog = (obj: DescribeSubnetsResult): any => ({ - ...obj, - }); -} + LaunchSpecification?: LaunchSpecification; -export interface DescribeTagsRequest { /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The Availability Zone in which the request is launched.
*/ - DryRun?: boolean; + LaunchedAvailabilityZone?: string; /** - *The filters.
- *
- * key
- The tag key.
- * resource-id
- The ID of the resource.
- * resource-type
- The resource type (customer-gateway
| dedicated-host
| dhcp-options
| elastic-ip
| fleet
| fpga-image
| host-reservation
| image
| instance
| internet-gateway
| key-pair
| launch-template
| natgateway
| network-acl
| network-interface
| placement-group
| reserved-instances
| route-table
| security-group
| snapshot
| spot-instances-request
| subnet
| volume
| vpc
| vpc-endpoint
| vpc-endpoint-service
| vpc-peering-connection
| vpn-connection
| vpn-gateway
).
- * tag
:
- * value
- The tag value.
The product description associated with the Spot Instance.
*/ - Filters?: Filter[]; + ProductDescription?: RIProductDescription | string; /** - *The maximum number of results to return in a single call.
- * This value can be between 5 and 1000.
- * To retrieve the remaining results, make another call with the returned NextToken
value.
The ID of the Spot Instance request.
*/ - MaxResults?: number; + SpotInstanceRequestId?: string; /** - *The token to retrieve the next page of results.
+ *The maximum price per hour that you are willing to pay for a Spot Instance.
*/ - NextToken?: string; -} + SpotPrice?: string; -export namespace DescribeTagsRequest { /** - * @internal + *The state of the Spot Instance request. Spot status information helps track your Spot + * Instance requests. For more information, see Spot status in the + * Amazon EC2 User Guide for Linux Instances.
*/ - export const filterSensitiveLog = (obj: DescribeTagsRequest): any => ({ - ...obj, - }); -} + State?: SpotInstanceState | string; -/** - *Describes a tag.
- */ -export interface TagDescription { /** - *The tag key.
+ *The status code and status message describing the Spot Instance request.
*/ - Key?: string; + Status?: SpotInstanceStatus; /** - *The ID of the resource.
+ *Any tags assigned to the resource.
*/ - ResourceId?: string; + Tags?: Tag[]; /** - *The resource type.
+ *The Spot Instance request type.
*/ - ResourceType?: ResourceType | string; + Type?: SpotInstanceType | string; /** - *The tag value.
+ *The start date of the request, in UTC format (for example, + * YYYY-MM-DDTHH:MM:SSZ). + * The request becomes active at this date and time.
*/ - Value?: string; + ValidFrom?: Date; + + /** + *The end date of the request, in UTC format + * (YYYY-MM-DDTHH:MM:SSZ).
+ *For a persistent request, the request remains active until the validUntil
date
+ * and time is reached. Otherwise, the request remains active until you cancel it.
+ *
For a one-time request, the request remains active until all instances launch,
+ * the request is canceled, or the validUntil
date and time is reached. By default, the
+ * request is valid for 7 days from the date the request was created.
The behavior when a Spot Instance is interrupted.
+ */ + InstanceInterruptionBehavior?: InstanceInterruptionBehavior | string; } -export namespace TagDescription { +export namespace SpotInstanceRequest { /** * @internal */ - export const filterSensitiveLog = (obj: TagDescription): any => ({ + export const filterSensitiveLog = (obj: SpotInstanceRequest): any => ({ ...obj, }); } -export interface DescribeTagsResult { +/** + *Contains the output of DescribeSpotInstanceRequests.
+ */ +export interface DescribeSpotInstanceRequestsResult { /** - *The token to use to retrieve the next page of results. This value is
- * null
when there are no more results to return.
One or more Spot Instance requests.
*/ - NextToken?: string; + SpotInstanceRequests?: SpotInstanceRequest[]; /** - *The tags.
+ *The token to use to retrieve the next set of results. This value is null
+ * when there are no more results to return.
Contains the parameters for DescribeSpotPriceHistory.
+ */ +export interface DescribeSpotPriceHistoryRequest { /** - *The ID of the Traffic Mirror filter.
+ *One or more filters.
+ *
+ * availability-zone
- The Availability Zone for which prices should
+ * be returned.
+ * instance-type
- The type of instance (for example,
+ * m3.medium
).
+ * product-description
- The product description for the Spot price
+ * (Linux/UNIX
| Red Hat Enterprise Linux
|
+ * SUSE Linux
| Windows
| Linux/UNIX (Amazon
+ * VPC)
| Red Hat Enterprise Linux (Amazon VPC)
|
+ * SUSE Linux (Amazon VPC)
| Windows (Amazon
+ * VPC)
).
+ * spot-price
- The Spot price. The value must match exactly (or use
+ * wildcards; greater than or less than comparison is not supported).
+ * timestamp
- The time stamp of the Spot price history, in UTC format
+ * (for example,
+ * YYYY-MM-DDTHH:MM:SSZ).
+ * You can use wildcards (* and ?). Greater than or less than comparison is not
+ * supported.
Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
Filters the results by the specified Availability Zone.
+ */ + AvailabilityZone?: string; + + /** + *Checks whether you have the required permissions for the action, without actually
+ * making the request, and provides an error response. If you have the required
+ * permissions, the error response is DryRunOperation
. Otherwise, it is
+ * UnauthorizedOperation
.
One or more filters. The possible values are:
- *
- * description
: The Traffic Mirror filter description.
- * traffic-mirror-filter-id
: The ID of the Traffic Mirror filter.
The date and time, up to the current date, from which to stop retrieving the price + * history data, in UTC format (for example, + * YYYY-MM-DDTHH:MM:SSZ).
*/ - Filters?: Filter[]; + EndTime?: Date; /** - *The maximum number of results to return with a single call.
- * To retrieve the remaining results, make another call with the returned nextToken
value.
Filters the results by the specified instance types.
*/ - MaxResults?: number; + InstanceTypes?: (_InstanceType | string)[]; /** - *The token for the next page of results.
+ *The maximum number of results to return in a single call. Specify a value between 1
+ * and 1000. The default value is 1000. To retrieve the remaining results, make another
+ * call with the returned NextToken
value.
The token for the next set of results.
*/ - export const filterSensitiveLog = (obj: DescribeTrafficMirrorFiltersRequest): any => ({ - ...obj, - }); -} + NextToken?: string; -export interface DescribeTrafficMirrorFiltersResult { /** - *Information about one or more Traffic Mirror filters.
+ *Filters the results by the specified basic product descriptions.
*/ - TrafficMirrorFilters?: TrafficMirrorFilter[]; + ProductDescriptions?: string[]; /** - *The token to use to retrieve the next page of results. The value is null
when there are no more results to return.
The date and time, up to the past 90 days, from which to start retrieving the price + * history data, in UTC format (for example, + * YYYY-MM-DDTHH:MM:SSZ).
*/ - NextToken?: string; + StartTime?: Date; } -export namespace DescribeTrafficMirrorFiltersResult { +export namespace DescribeSpotPriceHistoryRequest { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeTrafficMirrorFiltersResult): any => ({ + export const filterSensitiveLog = (obj: DescribeSpotPriceHistoryRequest): any => ({ ...obj, }); } -export interface DescribeTrafficMirrorSessionsRequest { +/** + *Describes the maximum price per hour that you are willing to pay for a Spot + * Instance.
+ */ +export interface SpotPrice { /** - *The ID of the Traffic Mirror session.
+ *The Availability Zone.
*/ - TrafficMirrorSessionIds?: string[]; + AvailabilityZone?: string; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The instance type.
*/ - DryRun?: boolean; + InstanceType?: _InstanceType | string; /** - *One or more filters. The possible values are:
- *
- * description
: The Traffic Mirror session description.
- * network-interface-id
: The ID of the Traffic Mirror session network interface.
- * owner-id
: The ID of the account that owns the Traffic Mirror session.
- * packet-length
: The assigned number of packets to mirror.
- * session-number
: The assigned session number.
- * traffic-mirror-filter-id
: The ID of the Traffic Mirror filter.
- * traffic-mirror-session-id
: The ID of the Traffic Mirror session.
- * traffic-mirror-target-id
: The ID of the Traffic Mirror target.
- * virtual-network-id
: The virtual network ID of the Traffic Mirror session.
A general description of the AMI.
*/ - Filters?: Filter[]; + ProductDescription?: RIProductDescription | string; /** - *The maximum number of results to return with a single call.
- * To retrieve the remaining results, make another call with the returned nextToken
value.
The maximum price per hour that you are willing to pay for a Spot Instance.
*/ - MaxResults?: number; + SpotPrice?: string; /** - *The token for the next page of results.
+ *The date and time the request was created, in UTC format (for example, + * YYYY-MM-DDTHH:MM:SSZ).
*/ - NextToken?: string; + Timestamp?: Date; } -export namespace DescribeTrafficMirrorSessionsRequest { +export namespace SpotPrice { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeTrafficMirrorSessionsRequest): any => ({ + export const filterSensitiveLog = (obj: SpotPrice): any => ({ ...obj, }); } -export interface DescribeTrafficMirrorSessionsResult { +/** + *Contains the output of DescribeSpotPriceHistory.
+ */ +export interface DescribeSpotPriceHistoryResult { /** - *Describes one or more Traffic Mirror sessions. By default, all Traffic Mirror sessions are described. Alternatively, you can filter the results.
+ *The token required to retrieve the next set of results. This value is null or an empty + * string when there are no more results to return.
*/ - TrafficMirrorSessions?: TrafficMirrorSession[]; + NextToken?: string; /** - *The token to use to retrieve the next page of results. The value is null
when there are no more results to return.
The historical Spot prices.
*/ - NextToken?: string; + SpotPriceHistory?: SpotPrice[]; } -export namespace DescribeTrafficMirrorSessionsResult { +export namespace DescribeSpotPriceHistoryResult { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeTrafficMirrorSessionsResult): any => ({ + export const filterSensitiveLog = (obj: DescribeSpotPriceHistoryResult): any => ({ ...obj, }); } -export interface DescribeTrafficMirrorTargetsRequest { - /** - *The ID of the Traffic Mirror targets.
- */ - TrafficMirrorTargetIds?: string[]; - +export interface DescribeStaleSecurityGroupsRequest { /** *Checks whether you have the required permissions for the action, without actually making the request,
* and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
@@ -11426,295 +11259,362 @@ export interface DescribeTrafficMirrorTargetsRequest {
DryRun?: boolean;
/**
- *
One or more filters. The possible values are:
- *
- * description
: The Traffic Mirror target description.
- * network-interface-id
: The ID of the Traffic Mirror session network interface.
- * network-load-balancer-arn
: The Amazon Resource Name (ARN) of the Network Load Balancer that is associated with the session.
- * owner-id
: The ID of the account that owns the Traffic Mirror session.
- * traffic-mirror-target-id
: The ID of the Traffic Mirror target.
The maximum number of items to return for this request. The request returns a token that you can specify in a subsequent call to get the next set of results.
*/ - Filters?: Filter[]; + MaxResults?: number; /** - *The maximum number of results to return with a single call.
- * To retrieve the remaining results, make another call with the returned nextToken
value.
The token for the next set of items to return. (You received this token from a prior call.)
*/ - MaxResults?: number; + NextToken?: string; /** - *The token for the next page of results.
+ *The ID of the VPC.
*/ - NextToken?: string; + VpcId: string | undefined; } -export namespace DescribeTrafficMirrorTargetsRequest { +export namespace DescribeStaleSecurityGroupsRequest { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeTrafficMirrorTargetsRequest): any => ({ + export const filterSensitiveLog = (obj: DescribeStaleSecurityGroupsRequest): any => ({ ...obj, }); } -export interface DescribeTrafficMirrorTargetsResult { +/** + *Describes a stale rule in a security group.
+ */ +export interface StaleIpPermission { /** - *Information about one or more Traffic Mirror targets.
+ *The start of the port range for the TCP and UDP protocols, or an ICMP type number. A value of
+ * -1
indicates all ICMP types.
The token to use to retrieve the next page of results. The value is null
when there are no more results to return.
The IP protocol name (for tcp
, udp
, and icmp
) or number (see Protocol Numbers).
The IP ranges. Not applicable for stale security group rules.
*/ - export const filterSensitiveLog = (obj: DescribeTrafficMirrorTargetsResult): any => ({ - ...obj, - }); -} + IpRanges?: string[]; -export interface DescribeTransitGatewayAttachmentsRequest { /** - *The IDs of the attachments.
+ *The prefix list IDs. Not applicable for stale security group rules.
*/ - TransitGatewayAttachmentIds?: string[]; + PrefixListIds?: string[]; /** - *One or more filters. The possible values are:
- *
- * association.state
- The state of the association (associating
| associated
|
- * disassociating
).
- * association.transit-gateway-route-table-id
- The ID of the route table for the transit gateway.
- * resource-id
- The ID of the resource.
- * resource-owner-id
- The ID of the Amazon Web Services account that owns the resource.
- * resource-type
- The resource type. Valid values are vpc
- * | vpn
| direct-connect-gateway
| peering
- * | connect
.
- * state
- The state of the attachment. Valid values are available
| deleted
| deleting
| failed
| failing
| initiatingRequest
| modifying
| pendingAcceptance
| pending
| rollingBack
| rejected
| rejecting
.
- * transit-gateway-attachment-id
- The ID of the attachment.
- * transit-gateway-id
- The ID of the transit gateway.
- * transit-gateway-owner-id
- The ID of the Amazon Web Services account that owns the transit gateway.
The end of the port range for the TCP and UDP protocols, or an ICMP type number. A value of
+ * -1
indicates all ICMP types.
The security group pairs. Returns the ID of the referenced security group and VPC, and the ID and status of the VPC peering connection.
+ */ + UserIdGroupPairs?: UserIdGroupPair[]; +} + +export namespace StaleIpPermission { + /** + * @internal */ - Filters?: Filter[]; + export const filterSensitiveLog = (obj: StaleIpPermission): any => ({ + ...obj, + }); +} +/** + *Describes a stale security group (a security group that contains stale rules).
+ */ +export interface StaleSecurityGroup { /** - *The maximum number of results to return with a single call.
- * To retrieve the remaining results, make another call with the returned nextToken
value.
The description of the security group.
*/ - MaxResults?: number; + Description?: string; /** - *The token for the next page of results.
+ *The ID of the security group.
*/ - NextToken?: string; + GroupId?: string; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The name of the security group.
*/ - DryRun?: boolean; + GroupName?: string; + + /** + *Information about the stale inbound rules in the security group.
+ */ + StaleIpPermissions?: StaleIpPermission[]; + + /** + *Information about the stale outbound rules in the security group.
+ */ + StaleIpPermissionsEgress?: StaleIpPermission[]; + + /** + *The ID of the VPC for the security group.
+ */ + VpcId?: string; } -export namespace DescribeTransitGatewayAttachmentsRequest { +export namespace StaleSecurityGroup { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeTransitGatewayAttachmentsRequest): any => ({ + export const filterSensitiveLog = (obj: StaleSecurityGroup): any => ({ ...obj, }); } -/** - *Describes an association.
- */ -export interface TransitGatewayAttachmentAssociation { +export interface DescribeStaleSecurityGroupsResult { /** - *The ID of the route table for the transit gateway.
+ *The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
*/ - TransitGatewayRouteTableId?: string; + NextToken?: string; /** - *The state of the association.
+ *Information about the stale security groups.
*/ - State?: TransitGatewayAssociationState | string; + StaleSecurityGroupSet?: StaleSecurityGroup[]; } -export namespace TransitGatewayAttachmentAssociation { +export namespace DescribeStaleSecurityGroupsResult { /** * @internal */ - export const filterSensitiveLog = (obj: TransitGatewayAttachmentAssociation): any => ({ + export const filterSensitiveLog = (obj: DescribeStaleSecurityGroupsResult): any => ({ ...obj, }); } -/** - *Describes an attachment between a resource and a transit gateway.
- */ -export interface TransitGatewayAttachment { +export interface DescribeStoreImageTasksRequest { /** - *The ID of the attachment.
+ *The AMI IDs for which to show progress. Up to 20 AMI IDs can be included in a request.
*/ - TransitGatewayAttachmentId?: string; + ImageIds?: string[]; /** - *The ID of the transit gateway.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The ID of the Amazon Web Services account that owns the transit gateway.
+ *The filters.
+ *
+ * task-state
- Returns tasks in a certain state (InProgress
|
+ * Completed
| Failed
)
+ * bucket
- Returns task information for tasks that targeted a specific
+ * bucket. For the filter value, specify the bucket name.
The ID of the Amazon Web Services account that owns the resource.
+ *The token for the next page of results.
*/ - ResourceOwnerId?: string; + NextToken?: string; /** - *The resource type. Note that the tgw-peering
resource type has been deprecated.
The maximum number of results to return in a single call. To retrieve the remaining
+ * results, make another call with the returned NextToken
value. This value can be
+ * between 1 and 200. You cannot specify this parameter and the ImageIDs
parameter
+ * in the same call.
The ID of the resource.
+ * @internal */ - ResourceId?: string; + export const filterSensitiveLog = (obj: DescribeStoreImageTasksRequest): any => ({ + ...obj, + }); +} +/** + *The information about the AMI store task, including the progress of the task.
+ */ +export interface StoreImageTaskResult { /** - *The attachment state. Note that the initiating
state has been deprecated.
The ID of the AMI that is being stored.
*/ - State?: TransitGatewayAttachmentState | string; + AmiId?: string; /** - *The association.
+ *The time the task started.
*/ - Association?: TransitGatewayAttachmentAssociation; + TaskStartTime?: Date; /** - *The creation time.
+ *The name of the Amazon S3 bucket that contains the stored AMI object.
*/ - CreationTime?: Date; + Bucket?: string; /** - *The tags for the attachment.
+ *The name of the stored AMI object in the bucket.
*/ - Tags?: Tag[]; + S3objectKey?: string; + + /** + *The progress of the task as a percentage.
+ */ + ProgressPercentage?: number; + + /** + *The state of the store task (InProgress
, Completed
, or
+ * Failed
).
If the tasks fails, the reason for the failure is returned. If the task succeeds,
+ * null
is returned.
Information about the attachments.
+ *The information about the AMI store tasks.
*/ - TransitGatewayAttachments?: TransitGatewayAttachment[]; + StoreImageTaskResults?: StoreImageTaskResult[]; /** - *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The token to use to retrieve the next page of results. This value is null
+ * when there are no more results to return.
The IDs of the Connect peers.
- */ - TransitGatewayConnectPeerIds?: string[]; - +export interface DescribeSubnetsRequest { /** - *One or more filters. The possible values are:
+ *One or more filters.
*
- * state
- The state of the Connect peer (pending
|
- * available
| deleting
|
- * deleted
).
+ * availability-zone
- The Availability Zone for the subnet. You can also use
+ * availabilityZone
as the filter name.
- * transit-gateway-attachment-id
- The ID of the attachment.
+ * availability-zone-id
- The ID of the Availability Zone for the subnet.
+ * You can also use availabilityZoneId
as the filter name.
- * transit-gateway-connect-peer-id
- The ID of the Connect peer.
+ * available-ip-address-count
- The number of IPv4 addresses in the
+ * subnet that are available.
+ * cidr-block
- The IPv4 CIDR block of the subnet. The CIDR block you
+ * specify must exactly match the subnet's CIDR block for information to be
+ * returned for the subnet. You can also use cidr
or
+ * cidrBlock
as the filter names.
+ * default-for-az
- Indicates whether this is the default subnet for the
+ * Availability Zone. You can also use defaultForAz
as the filter name.
+ * ipv6-cidr-block-association.ipv6-cidr-block
- An IPv6 CIDR
+ * block associated with the subnet.
+ * ipv6-cidr-block-association.association-id
- An association ID
+ * for an IPv6 CIDR block associated with the subnet.
+ * ipv6-cidr-block-association.state
- The state of an IPv6 CIDR
+ * block associated with the subnet.
+ * outpost-arn
- The Amazon Resource Name (ARN) of the Outpost.
+ * owner-id
- The ID of the Amazon Web Services account that owns the subnet.
+ * state
- The state of the subnet (pending
| available
).
+ * subnet-arn
- The Amazon Resource Name (ARN) of the subnet.
+ * subnet-id
- The ID of the subnet.
+ * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
+ * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
+ * vpc-id
- The ID of the VPC for the subnet.
The maximum number of results to return with a single call.
- * To retrieve the remaining results, make another call with the returned nextToken
value.
One or more subnet IDs.
+ *Default: Describes all your subnets.
+ */ + SubnetIds?: string[]; + + /** + *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The token for the next page of results.
@@ -11722,27 +11622,26 @@ export interface DescribeTransitGatewayConnectPeersRequest { NextToken?: string; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The maximum number of results to return with a single call.
+ * To retrieve the remaining results, make another call with the returned nextToken
value.
Information about the Connect peers.
+ *Information about one or more subnets.
*/ - TransitGatewayConnectPeers?: TransitGatewayConnectPeer[]; + Subnets?: Subnet[]; /** *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The IDs of the attachments.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
One or more filters. The possible values are:
- *The filters.
+ *
- * options.protocol
- The tunnel protocol (gre
).
key
- The tag key.
*
- * state
- The state of the attachment (initiating
|
- * initiatingRequest
| pendingAcceptance
|
- * rollingBack
| pending
| available
|
- * modifying
| deleting
| deleted
|
- * failed
| rejected
| rejecting
|
- * failing
).
resource-id
- The ID of the resource.
*
- * transit-gateway-attachment-id
- The ID of the
- * Connect attachment.
+ * resource-type
- The resource type (customer-gateway
| dedicated-host
| dhcp-options
| elastic-ip
| fleet
| fpga-image
| host-reservation
| image
| instance
| internet-gateway
| key-pair
| launch-template
| natgateway
| network-acl
| network-interface
| placement-group
| reserved-instances
| route-table
| security-group
| snapshot
| spot-instances-request
| subnet
| volume
| vpc
| vpc-endpoint
| vpc-endpoint-service
| vpc-peering-connection
| vpn-connection
| vpn-gateway
).
- * transit-gateway-id
- The ID of the transit gateway.
tag
:
- * transport-transit-gateway-attachment-id
- The ID of the transit gateway attachment from which the Connect attachment was created.
value
- The tag value.
* The maximum number of results to return with a single call.
- * To retrieve the remaining results, make another call with the returned nextToken
value.
The maximum number of results to return in a single call.
+ * This value can be between 5 and 1000.
+ * To retrieve the remaining results, make another call with the returned NextToken
value.
The token for the next page of results.
- */ - NextToken?: string; - - /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
Information about the Connect attachments.
- */ - TransitGatewayConnects?: TransitGatewayConnect[]; - - /** - *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The token to retrieve the next page of results.
*/ NextToken?: string; } -export namespace DescribeTransitGatewayConnectsResult { +export namespace DescribeTagsRequest { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeTransitGatewayConnectsResult): any => ({ + export const filterSensitiveLog = (obj: DescribeTagsRequest): any => ({ ...obj, }); } -export interface DescribeTransitGatewayMulticastDomainsRequest { - /** - *The ID of the transit gateway multicast domain.
- */ - TransitGatewayMulticastDomainIds?: string[]; - +/** + *Describes a tag.
+ */ +export interface TagDescription { /** - *One or more filters. The possible values are:
- *
- * state
- The state of the transit gateway multicast domain. Valid values are pending
| available
| deleting
| deleted
.
- * transit-gateway-id
- The ID of the transit gateway.
- * transit-gateway-multicast-domain-id
- The ID of the transit gateway multicast domain.
The tag key.
*/ - Filters?: Filter[]; + Key?: string; /** - *The maximum number of results to return with a single call.
- * To retrieve the remaining results, make another call with the returned nextToken
value.
The ID of the resource.
*/ - MaxResults?: number; + ResourceId?: string; /** - *The token for the next page of results.
+ *The resource type.
*/ - NextToken?: string; + ResourceType?: ResourceType | string; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The tag value.
*/ - DryRun?: boolean; + Value?: string; } -export namespace DescribeTransitGatewayMulticastDomainsRequest { +export namespace TagDescription { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeTransitGatewayMulticastDomainsRequest): any => ({ + export const filterSensitiveLog = (obj: TagDescription): any => ({ ...obj, }); } -export interface DescribeTransitGatewayMulticastDomainsResult { +export interface DescribeTagsResult { /** - *Information about the transit gateway multicast domains.
+ *The token to use to retrieve the next page of results. This value is
+ * null
when there are no more results to return.
The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The tags.
*/ - NextToken?: string; + Tags?: TagDescription[]; } -export namespace DescribeTransitGatewayMulticastDomainsResult { +export namespace DescribeTagsResult { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeTransitGatewayMulticastDomainsResult): any => ({ + export const filterSensitiveLog = (obj: DescribeTagsResult): any => ({ ...obj, }); } -export interface DescribeTransitGatewayPeeringAttachmentsRequest { +export interface DescribeTrafficMirrorFiltersRequest { /** - *One or more IDs of the transit gateway peering attachments.
+ *The ID of the Traffic Mirror filter.
*/ - TransitGatewayAttachmentIds?: string[]; + TrafficMirrorFilterIds?: string[]; + + /** + *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
One or more filters. The possible values are:
- *
- * transit-gateway-attachment-id
- The ID of the transit gateway attachment.
- * local-owner-id
- The ID of your Amazon Web Services account.
- * remote-owner-id
- The ID of the Amazon Web Services account in the remote Region that owns the transit gateway.
- * state
- The state of the peering attachment. Valid values are available
| deleted
| deleting
| failed
| failing
| initiatingRequest
| modifying
| pendingAcceptance
| pending
| rollingBack
| rejected
| rejecting
).
- * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
description
: The Traffic Mirror filter description.
*
- * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources that have a tag with a specific key, regardless of the tag value.
- * transit-gateway-id
- The ID of the transit gateway.
traffic-mirror-filter-id
: The ID of the Traffic Mirror filter.
* The token for the next page of results.
*/ NextToken?: string; - - /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The transit gateway peering attachments.
+ *Information about one or more Traffic Mirror filters.
*/ - TransitGatewayPeeringAttachments?: TransitGatewayPeeringAttachment[]; + TrafficMirrorFilters?: TrafficMirrorFilter[]; /** - *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The token to use to retrieve the next page of results. The value is null
when there are no more results to return.
The IDs of the transit gateway route tables.
+ *The ID of the Traffic Mirror session.
*/ - TransitGatewayRouteTableIds?: string[]; + TrafficMirrorSessionIds?: string[]; + + /** + *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
One or more filters. The possible values are:
*
- * default-association-route-table
- Indicates whether this is the default
- * association route table for the transit gateway (true
| false
).
description
: The Traffic Mirror session description.
+ *
+ * network-interface-id
: The ID of the Traffic Mirror session network interface.
+ * owner-id
: The ID of the account that owns the Traffic Mirror session.
+ * packet-length
: The assigned number of packets to mirror.
+ * session-number
: The assigned session number.
- * default-propagation-route-table
- Indicates whether this is the default
- * propagation route table for the transit gateway (true
| false
).
traffic-mirror-filter-id
: The ID of the Traffic Mirror filter.
*
- * state
- The state of the route table (available
| deleting
| deleted
| pending
).
traffic-mirror-session-id
: The ID of the Traffic Mirror session.
*
- * transit-gateway-id
- The ID of the transit gateway.
traffic-mirror-target-id
: The ID of the Traffic Mirror target.
*
- * transit-gateway-route-table-id
- The ID of the transit gateway route table.
virtual-network-id
: The virtual network ID of the Traffic Mirror session.
* The token for the next page of results.
*/ NextToken?: string; - - /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
Information about the transit gateway route tables.
+ *Describes one or more Traffic Mirror sessions. By default, all Traffic Mirror sessions are described. Alternatively, you can filter the results.
*/ - TransitGatewayRouteTables?: TransitGatewayRouteTable[]; + TrafficMirrorSessions?: TrafficMirrorSession[]; /** - *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The token to use to retrieve the next page of results. The value is null
when there are no more results to return.
The IDs of the transit gateways.
+ *The ID of the Traffic Mirror targets.
*/ - TransitGatewayIds?: string[]; + TrafficMirrorTargetIds?: string[]; + + /** + *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
One or more filters. The possible values are:
*
- * options.propagation-default-route-table-id
- The ID of the default propagation route table.
- * options.amazon-side-asn
- The private ASN for the Amazon side of a BGP session.
- * options.association-default-route-table-id
- The ID of the default association route table.
- * options.auto-accept-shared-attachments
- Indicates whether there is automatic acceptance of attachment requests (enable
| disable
).
- * options.default-route-table-association
- Indicates whether resource attachments are automatically
- * associated with the default association route table (enable
| disable
).
- * options.default-route-table-propagation
- Indicates whether resource attachments automatically propagate
- * routes to the default propagation route table (enable
| disable
).
- * options.dns-support
- Indicates whether DNS support is enabled (enable
| disable
).
description
: The Traffic Mirror target description.
*
- * options.vpn-ecmp-support
- Indicates whether Equal Cost Multipath Protocol support is enabled (enable
| disable
).
network-interface-id
: The ID of the Traffic Mirror session network interface.
*
- * owner-id
- The ID of the Amazon Web Services account that owns the transit gateway.
network-load-balancer-arn
: The Amazon Resource Name (ARN) of the Network Load Balancer that is associated with the session.
*
- * state
- The state of the transit gateway (available
| deleted
| deleting
| modifying
| pending
).
owner-id
: The ID of the account that owns the Traffic Mirror session.
*
- * transit-gateway-id
- The ID of the transit gateway.
traffic-mirror-target-id
: The ID of the Traffic Mirror target.
* The token for the next page of results.
*/ NextToken?: string; - - /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
Information about the transit gateways.
+ *Information about one or more Traffic Mirror targets.
*/ - TransitGateways?: TransitGateway[]; + TrafficMirrorTargets?: TrafficMirrorTarget[]; /** - *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The token to use to retrieve the next page of results. The value is null
when there are no more results to return.
The IDs of the attachments.
*/ @@ -12215,6 +12034,29 @@ export interface DescribeTransitGatewayVpcAttachmentsRequest { *
+ * association.state
- The state of the association (associating
| associated
|
+ * disassociating
).
+ * association.transit-gateway-route-table-id
- The ID of the route table for the transit gateway.
+ * resource-id
- The ID of the resource.
+ * resource-owner-id
- The ID of the Amazon Web Services account that owns the resource.
+ * resource-type
- The resource type. Valid values are vpc
+ * | vpn
| direct-connect-gateway
| peering
+ * | connect
.
* state
- The state of the attachment. Valid values are available
| deleted
| deleting
| failed
| failing
| initiatingRequest
| modifying
| pendingAcceptance
| pending
| rollingBack
| rejected
| rejecting
.
- * vpc-id
- The ID of the VPC.
transit-gateway-owner-id
- The ID of the Amazon Web Services account that owns the transit gateway.
* Describes an association.
+ */ +export interface TransitGatewayAttachmentAssociation { /** - *Information about the VPC attachments.
+ *The ID of the route table for the transit gateway.
*/ - TransitGatewayVpcAttachments?: TransitGatewayVpcAttachment[]; + TransitGatewayRouteTableId?: string; /** - *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The state of the association.
*/ - NextToken?: string; + State?: TransitGatewayAssociationState | string; } -export namespace DescribeTransitGatewayVpcAttachmentsResult { +export namespace TransitGatewayAttachmentAssociation { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeTransitGatewayVpcAttachmentsResult): any => ({ + export const filterSensitiveLog = (obj: TransitGatewayAttachmentAssociation): any => ({ ...obj, }); } -export interface DescribeTrunkInterfaceAssociationsRequest { +/** + *Describes an attachment between a resource and a transit gateway.
+ */ +export interface TransitGatewayAttachment { /** - *The IDs of the associations.
+ *The ID of the attachment.
*/ - AssociationIds?: string[]; + TransitGatewayAttachmentId?: string; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The ID of the transit gateway.
*/ - DryRun?: boolean; + TransitGatewayId?: string; /** - *One or more filters.
- *
- * gre-key
- The ID of a trunk interface association.
- * interface-protocol
- The interface protocol. Valid values are VLAN
and GRE
.
The ID of the Amazon Web Services account that owns the transit gateway.
*/ - Filters?: Filter[]; + TransitGatewayOwnerId?: string; /** - *The token for the next page of results.
+ *The ID of the Amazon Web Services account that owns the resource.
*/ - NextToken?: string; + ResourceOwnerId?: string; /** - *The maximum number of results to return with a single call.
- * To retrieve the remaining results, make another call with the returned nextToken
value.
The resource type. Note that the tgw-peering
resource type has been deprecated.
The ID of the resource.
+ */ + ResourceId?: string; + + /** + *The attachment state. Note that the initiating
state has been deprecated.
The association.
+ */ + Association?: TransitGatewayAttachmentAssociation; + + /** + *The creation time.
+ */ + CreationTime?: Date; + + /** + *The tags for the attachment.
+ */ + Tags?: Tag[]; } -export namespace DescribeTrunkInterfaceAssociationsRequest { +export namespace TransitGatewayAttachment { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeTrunkInterfaceAssociationsRequest): any => ({ + export const filterSensitiveLog = (obj: TransitGatewayAttachment): any => ({ ...obj, }); } -export interface DescribeTrunkInterfaceAssociationsResult { +export interface DescribeTransitGatewayAttachmentsResult { /** - *Information about the trunk associations.
+ *Information about the attachments.
*/ - InterfaceAssociations?: TrunkInterfaceAssociation[]; + TransitGatewayAttachments?: TransitGatewayAttachment[]; /** *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The IDs of the Connect peers.
+ */ + TransitGatewayConnectPeerIds?: string[]; + + /** + *One or more filters. The possible values are:
+ *
+ * state
- The state of the Connect peer (pending
|
+ * available
| deleting
|
+ * deleted
).
+ * transit-gateway-attachment-id
- The ID of the attachment.
+ * transit-gateway-connect-peer-id
- The ID of the Connect peer.
The attribute of the volume. This parameter is required.
+ *The maximum number of results to return with a single call.
+ * To retrieve the remaining results, make another call with the returned nextToken
value.
The ID of the volume.
+ *The token for the next page of results.
*/ - VolumeId: string | undefined; + NextToken?: string; /** *Checks whether you have the required permissions for the action, without actually making the request, @@ -12373,135 +12258,85 @@ export interface DescribeVolumeAttributeRequest { DryRun?: boolean; } -export namespace DescribeVolumeAttributeRequest { +export namespace DescribeTransitGatewayConnectPeersRequest { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeVolumeAttributeRequest): any => ({ + export const filterSensitiveLog = (obj: DescribeTransitGatewayConnectPeersRequest): any => ({ ...obj, }); } -export interface DescribeVolumeAttributeResult { - /** - *
The state of autoEnableIO
attribute.
A list of product codes.
+ *Information about the Connect peers.
*/ - ProductCodes?: ProductCode[]; + TransitGatewayConnectPeers?: TransitGatewayConnectPeer[]; /** - *The ID of the volume.
+ *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The filters.
- *
- * attachment.attach-time
- The time stamp when the attachment
- * initiated.
- * attachment.delete-on-termination
- Whether the volume is deleted on
- * instance termination.
- * attachment.device
- The device name specified in the block device mapping
- * (for example, /dev/sda1
).
- * attachment.instance-id
- The ID of the instance the volume is attached
- * to.
- * attachment.status
- The attachment state (attaching
|
- * attached
| detaching
).
- * availability-zone
- The Availability Zone in which the volume was
- * created.
- * create-time
- The time stamp when the volume was created.
- * encrypted
- Indicates whether the volume is encrypted (true
- * | false
)
- * multi-attach-enabled
- Indicates whether the volume is enabled for Multi-Attach (true
- * | false
)
- * fast-restored
- Indicates whether the volume was created from a
- * snapshot that is enabled for fast snapshot restore (true
|
- * false
).
- * size
- The size of the volume, in GiB.
- * snapshot-id
- The snapshot from which the volume was created.
The IDs of the attachments.
+ */ + TransitGatewayAttachmentIds?: string[]; + + /** + *One or more filters. The possible values are:
+ *
- * status
- The state of the volume (creating
|
- * available
| in-use
| deleting
|
- * deleted
| error
).
options.protocol
- The tunnel protocol (gre
).
*
- * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
state
- The state of the attachment (initiating
|
+ * initiatingRequest
| pendingAcceptance
|
+ * rollingBack
| pending
| available
|
+ * modifying
| deleting
| deleted
|
+ * failed
| rejected
| rejecting
|
+ * failing
).
*
- * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
+ * transit-gateway-attachment-id
- The ID of the
+ * Connect attachment.
- * volume-id
- The volume ID.
transit-gateway-id
- The ID of the transit gateway.
*
- * volume-type
- The Amazon EBS volume type (gp2
| gp3
| io1
| io2
|
- * st1
| sc1
| standard
)
transport-transit-gateway-attachment-id
- The ID of the transit gateway attachment from which the Connect attachment was created.
* The volume IDs.
+ *The maximum number of results to return with a single call.
+ * To retrieve the remaining results, make another call with the returned nextToken
value.
The token for the next page of results.
*/ - VolumeIds?: string[]; + NextToken?: string; /** *Checks whether you have the required permissions for the action, without actually making the request,
@@ -12509,363 +12344,357 @@ export interface DescribeVolumesRequest {
* Otherwise, it is UnauthorizedOperation
.
The maximum number of volume results returned by DescribeVolumes
in paginated
- * output. When this parameter is used, DescribeVolumes
only returns
- * MaxResults
results in a single page along with a NextToken
- * response element. The remaining results of the initial request can be seen by sending another
- * DescribeVolumes
request with the returned NextToken
value. This
- * value can be between 5 and 500; if MaxResults
is given a value larger than 500,
- * only 500 results are returned. If this parameter is not used, then
- * DescribeVolumes
returns all results. You cannot specify this parameter and the
- * volume IDs parameter in the same request.
The NextToken
value returned from a previous paginated
- * DescribeVolumes
request where MaxResults
was used and the results
- * exceeded the value of that parameter. Pagination continues from the end of the previous
- * results that returned the NextToken
value. This value is null
when
- * there are no more results to return.
Information about the volumes.
+ *Information about the Connect attachments.
*/ - Volumes?: Volume[]; + TransitGatewayConnects?: TransitGatewayConnect[]; /** - *The NextToken
value to include in a future DescribeVolumes
- * request. When the results of a DescribeVolumes
request exceed
- * MaxResults
, this value can be used to retrieve the next page of results. This
- * value is null
when there are no more results to return.
The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The IDs of the volumes.
+ *The ID of the transit gateway multicast domain.
*/ - VolumeIds?: string[]; + TransitGatewayMulticastDomainIds?: string[]; /** - *The filters.
- *
- * modification-state
- The current modification state (modifying |
- * optimizing | completed | failed).
- * original-iops
- The original IOPS rate of the volume.
- * original-size
- The original size of the volume, in GiB.
- * original-volume-type
- The original volume type of the volume (standard |
- * io1 | io2 | gp2 | sc1 | st1).
- * originalMultiAttachEnabled
- Indicates whether Multi-Attach support was enabled (true | false).
- * start-time
- The modification start time.
- * target-iops
- The target IOPS rate of the volume.
- * target-size
- The target size of the volume, in GiB.
One or more filters. The possible values are:
+ *
- * target-volume-type
- The target volume type of the volume (standard |
- * io1 | io2 | gp2 | sc1 | st1).
+ * state
- The state of the transit gateway multicast domain. Valid values are pending
| available
| deleting
| deleted
.
- * targetMultiAttachEnabled
- Indicates whether Multi-Attach support is to be enabled (true | false).
+ * transit-gateway-id
- The ID of the transit gateway.
- * volume-id
- The ID of the volume.
+ * transit-gateway-multicast-domain-id
- The ID of the transit gateway multicast domain.
The nextToken
value returned by a previous paginated request.
The maximum number of results to return with a single call.
+ * To retrieve the remaining results, make another call with the returned nextToken
value.
The token for the next page of results.
*/ NextToken?: string; /** - *The maximum number of results (up to a limit of 500) to be returned in a paginated - * request.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Information about the transit gateway multicast domains.
+ */ + TransitGatewayMulticastDomains?: TransitGatewayMulticastDomain[]; -/** - *Describes the modification status of an EBS volume.
- *If the volume has never been modified, some element values will be null.
- */ -export interface VolumeModification { /** - *The ID of the volume.
+ *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The current modification state. The modification state is null for unmodified - * volumes.
+ * @internal */ - ModificationState?: VolumeModificationState | string; + export const filterSensitiveLog = (obj: DescribeTransitGatewayMulticastDomainsResult): any => ({ + ...obj, + }); +} +export interface DescribeTransitGatewayPeeringAttachmentsRequest { /** - *A status message about the modification progress or failure.
+ *One or more IDs of the transit gateway peering attachments.
*/ - StatusMessage?: string; + TransitGatewayAttachmentIds?: string[]; /** - *The target size of the volume, in GiB.
+ *One or more filters. The possible values are:
+ *
+ * transit-gateway-attachment-id
- The ID of the transit gateway attachment.
+ * local-owner-id
- The ID of your Amazon Web Services account.
+ * remote-owner-id
- The ID of the Amazon Web Services account in the remote Region that owns the transit gateway.
+ * state
- The state of the peering attachment. Valid values are available
| deleted
| deleting
| failed
| failing
| initiatingRequest
| modifying
| pendingAcceptance
| pending
| rollingBack
| rejected
| rejecting
).
+ * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
+ * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources that have a tag with a specific key, regardless of the tag value.
+ * transit-gateway-id
- The ID of the transit gateway.
The target IOPS rate of the volume.
+ *The maximum number of results to return with a single call.
+ * To retrieve the remaining results, make another call with the returned nextToken
value.
The target EBS volume type of the volume.
+ *The token for the next page of results.
*/ - TargetVolumeType?: VolumeType | string; + NextToken?: string; /** - *The target throughput of the volume, in MiB/s.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The target setting for Amazon EBS Multi-Attach.
+ * @internal */ - TargetMultiAttachEnabled?: boolean; + export const filterSensitiveLog = (obj: DescribeTransitGatewayPeeringAttachmentsRequest): any => ({ + ...obj, + }); +} +export interface DescribeTransitGatewayPeeringAttachmentsResult { /** - *The original size of the volume, in GiB.
+ *The transit gateway peering attachments.
*/ - OriginalSize?: number; + TransitGatewayPeeringAttachments?: TransitGatewayPeeringAttachment[]; /** - *The original IOPS rate of the volume.
+ *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The original EBS volume type of the volume.
+ * @internal */ - OriginalVolumeType?: VolumeType | string; + export const filterSensitiveLog = (obj: DescribeTransitGatewayPeeringAttachmentsResult): any => ({ + ...obj, + }); +} +export interface DescribeTransitGatewayRouteTablesRequest { /** - *The original throughput of the volume, in MiB/s.
+ *The IDs of the transit gateway route tables.
*/ - OriginalThroughput?: number; + TransitGatewayRouteTableIds?: string[]; /** - *The original setting for Amazon EBS Multi-Attach.
+ *One or more filters. The possible values are:
+ *
+ * default-association-route-table
- Indicates whether this is the default
+ * association route table for the transit gateway (true
| false
).
+ * default-propagation-route-table
- Indicates whether this is the default
+ * propagation route table for the transit gateway (true
| false
).
+ * state
- The state of the route table (available
| deleting
| deleted
| pending
).
+ * transit-gateway-id
- The ID of the transit gateway.
+ * transit-gateway-route-table-id
- The ID of the transit gateway route table.
The modification progress, from 0 to 100 percent complete.
+ *The maximum number of results to return with a single call.
+ * To retrieve the remaining results, make another call with the returned nextToken
value.
The modification start time.
+ *The token for the next page of results.
*/ - StartTime?: Date; + NextToken?: string; /** - *The modification completion or failure time.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Information about the volume modifications.
+ *Information about the transit gateway route tables.
*/ - VolumesModifications?: VolumeModification[]; + TransitGatewayRouteTables?: TransitGatewayRouteTable[]; /** - *Token for pagination, null if there are no more results
+ *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The filters.
+ *The IDs of the transit gateways.
+ */ + TransitGatewayIds?: string[]; + + /** + *One or more filters. The possible values are:
*
- * action.code
- The action code for the event (for example,
- * enable-volume-io
).
- * action.description
- A description of the action.
options.propagation-default-route-table-id
- The ID of the default propagation route table.
*
- * action.event-id
- The event ID associated with the action.
options.amazon-side-asn
- The private ASN for the Amazon side of a BGP session.
*
- * availability-zone
- The Availability Zone of the instance.
options.association-default-route-table-id
- The ID of the default association route table.
*
- * event.description
- A description of the event.
options.auto-accept-shared-attachments
- Indicates whether there is automatic acceptance of attachment requests (enable
| disable
).
*
- * event.event-id
- The event ID.
options.default-route-table-association
- Indicates whether resource attachments are automatically
+ * associated with the default association route table (enable
| disable
).
*
- * event.event-type
- The event type (for io-enabled
:
- * passed
| failed
; for io-performance
:
- * io-performance:degraded
| io-performance:severely-degraded
|
- * io-performance:stalled
).
options.default-route-table-propagation
- Indicates whether resource attachments automatically propagate
+ * routes to the default propagation route table (enable
| disable
).
*
- * event.not-after
- The latest end time for the event.
options.dns-support
- Indicates whether DNS support is enabled (enable
| disable
).
*
- * event.not-before
- The earliest start time for the event.
options.vpn-ecmp-support
- Indicates whether Equal Cost Multipath Protocol support is enabled (enable
| disable
).
*
- * volume-status.details-name
- The cause for
- * volume-status.status
(io-enabled
|
- * io-performance
).
owner-id
- The ID of the Amazon Web Services account that owns the transit gateway.
*
- * volume-status.details-status
- The status of
- * volume-status.details-name
(for io-enabled
:
- * passed
| failed
; for io-performance
:
- * normal
| degraded
| severely-degraded
|
- * stalled
).
state
- The state of the transit gateway (available
| deleted
| deleting
| modifying
| pending
).
*
- * volume-status.status
- The status of the volume (ok
|
- * impaired
| warning
| insufficient-data
).
transit-gateway-id
- The ID of the transit gateway.
* The maximum number of volume results returned by DescribeVolumeStatus
in
- * paginated output. When this parameter is used, the request only returns
- * MaxResults
results in a single page along with a NextToken
- * response element. The remaining results of the initial request can be seen by sending another
- * request with the returned NextToken
value. This value can be between 5 and 1,000;
- * if MaxResults
is given a value larger than 1,000, only 1,000 results are returned.
- * If this parameter is not used, then DescribeVolumeStatus
returns all results. You
- * cannot specify this parameter and the volume IDs parameter in the same request.
The maximum number of results to return with a single call.
+ * To retrieve the remaining results, make another call with the returned nextToken
value.
The NextToken
value to include in a future DescribeVolumeStatus
- * request. When the results of the request exceed MaxResults
, this value can be
- * used to retrieve the next page of results. This value is null
when there are no
- * more results to return.
The token for the next page of results.
*/ NextToken?: string; - /** - *The IDs of the volumes.
- *Default: Describes all your volumes.
- */ - VolumeIds?: string[]; - /** *Checks whether you have the required permissions for the action, without actually making the request,
* and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
@@ -12874,214 +12703,236 @@ export interface DescribeVolumeStatusRequest {
DryRun?: boolean;
}
-export namespace DescribeVolumeStatusRequest {
+export namespace DescribeTransitGatewaysRequest {
/**
* @internal
*/
- export const filterSensitiveLog = (obj: DescribeVolumeStatusRequest): any => ({
+ export const filterSensitiveLog = (obj: DescribeTransitGatewaysRequest): any => ({
...obj,
});
}
-/**
- *
Describes a volume status operation code.
- */ -export interface VolumeStatusAction { - /** - *The code identifying the operation, for example, enable-volume-io
.
A description of the operation.
- */ - Description?: string; - +export interface DescribeTransitGatewaysResult { /** - *The ID of the event associated with this operation.
+ *Information about the transit gateways.
*/ - EventId?: string; + TransitGateways?: TransitGateway[]; /** - *The event type associated with this operation.
+ *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
Information about the instances to which the volume is attached.
- */ -export interface VolumeStatusAttachmentStatus { - /** - *The maximum IOPS supported by the attached instance.
- */ - IoPerformance?: string; - +export interface DescribeTransitGatewayVpcAttachmentsRequest { /** - *The ID of the attached instance.
+ *The IDs of the attachments.
*/ - InstanceId?: string; -} + TransitGatewayAttachmentIds?: string[]; -export namespace VolumeStatusAttachmentStatus { /** - * @internal + *One or more filters. The possible values are:
+ *
+ * state
- The state of the attachment. Valid values are available
| deleted
| deleting
| failed
| failing
| initiatingRequest
| modifying
| pendingAcceptance
| pending
| rollingBack
| rejected
| rejecting
.
+ * transit-gateway-attachment-id
- The ID of the attachment.
+ * transit-gateway-id
- The ID of the transit gateway.
+ * vpc-id
- The ID of the VPC.
Describes a volume status event.
- */ -export interface VolumeStatusEvent { /** - *A description of the event.
+ *The maximum number of results to return with a single call.
+ * To retrieve the remaining results, make another call with the returned nextToken
value.
The ID of this event.
+ *The token for the next page of results.
*/ - EventId?: string; + NextToken?: string; /** - *The type of this event.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The latest end time of the event.
+ * @internal */ - NotAfter?: Date; + export const filterSensitiveLog = (obj: DescribeTransitGatewayVpcAttachmentsRequest): any => ({ + ...obj, + }); +} +export interface DescribeTransitGatewayVpcAttachmentsResult { /** - *The earliest start time of the event.
+ *Information about the VPC attachments.
*/ - NotBefore?: Date; + TransitGatewayVpcAttachments?: TransitGatewayVpcAttachment[]; /** - *The ID of the instance associated with the event.
+ *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The IDs of the associations.
+ */ + AssociationIds?: string[]; + + /** + *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
One or more filters.
+ *
+ * gre-key
- The ID of a trunk interface association.
+ * interface-protocol
- The interface protocol. Valid values are VLAN
and GRE
.
Describes a volume status.
- */ -export interface VolumeStatusDetails { /** - *The name of the volume status.
+ *The token for the next page of results.
*/ - Name?: VolumeStatusName | string; + NextToken?: string; /** - *The intended status of the volume status.
+ *The maximum number of results to return with a single call.
+ * To retrieve the remaining results, make another call with the returned nextToken
value.
Describes the status of a volume.
- */ -export interface VolumeStatusInfo { +export interface DescribeTrunkInterfaceAssociationsResult { /** - *The details of the volume status.
+ *Information about the trunk associations.
*/ - Details?: VolumeStatusDetails[]; + InterfaceAssociations?: TrunkInterfaceAssociation[]; /** - *The status of the volume.
+ *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
Describes the volume status.
- */ -export interface VolumeStatusItem { +export type VolumeAttributeName = "autoEnableIO" | "productCodes"; + +export interface DescribeVolumeAttributeRequest { /** - *The details of the operation.
+ *The attribute of the volume. This parameter is required.
*/ - Actions?: VolumeStatusAction[]; + Attribute: VolumeAttributeName | string | undefined; /** - *The Availability Zone of the volume.
+ *The ID of the volume.
*/ - AvailabilityZone?: string; + VolumeId: string | undefined; /** - *The Amazon Resource Name (ARN) of the Outpost.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
A list of events associated with the volume.
+ * @internal */ - Events?: VolumeStatusEvent[]; + export const filterSensitiveLog = (obj: DescribeVolumeAttributeRequest): any => ({ + ...obj, + }); +} +export interface DescribeVolumeAttributeResult { /** - *The volume ID.
+ *The state of autoEnableIO
attribute.
The volume status.
+ *A list of product codes.
*/ - VolumeStatus?: VolumeStatusInfo; + ProductCodes?: ProductCode[]; /** - *Information about the instances to which the volume is attached.
+ *The ID of the volume.
*/ - AttachmentStatuses?: VolumeStatusAttachmentStatus[]; + VolumeId?: string; } -export namespace VolumeStatusItem { +export namespace DescribeVolumeAttributeResult { /** * @internal */ - export const filterSensitiveLog = (obj: VolumeStatusItem): any => ({ + export const filterSensitiveLog = (obj: DescribeVolumeAttributeResult): any => ({ ...obj, }); } diff --git a/clients/client-ec2/src/models/models_4.ts b/clients/client-ec2/src/models/models_4.ts index 342254dabcb7..25b43362bc42 100644 --- a/clients/client-ec2/src/models/models_4.ts +++ b/clients/client-ec2/src/models/models_4.ts @@ -6,7 +6,6 @@ import { AddressAttribute, Affinity, AllowedPrincipal, - ApplianceModeSupportValue, AssociationStatus, AttributeValue, AutoPlacement, @@ -14,8 +13,6 @@ import { ClientConnectOptions, ConnectionLogOptions, CurrencyCodeValues, - DiskImageFormat, - DnsSupportValue, EndDateType, FleetExcessCapacityTerminationPolicy, FleetLaunchTemplateConfigRequest, @@ -23,7 +20,6 @@ import { IamInstanceProfileAssociation, InstanceEventWindow, InstanceEventWindowTimeRangeRequest, - Ipv6SupportValue, Placement, PlatformValues, SelfServicePortal, @@ -37,7 +33,6 @@ import { TransitGatewayAssociationState, TransitGatewayAttachmentResourceType, TransitGatewayMulticastDomainAssociations, - TransitGatewayVpcAttachment, UnsuccessfulItem, VolumeType, Vpc, @@ -46,12 +41,10 @@ import { VpcPeeringConnection, } from "./models_0"; import { - AutoAcceptSharedAttachmentsValue, CapacityReservationPreference, CapacityReservationTarget, ConnectionNotification, - DefaultRouteTableAssociationValue, - DefaultRouteTablePropagationValue, + DiskImageFormat, DnsEntry, DnsNameState, LaunchTemplate, @@ -68,17 +61,12 @@ import { TrafficMirrorNetworkService, TrafficMirrorPortRangeRequest, TrafficMirrorRuleAction, - TrafficMirrorSession, - TransitGateway, TransitGatewayPrefixListReference, + Volume, VpcEndpoint, - VpnConnection, - VpnEcmpSupportValue, - VpnGateway, } from "./models_1"; import { ArchitectureValues, - AttributeBooleanValue, BootModeValues, ConversionTask, ExportTaskS3Location, @@ -87,17 +75,19 @@ import { FpgaImageAttribute, FpgaImageAttributeName, ImportImageLicenseConfigurationResponse, - InstanceAttributeName, LaunchPermission, PaymentOption, PermissionGroup, SnapshotDetail, - SnapshotTaskDetail, + VpnConnection, + VpnGateway, } from "./models_2"; import { + AttributeBooleanValue, CreateVolumePermission, ExcessCapacityTerminationPolicy, HttpTokensState, + InstanceAttributeName, InstanceMetadataEndpointState, InstanceMetadataOptionsResponse, InstanceMetadataProtocolState, @@ -105,614 +95,786 @@ import { LaunchTemplateConfig, ReservedInstancesConfiguration, SnapshotAttributeName, - VolumeModification, - VolumeStatusItem, + SnapshotTaskDetail, } from "./models_3"; -export interface DescribeVolumeStatusResult { - /** - *The token to use to retrieve the next page of results. This value is null
- * when there are no more results to return.
Information about the status of the volumes.
+ *The filters.
+ *
+ * attachment.attach-time
- The time stamp when the attachment
+ * initiated.
+ * attachment.delete-on-termination
- Whether the volume is deleted on
+ * instance termination.
+ * attachment.device
- The device name specified in the block device mapping
+ * (for example, /dev/sda1
).
+ * attachment.instance-id
- The ID of the instance the volume is attached
+ * to.
+ * attachment.status
- The attachment state (attaching
|
+ * attached
| detaching
).
+ * availability-zone
- The Availability Zone in which the volume was
+ * created.
+ * create-time
- The time stamp when the volume was created.
+ * encrypted
- Indicates whether the volume is encrypted (true
+ * | false
)
+ * multi-attach-enabled
- Indicates whether the volume is enabled for Multi-Attach (true
+ * | false
)
+ * fast-restored
- Indicates whether the volume was created from a
+ * snapshot that is enabled for fast snapshot restore (true
|
+ * false
).
+ * size
- The size of the volume, in GiB.
+ * snapshot-id
- The snapshot from which the volume was created.
+ * status
- The state of the volume (creating
|
+ * available
| in-use
| deleting
|
+ * deleted
| error
).
+ * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
+ * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
+ * volume-id
- The volume ID.
+ * volume-type
- The Amazon EBS volume type (gp2
| gp3
| io1
| io2
|
+ * st1
| sc1
| standard
)
The volume IDs.
*/ - export const filterSensitiveLog = (obj: DescribeVolumeStatusResult): any => ({ - ...obj, - }); -} - -export type VpcAttributeName = "enableDnsHostnames" | "enableDnsSupport"; + VolumeIds?: string[]; -export interface DescribeVpcAttributeRequest { /** - *The VPC attribute.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The ID of the VPC.
+ *The maximum number of volume results returned by DescribeVolumes
in paginated
+ * output. When this parameter is used, DescribeVolumes
only returns
+ * MaxResults
results in a single page along with a NextToken
+ * response element. The remaining results of the initial request can be seen by sending another
+ * DescribeVolumes
request with the returned NextToken
value. This
+ * value can be between 5 and 500; if MaxResults
is given a value larger than 500,
+ * only 500 results are returned. If this parameter is not used, then
+ * DescribeVolumes
returns all results. You cannot specify this parameter and the
+ * volume IDs parameter in the same request.
Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The NextToken
value returned from a previous paginated
+ * DescribeVolumes
request where MaxResults
was used and the results
+ * exceeded the value of that parameter. Pagination continues from the end of the previous
+ * results that returned the NextToken
value. This value is null
when
+ * there are no more results to return.
The ID of the VPC.
- */ - VpcId?: string; - +export interface DescribeVolumesResult { /** - *Indicates whether the instances launched in the VPC get DNS hostnames.
- * If this attribute is true
, instances in the VPC get DNS hostnames;
- * otherwise, they do not.
Information about the volumes.
*/ - EnableDnsHostnames?: AttributeBooleanValue; + Volumes?: Volume[]; /** - *Indicates whether DNS resolution is enabled for
- * the VPC. If this attribute is true
, the Amazon DNS server
- * resolves DNS hostnames for your instances to their corresponding
- * IP addresses; otherwise, it does not.
The NextToken
value to include in a future DescribeVolumes
+ * request. When the results of a DescribeVolumes
request exceed
+ * MaxResults
, this value can be used to retrieve the next page of results. This
+ * value is null
when there are no more results to return.
One or more filters.
- *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The IDs of the volumes.
+ */ + VolumeIds?: string[]; + + /** + *The filters.
+ *
- * is-classic-link-enabled
- Whether the VPC is enabled for ClassicLink
- * (true
| false
).
+ * modification-state
- The current modification state (modifying |
+ * optimizing | completed | failed).
- * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
+ * original-iops
- The original IOPS rate of the volume.
- * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
+ * original-size
- The original size of the volume, in GiB.
+ * original-volume-type
- The original volume type of the volume (standard |
+ * io1 | io2 | gp2 | sc1 | st1).
+ * originalMultiAttachEnabled
- Indicates whether Multi-Attach support was enabled (true | false).
+ * start-time
- The modification start time.
+ * target-iops
- The target IOPS rate of the volume.
+ * target-size
- The target size of the volume, in GiB.
+ * target-volume-type
- The target volume type of the volume (standard |
+ * io1 | io2 | gp2 | sc1 | st1).
+ * targetMultiAttachEnabled
- Indicates whether Multi-Attach support is to be enabled (true | false).
+ * volume-id
- The ID of the volume.
Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The nextToken
value returned by a previous paginated request.
One or more VPCs for which you want to describe the ClassicLink status.
+ *The maximum number of results (up to a limit of 500) to be returned in a paginated + * request.
*/ - VpcIds?: string[]; + MaxResults?: number; } -export namespace DescribeVpcClassicLinkRequest { +export namespace DescribeVolumesModificationsRequest { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeVpcClassicLinkRequest): any => ({ + export const filterSensitiveLog = (obj: DescribeVolumesModificationsRequest): any => ({ ...obj, }); } +export type VolumeModificationState = "completed" | "failed" | "modifying" | "optimizing"; + /** - *Describes whether a VPC is enabled for ClassicLink.
+ *Describes the modification status of an EBS volume.
+ *If the volume has never been modified, some element values will be null.
*/ -export interface VpcClassicLink { +export interface VolumeModification { /** - *Indicates whether the VPC is enabled for ClassicLink.
+ *The ID of the volume.
*/ - ClassicLinkEnabled?: boolean; + VolumeId?: string; /** - *Any tags assigned to the VPC.
+ *The current modification state. The modification state is null for unmodified + * volumes.
*/ - Tags?: Tag[]; + ModificationState?: VolumeModificationState | string; /** - *The ID of the VPC.
+ *A status message about the modification progress or failure.
*/ - VpcId?: string; -} + StatusMessage?: string; -export namespace VpcClassicLink { /** - * @internal + *The target size of the volume, in GiB.
*/ - export const filterSensitiveLog = (obj: VpcClassicLink): any => ({ - ...obj, - }); -} + TargetSize?: number; -export interface DescribeVpcClassicLinkResult { /** - *The ClassicLink status of one or more VPCs.
+ *The target IOPS rate of the volume.
*/ - Vpcs?: VpcClassicLink[]; -} + TargetIops?: number; -export namespace DescribeVpcClassicLinkResult { /** - * @internal + *The target EBS volume type of the volume.
*/ - export const filterSensitiveLog = (obj: DescribeVpcClassicLinkResult): any => ({ - ...obj, - }); -} + TargetVolumeType?: VolumeType | string; -export interface DescribeVpcClassicLinkDnsSupportRequest { /** - *The maximum number of results to return with a single call.
- * To retrieve the remaining results, make another call with the returned nextToken
value.
The target throughput of the volume, in MiB/s.
*/ - MaxResults?: number; + TargetThroughput?: number; /** - *The token for the next page of results.
+ *The target setting for Amazon EBS Multi-Attach.
*/ - NextToken?: string; + TargetMultiAttachEnabled?: boolean; /** - *One or more VPC IDs.
+ *The original size of the volume, in GiB.
*/ - VpcIds?: string[]; -} + OriginalSize?: number; -export namespace DescribeVpcClassicLinkDnsSupportRequest { /** - * @internal + *The original IOPS rate of the volume.
*/ - export const filterSensitiveLog = (obj: DescribeVpcClassicLinkDnsSupportRequest): any => ({ - ...obj, - }); -} + OriginalIops?: number; -/** - *Describes the ClassicLink DNS support status of a VPC.
- */ -export interface ClassicLinkDnsSupport { /** - *Indicates whether ClassicLink DNS support is enabled for the VPC.
+ *The original EBS volume type of the volume.
*/ - ClassicLinkDnsSupported?: boolean; + OriginalVolumeType?: VolumeType | string; /** - *The ID of the VPC.
+ *The original throughput of the volume, in MiB/s.
*/ - VpcId?: string; -} + OriginalThroughput?: number; -export namespace ClassicLinkDnsSupport { /** - * @internal + *The original setting for Amazon EBS Multi-Attach.
*/ - export const filterSensitiveLog = (obj: ClassicLinkDnsSupport): any => ({ - ...obj, - }); -} + OriginalMultiAttachEnabled?: boolean; -export interface DescribeVpcClassicLinkDnsSupportResult { /** - *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The modification progress, from 0 to 100 percent complete.
*/ - NextToken?: string; + Progress?: number; /** - *Information about the ClassicLink DNS support status of the VPCs.
+ *The modification start time.
*/ - Vpcs?: ClassicLinkDnsSupport[]; + StartTime?: Date; + + /** + *The modification completion or failure time.
+ */ + EndTime?: Date; } -export namespace DescribeVpcClassicLinkDnsSupportResult { +export namespace VolumeModification { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeVpcClassicLinkDnsSupportResult): any => ({ + export const filterSensitiveLog = (obj: VolumeModification): any => ({ ...obj, }); } -export interface DescribeVpcEndpointConnectionNotificationsRequest { +export interface DescribeVolumesModificationsResult { /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
Information about the volume modifications.
*/ - DryRun?: boolean; + VolumesModifications?: VolumeModification[]; /** - *The ID of the notification.
+ *Token for pagination, null if there are no more results
*/ - ConnectionNotificationId?: string; + NextToken?: string; +} +export namespace DescribeVolumesModificationsResult { /** - *One or more filters.
- *The filters.
+ *
- * connection-notification-arn
- The ARN of the SNS topic for the
- * notification.
+ * action.code
- The action code for the event (for example,
+ * enable-volume-io
).
- * connection-notification-id
- The ID of the
- * notification.
+ * action.description
- A description of the action.
- * connection-notification-state
- The state of the notification
- * (Enabled
| Disabled
).
+ * action.event-id
- The event ID associated with the action.
- * connection-notification-type
- The type of notification
- * (Topic
).
+ * availability-zone
- The Availability Zone of the instance.
- * service-id
- The ID of the endpoint service.
+ * event.description
- A description of the event.
- * vpc-endpoint-id
- The ID of the VPC endpoint.
+ * event.event-id
- The event ID.
+ * event.event-type
- The event type (for io-enabled
:
+ * passed
| failed
; for io-performance
:
+ * io-performance:degraded
| io-performance:severely-degraded
|
+ * io-performance:stalled
).
+ * event.not-after
- The latest end time for the event.
+ * event.not-before
- The earliest start time for the event.
+ * volume-status.details-name
- The cause for
+ * volume-status.status
(io-enabled
|
+ * io-performance
).
+ * volume-status.details-status
- The status of
+ * volume-status.details-name
(for io-enabled
:
+ * passed
| failed
; for io-performance
:
+ * normal
| degraded
| severely-degraded
|
+ * stalled
).
+ * volume-status.status
- The status of the volume (ok
|
+ * impaired
| warning
| insufficient-data
).
The maximum number of results to return in a single call. To retrieve the remaining
- * results, make another request with the returned NextToken
value.
The maximum number of volume results returned by DescribeVolumeStatus
in
+ * paginated output. When this parameter is used, the request only returns
+ * MaxResults
results in a single page along with a NextToken
+ * response element. The remaining results of the initial request can be seen by sending another
+ * request with the returned NextToken
value. This value can be between 5 and 1,000;
+ * if MaxResults
is given a value larger than 1,000, only 1,000 results are returned.
+ * If this parameter is not used, then DescribeVolumeStatus
returns all results. You
+ * cannot specify this parameter and the volume IDs parameter in the same request.
The token to request the next page of results.
+ *The NextToken
value to include in a future DescribeVolumeStatus
+ * request. When the results of the request exceed MaxResults
, this value can be
+ * used to retrieve the next page of results. This value is null
when there are no
+ * more results to return.
The IDs of the volumes.
+ *Default: Describes all your volumes.
+ */ + VolumeIds?: string[]; + + /** + *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Describes a volume status operation code.
+ */ +export interface VolumeStatusAction { /** - *One or more notifications.
+ *The code identifying the operation, for example, enable-volume-io
.
The token to use to retrieve the next page of results. This value is
- * null
when there are no more results to return.
A description of the operation.
*/ - NextToken?: string; -} + Description?: string; -export namespace DescribeVpcEndpointConnectionNotificationsResult { /** - * @internal + *The ID of the event associated with this operation.
*/ - export const filterSensitiveLog = (obj: DescribeVpcEndpointConnectionNotificationsResult): any => ({ - ...obj, - }); -} + EventId?: string; -export interface DescribeVpcEndpointConnectionsRequest { /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The event type associated with this operation.
*/ - DryRun?: boolean; + EventType?: string; +} +export namespace VolumeStatusAction { /** - *One or more filters.
- *
- * service-id
- The ID of the service.
- * vpc-endpoint-owner
- The AWS account number of the owner of the
- * endpoint.
- * vpc-endpoint-state
- The state of the endpoint
- * (pendingAcceptance
| pending
|
- * available
| deleting
| deleted
|
- * rejected
| failed
).
- * vpc-endpoint-id
- The ID of the endpoint.
Information about the instances to which the volume is attached.
+ */ +export interface VolumeStatusAttachmentStatus { /** - *The maximum number of results to return for the request in a single page. The remaining
- * results of the initial request can be seen by sending another request with the returned
- * NextToken
value. This value can be between 5 and 1,000; if
- * MaxResults
is given a value larger than 1,000, only 1,000 results are
- * returned.
The maximum IOPS supported by the attached instance.
*/ - MaxResults?: number; + IoPerformance?: string; /** - *The token to retrieve the next page of results.
+ *The ID of the attached instance.
*/ - NextToken?: string; + InstanceId?: string; } -export namespace DescribeVpcEndpointConnectionsRequest { +export namespace VolumeStatusAttachmentStatus { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeVpcEndpointConnectionsRequest): any => ({ + export const filterSensitiveLog = (obj: VolumeStatusAttachmentStatus): any => ({ ...obj, }); } /** - *Describes a VPC endpoint connection to a service.
+ *Describes a volume status event.
*/ -export interface VpcEndpointConnection { +export interface VolumeStatusEvent { /** - *The ID of the service to which the endpoint is connected.
+ *A description of the event.
*/ - ServiceId?: string; + Description?: string; /** - *The ID of the VPC endpoint.
+ *The ID of this event.
*/ - VpcEndpointId?: string; + EventId?: string; /** - *The AWS account ID of the owner of the VPC endpoint.
+ *The type of this event.
*/ - VpcEndpointOwner?: string; + EventType?: string; /** - *The state of the VPC endpoint.
+ *The latest end time of the event.
*/ - VpcEndpointState?: State | string; + NotAfter?: Date; /** - *The date and time that the VPC endpoint was created.
+ *The earliest start time of the event.
*/ - CreationTimestamp?: Date; + NotBefore?: Date; /** - *The DNS entries for the VPC endpoint.
+ *The ID of the instance associated with the event.
*/ - DnsEntries?: DnsEntry[]; + InstanceId?: string; +} +export namespace VolumeStatusEvent { /** - *The Amazon Resource Names (ARNs) of the network load balancers for the service.
+ * @internal */ - NetworkLoadBalancerArns?: string[]; + export const filterSensitiveLog = (obj: VolumeStatusEvent): any => ({ + ...obj, + }); +} +export type VolumeStatusName = "io-enabled" | "io-performance"; + +/** + *Describes a volume status.
+ */ +export interface VolumeStatusDetails { /** - *The Amazon Resource Names (ARNs) of the Gateway Load Balancers for the service.
+ *The name of the volume status.
*/ - GatewayLoadBalancerArns?: string[]; + Name?: VolumeStatusName | string; + + /** + *The intended status of the volume status.
+ */ + Status?: string; } -export namespace VpcEndpointConnection { +export namespace VolumeStatusDetails { /** * @internal */ - export const filterSensitiveLog = (obj: VpcEndpointConnection): any => ({ + export const filterSensitiveLog = (obj: VolumeStatusDetails): any => ({ ...obj, }); } -export interface DescribeVpcEndpointConnectionsResult { +export type VolumeStatusInfoStatus = "impaired" | "insufficient-data" | "ok"; + +/** + *Describes the status of a volume.
+ */ +export interface VolumeStatusInfo { /** - *Information about one or more VPC endpoint connections.
+ *The details of the volume status.
*/ - VpcEndpointConnections?: VpcEndpointConnection[]; + Details?: VolumeStatusDetails[]; /** - *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The status of the volume.
*/ - NextToken?: string; + Status?: VolumeStatusInfoStatus | string; } -export namespace DescribeVpcEndpointConnectionsResult { +export namespace VolumeStatusInfo { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeVpcEndpointConnectionsResult): any => ({ + export const filterSensitiveLog = (obj: VolumeStatusInfo): any => ({ ...obj, }); } /** - *Contains the parameters for DescribeVpcEndpoints.
+ *Describes the volume status.
*/ -export interface DescribeVpcEndpointsRequest { +export interface VolumeStatusItem { /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The details of the operation.
*/ - DryRun?: boolean; + Actions?: VolumeStatusAction[]; /** - *One or more endpoint IDs.
+ *The Availability Zone of the volume.
*/ - VpcEndpointIds?: string[]; + AvailabilityZone?: string; /** - *One or more filters.
- *
- * service-name
- The name of the service.
- * vpc-id
- The ID of the VPC in which the endpoint resides.
- * vpc-endpoint-id
- The ID of the endpoint.
- * vpc-endpoint-state
- The state of the endpoint
- * (pendingAcceptance
| pending
|
- * available
| deleting
| deleted
|
- * rejected
| failed
).
- * vpc-endpoint-type
- The type of VPC endpoint (Interface
| Gateway
| GatewayLoadBalancer
).
- * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
- * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
The Amazon Resource Name (ARN) of the Outpost.
*/ - Filters?: Filter[]; + OutpostArn?: string; /** - *The maximum number of items to return for this request. The request returns a token that you can specify in a subsequent call to get the next set of results.
- *Constraint: If the value is greater than 1,000, we return only 1,000 items.
+ *A list of events associated with the volume.
*/ - MaxResults?: number; + Events?: VolumeStatusEvent[]; /** - *The token for the next set of items to return. (You received this token from a prior call.)
+ *The volume ID.
*/ - NextToken?: string; + VolumeId?: string; + + /** + *The volume status.
+ */ + VolumeStatus?: VolumeStatusInfo; + + /** + *Information about the instances to which the volume is attached.
+ */ + AttachmentStatuses?: VolumeStatusAttachmentStatus[]; } -export namespace DescribeVpcEndpointsRequest { +export namespace VolumeStatusItem { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeVpcEndpointsRequest): any => ({ + export const filterSensitiveLog = (obj: VolumeStatusItem): any => ({ ...obj, }); } -/** - *Contains the output of DescribeVpcEndpoints.
- */ -export interface DescribeVpcEndpointsResult { +export interface DescribeVolumeStatusResult { /** - *Information about the endpoints.
+ *The token to use to retrieve the next page of results. This value is null
+ * when there are no more results to return.
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
+ *Information about the status of the volumes.
*/ - NextToken?: string; + VolumeStatuses?: VolumeStatusItem[]; } -export namespace DescribeVpcEndpointsResult { +export namespace DescribeVolumeStatusResult { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeVpcEndpointsResult): any => ({ + export const filterSensitiveLog = (obj: DescribeVolumeStatusResult): any => ({ ...obj, }); } -export interface DescribeVpcEndpointServiceConfigurationsRequest { +export type VpcAttributeName = "enableDnsHostnames" | "enableDnsSupport"; + +export interface DescribeVpcAttributeRequest { + /** + *The VPC attribute.
+ */ + Attribute: VpcAttributeName | string | undefined; + + /** + *The ID of the VPC.
+ */ + VpcId: string | undefined; + /** *Checks whether you have the required permissions for the action, without actually making the request,
* and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
* Otherwise, it is UnauthorizedOperation
.
The IDs of one or more services.
+ * @internal */ - ServiceIds?: string[]; + export const filterSensitiveLog = (obj: DescribeVpcAttributeRequest): any => ({ + ...obj, + }); +} + +export interface DescribeVpcAttributeResult { + /** + *The ID of the VPC.
+ */ + VpcId?: string; + + /** + *Indicates whether the instances launched in the VPC get DNS hostnames.
+ * If this attribute is true
, instances in the VPC get DNS hostnames;
+ * otherwise, they do not.
Indicates whether DNS resolution is enabled for
+ * the VPC. If this attribute is true
, the Amazon DNS server
+ * resolves DNS hostnames for your instances to their corresponding
+ * IP addresses; otherwise, it does not.
One or more filters.
*
- * service-name
- The name of the service.
- * service-id
- The ID of the service.
- * service-state
- The state of the service (Pending
|
- * Available
| Deleting
| Deleted
|
- * Failed
).
is-classic-link-enabled
- Whether the VPC is enabled for ClassicLink
+ * (true
| false
).
*
- * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
+ * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
+ *
* tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
The maximum number of results to return for the request in a single page. The remaining
- * results of the initial request can be seen by sending another request with the returned
- * NextToken
value. This value can be between 5 and 1,000; if
- * MaxResults
is given a value larger than 1,000, only 1,000 results are
- * returned.
Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The token to retrieve the next page of results.
+ *One or more VPCs for which you want to describe the ClassicLink status.
*/ - NextToken?: string; + VpcIds?: string[]; } -export namespace DescribeVpcEndpointServiceConfigurationsRequest { +export namespace DescribeVpcClassicLinkRequest { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeVpcEndpointServiceConfigurationsRequest): any => ({ + export const filterSensitiveLog = (obj: DescribeVpcClassicLinkRequest): any => ({ ...obj, }); } -export interface DescribeVpcEndpointServiceConfigurationsResult { +/** + *Describes whether a VPC is enabled for ClassicLink.
+ */ +export interface VpcClassicLink { /** - *Information about one or more services.
+ *Indicates whether the VPC is enabled for ClassicLink.
*/ - ServiceConfigurations?: ServiceConfiguration[]; + ClassicLinkEnabled?: boolean; /** - *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
Any tags assigned to the VPC.
*/ - NextToken?: string; + Tags?: Tag[]; + + /** + *The ID of the VPC.
+ */ + VpcId?: string; } -export namespace DescribeVpcEndpointServiceConfigurationsResult { +export namespace VpcClassicLink { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeVpcEndpointServiceConfigurationsResult): any => ({ + export const filterSensitiveLog = (obj: VpcClassicLink): any => ({ ...obj, }); } -export interface DescribeVpcEndpointServicePermissionsRequest { +export interface DescribeVpcClassicLinkResult { /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The ClassicLink status of one or more VPCs.
*/ - DryRun?: boolean; + Vpcs?: VpcClassicLink[]; +} +export namespace DescribeVpcClassicLinkResult { /** - *The ID of the service.
+ * @internal */ - ServiceId: string | undefined; + export const filterSensitiveLog = (obj: DescribeVpcClassicLinkResult): any => ({ + ...obj, + }); +} +export interface DescribeVpcClassicLinkDnsSupportRequest { /** - *One or more filters.
- *
- * principal
- The ARN of the principal.
- * principal-type
- The principal type (All
|
- * Service
| OrganizationUnit
| Account
- * | User
| Role
).
The maximum number of results to return with a single call.
+ * To retrieve the remaining results, make another call with the returned nextToken
value.
The maximum number of results to return for the request in a single page. The remaining
- * results of the initial request can be seen by sending another request with the returned
- * NextToken
value. This value can be between 5 and 1,000; if
- * MaxResults
is given a value larger than 1,000, only 1,000 results are
- * returned.
The token for the next page of results.
*/ - MaxResults?: number; + NextToken?: string; /** - *The token to retrieve the next page of results.
+ *One or more VPC IDs.
*/ - NextToken?: string; + VpcIds?: string[]; } -export namespace DescribeVpcEndpointServicePermissionsRequest { +export namespace DescribeVpcClassicLinkDnsSupportRequest { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeVpcEndpointServicePermissionsRequest): any => ({ + export const filterSensitiveLog = (obj: DescribeVpcClassicLinkDnsSupportRequest): any => ({ ...obj, }); } -export interface DescribeVpcEndpointServicePermissionsResult { +/** + *Describes the ClassicLink DNS support status of a VPC.
+ */ +export interface ClassicLinkDnsSupport { /** - *Information about one or more allowed principals.
+ *Indicates whether ClassicLink DNS support is enabled for the VPC.
*/ - AllowedPrincipals?: AllowedPrincipal[]; + ClassicLinkDnsSupported?: boolean; + /** + *The ID of the VPC.
+ */ + VpcId?: string; +} + +export namespace ClassicLinkDnsSupport { + /** + * @internal + */ + export const filterSensitiveLog = (obj: ClassicLinkDnsSupport): any => ({ + ...obj, + }); +} + +export interface DescribeVpcClassicLinkDnsSupportResult { /** *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
Information about the ClassicLink DNS support status of the VPCs.
+ */ + Vpcs?: ClassicLinkDnsSupport[]; } -export namespace DescribeVpcEndpointServicePermissionsResult { +export namespace DescribeVpcClassicLinkDnsSupportResult { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeVpcEndpointServicePermissionsResult): any => ({ + export const filterSensitiveLog = (obj: DescribeVpcClassicLinkDnsSupportResult): any => ({ ...obj, }); } -/** - *Contains the parameters for DescribeVpcEndpointServices.
- */ -export interface DescribeVpcEndpointServicesRequest { +export interface DescribeVpcEndpointConnectionNotificationsRequest { /** *Checks whether you have the required permissions for the action, without actually making the request,
* and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
@@ -851,423 +1029,392 @@ export interface DescribeVpcEndpointServicesRequest {
DryRun?: boolean;
/**
- *
One or more service names.
+ *The ID of the notification.
*/ - ServiceNames?: string[]; + ConnectionNotificationId?: string; /** *One or more filters.
*
- * service-name
- The name of the service.
connection-notification-arn
- The ARN of the SNS topic for the
+ * notification.
*
- * service-type
- The type of service (Interface
|
- * Gateway
).
connection-notification-id
- The ID of the
+ * notification.
*
- * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
+ * connection-notification-state
- The state of the notification
+ * (Enabled
| Disabled
).
- * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
+ * connection-notification-type
- The type of notification
+ * (Topic
).
+ * service-id
- The ID of the endpoint service.
+ * vpc-endpoint-id
- The ID of the VPC endpoint.
The maximum number of items to return for this request. The request returns a token that you can specify in a subsequent call to get the next set of results.
- *Constraint: If the value is greater than 1,000, we return only 1,000 items.
+ *The maximum number of results to return in a single call. To retrieve the remaining
+ * results, make another request with the returned NextToken
value.
The token for the next set of items to return. (You received this token from a prior call.)
+ *The token to request the next page of results.
*/ NextToken?: string; } -export namespace DescribeVpcEndpointServicesRequest { +export namespace DescribeVpcEndpointConnectionNotificationsRequest { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeVpcEndpointServicesRequest): any => ({ + export const filterSensitiveLog = (obj: DescribeVpcEndpointConnectionNotificationsRequest): any => ({ ...obj, }); } -/** - *Information about the Private DNS name for interface endpoints.
- */ -export interface PrivateDnsDetails { +export interface DescribeVpcEndpointConnectionNotificationsResult { /** - *The private DNS name assigned to the VPC endpoint service.
+ *One or more notifications.
*/ - PrivateDnsName?: string; + ConnectionNotificationSet?: ConnectionNotification[]; + + /** + *The token to use to retrieve the next page of results. This value is
+ * null
when there are no more results to return.
Describes a VPC endpoint service.
- */ -export interface ServiceDetail { +export interface DescribeVpcEndpointConnectionsRequest { /** - *The Amazon Resource Name (ARN) of the service.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The ID of the endpoint service.
+ *One or more filters.
+ *
+ * service-id
- The ID of the service.
+ * vpc-endpoint-owner
- The AWS account number of the owner of the
+ * endpoint.
+ * vpc-endpoint-state
- The state of the endpoint
+ * (pendingAcceptance
| pending
|
+ * available
| deleting
| deleted
|
+ * rejected
| failed
).
+ * vpc-endpoint-id
- The ID of the endpoint.
The type of service.
+ *The maximum number of results to return for the request in a single page. The remaining
+ * results of the initial request can be seen by sending another request with the returned
+ * NextToken
value. This value can be between 5 and 1,000; if
+ * MaxResults
is given a value larger than 1,000, only 1,000 results are
+ * returned.
The Availability Zones in which the service is available.
+ *The token to retrieve the next page of results.
*/ - AvailabilityZones?: string[]; + NextToken?: string; +} +export namespace DescribeVpcEndpointConnectionsRequest { /** - *The AWS account ID of the service owner.
+ * @internal */ - Owner?: string; + export const filterSensitiveLog = (obj: DescribeVpcEndpointConnectionsRequest): any => ({ + ...obj, + }); +} +/** + *Describes a VPC endpoint connection to a service.
+ */ +export interface VpcEndpointConnection { /** - *The DNS names for the service.
+ *The ID of the service to which the endpoint is connected.
*/ - BaseEndpointDnsNames?: string[]; + ServiceId?: string; /** - *The private DNS name for the service.
+ *The ID of the VPC endpoint.
*/ - PrivateDnsName?: string; + VpcEndpointId?: string; /** - *The private DNS names assigned to the VPC endpoint service.
+ *The AWS account ID of the owner of the VPC endpoint.
*/ - PrivateDnsNames?: PrivateDnsDetails[]; + VpcEndpointOwner?: string; /** - *Indicates whether the service supports endpoint policies.
+ *The state of the VPC endpoint.
*/ - VpcEndpointPolicySupported?: boolean; + VpcEndpointState?: State | string; /** - *Indicates whether VPC endpoint connection requests to the service must be accepted by the service owner.
+ *The date and time that the VPC endpoint was created.
*/ - AcceptanceRequired?: boolean; + CreationTimestamp?: Date; /** - *Indicates whether the service manages its VPC endpoints. Management of the service VPC - * endpoints using the VPC endpoint API is restricted.
+ *The DNS entries for the VPC endpoint.
*/ - ManagesVpcEndpoints?: boolean; + DnsEntries?: DnsEntry[]; /** - *Any tags assigned to the service.
+ *The Amazon Resource Names (ARNs) of the network load balancers for the service.
*/ - Tags?: Tag[]; + NetworkLoadBalancerArns?: string[]; /** - *The verification state of the VPC endpoint service.
- *Consumers of the endpoint service cannot use the private name when the state is not verified
.
The Amazon Resource Names (ARNs) of the Gateway Load Balancers for the service.
*/ - PrivateDnsNameVerificationState?: DnsNameState | string; + GatewayLoadBalancerArns?: string[]; } -export namespace ServiceDetail { +export namespace VpcEndpointConnection { /** * @internal */ - export const filterSensitiveLog = (obj: ServiceDetail): any => ({ + export const filterSensitiveLog = (obj: VpcEndpointConnection): any => ({ ...obj, }); } -/** - *Contains the output of DescribeVpcEndpointServices.
- */ -export interface DescribeVpcEndpointServicesResult { - /** - *A list of supported services.
- */ - ServiceNames?: string[]; - +export interface DescribeVpcEndpointConnectionsResult { /** - *Information about the service.
+ *Information about one or more VPC endpoint connections.
*/ - ServiceDetails?: ServiceDetail[]; + VpcEndpointConnections?: VpcEndpointConnection[]; /** - *The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
+ *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
Contains the parameters for DescribeVpcEndpoints.
+ */ +export interface DescribeVpcEndpointsRequest { + /** + *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
One or more endpoint IDs.
+ */ + VpcEndpointIds?: string[]; + /** *One or more filters.
- *
- * accepter-vpc-info.cidr-block
- The IPv4 CIDR block of the accepter
- * VPC.
- * accepter-vpc-info.owner-id
- The ID of the Amazon Web Services account that owns the
- * accepter VPC.
- * accepter-vpc-info.vpc-id
- The ID of the accepter VPC.
- * expiration-time
- The expiration date and time for the VPC peering
- * connection.
- * requester-vpc-info.cidr-block
- The IPv4 CIDR block of the
- * requester's VPC.
+ * service-name
- The name of the service.
- * requester-vpc-info.owner-id
- The ID of the Amazon Web Services account that owns the
- * requester VPC.
+ * vpc-id
- The ID of the VPC in which the endpoint resides.
- * requester-vpc-info.vpc-id
- The ID of the requester VPC.
+ * vpc-endpoint-id
- The ID of the endpoint.
- * status-code
- The status of the VPC peering connection
- * (pending-acceptance
| failed
|
- * expired
| provisioning
| active
|
- * deleting
| deleted
|
- * rejected
).
+ * vpc-endpoint-state
- The state of the endpoint
+ * (pendingAcceptance
| pending
|
+ * available
| deleting
| deleted
|
+ * rejected
| failed
).
- * status-message
- A message that provides more information about the status
- * of the VPC peering connection, if applicable.
+ * vpc-endpoint-type
- The type of VPC endpoint (Interface
| Gateway
| GatewayLoadBalancer
).
- * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
+ * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
+ *
* tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
- * vpc-peering-connection-id
- The ID of the VPC peering connection.
Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
One or more VPC peering connection IDs.
- *Default: Describes all your VPC peering connections.
+ *The maximum number of items to return for this request. The request returns a token that you can specify in a subsequent call to get the next set of results.
+ *Constraint: If the value is greater than 1,000, we return only 1,000 items.
*/ - VpcPeeringConnectionIds?: string[]; + MaxResults?: number; /** - *The token for the next page of results.
+ *The token for the next set of items to return. (You received this token from a prior call.)
*/ NextToken?: string; - - /** - *The maximum number of results to return with a single call.
- * To retrieve the remaining results, make another call with the returned nextToken
value.
Contains the output of DescribeVpcEndpoints.
+ */ +export interface DescribeVpcEndpointsResult { /** - *Information about the VPC peering connections.
+ *Information about the endpoints.
*/ - VpcPeeringConnections?: VpcPeeringConnection[]; + VpcEndpoints?: VpcEndpoint[]; /** - *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
*/ NextToken?: string; } -export namespace DescribeVpcPeeringConnectionsResult { +export namespace DescribeVpcEndpointsResult { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeVpcPeeringConnectionsResult): any => ({ + export const filterSensitiveLog = (obj: DescribeVpcEndpointsResult): any => ({ ...obj, }); } -export interface DescribeVpcsRequest { +export interface DescribeVpcEndpointServiceConfigurationsRequest { + /** + *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The IDs of one or more services.
+ */ + ServiceIds?: string[]; + /** *One or more filters.
- *
- * cidr
- The primary IPv4 CIDR block of the VPC. The CIDR block you
- * specify must exactly match the VPC's CIDR block for information to be returned
- * for the VPC. Must contain the slash followed by one or two digits (for example,
- * /28
).
- * cidr-block-association.cidr-block
- An IPv4 CIDR block associated with the
- * VPC.
- * cidr-block-association.association-id
- The association ID for
- * an IPv4 CIDR block associated with the VPC.
- * cidr-block-association.state
- The state of an IPv4 CIDR block
- * associated with the VPC.
- * dhcp-options-id
- The ID of a set of DHCP options.
- * ipv6-cidr-block-association.ipv6-cidr-block
- An IPv6 CIDR
- * block associated with the VPC.
- * ipv6-cidr-block-association.ipv6-pool
- The ID of the IPv6 address pool from which the IPv6 CIDR block is allocated.
- * ipv6-cidr-block-association.association-id
- The association
- * ID for an IPv6 CIDR block associated with the VPC.
- * ipv6-cidr-block-association.state
- The state of an IPv6 CIDR
- * block associated with the VPC.
- * is-default
- Indicates whether the VPC is the default VPC.
+ * service-name
- The name of the service.
- * owner-id
- The ID of the Amazon Web Services account that owns the VPC.
+ * service-id
- The ID of the service.
- * state
- The state of the VPC (pending
| available
).
+ * service-state
- The state of the service (Pending
|
+ * Available
| Deleting
| Deleted
|
+ * Failed
).
- * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
+ * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
+ *
* tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
- * vpc-id
- The ID of the VPC.
One or more VPC IDs.
- *Default: Describes all your VPCs.
- */ - VpcIds?: string[]; - - /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The maximum number of results to return for the request in a single page. The remaining
+ * results of the initial request can be seen by sending another request with the returned
+ * NextToken
value. This value can be between 5 and 1,000; if
+ * MaxResults
is given a value larger than 1,000, only 1,000 results are
+ * returned.
The token for the next page of results.
+ *The token to retrieve the next page of results.
*/ NextToken?: string; - - /** - *The maximum number of results to return with a single call.
- * To retrieve the remaining results, make another call with the returned nextToken
value.
Information about one or more VPCs.
+ *Information about one or more services.
*/ - Vpcs?: Vpc[]; + ServiceConfigurations?: ServiceConfiguration[]; /** *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
Contains the parameters for DescribeVpnConnections.
- */ -export interface DescribeVpnConnectionsRequest { +export interface DescribeVpcEndpointServicePermissionsRequest { + /** + *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The ID of the service.
+ */ + ServiceId: string | undefined; + /** *One or more filters.
- *
- * customer-gateway-configuration
- The configuration information
- * for the customer gateway.
- * customer-gateway-id
- The ID of a customer gateway associated
- * with the VPN connection.
- * state
- The state of the VPN connection (pending
|
- * available
| deleting
|
- * deleted
).
- * option.static-routes-only
- Indicates whether the connection has
- * static routes only. Used for devices that do not support Border Gateway Protocol
- * (BGP).
- * route.destination-cidr-block
- The destination CIDR block. This
- * corresponds to the subnet used in a customer data center.
- * bgp-asn
- The BGP Autonomous System Number (ASN) associated with
- * a BGP device.
- * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
- * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
- * type
- The type of VPN connection. Currently the only supported
- * type is ipsec.1
.
- * vpn-connection-id
- The ID of the VPN connection.
- * vpn-gateway-id
- The ID of a virtual private gateway associated
- * with the VPN connection.
+ * principal
- The ARN of the principal.
- * transit-gateway-id
- The ID of a transit gateway associated with
- * the VPN connection.
+ * principal-type
- The principal type (All
|
+ * Service
| OrganizationUnit
| Account
+ * | User
| Role
).
One or more VPN connection IDs.
- *Default: Describes your VPN connections.
+ *The maximum number of results to return for the request in a single page. The remaining
+ * results of the initial request can be seen by sending another request with the returned
+ * NextToken
value. This value can be between 5 and 1,000; if
+ * MaxResults
is given a value larger than 1,000, only 1,000 results are
+ * returned.
Checks whether you have the required permissions for the action, without actually
- * making the request, and provides an error response. If you have the required
- * permissions, the error response is DryRunOperation
. Otherwise, it is
- * UnauthorizedOperation
.
The token to retrieve the next page of results.
*/ - DryRun?: boolean; + NextToken?: string; } -export namespace DescribeVpnConnectionsRequest { +export namespace DescribeVpcEndpointServicePermissionsRequest { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeVpnConnectionsRequest): any => ({ + export const filterSensitiveLog = (obj: DescribeVpcEndpointServicePermissionsRequest): any => ({ ...obj, }); } -/** - *Contains the output of DescribeVpnConnections.
- */ -export interface DescribeVpnConnectionsResult { +export interface DescribeVpcEndpointServicePermissionsResult { /** - *Information about one or more VPN connections.
+ *Information about one or more allowed principals.
*/ - VpnConnections?: VpnConnection[]; + AllowedPrincipals?: AllowedPrincipal[]; + + /** + *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
Contains the parameters for DescribeVpnGateways.
+ *Contains the parameters for DescribeVpcEndpointServices.
*/ -export interface DescribeVpnGatewaysRequest { +export interface DescribeVpcEndpointServicesRequest { + /** + *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
One or more service names.
+ */ + ServiceNames?: string[]; + /** *One or more filters.
*
- * amazon-side-asn
- The Autonomous System Number (ASN) for the
- * Amazon side of the gateway.
- * attachment.state
- The current state of the attachment between
- * the gateway and the VPC (attaching
| attached
|
- * detaching
| detached
).
- * attachment.vpc-id
- The ID of an attached VPC.
- * availability-zone
- The Availability Zone for the virtual private
- * gateway (if applicable).
service-name
- The name of the service.
*
- * state
- The state of the virtual private gateway
- * (pending
| available
| deleting
|
- * deleted
).
service-type
- The type of service (Interface
|
+ * Gateway
).
*
- * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
+ * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
+ *
* tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
- * type
- The type of virtual private gateway. Currently the only
- * supported type is ipsec.1
.
- * vpn-gateway-id
- The ID of the virtual private gateway.
One or more virtual private gateway IDs.
- *Default: Describes all your virtual private gateways.
+ *The maximum number of items to return for this request. The request returns a token that you can specify in a subsequent call to get the next set of results.
+ *Constraint: If the value is greater than 1,000, we return only 1,000 items.
*/ - VpnGatewayIds?: string[]; + MaxResults?: number; /** - *Checks whether you have the required permissions for the action, without actually
- * making the request, and provides an error response. If you have the required
- * permissions, the error response is DryRunOperation
. Otherwise, it is
- * UnauthorizedOperation
.
The token for the next set of items to return. (You received this token from a prior call.)
*/ - DryRun?: boolean; + NextToken?: string; } -export namespace DescribeVpnGatewaysRequest { +export namespace DescribeVpcEndpointServicesRequest { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeVpnGatewaysRequest): any => ({ + export const filterSensitiveLog = (obj: DescribeVpcEndpointServicesRequest): any => ({ ...obj, }); } /** - *Contains the output of DescribeVpnGateways.
+ *Information about the Private DNS name for interface endpoints.
*/ -export interface DescribeVpnGatewaysResult { +export interface PrivateDnsDetails { /** - *Information about one or more virtual private gateways.
+ *The private DNS name assigned to the VPC endpoint service.
*/ - VpnGateways?: VpnGateway[]; + PrivateDnsName?: string; } -export namespace DescribeVpnGatewaysResult { +export namespace PrivateDnsDetails { /** * @internal */ - export const filterSensitiveLog = (obj: DescribeVpnGatewaysResult): any => ({ + export const filterSensitiveLog = (obj: PrivateDnsDetails): any => ({ ...obj, }); } -export interface DetachClassicLinkVpcRequest { +/** + *Describes a VPC endpoint service.
+ */ +export interface ServiceDetail { /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The Amazon Resource Name (ARN) of the service.
*/ - DryRun?: boolean; + ServiceName?: string; /** - *The ID of the instance to unlink from the VPC.
+ *The ID of the endpoint service.
*/ - InstanceId: string | undefined; + ServiceId?: string; /** - *The ID of the VPC to which the instance is linked.
+ *The type of service.
*/ - VpcId: string | undefined; -} + ServiceType?: ServiceTypeDetail[]; -export namespace DetachClassicLinkVpcRequest { /** - * @internal + *The Availability Zones in which the service is available.
*/ - export const filterSensitiveLog = (obj: DetachClassicLinkVpcRequest): any => ({ - ...obj, - }); -} + AvailabilityZones?: string[]; -export interface DetachClassicLinkVpcResult { /** - *Returns true
if the request succeeds; otherwise, it returns an error.
The AWS account ID of the service owner.
*/ - Return?: boolean; -} + Owner?: string; -export namespace DetachClassicLinkVpcResult { /** - * @internal + *The DNS names for the service.
*/ - export const filterSensitiveLog = (obj: DetachClassicLinkVpcResult): any => ({ - ...obj, - }); -} + BaseEndpointDnsNames?: string[]; -export interface DetachInternetGatewayRequest { /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The private DNS name for the service.
*/ - DryRun?: boolean; + PrivateDnsName?: string; /** - *The ID of the internet gateway.
+ *The private DNS names assigned to the VPC endpoint service.
*/ - InternetGatewayId: string | undefined; + PrivateDnsNames?: PrivateDnsDetails[]; /** - *The ID of the VPC.
+ *Indicates whether the service supports endpoint policies.
*/ - VpcId: string | undefined; -} + VpcEndpointPolicySupported?: boolean; -export namespace DetachInternetGatewayRequest { /** - * @internal + *Indicates whether VPC endpoint connection requests to the service must be accepted by the service owner.
*/ - export const filterSensitiveLog = (obj: DetachInternetGatewayRequest): any => ({ - ...obj, - }); -} + AcceptanceRequired?: boolean; -/** - *Contains the parameters for DetachNetworkInterface.
- */ -export interface DetachNetworkInterfaceRequest { /** - *The ID of the attachment.
+ *Indicates whether the service manages its VPC endpoints. Management of the service VPC + * endpoints using the VPC endpoint API is restricted.
*/ - AttachmentId: string | undefined; + ManagesVpcEndpoints?: boolean; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
Any tags assigned to the service.
*/ - DryRun?: boolean; + Tags?: Tag[]; /** - *Specifies whether to force a detachment.
- *Use the Force
parameter only as a last resort to detach a network interface from a failed instance.
If you use the Force
parameter to detach a network interface, you might not be able to attach a different network interface to the same index on the instance without first stopping and starting the instance.
If you force the detachment of a network interface, the instance metadata - * might not get updated. This means that the attributes associated - * with the detached network interface might still be visible. The - * instance metadata will get updated when you stop and start the - * instance.
- *The verification state of the VPC endpoint service.
+ *Consumers of the endpoint service cannot use the private name when the state is not verified
.
The device name.
- */ - Device?: string; - - /** - *Forces detachment if the previous detachment attempt did not occur cleanly (for example, - * logging into an instance, unmounting the volume, and detaching normally). This option can lead - * to data loss or a corrupted file system. Use this option only as a last resort to detach a - * volume from a failed instance. The instance won't have an opportunity to flush file system - * caches or file system metadata. If you use this option, you must perform file system check and - * repair procedures.
- */ - Force?: boolean; - +/** + *Contains the output of DescribeVpcEndpointServices.
+ */ +export interface DescribeVpcEndpointServicesResult { /** - *The ID of the instance. If you are detaching a Multi-Attach enabled volume, you must specify an instance ID.
+ *A list of supported services.
*/ - InstanceId?: string; + ServiceNames?: string[]; /** - *The ID of the volume.
+ *Information about the service.
*/ - VolumeId: string | undefined; + ServiceDetails?: ServiceDetail[]; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
*/ - DryRun?: boolean; + NextToken?: string; } -export namespace DetachVolumeRequest { +export namespace DescribeVpcEndpointServicesResult { /** * @internal */ - export const filterSensitiveLog = (obj: DetachVolumeRequest): any => ({ + export const filterSensitiveLog = (obj: DescribeVpcEndpointServicesResult): any => ({ ...obj, }); } -/** - *Contains the parameters for DetachVpnGateway.
- */ -export interface DetachVpnGatewayRequest { - /** - *The ID of the VPC.
- */ - VpcId: string | undefined; - - /** - *The ID of the virtual private gateway.
- */ - VpnGatewayId: string | undefined; - +export interface DescribeVpcPeeringConnectionsRequest { /** - *Checks whether you have the required permissions for the action, without actually
- * making the request, and provides an error response. If you have the required
- * permissions, the error response is DryRunOperation
. Otherwise, it is
- * UnauthorizedOperation
.
Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The updated status of encryption by default.
- */ - EbsEncryptionByDefault?: boolean; -} - -export namespace DisableEbsEncryptionByDefaultResult { - /** - * @internal - */ - export const filterSensitiveLog = (obj: DisableEbsEncryptionByDefaultResult): any => ({ - ...obj, - }); -} - -export interface DisableFastSnapshotRestoresRequest { - /** - *One or more Availability Zones. For example, us-east-2a
.
The IDs of one or more snapshots. For example, snap-1234567890abcdef0
.
Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
Describes fast snapshot restores that were successfully disabled.
- */ -export interface DisableFastSnapshotRestoreSuccessItem { - /** - *The ID of the snapshot.
- */ - SnapshotId?: string; - - /** - *The Availability Zone.
- */ - AvailabilityZone?: string; - - /** - *The state of fast snapshot restores for the snapshot.
- */ - State?: FastSnapshotRestoreStateCode | string; - - /** - *The reason for the state transition. The possible values are as follows:
+ *One or more filters.
*
- * Client.UserInitiated
- The state successfully transitioned to enabling
or
- * disabling
.
accepter-vpc-info.cidr-block
- The IPv4 CIDR block of the accepter
+ * VPC.
*
- * Client.UserInitiated - Lifecycle state transition
- The state successfully transitioned
- * to optimizing
, enabled
, or disabled
.
accepter-vpc-info.owner-id
- The ID of the Amazon Web Services account that owns the
+ * accepter VPC.
+ *
+ * accepter-vpc-info.vpc-id
- The ID of the accepter VPC.
+ * expiration-time
- The expiration date and time for the VPC peering
+ * connection.
+ * requester-vpc-info.cidr-block
- The IPv4 CIDR block of the
+ * requester's VPC.
+ * requester-vpc-info.owner-id
- The ID of the Amazon Web Services account that owns the
+ * requester VPC.
+ * requester-vpc-info.vpc-id
- The ID of the requester VPC.
+ * status-code
- The status of the VPC peering connection
+ * (pending-acceptance
| failed
|
+ * expired
| provisioning
| active
|
+ * deleting
| deleted
|
+ * rejected
).
+ * status-message
- A message that provides more information about the status
+ * of the VPC peering connection, if applicable.
+ * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
+ * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
+ * vpc-peering-connection-id
- The ID of the VPC peering connection.
The ID of the Amazon Web Services account that enabled fast snapshot restores on the snapshot.
- */ - OwnerId?: string; - - /** - *The Amazon Web Services owner alias that enabled fast snapshot restores on the snapshot. This is intended for future use.
- */ - OwnerAlias?: string; - - /** - *The time at which fast snapshot restores entered the enabling
state.
The time at which fast snapshot restores entered the optimizing
state.
The time at which fast snapshot restores entered the enabled
state.
The time at which fast snapshot restores entered the disabling
state.
The time at which fast snapshot restores entered the disabled
state.
Describes an error that occurred when disabling fast snapshot restores.
- */ -export interface DisableFastSnapshotRestoreStateError { - /** - *The error code.
- */ - Code?: string; + Filters?: Filter[]; /** - *The error message.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
One or more VPC peering connection IDs.
+ *Default: Describes all your VPC peering connections.
*/ - export const filterSensitiveLog = (obj: DisableFastSnapshotRestoreStateError): any => ({ - ...obj, - }); -} + VpcPeeringConnectionIds?: string[]; -/** - *Contains information about an error that occurred when disabling fast snapshot restores.
- */ -export interface DisableFastSnapshotRestoreStateErrorItem { /** - *The Availability Zone.
+ *The token for the next page of results.
*/ - AvailabilityZone?: string; + NextToken?: string; /** - *The error.
+ *The maximum number of results to return with a single call.
+ * To retrieve the remaining results, make another call with the returned nextToken
value.
Contains information about the errors that occurred when disabling fast snapshot restores.
- */ -export interface DisableFastSnapshotRestoreErrorItem { +export interface DescribeVpcPeeringConnectionsResult { /** - *The ID of the snapshot.
+ *Information about the VPC peering connections.
*/ - SnapshotId?: string; + VpcPeeringConnections?: VpcPeeringConnection[]; /** - *The errors.
+ *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
Information about the snapshots for which fast snapshot restores were successfully disabled.
- */ - Successful?: DisableFastSnapshotRestoreSuccessItem[]; - - /** - *Information about the snapshots for which fast snapshot restores could not be disabled.
- */ - Unsuccessful?: DisableFastSnapshotRestoreErrorItem[]; -} - -export namespace DisableFastSnapshotRestoresResult { +export interface DescribeVpcsRequest { /** - * @internal + *One or more filters.
+ *
+ * cidr
- The primary IPv4 CIDR block of the VPC. The CIDR block you
+ * specify must exactly match the VPC's CIDR block for information to be returned
+ * for the VPC. Must contain the slash followed by one or two digits (for example,
+ * /28
).
+ * cidr-block-association.cidr-block
- An IPv4 CIDR block associated with the
+ * VPC.
+ * cidr-block-association.association-id
- The association ID for
+ * an IPv4 CIDR block associated with the VPC.
+ * cidr-block-association.state
- The state of an IPv4 CIDR block
+ * associated with the VPC.
+ * dhcp-options-id
- The ID of a set of DHCP options.
+ * ipv6-cidr-block-association.ipv6-cidr-block
- An IPv6 CIDR
+ * block associated with the VPC.
+ * ipv6-cidr-block-association.ipv6-pool
- The ID of the IPv6 address pool from which the IPv6 CIDR block is allocated.
+ * ipv6-cidr-block-association.association-id
- The association
+ * ID for an IPv6 CIDR block associated with the VPC.
+ * ipv6-cidr-block-association.state
- The state of an IPv6 CIDR
+ * block associated with the VPC.
+ * is-default
- Indicates whether the VPC is the default VPC.
+ * owner-id
- The ID of the Amazon Web Services account that owns the VPC.
+ * state
- The state of the VPC (pending
| available
).
+ * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
+ * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
+ * vpc-id
- The ID of the VPC.
The ID of the AMI.
+ *One or more VPC IDs.
+ *Default: Describes all your VPCs.
*/ - ImageId: string | undefined; + VpcIds?: string[]; /** *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
*/
DryRun?: boolean;
-}
-export namespace DisableImageDeprecationRequest {
/**
- * @internal
+ * The token for the next page of results.
*/ - export const filterSensitiveLog = (obj: DisableImageDeprecationRequest): any => ({ - ...obj, - }); -} + NextToken?: string; -export interface DisableImageDeprecationResult { /** - *Returns true
if the request succeeds; otherwise, it returns an error.
The maximum number of results to return with a single call.
+ * To retrieve the remaining results, make another call with the returned nextToken
value.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
Information about one or more VPCs.
*/ - export const filterSensitiveLog = (obj: DisableSerialConsoleAccessRequest): any => ({ - ...obj, - }); -} + Vpcs?: Vpc[]; -export interface DisableSerialConsoleAccessResult { /** - *If true
, access to the EC2 serial console of all instances is enabled for
- * your account. If false
, access to the EC2 serial console of all instances
- * is disabled for your account.
The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
Contains the parameters for DescribeVpnConnections.
+ */ +export interface DescribeVpnConnectionsRequest { /** - *The ID of the propagation route table.
+ *One or more filters.
+ *
+ * customer-gateway-configuration
- The configuration information
+ * for the customer gateway.
+ * customer-gateway-id
- The ID of a customer gateway associated
+ * with the VPN connection.
+ * state
- The state of the VPN connection (pending
|
+ * available
| deleting
|
+ * deleted
).
+ * option.static-routes-only
- Indicates whether the connection has
+ * static routes only. Used for devices that do not support Border Gateway Protocol
+ * (BGP).
+ * route.destination-cidr-block
- The destination CIDR block. This
+ * corresponds to the subnet used in a customer data center.
+ * bgp-asn
- The BGP Autonomous System Number (ASN) associated with
+ * a BGP device.
+ * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
+ * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
+ * type
- The type of VPN connection. Currently the only supported
+ * type is ipsec.1
.
+ * vpn-connection-id
- The ID of the VPN connection.
+ * vpn-gateway-id
- The ID of a virtual private gateway associated
+ * with the VPN connection.
+ * transit-gateway-id
- The ID of a transit gateway associated with
+ * the VPN connection.
The ID of the attachment.
+ *One or more VPN connection IDs.
+ *Default: Describes your VPN connections.
*/ - TransitGatewayAttachmentId: string | undefined; + VpnConnectionIds?: string[]; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
Checks whether you have the required permissions for the action, without actually
+ * making the request, and provides an error response. If you have the required
+ * permissions, the error response is DryRunOperation
. Otherwise, it is
+ * UnauthorizedOperation
.
Describes route propagation.
+ *Contains the output of DescribeVpnConnections.
*/ -export interface TransitGatewayPropagation { - /** - *The ID of the attachment.
- */ - TransitGatewayAttachmentId?: string; - - /** - *The ID of the resource.
- */ - ResourceId?: string; - - /** - *The resource type. Note that the tgw-peering
resource type has been deprecated.
The ID of the transit gateway route table.
- */ - TransitGatewayRouteTableId?: string; - - /** - *The state.
- */ - State?: TransitGatewayPropagationState | string; -} - -export namespace TransitGatewayPropagation { - /** - * @internal - */ - export const filterSensitiveLog = (obj: TransitGatewayPropagation): any => ({ - ...obj, - }); -} - -export interface DisableTransitGatewayRouteTablePropagationResult { +export interface DescribeVpnConnectionsResult { /** - *Information about route propagation.
+ *Information about one or more VPN connections.
*/ - Propagation?: TransitGatewayPropagation; + VpnConnections?: VpnConnection[]; } -export namespace DisableTransitGatewayRouteTablePropagationResult { +export namespace DescribeVpnConnectionsResult { /** * @internal */ - export const filterSensitiveLog = (obj: DisableTransitGatewayRouteTablePropagationResult): any => ({ + export const filterSensitiveLog = (obj: DescribeVpnConnectionsResult): any => ({ ...obj, }); } /** - *Contains the parameters for DisableVgwRoutePropagation.
+ *Contains the parameters for DescribeVpnGateways.
*/ -export interface DisableVgwRoutePropagationRequest { +export interface DescribeVpnGatewaysRequest { /** - *The ID of the virtual private gateway.
+ *One or more filters.
+ *
+ * amazon-side-asn
- The Autonomous System Number (ASN) for the
+ * Amazon side of the gateway.
+ * attachment.state
- The current state of the attachment between
+ * the gateway and the VPC (attaching
| attached
|
+ * detaching
| detached
).
+ * attachment.vpc-id
- The ID of an attached VPC.
+ * availability-zone
- The Availability Zone for the virtual private
+ * gateway (if applicable).
+ * state
- The state of the virtual private gateway
+ * (pending
| available
| deleting
|
+ * deleted
).
+ * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
+ * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
+ * type
- The type of virtual private gateway. Currently the only
+ * supported type is ipsec.1
.
+ * vpn-gateway-id
- The ID of the virtual private gateway.
The ID of the route table.
+ *One or more virtual private gateway IDs.
+ *Default: Describes all your virtual private gateways.
*/ - RouteTableId: string | undefined; + VpnGatewayIds?: string[]; /** *Checks whether you have the required permissions for the action, without actually @@ -2108,314 +2135,273 @@ export interface DisableVgwRoutePropagationRequest { DryRun?: boolean; } -export namespace DisableVgwRoutePropagationRequest { +export namespace DescribeVpnGatewaysRequest { /** * @internal */ - export const filterSensitiveLog = (obj: DisableVgwRoutePropagationRequest): any => ({ + export const filterSensitiveLog = (obj: DescribeVpnGatewaysRequest): any => ({ ...obj, }); } -export interface DisableVpcClassicLinkRequest { - /** - *
Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
Contains the output of DescribeVpnGateways.
+ */ +export interface DescribeVpnGatewaysResult { /** - *The ID of the VPC.
+ *Information about one or more virtual private gateways.
*/ - VpcId: string | undefined; + VpnGateways?: VpnGateway[]; } -export namespace DisableVpcClassicLinkRequest { +export namespace DescribeVpnGatewaysResult { /** * @internal */ - export const filterSensitiveLog = (obj: DisableVpcClassicLinkRequest): any => ({ + export const filterSensitiveLog = (obj: DescribeVpnGatewaysResult): any => ({ ...obj, }); } -export interface DisableVpcClassicLinkResult { +export interface DetachClassicLinkVpcRequest { /** - *Returns true
if the request succeeds; otherwise, it returns an error.
Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The ID of the instance to unlink from the VPC.
*/ - export const filterSensitiveLog = (obj: DisableVpcClassicLinkResult): any => ({ - ...obj, - }); -} + InstanceId: string | undefined; -export interface DisableVpcClassicLinkDnsSupportRequest { /** - *The ID of the VPC.
+ *The ID of the VPC to which the instance is linked.
*/ - VpcId?: string; + VpcId: string | undefined; } -export namespace DisableVpcClassicLinkDnsSupportRequest { +export namespace DetachClassicLinkVpcRequest { /** * @internal */ - export const filterSensitiveLog = (obj: DisableVpcClassicLinkDnsSupportRequest): any => ({ + export const filterSensitiveLog = (obj: DetachClassicLinkVpcRequest): any => ({ ...obj, }); } -export interface DisableVpcClassicLinkDnsSupportResult { +export interface DetachClassicLinkVpcResult { /** *Returns true
if the request succeeds; otherwise, it returns an error.
[EC2-VPC] The association ID. Required for EC2-VPC.
- */ - AssociationId?: string; - - /** - *[EC2-Classic] The Elastic IP address. Required for EC2-Classic.
- */ - PublicIp?: string; - +export interface DetachInternetGatewayRequest { /** *Checks whether you have the required permissions for the action, without actually making the request,
* and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
* Otherwise, it is UnauthorizedOperation
.
The ID of the Client VPN endpoint from which to disassociate the target network.
- */ - ClientVpnEndpointId: string | undefined; - - /** - *The ID of the target network association.
- */ - AssociationId: string | undefined; - - /** - *Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
The ID of the target network association.
+ *The ID of the internet gateway.
*/ - AssociationId?: string; + InternetGatewayId: string | undefined; /** - *The current state of the target network association.
+ *The ID of the VPC.
*/ - Status?: AssociationStatus; + VpcId: string | undefined; } -export namespace DisassociateClientVpnTargetNetworkResult { +export namespace DetachInternetGatewayRequest { /** * @internal */ - export const filterSensitiveLog = (obj: DisassociateClientVpnTargetNetworkResult): any => ({ + export const filterSensitiveLog = (obj: DetachInternetGatewayRequest): any => ({ ...obj, }); } -export interface DisassociateEnclaveCertificateIamRoleRequest { +/** + *Contains the parameters for DetachNetworkInterface.
+ */ +export interface DetachNetworkInterfaceRequest { /** - *The ARN of the ACM certificate from which to disassociate the IAM role.
+ *The ID of the attachment.
*/ - CertificateArn?: string; + AttachmentId: string | undefined; /** - *The ARN of the IAM role to disassociate.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
Specifies whether to force a detachment.
+ *Use the Force
parameter only as a last resort to detach a network interface from a failed instance.
If you use the Force
parameter to detach a network interface, you might not be able to attach a different network interface to the same index on the instance without first stopping and starting the instance.
If you force the detachment of a network interface, the instance metadata + * might not get updated. This means that the attributes associated + * with the detached network interface might still be visible. The + * instance metadata will get updated when you stop and start the + * instance.
+ *Returns true
if the request succeeds; otherwise, it returns an error.
The device name.
*/ - Return?: boolean; -} + Device?: string; -export namespace DisassociateEnclaveCertificateIamRoleResult { /** - * @internal + *Forces detachment if the previous detachment attempt did not occur cleanly (for example, + * logging into an instance, unmounting the volume, and detaching normally). This option can lead + * to data loss or a corrupted file system. Use this option only as a last resort to detach a + * volume from a failed instance. The instance won't have an opportunity to flush file system + * caches or file system metadata. If you use this option, you must perform file system check and + * repair procedures.
*/ - export const filterSensitiveLog = (obj: DisassociateEnclaveCertificateIamRoleResult): any => ({ - ...obj, - }); -} + Force?: boolean; -export interface DisassociateIamInstanceProfileRequest { /** - *The ID of the IAM instance profile association.
+ *The ID of the instance. If you are detaching a Multi-Attach enabled volume, you must specify an instance ID.
*/ - AssociationId: string | undefined; -} + InstanceId?: string; -export namespace DisassociateIamInstanceProfileRequest { /** - * @internal + *The ID of the volume.
*/ - export const filterSensitiveLog = (obj: DisassociateIamInstanceProfileRequest): any => ({ - ...obj, - }); -} + VolumeId: string | undefined; -export interface DisassociateIamInstanceProfileResult { /** - *Information about the IAM instance profile association.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The targets to disassociate from the specified event window.
+ *Contains the parameters for DetachVpnGateway.
*/ -export interface InstanceEventWindowDisassociationRequest { +export interface DetachVpnGatewayRequest { /** - *The IDs of the instances to disassociate from the event window.
+ *The ID of the VPC.
*/ - InstanceIds?: string[]; + VpcId: string | undefined; /** - *The instance tags to disassociate from the event window. Any instances associated with - * the tags will be disassociated from the event window.
+ *The ID of the virtual private gateway.
*/ - InstanceTags?: Tag[]; + VpnGatewayId: string | undefined; /** - *The IDs of the Dedicated Hosts to disassociate from the event window.
+ *Checks whether you have the required permissions for the action, without actually
+ * making the request, and provides an error response. If you have the required
+ * permissions, the error response is DryRunOperation
. Otherwise, it is
+ * UnauthorizedOperation
.
Checks whether you have the required permissions for the action, without actually making the request,
* and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
* Otherwise, it is UnauthorizedOperation
.
The ID of the event window.
- */ - InstanceEventWindowId: string | undefined; - - /** - *One or more targets to disassociate from the specified event window.
- */ - AssociationTarget: InstanceEventWindowDisassociationRequest | undefined; } -export namespace DisassociateInstanceEventWindowRequest { +export namespace DisableEbsEncryptionByDefaultRequest { /** * @internal */ - export const filterSensitiveLog = (obj: DisassociateInstanceEventWindowRequest): any => ({ + export const filterSensitiveLog = (obj: DisableEbsEncryptionByDefaultRequest): any => ({ ...obj, }); } -export interface DisassociateInstanceEventWindowResult { +export interface DisableEbsEncryptionByDefaultResult { /** - *Information about the event window.
+ *The updated status of encryption by default.
*/ - InstanceEventWindow?: InstanceEventWindow; + EbsEncryptionByDefault?: boolean; } -export namespace DisassociateInstanceEventWindowResult { +export namespace DisableEbsEncryptionByDefaultResult { /** * @internal */ - export const filterSensitiveLog = (obj: DisassociateInstanceEventWindowResult): any => ({ + export const filterSensitiveLog = (obj: DisableEbsEncryptionByDefaultResult): any => ({ ...obj, }); } -export interface DisassociateRouteTableRequest { +export interface DisableFastSnapshotRestoresRequest { /** - *The association ID representing the current association between the route table and subnet or gateway.
+ *One or more Availability Zones. For example, us-east-2a
.
The IDs of one or more snapshots. For example, snap-1234567890abcdef0
.
Checks whether you have the required permissions for the action, without actually making the request, @@ -2425,285 +2411,272 @@ export interface DisassociateRouteTableRequest { DryRun?: boolean; } -export namespace DisassociateRouteTableRequest { +export namespace DisableFastSnapshotRestoresRequest { /** * @internal */ - export const filterSensitiveLog = (obj: DisassociateRouteTableRequest): any => ({ + export const filterSensitiveLog = (obj: DisableFastSnapshotRestoresRequest): any => ({ ...obj, }); } -export interface DisassociateSubnetCidrBlockRequest { +/** + *
Describes fast snapshot restores that were successfully disabled.
+ */ +export interface DisableFastSnapshotRestoreSuccessItem { /** - *The association ID for the CIDR block.
+ *The ID of the snapshot.
*/ - AssociationId: string | undefined; -} + SnapshotId?: string; -export namespace DisassociateSubnetCidrBlockRequest { /** - * @internal + *The Availability Zone.
*/ - export const filterSensitiveLog = (obj: DisassociateSubnetCidrBlockRequest): any => ({ - ...obj, - }); -} + AvailabilityZone?: string; -export interface DisassociateSubnetCidrBlockResult { /** - *Information about the IPv6 CIDR block association.
+ *The state of fast snapshot restores for the snapshot.
*/ - Ipv6CidrBlockAssociation?: SubnetIpv6CidrBlockAssociation; + State?: FastSnapshotRestoreStateCode | string; /** - *The ID of the subnet.
+ *The reason for the state transition. The possible values are as follows:
+ *
+ * Client.UserInitiated
- The state successfully transitioned to enabling
or
+ * disabling
.
+ * Client.UserInitiated - Lifecycle state transition
- The state successfully transitioned
+ * to optimizing
, enabled
, or disabled
.
The ID of the Amazon Web Services account that enabled fast snapshot restores on the snapshot.
*/ - export const filterSensitiveLog = (obj: DisassociateSubnetCidrBlockResult): any => ({ - ...obj, - }); -} + OwnerId?: string; -export interface DisassociateTransitGatewayMulticastDomainRequest { /** - *The ID of the transit gateway multicast domain.
+ *The Amazon Web Services owner alias that enabled fast snapshot restores on the snapshot. This is intended for future use.
*/ - TransitGatewayMulticastDomainId?: string; + OwnerAlias?: string; /** - *The ID of the attachment.
+ *The time at which fast snapshot restores entered the enabling
state.
The IDs of the subnets;
+ *The time at which fast snapshot restores entered the optimizing
state.
Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The time at which fast snapshot restores entered the enabled
state.
The time at which fast snapshot restores entered the disabling
state.
Information about the association.
+ *The time at which fast snapshot restores entered the disabled
state.
The ID of the transit gateway route table.
- */ - TransitGatewayRouteTableId: string | undefined; - +/** + *Describes an error that occurred when disabling fast snapshot restores.
+ */ +export interface DisableFastSnapshotRestoreStateError { /** - *The ID of the attachment.
+ *The error code.
*/ - TransitGatewayAttachmentId: string | undefined; + Code?: string; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The error message.
*/ - DryRun?: boolean; + Message?: string; } -export namespace DisassociateTransitGatewayRouteTableRequest { +export namespace DisableFastSnapshotRestoreStateError { /** * @internal */ - export const filterSensitiveLog = (obj: DisassociateTransitGatewayRouteTableRequest): any => ({ + export const filterSensitiveLog = (obj: DisableFastSnapshotRestoreStateError): any => ({ ...obj, }); } -export interface DisassociateTransitGatewayRouteTableResult { +/** + *Contains information about an error that occurred when disabling fast snapshot restores.
+ */ +export interface DisableFastSnapshotRestoreStateErrorItem { /** - *Information about the association.
+ *The Availability Zone.
+ */ + AvailabilityZone?: string; + + /** + *The error.
*/ - Association?: TransitGatewayAssociation; + Error?: DisableFastSnapshotRestoreStateError; } -export namespace DisassociateTransitGatewayRouteTableResult { +export namespace DisableFastSnapshotRestoreStateErrorItem { /** * @internal */ - export const filterSensitiveLog = (obj: DisassociateTransitGatewayRouteTableResult): any => ({ + export const filterSensitiveLog = (obj: DisableFastSnapshotRestoreStateErrorItem): any => ({ ...obj, }); } -export interface DisassociateTrunkInterfaceRequest { - /** - *The ID of the association
- */ - AssociationId: string | undefined; - +/** + *Contains information about the errors that occurred when disabling fast snapshot restores.
+ */ +export interface DisableFastSnapshotRestoreErrorItem { /** - *Unique, case-sensitive identifier that you provide to ensure the idempotency of the - * request. For more information, see How to Ensure - * Idempotency.
+ *The ID of the snapshot.
*/ - ClientToken?: string; + SnapshotId?: string; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The errors.
*/ - DryRun?: boolean; + FastSnapshotRestoreStateErrors?: DisableFastSnapshotRestoreStateErrorItem[]; } -export namespace DisassociateTrunkInterfaceRequest { +export namespace DisableFastSnapshotRestoreErrorItem { /** * @internal */ - export const filterSensitiveLog = (obj: DisassociateTrunkInterfaceRequest): any => ({ + export const filterSensitiveLog = (obj: DisableFastSnapshotRestoreErrorItem): any => ({ ...obj, }); } -export interface DisassociateTrunkInterfaceResult { +export interface DisableFastSnapshotRestoresResult { /** - *Returns true
if the request succeeds; otherwise, it returns an error.
Information about the snapshots for which fast snapshot restores were successfully disabled.
*/ - Return?: boolean; + Successful?: DisableFastSnapshotRestoreSuccessItem[]; /** - *Unique, case-sensitive identifier that you provide to ensure the idempotency of the - * request. For more information, see How to Ensure - * Idempotency.
+ *Information about the snapshots for which fast snapshot restores could not be disabled.
*/ - ClientToken?: string; + Unsuccessful?: DisableFastSnapshotRestoreErrorItem[]; } -export namespace DisassociateTrunkInterfaceResult { +export namespace DisableFastSnapshotRestoresResult { /** * @internal */ - export const filterSensitiveLog = (obj: DisassociateTrunkInterfaceResult): any => ({ + export const filterSensitiveLog = (obj: DisableFastSnapshotRestoresResult): any => ({ ...obj, }); } -export interface DisassociateVpcCidrBlockRequest { +export interface DisableImageDeprecationRequest { /** - *The association ID for the CIDR block.
+ *The ID of the AMI.
*/ - AssociationId: string | undefined; + ImageId: string | undefined; + + /** + *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Information about the IPv6 CIDR block association.
- */ - Ipv6CidrBlockAssociation?: VpcIpv6CidrBlockAssociation; - - /** - *Information about the IPv4 CIDR block association.
- */ - CidrBlockAssociation?: VpcCidrBlockAssociation; - +export interface DisableImageDeprecationResult { /** - *The ID of the VPC.
+ *Returns true
if the request succeeds; otherwise, it returns an error.
Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
The updated status of encryption by default.
+ *If true
, access to the EC2 serial console of all instances is enabled for
+ * your account. If false
, access to the EC2 serial console of all instances
+ * is disabled for your account.
One or more Availability Zones. For example, us-east-2a
.
The ID of the propagation route table.
*/ - AvailabilityZones: string[] | undefined; + TransitGatewayRouteTableId: string | undefined; /** - *The IDs of one or more snapshots. For example, snap-1234567890abcdef0
. You can specify
- * a snapshot that was shared with you from another Amazon Web Services account.
The ID of the attachment.
*/ - SourceSnapshotIds: string[] | undefined; + TransitGatewayAttachmentId: string | undefined; /** *Checks whether you have the required permissions for the action, without actually making the request, @@ -2713,589 +2686,563 @@ export interface EnableFastSnapshotRestoresRequest { DryRun?: boolean; } -export namespace EnableFastSnapshotRestoresRequest { +export namespace DisableTransitGatewayRouteTablePropagationRequest { /** * @internal */ - export const filterSensitiveLog = (obj: EnableFastSnapshotRestoresRequest): any => ({ + export const filterSensitiveLog = (obj: DisableTransitGatewayRouteTablePropagationRequest): any => ({ ...obj, }); } +export type TransitGatewayPropagationState = "disabled" | "disabling" | "enabled" | "enabling"; + /** - *
Describes fast snapshot restores that were successfully enabled.
+ *Describes route propagation.
*/ -export interface EnableFastSnapshotRestoreSuccessItem { +export interface TransitGatewayPropagation { /** - *The ID of the snapshot.
+ *The ID of the attachment.
*/ - SnapshotId?: string; + TransitGatewayAttachmentId?: string; /** - *The Availability Zone.
+ *The ID of the resource.
*/ - AvailabilityZone?: string; + ResourceId?: string; /** - *The state of fast snapshot restores.
+ *The resource type. Note that the tgw-peering
resource type has been deprecated.
The reason for the state transition. The possible values are as follows:
- *
- * Client.UserInitiated
- The state successfully transitioned to enabling
or
- * disabling
.
- * Client.UserInitiated - Lifecycle state transition
- The state successfully transitioned
- * to optimizing
, enabled
, or disabled
.
The ID of the transit gateway route table.
*/ - StateTransitionReason?: string; + TransitGatewayRouteTableId?: string; /** - *The ID of the Amazon Web Services account that enabled fast snapshot restores on the snapshot.
+ *The state.
*/ - OwnerId?: string; + State?: TransitGatewayPropagationState | string; +} +export namespace TransitGatewayPropagation { /** - *The Amazon Web Services owner alias that enabled fast snapshot restores on the snapshot. This is intended for future use.
+ * @internal */ - OwnerAlias?: string; + export const filterSensitiveLog = (obj: TransitGatewayPropagation): any => ({ + ...obj, + }); +} +export interface DisableTransitGatewayRouteTablePropagationResult { /** - *The time at which fast snapshot restores entered the enabling
state.
Information about route propagation.
*/ - EnablingTime?: Date; + Propagation?: TransitGatewayPropagation; +} +export namespace DisableTransitGatewayRouteTablePropagationResult { /** - *The time at which fast snapshot restores entered the optimizing
state.
Contains the parameters for DisableVgwRoutePropagation.
+ */ +export interface DisableVgwRoutePropagationRequest { /** - *The time at which fast snapshot restores entered the enabled
state.
The ID of the virtual private gateway.
*/ - EnabledTime?: Date; + GatewayId: string | undefined; /** - *The time at which fast snapshot restores entered the disabling
state.
The ID of the route table.
*/ - DisablingTime?: Date; + RouteTableId: string | undefined; /** - *The time at which fast snapshot restores entered the disabled
state.
Checks whether you have the required permissions for the action, without actually
+ * making the request, and provides an error response. If you have the required
+ * permissions, the error response is DryRunOperation
. Otherwise, it is
+ * UnauthorizedOperation
.
Describes an error that occurred when enabling fast snapshot restores.
- */ -export interface EnableFastSnapshotRestoreStateError { +export interface DisableVpcClassicLinkRequest { /** - *The error code.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The error message.
+ *The ID of the VPC.
*/ - Message?: string; + VpcId: string | undefined; } -export namespace EnableFastSnapshotRestoreStateError { +export namespace DisableVpcClassicLinkRequest { /** * @internal */ - export const filterSensitiveLog = (obj: EnableFastSnapshotRestoreStateError): any => ({ + export const filterSensitiveLog = (obj: DisableVpcClassicLinkRequest): any => ({ ...obj, }); } -/** - *Contains information about an error that occurred when enabling fast snapshot restores.
- */ -export interface EnableFastSnapshotRestoreStateErrorItem { - /** - *The Availability Zone.
- */ - AvailabilityZone?: string; - +export interface DisableVpcClassicLinkResult { /** - *The error.
+ *Returns true
if the request succeeds; otherwise, it returns an error.
Contains information about the errors that occurred when enabling fast snapshot restores.
- */ -export interface EnableFastSnapshotRestoreErrorItem { - /** - *The ID of the snapshot.
- */ - SnapshotId?: string; + export const filterSensitiveLog = (obj: DisableVpcClassicLinkResult): any => ({ + ...obj, + }); +} +export interface DisableVpcClassicLinkDnsSupportRequest { /** - *The errors.
+ *The ID of the VPC.
*/ - FastSnapshotRestoreStateErrors?: EnableFastSnapshotRestoreStateErrorItem[]; + VpcId?: string; } -export namespace EnableFastSnapshotRestoreErrorItem { +export namespace DisableVpcClassicLinkDnsSupportRequest { /** * @internal */ - export const filterSensitiveLog = (obj: EnableFastSnapshotRestoreErrorItem): any => ({ + export const filterSensitiveLog = (obj: DisableVpcClassicLinkDnsSupportRequest): any => ({ ...obj, }); } -export interface EnableFastSnapshotRestoresResult { - /** - *Information about the snapshots for which fast snapshot restores were successfully enabled.
- */ - Successful?: EnableFastSnapshotRestoreSuccessItem[]; - +export interface DisableVpcClassicLinkDnsSupportResult { /** - *Information about the snapshots for which fast snapshot restores could not be enabled.
+ *Returns true
if the request succeeds; otherwise, it returns an error.
The ID of the AMI.
+ *[EC2-VPC] The association ID. Required for EC2-VPC.
*/ - ImageId: string | undefined; + AssociationId?: string; /** - *The date and time to deprecate the AMI, in UTC, in the following format: - * YYYY-MM-DDTHH:MM:SSZ. - * If you specify a value for seconds, Amazon EC2 rounds the seconds to the - * nearest minute.
- *You can’t specify a date in the past. The upper limit for DeprecateAt
is 10
- * years from now.
[EC2-Classic] The Elastic IP address. Required for EC2-Classic.
*/ - DeprecateAt: Date | undefined; + PublicIp?: string; /** *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
*/
DryRun?: boolean;
}
-export namespace EnableImageDeprecationRequest {
+export namespace DisassociateAddressRequest {
/**
* @internal
*/
- export const filterSensitiveLog = (obj: EnableImageDeprecationRequest): any => ({
+ export const filterSensitiveLog = (obj: DisassociateAddressRequest): any => ({
...obj,
});
}
-export interface EnableImageDeprecationResult {
+export interface DisassociateClientVpnTargetNetworkRequest {
/**
- * Returns true
if the request succeeds; otherwise, it returns an error.
The ID of the Client VPN endpoint from which to disassociate the target network.
*/ - Return?: boolean; -} + ClientVpnEndpointId: string | undefined; -export namespace EnableImageDeprecationResult { /** - * @internal + *The ID of the target network association.
*/ - export const filterSensitiveLog = (obj: EnableImageDeprecationResult): any => ({ - ...obj, - }); -} + AssociationId: string | undefined; -export interface EnableSerialConsoleAccessRequest { /** *Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
If true
, access to the EC2 serial console of all instances is enabled for
- * your account. If false
, access to the EC2 serial console of all instances
- * is disabled for your account.
The ID of the target network association.
*/ - SerialConsoleAccessEnabled?: boolean; + AssociationId?: string; + + /** + *The current state of the target network association.
+ */ + Status?: AssociationStatus; } -export namespace EnableSerialConsoleAccessResult { +export namespace DisassociateClientVpnTargetNetworkResult { /** * @internal */ - export const filterSensitiveLog = (obj: EnableSerialConsoleAccessResult): any => ({ + export const filterSensitiveLog = (obj: DisassociateClientVpnTargetNetworkResult): any => ({ ...obj, }); } -export interface EnableTransitGatewayRouteTablePropagationRequest { +export interface DisassociateEnclaveCertificateIamRoleRequest { /** - *The ID of the propagation route table.
+ *The ARN of the ACM certificate from which to disassociate the IAM role.
*/ - TransitGatewayRouteTableId: string | undefined; + CertificateArn?: string; /** - *The ID of the attachment.
+ *The ARN of the IAM role to disassociate.
*/ - TransitGatewayAttachmentId: string | undefined; + RoleArn?: string; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
Information about route propagation.
+ *Returns true
if the request succeeds; otherwise, it returns an error.
Contains the parameters for EnableVgwRoutePropagation.
- */ -export interface EnableVgwRoutePropagationRequest { - /** - *The ID of the virtual private gateway that is attached to a VPC. The virtual private - * gateway must be attached to the same VPC that the routing tables are associated with. - *
- */ - GatewayId: string | undefined; - - /** - *The ID of the route table. The routing table must be associated with the same VPC that - * the virtual private gateway is attached to.
- */ - RouteTableId: string | undefined; - +export interface DisassociateIamInstanceProfileRequest { /** - *Checks whether you have the required permissions for the action, without actually
- * making the request, and provides an error response. If you have the required
- * permissions, the error response is DryRunOperation
. Otherwise, it is
- * UnauthorizedOperation
.
The ID of the IAM instance profile association.
*/ - DryRun?: boolean; + AssociationId: string | undefined; } -export namespace EnableVgwRoutePropagationRequest { +export namespace DisassociateIamInstanceProfileRequest { /** * @internal */ - export const filterSensitiveLog = (obj: EnableVgwRoutePropagationRequest): any => ({ + export const filterSensitiveLog = (obj: DisassociateIamInstanceProfileRequest): any => ({ ...obj, }); } -export interface EnableVolumeIORequest { - /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The ID of the volume.
+ *Information about the IAM instance profile association.
*/ - VolumeId: string | undefined; + IamInstanceProfileAssociation?: IamInstanceProfileAssociation; } -export namespace EnableVolumeIORequest { +export namespace DisassociateIamInstanceProfileResult { /** * @internal */ - export const filterSensitiveLog = (obj: EnableVolumeIORequest): any => ({ + export const filterSensitiveLog = (obj: DisassociateIamInstanceProfileResult): any => ({ ...obj, }); } -export interface EnableVpcClassicLinkRequest { +/** + *The targets to disassociate from the specified event window.
+ */ +export interface InstanceEventWindowDisassociationRequest { /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The IDs of the instances to disassociate from the event window.
*/ - DryRun?: boolean; + InstanceIds?: string[]; /** - *The ID of the VPC.
+ *The instance tags to disassociate from the event window. Any instances associated with + * the tags will be disassociated from the event window.
*/ - VpcId: string | undefined; + InstanceTags?: Tag[]; + + /** + *The IDs of the Dedicated Hosts to disassociate from the event window.
+ */ + DedicatedHostIds?: string[]; } -export namespace EnableVpcClassicLinkRequest { +export namespace InstanceEventWindowDisassociationRequest { /** * @internal */ - export const filterSensitiveLog = (obj: EnableVpcClassicLinkRequest): any => ({ + export const filterSensitiveLog = (obj: InstanceEventWindowDisassociationRequest): any => ({ ...obj, }); } -export interface EnableVpcClassicLinkResult { +export interface DisassociateInstanceEventWindowRequest { /** - *Returns true
if the request succeeds; otherwise, it returns an error.
Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The ID of the event window.
*/ - export const filterSensitiveLog = (obj: EnableVpcClassicLinkResult): any => ({ - ...obj, - }); -} + InstanceEventWindowId: string | undefined; -export interface EnableVpcClassicLinkDnsSupportRequest { /** - *The ID of the VPC.
+ *One or more targets to disassociate from the specified event window.
*/ - VpcId?: string; + AssociationTarget: InstanceEventWindowDisassociationRequest | undefined; } -export namespace EnableVpcClassicLinkDnsSupportRequest { +export namespace DisassociateInstanceEventWindowRequest { /** * @internal */ - export const filterSensitiveLog = (obj: EnableVpcClassicLinkDnsSupportRequest): any => ({ + export const filterSensitiveLog = (obj: DisassociateInstanceEventWindowRequest): any => ({ ...obj, }); } -export interface EnableVpcClassicLinkDnsSupportResult { +export interface DisassociateInstanceEventWindowResult { /** - *Returns true
if the request succeeds; otherwise, it returns an error.
Information about the event window.
*/ - Return?: boolean; + InstanceEventWindow?: InstanceEventWindow; } -export namespace EnableVpcClassicLinkDnsSupportResult { +export namespace DisassociateInstanceEventWindowResult { /** * @internal */ - export const filterSensitiveLog = (obj: EnableVpcClassicLinkDnsSupportResult): any => ({ + export const filterSensitiveLog = (obj: DisassociateInstanceEventWindowResult): any => ({ ...obj, }); } -export interface ExportClientVpnClientCertificateRevocationListRequest { +export interface DisassociateRouteTableRequest { /** - *The ID of the Client VPN endpoint.
+ *The association ID representing the current association between the route table and subnet or gateway.
*/ - ClientVpnEndpointId: string | undefined; + AssociationId: string | undefined; /** - *Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Describes the state of a client certificate revocation list.
- */ -export interface ClientCertificateRevocationListStatus { - /** - *The state of the client certificate revocation list.
- */ - Code?: ClientCertificateRevocationListStatusCode | string; - +export interface DisassociateSubnetCidrBlockRequest { /** - *A message about the status of the client certificate revocation list, if applicable.
+ *The association ID for the CIDR block.
*/ - Message?: string; + AssociationId: string | undefined; } -export namespace ClientCertificateRevocationListStatus { +export namespace DisassociateSubnetCidrBlockRequest { /** * @internal */ - export const filterSensitiveLog = (obj: ClientCertificateRevocationListStatus): any => ({ + export const filterSensitiveLog = (obj: DisassociateSubnetCidrBlockRequest): any => ({ ...obj, }); } -export interface ExportClientVpnClientCertificateRevocationListResult { +export interface DisassociateSubnetCidrBlockResult { /** - *Information about the client certificate revocation list.
+ *Information about the IPv6 CIDR block association.
*/ - CertificateRevocationList?: string; + Ipv6CidrBlockAssociation?: SubnetIpv6CidrBlockAssociation; /** - *The current state of the client certificate revocation list.
+ *The ID of the subnet.
*/ - Status?: ClientCertificateRevocationListStatus; + SubnetId?: string; } -export namespace ExportClientVpnClientCertificateRevocationListResult { +export namespace DisassociateSubnetCidrBlockResult { /** * @internal */ - export const filterSensitiveLog = (obj: ExportClientVpnClientCertificateRevocationListResult): any => ({ + export const filterSensitiveLog = (obj: DisassociateSubnetCidrBlockResult): any => ({ ...obj, }); } -export interface ExportClientVpnClientConfigurationRequest { +export interface DisassociateTransitGatewayMulticastDomainRequest { /** - *The ID of the Client VPN endpoint.
+ *The ID of the transit gateway multicast domain.
*/ - ClientVpnEndpointId: string | undefined; + TransitGatewayMulticastDomainId?: string; /** - *Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
The ID of the attachment.
+ */ + TransitGatewayAttachmentId?: string; + + /** + *The IDs of the subnets;
+ */ + SubnetIds?: string[]; + + /** + *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The contents of the Client VPN endpoint configuration file.
+ *Information about the association.
*/ - ClientConfiguration?: string; + Associations?: TransitGatewayMulticastDomainAssociations; } -export namespace ExportClientVpnClientConfigurationResult { +export namespace DisassociateTransitGatewayMulticastDomainResult { /** * @internal */ - export const filterSensitiveLog = (obj: ExportClientVpnClientConfigurationResult): any => ({ + export const filterSensitiveLog = (obj: DisassociateTransitGatewayMulticastDomainResult): any => ({ ...obj, }); } -/** - *Describes the destination for an export image task.
- */ -export interface ExportTaskS3LocationRequest { +export interface DisassociateTransitGatewayRouteTableRequest { /** - *The destination Amazon S3 bucket.
+ *The ID of the transit gateway route table.
*/ - S3Bucket: string | undefined; + TransitGatewayRouteTableId: string | undefined; /** - *The prefix (logical hierarchy) in the bucket.
+ *The ID of the attachment.
*/ - S3Prefix?: string; + TransitGatewayAttachmentId: string | undefined; + + /** + *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Token to enable idempotency for export image requests.
+ *Information about the association.
*/ - ClientToken?: string; + Association?: TransitGatewayAssociation; +} +export namespace DisassociateTransitGatewayRouteTableResult { /** - *A description of the image being exported. The maximum length is 255 characters.
+ * @internal */ - Description?: string; + export const filterSensitiveLog = (obj: DisassociateTransitGatewayRouteTableResult): any => ({ + ...obj, + }); +} +export interface DisassociateTrunkInterfaceRequest { /** - *The disk image format.
+ *The ID of the association
*/ - DiskImageFormat: DiskImageFormat | string | undefined; + AssociationId: string | undefined; + + /** + *Unique, case-sensitive identifier that you provide to ensure the idempotency of the + * request. For more information, see How to Ensure + * Idempotency.
+ */ + ClientToken?: string; /** *Checks whether you have the required permissions for the action, without actually making the request,
@@ -3303,657 +3250,720 @@ export interface ExportImageRequest {
* Otherwise, it is UnauthorizedOperation
.
The ID of the image.
+ * @internal */ - ImageId: string | undefined; + export const filterSensitiveLog = (obj: DisassociateTrunkInterfaceRequest): any => ({ + ...obj, + }); +} +export interface DisassociateTrunkInterfaceResult { /** - *Information about the destination Amazon S3 bucket. The bucket must exist and grant WRITE - * and READ_ACP permissions to the Amazon Web Services account vm-import-export@amazon.com.
+ *Returns true
if the request succeeds; otherwise, it returns an error.
The name of the role that grants VM Import/Export permission to export images to your Amazon - * S3 bucket. If this parameter is not specified, the default role is named 'vmimport'.
+ *Unique, case-sensitive identifier that you provide to ensure the idempotency of the + * request. For more information, see How to Ensure + * Idempotency.
*/ - RoleName?: string; + ClientToken?: string; +} +export namespace DisassociateTrunkInterfaceResult { /** - *The tags to apply to the export image task during creation.
+ * @internal */ - TagSpecifications?: TagSpecification[]; + export const filterSensitiveLog = (obj: DisassociateTrunkInterfaceResult): any => ({ + ...obj, + }); } -export namespace ExportImageRequest { +export interface DisassociateVpcCidrBlockRequest { + /** + *The association ID for the CIDR block.
+ */ + AssociationId: string | undefined; +} + +export namespace DisassociateVpcCidrBlockRequest { /** * @internal */ - export const filterSensitiveLog = (obj: ExportImageRequest): any => ({ + export const filterSensitiveLog = (obj: DisassociateVpcCidrBlockRequest): any => ({ ...obj, }); } -export interface ExportImageResult { +export interface DisassociateVpcCidrBlockResult { /** - *A description of the image being exported.
+ *Information about the IPv6 CIDR block association.
*/ - Description?: string; + Ipv6CidrBlockAssociation?: VpcIpv6CidrBlockAssociation; /** - *The disk image format for the exported image.
+ *Information about the IPv4 CIDR block association.
*/ - DiskImageFormat?: DiskImageFormat | string; + CidrBlockAssociation?: VpcCidrBlockAssociation; /** - *The ID of the export image task.
+ *The ID of the VPC.
*/ - ExportImageTaskId?: string; + VpcId?: string; +} +export namespace DisassociateVpcCidrBlockResult { /** - *The ID of the image.
+ * @internal */ - ImageId?: string; + export const filterSensitiveLog = (obj: DisassociateVpcCidrBlockResult): any => ({ + ...obj, + }); +} +export interface EnableEbsEncryptionByDefaultRequest { /** - *The name of the role that grants VM Import/Export permission to export images to your Amazon - * S3 bucket.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The percent complete of the export image task.
+ * @internal */ - Progress?: string; + export const filterSensitiveLog = (obj: EnableEbsEncryptionByDefaultRequest): any => ({ + ...obj, + }); +} +export interface EnableEbsEncryptionByDefaultResult { /** - *Information about the destination Amazon S3 bucket.
+ *The updated status of encryption by default.
*/ - S3ExportLocation?: ExportTaskS3Location; + EbsEncryptionByDefault?: boolean; +} +export namespace EnableEbsEncryptionByDefaultResult { /** - *The status of the export image task. The possible values are active
, completed
,
- * deleting
, and deleted
.
The status message for the export image task.
+ *One or more Availability Zones. For example, us-east-2a
.
Any tags assigned to the export image task.
+ *The IDs of one or more snapshots. For example, snap-1234567890abcdef0
. You can specify
+ * a snapshot that was shared with you from another Amazon Web Services account.
Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Describes fast snapshot restores that were successfully enabled.
+ */ +export interface EnableFastSnapshotRestoreSuccessItem { /** - *The ID of the route table.
+ *The ID of the snapshot.
*/ - TransitGatewayRouteTableId: string | undefined; + SnapshotId?: string; /** - *One or more filters. The possible values are:
- *
- * attachment.transit-gateway-attachment-id
- The id of the transit gateway attachment.
- * attachment.resource-id
- The resource id of the transit gateway attachment.
- * route-search.exact-match
- The exact match of the specified filter.
- * route-search.longest-prefix-match
- The longest prefix that matches the route.
- * route-search.subnet-of-match
- The routes with a subnet that match the specified CIDR filter.
- * route-search.supernet-of-match
- The routes with a CIDR that encompass the CIDR filter. For example, if you have 10.0.1.0/29 and 10.0.1.0/31 routes in your route table and you specify supernet-of-match as 10.0.1.0/30, then the result returns 10.0.1.0/29.
- * state
- The state of the route (active
| blackhole
).
The Availability Zone.
+ */ + AvailabilityZone?: string; + + /** + *The state of fast snapshot restores.
+ */ + State?: FastSnapshotRestoreStateCode | string; + + /** + *The reason for the state transition. The possible values are as follows:
+ *
- * transit-gateway-route-destination-cidr-block
- The CIDR range.
Client.UserInitiated
- The state successfully transitioned to enabling
or
+ * disabling
.
*
- * type
- The type of route (propagated
|
- * static
).
Client.UserInitiated - Lifecycle state transition
- The state successfully transitioned
+ * to optimizing
, enabled
, or disabled
.
* The name of the S3 bucket.
+ *The ID of the Amazon Web Services account that enabled fast snapshot restores on the snapshot.
*/ - S3Bucket: string | undefined; + OwnerId?: string; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The Amazon Web Services owner alias that enabled fast snapshot restores on the snapshot. This is intended for future use.
*/ - DryRun?: boolean; -} + OwnerAlias?: string; -export namespace ExportTransitGatewayRoutesRequest { /** - * @internal + *The time at which fast snapshot restores entered the enabling
state.
The URL of the exported file in Amazon S3. For example, - * s3://bucket_name/VPCTransitGateway/TransitGatewayRouteTables/file_name.
+ *The time at which fast snapshot restores entered the optimizing
state.
The time at which fast snapshot restores entered the enabled
state.
The time at which fast snapshot restores entered the disabling
state.
The time at which fast snapshot restores entered the disabled
state.
Describes an error that occurred when enabling fast snapshot restores.
+ */ +export interface EnableFastSnapshotRestoreStateError { /** - *The ARN of the ACM certificate for which to view the associated IAM roles, encryption keys, and Amazon - * S3 object information.
+ *The error code.
*/ - CertificateArn?: string; + Code?: string; /** - *Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
The error message.
*/ - DryRun?: boolean; + Message?: string; } -export namespace GetAssociatedEnclaveCertificateIamRolesRequest { +export namespace EnableFastSnapshotRestoreStateError { /** * @internal */ - export const filterSensitiveLog = (obj: GetAssociatedEnclaveCertificateIamRolesRequest): any => ({ + export const filterSensitiveLog = (obj: EnableFastSnapshotRestoreStateError): any => ({ ...obj, }); } /** - *Information about the associated IAM roles.
+ *Contains information about an error that occurred when enabling fast snapshot restores.
*/ -export interface AssociatedRole { +export interface EnableFastSnapshotRestoreStateErrorItem { /** - *The ARN of the associated IAM role.
+ *The Availability Zone.
*/ - AssociatedRoleArn?: string; + AvailabilityZone?: string; /** - *The name of the Amazon S3 bucket in which the Amazon S3 object is stored.
+ *The error.
*/ - CertificateS3BucketName?: string; + Error?: EnableFastSnapshotRestoreStateError; +} + +export namespace EnableFastSnapshotRestoreStateErrorItem { + /** + * @internal + */ + export const filterSensitiveLog = (obj: EnableFastSnapshotRestoreStateErrorItem): any => ({ + ...obj, + }); +} +/** + *Contains information about the errors that occurred when enabling fast snapshot restores.
+ */ +export interface EnableFastSnapshotRestoreErrorItem { /** - *The key of the Amazon S3 object ey where the certificate, certificate chain, and encrypted private key bundle
- * is stored. The object key is formated as follows: role_arn
/certificate_arn
.
- *
The ID of the snapshot.
*/ - CertificateS3ObjectKey?: string; + SnapshotId?: string; /** - *The ID of the KMS customer master key (CMK) used to encrypt the private key.
+ *The errors.
*/ - EncryptionKmsKeyId?: string; + FastSnapshotRestoreStateErrors?: EnableFastSnapshotRestoreStateErrorItem[]; } -export namespace AssociatedRole { +export namespace EnableFastSnapshotRestoreErrorItem { /** * @internal */ - export const filterSensitiveLog = (obj: AssociatedRole): any => ({ + export const filterSensitiveLog = (obj: EnableFastSnapshotRestoreErrorItem): any => ({ ...obj, }); } -export interface GetAssociatedEnclaveCertificateIamRolesResult { +export interface EnableFastSnapshotRestoresResult { /** - *Information about the associated IAM roles.
+ *Information about the snapshots for which fast snapshot restores were successfully enabled.
*/ - AssociatedRoles?: AssociatedRole[]; + Successful?: EnableFastSnapshotRestoreSuccessItem[]; + + /** + *Information about the snapshots for which fast snapshot restores could not be enabled.
+ */ + Unsuccessful?: EnableFastSnapshotRestoreErrorItem[]; } -export namespace GetAssociatedEnclaveCertificateIamRolesResult { +export namespace EnableFastSnapshotRestoresResult { /** * @internal */ - export const filterSensitiveLog = (obj: GetAssociatedEnclaveCertificateIamRolesResult): any => ({ + export const filterSensitiveLog = (obj: EnableFastSnapshotRestoresResult): any => ({ ...obj, }); } -export interface GetAssociatedIpv6PoolCidrsRequest { +export interface EnableImageDeprecationRequest { /** - *The ID of the IPv6 address pool.
+ *The ID of the AMI.
*/ - PoolId: string | undefined; + ImageId: string | undefined; /** - *The token for the next page of results.
+ *The date and time to deprecate the AMI, in UTC, in the following format: + * YYYY-MM-DDTHH:MM:SSZ. + * If you specify a value for seconds, Amazon EC2 rounds the seconds to the + * nearest minute.
+ *You can’t specify a date in the past. The upper limit for DeprecateAt
is 10
+ * years from now.
The maximum number of results to return with a single call.
- * To retrieve the remaining results, make another call with the returned nextToken
value.
Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
Returns true
if the request succeeds; otherwise, it returns an error.
Describes an IPv6 CIDR block association.
- */ -export interface Ipv6CidrAssociation { +export interface EnableSerialConsoleAccessRequest { /** - *The IPv6 CIDR block.
+ *Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
The resource that's associated with the IPv6 CIDR block.
+ * @internal */ - AssociatedResource?: string; + export const filterSensitiveLog = (obj: EnableSerialConsoleAccessRequest): any => ({ + ...obj, + }); } -export namespace Ipv6CidrAssociation { +export interface EnableSerialConsoleAccessResult { + /** + *If true
, access to the EC2 serial console of all instances is enabled for
+ * your account. If false
, access to the EC2 serial console of all instances
+ * is disabled for your account.
Information about the IPv6 CIDR block associations.
+ *The ID of the propagation route table.
*/ - Ipv6CidrAssociations?: Ipv6CidrAssociation[]; + TransitGatewayRouteTableId: string | undefined; /** - *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The ID of the attachment.
*/ - NextToken?: string; + TransitGatewayAttachmentId: string | undefined; + + /** + *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The ID of the Capacity Reservation.
+ *Information about route propagation.
*/ - CapacityReservationId: string | undefined; + Propagation?: TransitGatewayPropagation; +} +export namespace EnableTransitGatewayRouteTablePropagationResult { /** - *The token to use to retrieve the next page of results.
+ * @internal */ - NextToken?: string; + export const filterSensitiveLog = (obj: EnableTransitGatewayRouteTablePropagationResult): any => ({ + ...obj, + }); +} + +/** + *Contains the parameters for EnableVgwRoutePropagation.
+ */ +export interface EnableVgwRoutePropagationRequest { + /** + *The ID of the virtual private gateway that is attached to a VPC. The virtual private + * gateway must be attached to the same VPC that the routing tables are associated with. + *
+ */ + GatewayId: string | undefined; /** - *The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the returned nextToken
value. This value can be between 5 and 500. If maxResults
is given a larger value than 500, you receive an error.
Valid range: Minimum value of 1. Maximum value of 1000.
+ *The ID of the route table. The routing table must be associated with the same VPC that + * the virtual private gateway is attached to.
*/ - MaxResults?: number; + RouteTableId: string | undefined; /** - *Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
Checks whether you have the required permissions for the action, without actually
+ * making the request, and provides an error response. If you have the required
+ * permissions, the error response is DryRunOperation
. Otherwise, it is
+ * UnauthorizedOperation
.
Information about the Capacity Reservation usage.
- */ -export interface InstanceUsage { +export interface EnableVolumeIORequest { /** - *The ID of the Amazon Web Services account that is making use of the Capacity Reservation.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The number of instances the Amazon Web Services account currently has in the Capacity Reservation.
+ *The ID of the volume.
*/ - UsedInstanceCount?: number; + VolumeId: string | undefined; } -export namespace InstanceUsage { +export namespace EnableVolumeIORequest { /** * @internal */ - export const filterSensitiveLog = (obj: InstanceUsage): any => ({ + export const filterSensitiveLog = (obj: EnableVolumeIORequest): any => ({ ...obj, }); } -export interface GetCapacityReservationUsageResult { - /** - *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The ID of the Capacity Reservation.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The type of instance for which the Capacity Reservation reserves capacity.
+ *The ID of the VPC.
*/ - InstanceType?: string; + VpcId: string | undefined; +} +export namespace EnableVpcClassicLinkRequest { /** - *The number of instances for which the Capacity Reservation reserves capacity.
+ * @internal */ - TotalInstanceCount?: number; + export const filterSensitiveLog = (obj: EnableVpcClassicLinkRequest): any => ({ + ...obj, + }); +} +export interface EnableVpcClassicLinkResult { /** - *The remaining capacity. Indicates the number of instances that can be launched in the Capacity Reservation.
+ *Returns true
if the request succeeds; otherwise, it returns an error.
The current state of the Capacity Reservation. A Capacity Reservation can be in one of the following states:
- *
- * active
- The Capacity Reservation is active and the capacity is available for your use.
- * expired
- The Capacity Reservation expired automatically at the date and time specified
- * in your request. The reserved capacity is no longer available for your use.
- * cancelled
- The Capacity Reservation was cancelled. The reserved capacity is no
- * longer available for your use.
- * pending
- The Capacity Reservation request was successful but the capacity
- * provisioning is still pending.
- * failed
- The Capacity Reservation request has failed. A request might fail
- * due to invalid request parameters, capacity constraints, or instance limit constraints.
- * Failed requests are retained for 60 minutes.
Information about the Capacity Reservation usage.
+ *The ID of the VPC.
*/ - InstanceUsages?: InstanceUsage[]; + VpcId?: string; } -export namespace GetCapacityReservationUsageResult { +export namespace EnableVpcClassicLinkDnsSupportRequest { /** * @internal */ - export const filterSensitiveLog = (obj: GetCapacityReservationUsageResult): any => ({ + export const filterSensitiveLog = (obj: EnableVpcClassicLinkDnsSupportRequest): any => ({ ...obj, }); } -export interface GetCoipPoolUsageRequest { - /** - *The ID of the address pool.
- */ - PoolId: string | undefined; - +export interface EnableVpcClassicLinkDnsSupportResult { /** - *The filters. The following are the possible values:
- *
- * coip-address-usage.allocation-id
- *
- * coip-address-usage.aws-account-id
- *
- * coip-address-usage.aws-service
- *
- * coip-address-usage.co-ip
- *
Returns true
if the request succeeds; otherwise, it returns an error.
The maximum number of results to return with a single call.
- * To retrieve the remaining results, make another call with the returned nextToken
value.
The token for the next page of results.
+ *The ID of the Client VPN endpoint.
*/ - NextToken?: string; + ClientVpnEndpointId: string | undefined; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
Describes address usage for a customer-owned address pool.
+ *Describes the state of a client certificate revocation list.
*/ -export interface CoipAddressUsage { +export interface ClientCertificateRevocationListStatus { /** - *The allocation ID of the address.
+ *The state of the client certificate revocation list.
*/ - AllocationId?: string; + Code?: ClientCertificateRevocationListStatusCode | string; /** - *The AWS account ID.
+ *A message about the status of the client certificate revocation list, if applicable.
*/ - AwsAccountId?: string; + Message?: string; +} +export namespace ClientCertificateRevocationListStatus { /** - *The AWS service.
+ * @internal */ - AwsService?: string; + export const filterSensitiveLog = (obj: ClientCertificateRevocationListStatus): any => ({ + ...obj, + }); +} +export interface ExportClientVpnClientCertificateRevocationListResult { /** - *The customer-owned IP address.
+ *Information about the client certificate revocation list.
*/ - CoIp?: string; + CertificateRevocationList?: string; + + /** + *The current state of the client certificate revocation list.
+ */ + Status?: ClientCertificateRevocationListStatus; } -export namespace CoipAddressUsage { +export namespace ExportClientVpnClientCertificateRevocationListResult { /** * @internal */ - export const filterSensitiveLog = (obj: CoipAddressUsage): any => ({ + export const filterSensitiveLog = (obj: ExportClientVpnClientCertificateRevocationListResult): any => ({ ...obj, }); } -export interface GetCoipPoolUsageResult { - /** - *The ID of the customer-owned address pool.
- */ - CoipPoolId?: string; - +export interface ExportClientVpnClientConfigurationRequest { /** - *Information about the address usage.
+ *The ID of the Client VPN endpoint.
*/ - CoipAddressUsages?: CoipAddressUsage[]; + ClientVpnEndpointId: string | undefined; /** - *The ID of the local gateway route table.
+ *Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
The ID of the instance.
+ *The contents of the Client VPN endpoint configuration file.
*/ - InstanceId: string | undefined; + ClientConfiguration?: string; +} +export namespace ExportClientVpnClientConfigurationResult { /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
Describes the destination for an export image task.
+ */ +export interface ExportTaskS3LocationRequest { /** - *When enabled, retrieves the latest console output for the instance.
- *Default: disabled (false
)
The destination Amazon S3 bucket.
+ */ + S3Bucket: string | undefined; + + /** + *The prefix (logical hierarchy) in the bucket.
*/ - Latest?: boolean; + S3Prefix?: string; } -export namespace GetConsoleOutputRequest { +export namespace ExportTaskS3LocationRequest { /** * @internal */ - export const filterSensitiveLog = (obj: GetConsoleOutputRequest): any => ({ + export const filterSensitiveLog = (obj: ExportTaskS3LocationRequest): any => ({ ...obj, }); } -export interface GetConsoleOutputResult { - /** - *The ID of the instance.
- */ - InstanceId?: string; - +export interface ExportImageRequest { /** - *The console output, base64-encoded. If you are using a command line tool, the tool - * decodes the output for you.
+ *Token to enable idempotency for export image requests.
*/ - Output?: string; + ClientToken?: string; /** - *The time at which the output was last updated.
+ *A description of the image being exported. The maximum length is 255 characters.
*/ - Timestamp?: Date; -} + Description?: string; -export namespace GetConsoleOutputResult { /** - * @internal + *The disk image format.
*/ - export const filterSensitiveLog = (obj: GetConsoleOutputResult): any => ({ - ...obj, - }); -} + DiskImageFormat: DiskImageFormat | string | undefined; -export interface GetConsoleScreenshotRequest { /** *Checks whether you have the required permissions for the action, without actually making the request,
* and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
@@ -3962,113 +3972,155 @@ export interface GetConsoleScreenshotRequest {
DryRun?: boolean;
/**
- *
The ID of the instance.
+ *The ID of the image.
*/ - InstanceId: string | undefined; + ImageId: string | undefined; /** - *When set to true
, acts as keystroke input and wakes up an instance that's
- * in standby or "sleep" mode.
Information about the destination Amazon S3 bucket. The bucket must exist and grant WRITE + * and READ_ACP permissions to the Amazon Web Services account vm-import-export@amazon.com.
*/ - WakeUp?: boolean; + S3ExportLocation: ExportTaskS3LocationRequest | undefined; + + /** + *The name of the role that grants VM Import/Export permission to export images to your Amazon + * S3 bucket. If this parameter is not specified, the default role is named 'vmimport'.
+ */ + RoleName?: string; + + /** + *The tags to apply to the export image task during creation.
+ */ + TagSpecifications?: TagSpecification[]; } -export namespace GetConsoleScreenshotRequest { +export namespace ExportImageRequest { /** * @internal */ - export const filterSensitiveLog = (obj: GetConsoleScreenshotRequest): any => ({ + export const filterSensitiveLog = (obj: ExportImageRequest): any => ({ ...obj, }); } -export interface GetConsoleScreenshotResult { +export interface ExportImageResult { /** - *The data that comprises the image.
+ *A description of the image being exported.
*/ - ImageData?: string; + Description?: string; /** - *The ID of the instance.
+ *The disk image format for the exported image.
*/ - InstanceId?: string; -} + DiskImageFormat?: DiskImageFormat | string; -export namespace GetConsoleScreenshotResult { /** - * @internal + *The ID of the export image task.
*/ - export const filterSensitiveLog = (obj: GetConsoleScreenshotResult): any => ({ - ...obj, - }); -} + ExportImageTaskId?: string; -export type UnlimitedSupportedInstanceFamily = "t2" | "t3" | "t3a" | "t4g"; + /** + *The ID of the image.
+ */ + ImageId?: string; -export interface GetDefaultCreditSpecificationRequest { /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The name of the role that grants VM Import/Export permission to export images to your Amazon + * S3 bucket.
*/ - DryRun?: boolean; + RoleName?: string; /** - *The instance family.
+ *The percent complete of the export image task.
*/ - InstanceFamily: UnlimitedSupportedInstanceFamily | string | undefined; -} + Progress?: string; -export namespace GetDefaultCreditSpecificationRequest { /** - * @internal + *Information about the destination Amazon S3 bucket.
*/ - export const filterSensitiveLog = (obj: GetDefaultCreditSpecificationRequest): any => ({ - ...obj, - }); -} + S3ExportLocation?: ExportTaskS3Location; -/** - *Describes the default credit option for CPU usage of a burstable performance instance family.
- */ -export interface InstanceFamilyCreditSpecification { /** - *The instance family.
+ *The status of the export image task. The possible values are active
, completed
,
+ * deleting
, and deleted
.
The default credit option for CPU usage of the instance family. Valid values are standard
and unlimited
.
The status message for the export image task.
*/ - CpuCredits?: string; + StatusMessage?: string; + + /** + *Any tags assigned to the export image task.
+ */ + Tags?: Tag[]; } -export namespace InstanceFamilyCreditSpecification { +export namespace ExportImageResult { /** * @internal */ - export const filterSensitiveLog = (obj: InstanceFamilyCreditSpecification): any => ({ + export const filterSensitiveLog = (obj: ExportImageResult): any => ({ ...obj, }); } -export interface GetDefaultCreditSpecificationResult { +export interface ExportTransitGatewayRoutesRequest { /** - *The default credit option for CPU usage of the instance family.
+ *The ID of the route table.
*/ - InstanceFamilyCreditSpecification?: InstanceFamilyCreditSpecification; -} + TransitGatewayRouteTableId: string | undefined; -export namespace GetDefaultCreditSpecificationResult { /** - * @internal + *One or more filters. The possible values are:
+ *
+ * attachment.transit-gateway-attachment-id
- The id of the transit gateway attachment.
+ * attachment.resource-id
- The resource id of the transit gateway attachment.
+ * route-search.exact-match
- The exact match of the specified filter.
+ * route-search.longest-prefix-match
- The longest prefix that matches the route.
+ * route-search.subnet-of-match
- The routes with a subnet that match the specified CIDR filter.
+ * route-search.supernet-of-match
- The routes with a CIDR that encompass the CIDR filter. For example, if you have 10.0.1.0/29 and 10.0.1.0/31 routes in your route table and you specify supernet-of-match as 10.0.1.0/30, then the result returns 10.0.1.0/29.
+ * state
- The state of the route (active
| blackhole
).
+ * transit-gateway-route-destination-cidr-block
- The CIDR range.
+ * type
- The type of route (propagated
|
+ * static
).
The name of the S3 bucket.
+ */ + S3Bucket: string | undefined; -export interface GetEbsDefaultKmsKeyIdRequest { /** *Checks whether you have the required permissions for the action, without actually making the request,
* and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
@@ -4077,175 +4129,186 @@ export interface GetEbsDefaultKmsKeyIdRequest {
DryRun?: boolean;
}
-export namespace GetEbsDefaultKmsKeyIdRequest {
+export namespace ExportTransitGatewayRoutesRequest {
/**
* @internal
*/
- export const filterSensitiveLog = (obj: GetEbsDefaultKmsKeyIdRequest): any => ({
+ export const filterSensitiveLog = (obj: ExportTransitGatewayRoutesRequest): any => ({
...obj,
});
}
-export interface GetEbsDefaultKmsKeyIdResult {
+export interface ExportTransitGatewayRoutesResult {
/**
- *
The Amazon Resource Name (ARN) of the default KMS key for encryption by default.
+ *The URL of the exported file in Amazon S3. For example, + * s3://bucket_name/VPCTransitGateway/TransitGatewayRouteTables/file_name.
*/ - KmsKeyId?: string; + S3Location?: string; } -export namespace GetEbsDefaultKmsKeyIdResult { +export namespace ExportTransitGatewayRoutesResult { /** * @internal */ - export const filterSensitiveLog = (obj: GetEbsDefaultKmsKeyIdResult): any => ({ + export const filterSensitiveLog = (obj: ExportTransitGatewayRoutesResult): any => ({ ...obj, }); } -export interface GetEbsEncryptionByDefaultRequest { - /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The ARN of the ACM certificate for which to view the associated IAM roles, encryption keys, and Amazon + * S3 object information.
*/ - export const filterSensitiveLog = (obj: GetEbsEncryptionByDefaultRequest): any => ({ - ...obj, - }); -} + CertificateArn?: string; -export interface GetEbsEncryptionByDefaultResult { /** - *Indicates whether encryption by default is enabled.
+ *Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
Describes integration options for Amazon Athena.
+ *Information about the associated IAM roles.
*/ -export interface AthenaIntegration { +export interface AssociatedRole { /** - *The location in Amazon S3 to store the generated CloudFormation template.
+ *The ARN of the associated IAM role.
*/ - IntegrationResultS3DestinationArn: string | undefined; + AssociatedRoleArn?: string; /** - *The schedule for adding new partitions to the table.
+ *The name of the Amazon S3 bucket in which the Amazon S3 object is stored.
*/ - PartitionLoadFrequency: PartitionLoadFrequency | string | undefined; + CertificateS3BucketName?: string; /** - *The start date for the partition.
+ *The key of the Amazon S3 object ey where the certificate, certificate chain, and encrypted private key bundle
+ * is stored. The object key is formated as follows: role_arn
/certificate_arn
.
+ *
The end date for the partition.
+ *The ID of the KMS customer master key (CMK) used to encrypt the private key.
*/ - PartitionEndDate?: Date; + EncryptionKmsKeyId?: string; } -export namespace AthenaIntegration { +export namespace AssociatedRole { /** * @internal */ - export const filterSensitiveLog = (obj: AthenaIntegration): any => ({ + export const filterSensitiveLog = (obj: AssociatedRole): any => ({ ...obj, }); } -/** - *Describes service integrations with VPC Flow logs.
- */ -export interface IntegrateServices { +export interface GetAssociatedEnclaveCertificateIamRolesResult { /** - *Information about the integration with Amazon Athena.
+ *Information about the associated IAM roles.
*/ - AthenaIntegrations?: AthenaIntegration[]; + AssociatedRoles?: AssociatedRole[]; } -export namespace IntegrateServices { +export namespace GetAssociatedEnclaveCertificateIamRolesResult { /** * @internal */ - export const filterSensitiveLog = (obj: IntegrateServices): any => ({ + export const filterSensitiveLog = (obj: GetAssociatedEnclaveCertificateIamRolesResult): any => ({ ...obj, }); } -export interface GetFlowLogsIntegrationTemplateRequest { +export interface GetAssociatedIpv6PoolCidrsRequest { + /** + *The ID of the IPv6 address pool.
+ */ + PoolId: string | undefined; + + /** + *The token for the next page of results.
+ */ + NextToken?: string; + + /** + *The maximum number of results to return with a single call.
+ * To retrieve the remaining results, make another call with the returned nextToken
value.
Checks whether you have the required permissions for the action, without actually making the request,
* and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
* Otherwise, it is UnauthorizedOperation
.
The ID of the flow log.
+ * @internal */ - FlowLogId: string | undefined; + export const filterSensitiveLog = (obj: GetAssociatedIpv6PoolCidrsRequest): any => ({ + ...obj, + }); +} +/** + *Describes an IPv6 CIDR block association.
+ */ +export interface Ipv6CidrAssociation { /** - *To store the CloudFormation template in Amazon S3, specify the location in Amazon S3.
+ *The IPv6 CIDR block.
*/ - ConfigDeliveryS3DestinationArn: string | undefined; + Ipv6Cidr?: string; /** - *Information about the service integration.
+ *The resource that's associated with the IPv6 CIDR block.
*/ - IntegrateServices: IntegrateServices | undefined; + AssociatedResource?: string; } -export namespace GetFlowLogsIntegrationTemplateRequest { +export namespace Ipv6CidrAssociation { /** * @internal */ - export const filterSensitiveLog = (obj: GetFlowLogsIntegrationTemplateRequest): any => ({ + export const filterSensitiveLog = (obj: Ipv6CidrAssociation): any => ({ ...obj, }); } -export interface GetFlowLogsIntegrationTemplateResult { +export interface GetAssociatedIpv6PoolCidrsResult { /** - *The generated CloudFormation template.
+ *Information about the IPv6 CIDR block associations.
*/ - Result?: string; + Ipv6CidrAssociations?: Ipv6CidrAssociation[]; + + /** + *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The ID of the Capacity Reservation.
*/ @@ -4258,6 +4321,7 @@ export interface GetGroupsForCapacityReservationRequest { /** *The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the returned nextToken
value. This value can be between 5 and 500. If maxResults
is given a larger value than 500, you receive an error.
Valid range: Minimum value of 1. Maximum value of 1000.
*/ MaxResults?: number; @@ -4267,292 +4331,348 @@ export interface GetGroupsForCapacityReservationRequest { DryRun?: boolean; } -export namespace GetGroupsForCapacityReservationRequest { +export namespace GetCapacityReservationUsageRequest { /** * @internal */ - export const filterSensitiveLog = (obj: GetGroupsForCapacityReservationRequest): any => ({ + export const filterSensitiveLog = (obj: GetCapacityReservationUsageRequest): any => ({ ...obj, }); } /** - *Describes a resource group to which a Capacity Reservation has been added.
+ *Information about the Capacity Reservation usage.
*/ -export interface CapacityReservationGroup { +export interface InstanceUsage { /** - *The ARN of the resource group.
+ *The ID of the Amazon Web Services account that is making use of the Capacity Reservation.
*/ - GroupArn?: string; + AccountId?: string; /** - *The ID of the Amazon Web Services account that owns the resource group.
+ *The number of instances the Amazon Web Services account currently has in the Capacity Reservation.
*/ - OwnerId?: string; + UsedInstanceCount?: number; } -export namespace CapacityReservationGroup { +export namespace InstanceUsage { /** * @internal */ - export const filterSensitiveLog = (obj: CapacityReservationGroup): any => ({ + export const filterSensitiveLog = (obj: InstanceUsage): any => ({ ...obj, }); } -export interface GetGroupsForCapacityReservationResult { +export interface GetCapacityReservationUsageResult { /** *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
Information about the resource groups to which the Capacity Reservation has been added.
- */ - CapacityReservationGroups?: CapacityReservationGroup[]; -} - -export namespace GetGroupsForCapacityReservationResult { - /** - * @internal + *The ID of the Capacity Reservation.
*/ - export const filterSensitiveLog = (obj: GetGroupsForCapacityReservationResult): any => ({ - ...obj, - }); -} + CapacityReservationId?: string; -export interface GetHostReservationPurchasePreviewRequest { /** - *The IDs of the Dedicated Hosts with which the reservation is associated.
+ *The type of instance for which the Capacity Reservation reserves capacity.
*/ - HostIdSet: string[] | undefined; + InstanceType?: string; /** - *The offering ID of the reservation.
+ *The number of instances for which the Capacity Reservation reserves capacity.
*/ - OfferingId: string | undefined; -} + TotalInstanceCount?: number; -export namespace GetHostReservationPurchasePreviewRequest { /** - * @internal + *The remaining capacity. Indicates the number of instances that can be launched in the Capacity Reservation.
*/ - export const filterSensitiveLog = (obj: GetHostReservationPurchasePreviewRequest): any => ({ - ...obj, - }); -} + AvailableInstanceCount?: number; -/** - *Describes the result of the purchase.
- */ -export interface Purchase { /** - *The currency in which the UpfrontPrice
and HourlyPrice
- * amounts are specified. At this time, the only supported currency is
- * USD
.
The current state of the Capacity Reservation. A Capacity Reservation can be in one of the following states:
+ *
+ * active
- The Capacity Reservation is active and the capacity is available for your use.
+ * expired
- The Capacity Reservation expired automatically at the date and time specified
+ * in your request. The reserved capacity is no longer available for your use.
+ * cancelled
- The Capacity Reservation was cancelled. The reserved capacity is no
+ * longer available for your use.
+ * pending
- The Capacity Reservation request was successful but the capacity
+ * provisioning is still pending.
+ * failed
- The Capacity Reservation request has failed. A request might fail
+ * due to invalid request parameters, capacity constraints, or instance limit constraints.
+ * Failed requests are retained for 60 minutes.
The duration of the reservation's term in seconds.
+ *Information about the Capacity Reservation usage.
*/ - Duration?: number; + InstanceUsages?: InstanceUsage[]; +} +export namespace GetCapacityReservationUsageResult { /** - *The IDs of the Dedicated Hosts associated with the reservation.
+ * @internal */ - HostIdSet?: string[]; + export const filterSensitiveLog = (obj: GetCapacityReservationUsageResult): any => ({ + ...obj, + }); +} +export interface GetCoipPoolUsageRequest { /** - *The ID of the reservation.
+ *The ID of the address pool.
*/ - HostReservationId?: string; + PoolId: string | undefined; /** - *The hourly price of the reservation per hour.
+ *The filters. The following are the possible values:
+ *
+ * coip-address-usage.allocation-id
+ *
+ * coip-address-usage.aws-account-id
+ *
+ * coip-address-usage.aws-service
+ *
+ * coip-address-usage.co-ip
+ *
The instance family on the Dedicated Host that the reservation can be associated - * with.
+ *The maximum number of results to return with a single call.
+ * To retrieve the remaining results, make another call with the returned nextToken
value.
The payment option for the reservation.
+ *The token for the next page of results.
*/ - PaymentOption?: PaymentOption | string; + NextToken?: string; /** - *The upfront price of the reservation.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Describes address usage for a customer-owned address pool.
+ */ +export interface CoipAddressUsage { /** - *The currency in which the totalUpfrontPrice
and
- * totalHourlyPrice
amounts are specified. At this time, the only
- * supported currency is USD
.
The allocation ID of the address.
*/ - CurrencyCode?: CurrencyCodeValues | string; + AllocationId?: string; /** - *The purchase information of the Dedicated Host reservation and the Dedicated Hosts - * associated with it.
+ *The AWS account ID.
*/ - Purchase?: Purchase[]; + AwsAccountId?: string; /** - *The potential total hourly price of the reservation per hour.
+ *The AWS service.
*/ - TotalHourlyPrice?: string; + AwsService?: string; /** - *The potential total upfront price. This is billed immediately.
+ *The customer-owned IP address.
*/ - TotalUpfrontPrice?: string; + CoIp?: string; } -export namespace GetHostReservationPurchasePreviewResult { +export namespace CoipAddressUsage { /** * @internal */ - export const filterSensitiveLog = (obj: GetHostReservationPurchasePreviewResult): any => ({ + export const filterSensitiveLog = (obj: CoipAddressUsage): any => ({ ...obj, }); } -export interface GetLaunchTemplateDataRequest { +export interface GetCoipPoolUsageResult { /** - *Checks whether you have the required permissions for the action, without actually
- * making the request, and provides an error response. If you have the required
- * permissions, the error response is DryRunOperation
. Otherwise, it is
- * UnauthorizedOperation
.
The ID of the customer-owned address pool.
*/ - DryRun?: boolean; + CoipPoolId?: string; /** - *The ID of the instance.
+ *Information about the address usage.
*/ - InstanceId: string | undefined; + CoipAddressUsages?: CoipAddressUsage[]; + + /** + *The ID of the local gateway route table.
+ */ + LocalGatewayRouteTableId?: string; } -export namespace GetLaunchTemplateDataRequest { +export namespace GetCoipPoolUsageResult { /** * @internal */ - export const filterSensitiveLog = (obj: GetLaunchTemplateDataRequest): any => ({ + export const filterSensitiveLog = (obj: GetCoipPoolUsageResult): any => ({ ...obj, }); } -export interface GetLaunchTemplateDataResult { +export interface GetConsoleOutputRequest { /** - *The instance data.
+ *The ID of the instance.
*/ - LaunchTemplateData?: ResponseLaunchTemplateData; + InstanceId: string | undefined; + + /** + *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
When enabled, retrieves the latest console output for the instance.
+ *Default: disabled (false
)
Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The ID of the prefix list.
+ *The ID of the instance.
*/ - PrefixListId: string | undefined; + InstanceId?: string; /** - *The maximum number of results to return with a single call.
- * To retrieve the remaining results, make another call with the returned nextToken
value.
The console output, base64-encoded. If you are using a command line tool, the tool + * decodes the output for you.
*/ - MaxResults?: number; + Output?: string; /** - *The token for the next page of results.
+ *The time at which the output was last updated.
*/ - NextToken?: string; + Timestamp?: Date; } -export namespace GetManagedPrefixListAssociationsRequest { +export namespace GetConsoleOutputResult { /** * @internal */ - export const filterSensitiveLog = (obj: GetManagedPrefixListAssociationsRequest): any => ({ + export const filterSensitiveLog = (obj: GetConsoleOutputResult): any => ({ ...obj, }); } -/** - *Describes the resource with which a prefix list is associated.
- */ -export interface PrefixListAssociation { +export interface GetConsoleScreenshotRequest { /** - *The ID of the resource.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The owner of the resource.
+ *The ID of the instance.
*/ - ResourceOwner?: string; + InstanceId: string | undefined; + + /** + *When set to true
, acts as keystroke input and wakes up an instance that's
+ * in standby or "sleep" mode.
Information about the associations.
+ *The data that comprises the image.
*/ - PrefixListAssociations?: PrefixListAssociation[]; + ImageData?: string; /** - *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The ID of the instance.
*/ - NextToken?: string; + InstanceId?: string; } -export namespace GetManagedPrefixListAssociationsResult { +export namespace GetConsoleScreenshotResult { /** * @internal */ - export const filterSensitiveLog = (obj: GetManagedPrefixListAssociationsResult): any => ({ + export const filterSensitiveLog = (obj: GetConsoleScreenshotResult): any => ({ ...obj, }); } -export interface GetManagedPrefixListEntriesRequest { +export type UnlimitedSupportedInstanceFamily = "t2" | "t3" | "t3a" | "t4g"; + +export interface GetDefaultCreditSpecificationRequest { /** *Checks whether you have the required permissions for the action, without actually making the request,
* and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
@@ -4561,87 +4681,61 @@ export interface GetManagedPrefixListEntriesRequest {
DryRun?: boolean;
/**
- *
The ID of the prefix list.
- */ - PrefixListId: string | undefined; - - /** - *The version of the prefix list for which to return the entries. The default is the current version.
- */ - TargetVersion?: number; - - /** - *The maximum number of results to return with a single call.
- * To retrieve the remaining results, make another call with the returned nextToken
value.
The token for the next page of results.
+ *The instance family.
*/ - NextToken?: string; + InstanceFamily: UnlimitedSupportedInstanceFamily | string | undefined; } -export namespace GetManagedPrefixListEntriesRequest { +export namespace GetDefaultCreditSpecificationRequest { /** * @internal */ - export const filterSensitiveLog = (obj: GetManagedPrefixListEntriesRequest): any => ({ + export const filterSensitiveLog = (obj: GetDefaultCreditSpecificationRequest): any => ({ ...obj, }); } /** - *Describes a prefix list entry.
+ *Describes the default credit option for CPU usage of a burstable performance instance family.
*/ -export interface PrefixListEntry { +export interface InstanceFamilyCreditSpecification { /** - *The CIDR block.
+ *The instance family.
*/ - Cidr?: string; + InstanceFamily?: UnlimitedSupportedInstanceFamily | string; /** - *The description.
+ *The default credit option for CPU usage of the instance family. Valid values are standard
and unlimited
.
Information about the prefix list entries.
- */ - Entries?: PrefixListEntry[]; - +export interface GetDefaultCreditSpecificationResult { /** - *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The default credit option for CPU usage of the instance family.
*/ - NextToken?: string; + InstanceFamilyCreditSpecification?: InstanceFamilyCreditSpecification; } -export namespace GetManagedPrefixListEntriesResult { +export namespace GetDefaultCreditSpecificationResult { /** * @internal */ - export const filterSensitiveLog = (obj: GetManagedPrefixListEntriesResult): any => ({ + export const filterSensitiveLog = (obj: GetDefaultCreditSpecificationResult): any => ({ ...obj, }); } -export interface GetPasswordDataRequest { - /** - *The ID of the Windows instance.
- */ - InstanceId: string | undefined; - +export interface GetEbsDefaultKmsKeyIdRequest { /** *Checks whether you have the required permissions for the action, without actually making the request,
* and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
@@ -4650,481 +4744,414 @@ export interface GetPasswordDataRequest {
DryRun?: boolean;
}
-export namespace GetPasswordDataRequest {
+export namespace GetEbsDefaultKmsKeyIdRequest {
/**
* @internal
*/
- export const filterSensitiveLog = (obj: GetPasswordDataRequest): any => ({
+ export const filterSensitiveLog = (obj: GetEbsDefaultKmsKeyIdRequest): any => ({
...obj,
});
}
-export interface GetPasswordDataResult {
- /**
- *
The ID of the Windows instance.
- */ - InstanceId?: string; - - /** - *The password of the instance. Returns an empty string if the password is not - * available.
- */ - PasswordData?: string; - +export interface GetEbsDefaultKmsKeyIdResult { /** - *The time the data was last updated.
+ *The Amazon Resource Name (ARN) of the default KMS key for encryption by default.
*/ - Timestamp?: Date; + KmsKeyId?: string; } -export namespace GetPasswordDataResult { +export namespace GetEbsDefaultKmsKeyIdResult { /** * @internal */ - export const filterSensitiveLog = (obj: GetPasswordDataResult): any => ({ + export const filterSensitiveLog = (obj: GetEbsDefaultKmsKeyIdResult): any => ({ ...obj, }); } -/** - *Contains the parameters for GetReservedInstanceExchangeQuote.
- */ -export interface GetReservedInstancesExchangeQuoteRequest { +export interface GetEbsEncryptionByDefaultRequest { /** *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
*/
DryRun?: boolean;
+}
+export namespace GetEbsEncryptionByDefaultRequest {
/**
- * The IDs of the Convertible Reserved Instances to exchange.
+ * @internal */ - ReservedInstanceIds: string[] | undefined; + export const filterSensitiveLog = (obj: GetEbsEncryptionByDefaultRequest): any => ({ + ...obj, + }); +} +export interface GetEbsEncryptionByDefaultResult { /** - *The configuration of the target Convertible Reserved Instance to exchange for your - * current Convertible Reserved Instances.
+ *Indicates whether encryption by default is enabled.
*/ - TargetConfigurations?: TargetConfigurationRequest[]; + EbsEncryptionByDefault?: boolean; } -export namespace GetReservedInstancesExchangeQuoteRequest { +export namespace GetEbsEncryptionByDefaultResult { /** * @internal */ - export const filterSensitiveLog = (obj: GetReservedInstancesExchangeQuoteRequest): any => ({ + export const filterSensitiveLog = (obj: GetEbsEncryptionByDefaultResult): any => ({ ...obj, }); } +export enum PartitionLoadFrequency { + DAILY = "daily", + MONTHLY = "monthly", + NONE = "none", + WEEKLY = "weekly", +} + /** - *The cost associated with the Reserved Instance.
+ *Describes integration options for Amazon Athena.
*/ -export interface ReservationValue { +export interface AthenaIntegration { + /** + *The location in Amazon S3 to store the generated CloudFormation template.
+ */ + IntegrationResultS3DestinationArn: string | undefined; + /** - *The hourly rate of the reservation.
+ *The schedule for adding new partitions to the table.
*/ - HourlyPrice?: string; + PartitionLoadFrequency: PartitionLoadFrequency | string | undefined; /** - *The balance of the total value (the sum of remainingUpfrontValue + hourlyPrice * number of hours remaining).
+ *The start date for the partition.
*/ - RemainingTotalValue?: string; + PartitionStartDate?: Date; /** - *The remaining upfront cost of the reservation.
+ *The end date for the partition.
*/ - RemainingUpfrontValue?: string; + PartitionEndDate?: Date; } -export namespace ReservationValue { +export namespace AthenaIntegration { /** * @internal */ - export const filterSensitiveLog = (obj: ReservationValue): any => ({ + export const filterSensitiveLog = (obj: AthenaIntegration): any => ({ ...obj, }); } /** - *The total value of the Convertible Reserved Instance.
+ *Describes service integrations with VPC Flow logs.
*/ -export interface ReservedInstanceReservationValue { - /** - *The total value of the Convertible Reserved Instance that you are exchanging.
- */ - ReservationValue?: ReservationValue; - +export interface IntegrateServices { /** - *The ID of the Convertible Reserved Instance that you are exchanging.
+ *Information about the integration with Amazon Athena.
*/ - ReservedInstanceId?: string; + AthenaIntegrations?: AthenaIntegration[]; } -export namespace ReservedInstanceReservationValue { +export namespace IntegrateServices { /** * @internal */ - export const filterSensitiveLog = (obj: ReservedInstanceReservationValue): any => ({ + export const filterSensitiveLog = (obj: IntegrateServices): any => ({ ...obj, }); } -/** - *Information about the Convertible Reserved Instance offering.
- */ -export interface TargetConfiguration { - /** - *The number of instances the Convertible Reserved Instance offering can be applied to. This parameter is - * reserved and cannot be specified in a request
- */ - InstanceCount?: number; - +export interface GetFlowLogsIntegrationTemplateRequest { /** - *The ID of the Convertible Reserved Instance offering.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The ID of the flow log.
*/ - export const filterSensitiveLog = (obj: TargetConfiguration): any => ({ - ...obj, - }); -} + FlowLogId: string | undefined; -/** - *The total value of the new Convertible Reserved Instances.
- */ -export interface TargetReservationValue { /** - *The total value of the Convertible Reserved Instances that make up the exchange. This is the sum of - * the list value, remaining upfront price, and additional upfront cost of the exchange.
+ *To store the CloudFormation template in Amazon S3, specify the location in Amazon S3.
*/ - ReservationValue?: ReservationValue; + ConfigDeliveryS3DestinationArn: string | undefined; /** - *The configuration of the Convertible Reserved Instances that make up the exchange.
+ *Information about the service integration.
*/ - TargetConfiguration?: TargetConfiguration; + IntegrateServices: IntegrateServices | undefined; } -export namespace TargetReservationValue { +export namespace GetFlowLogsIntegrationTemplateRequest { /** * @internal */ - export const filterSensitiveLog = (obj: TargetReservationValue): any => ({ + export const filterSensitiveLog = (obj: GetFlowLogsIntegrationTemplateRequest): any => ({ ...obj, }); } -/** - *Contains the output of GetReservedInstancesExchangeQuote.
- */ -export interface GetReservedInstancesExchangeQuoteResult { +export interface GetFlowLogsIntegrationTemplateResult { /** - *The currency of the transaction.
+ *The generated CloudFormation template.
*/ - CurrencyCode?: string; + Result?: string; +} +export namespace GetFlowLogsIntegrationTemplateResult { /** - *If true
, the exchange is valid. If false
, the exchange cannot be completed.
The new end date of the reservation term.
+ *The ID of the Capacity Reservation.
*/ - OutputReservedInstancesWillExpireAt?: Date; + CapacityReservationId: string | undefined; /** - *The total true upfront charge for the exchange.
+ *The token to use to retrieve the next page of results.
*/ - PaymentDue?: string; + NextToken?: string; /** - *The cost associated with the Reserved Instance.
+ *The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the returned nextToken
value. This value can be between 5 and 500. If maxResults
is given a larger value than 500, you receive an error.
The configuration of your Convertible Reserved Instances.
+ *Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
The cost associated with the Reserved Instance.
+ * @internal */ - TargetConfigurationValueRollup?: ReservationValue; + export const filterSensitiveLog = (obj: GetGroupsForCapacityReservationRequest): any => ({ + ...obj, + }); +} +/** + *Describes a resource group to which a Capacity Reservation has been added.
+ */ +export interface CapacityReservationGroup { /** - *The values of the target Convertible Reserved Instances.
+ *The ARN of the resource group.
*/ - TargetConfigurationValueSet?: TargetReservationValue[]; + GroupArn?: string; /** - *Describes the reason why the exchange cannot be completed.
+ *The ID of the Amazon Web Services account that owns the resource group.
*/ - ValidationFailureReason?: string; + OwnerId?: string; } -export namespace GetReservedInstancesExchangeQuoteResult { +export namespace CapacityReservationGroup { /** * @internal */ - export const filterSensitiveLog = (obj: GetReservedInstancesExchangeQuoteResult): any => ({ + export const filterSensitiveLog = (obj: CapacityReservationGroup): any => ({ ...obj, }); } -export interface GetSerialConsoleAccessStatusRequest { +export interface GetGroupsForCapacityReservationResult { /** - *Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
Information about the resource groups to which the Capacity Reservation has been added.
+ */ + CapacityReservationGroups?: CapacityReservationGroup[]; } -export namespace GetSerialConsoleAccessStatusRequest { +export namespace GetGroupsForCapacityReservationResult { /** * @internal */ - export const filterSensitiveLog = (obj: GetSerialConsoleAccessStatusRequest): any => ({ + export const filterSensitiveLog = (obj: GetGroupsForCapacityReservationResult): any => ({ ...obj, }); } -export interface GetSerialConsoleAccessStatusResult { +export interface GetHostReservationPurchasePreviewRequest { /** - *If true
, access to the EC2 serial console of all instances is enabled for
- * your account. If false
, access to the EC2 serial console of all instances
- * is disabled for your account.
The IDs of the Dedicated Hosts with which the reservation is associated.
*/ - SerialConsoleAccessEnabled?: boolean; + HostIdSet: string[] | undefined; + + /** + *The offering ID of the reservation.
+ */ + OfferingId: string | undefined; } -export namespace GetSerialConsoleAccessStatusResult { +export namespace GetHostReservationPurchasePreviewRequest { /** * @internal */ - export const filterSensitiveLog = (obj: GetSerialConsoleAccessStatusResult): any => ({ + export const filterSensitiveLog = (obj: GetHostReservationPurchasePreviewRequest): any => ({ ...obj, }); } -export interface GetSubnetCidrReservationsRequest { - /** - *One or more filters.
- *
- * reservationType
- The type of reservation (prefix
|
- * explicit
).
- * subnet-id
- The ID of the subnet.
- * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
- * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
Describes the result of the purchase.
+ */ +export interface Purchase { /** - *The ID of the subnet.
+ *The currency in which the UpfrontPrice
and HourlyPrice
+ * amounts are specified. At this time, the only supported currency is
+ * USD
.
Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The duration of the reservation's term in seconds.
*/ - DryRun?: boolean; + Duration?: number; /** - *The token for the next page of results.
+ *The IDs of the Dedicated Hosts associated with the reservation.
*/ - NextToken?: string; + HostIdSet?: string[]; /** - *The maximum number of results to return with a single call.
- * To retrieve the remaining results, make another call with the returned nextToken
value.
The ID of the reservation.
*/ - MaxResults?: number; -} + HostReservationId?: string; -export namespace GetSubnetCidrReservationsRequest { /** - * @internal + *The hourly price of the reservation per hour.
*/ - export const filterSensitiveLog = (obj: GetSubnetCidrReservationsRequest): any => ({ - ...obj, - }); -} + HourlyPrice?: string; -export interface GetSubnetCidrReservationsResult { /** - *Information about the IPv4 subnet CIDR reservations.
+ *The instance family on the Dedicated Host that the reservation can be associated + * with.
*/ - SubnetIpv4CidrReservations?: SubnetCidrReservation[]; + InstanceFamily?: string; /** - *Information about the IPv6 subnet CIDR reservations.
+ *The payment option for the reservation.
*/ - SubnetIpv6CidrReservations?: SubnetCidrReservation[]; + PaymentOption?: PaymentOption | string; /** - *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The upfront price of the reservation.
*/ - NextToken?: string; + UpfrontPrice?: string; } -export namespace GetSubnetCidrReservationsResult { +export namespace Purchase { /** * @internal */ - export const filterSensitiveLog = (obj: GetSubnetCidrReservationsResult): any => ({ + export const filterSensitiveLog = (obj: Purchase): any => ({ ...obj, }); -} - -export interface GetTransitGatewayAttachmentPropagationsRequest { - /** - *The ID of the attachment.
- */ - TransitGatewayAttachmentId: string | undefined; +} +export interface GetHostReservationPurchasePreviewResult { /** - *One or more filters. The possible values are:
- *
- * transit-gateway-route-table-id
- The ID of the transit gateway route table.
The currency in which the totalUpfrontPrice
and
+ * totalHourlyPrice
amounts are specified. At this time, the only
+ * supported currency is USD
.
The maximum number of results to return with a single call.
- * To retrieve the remaining results, make another call with the returned nextToken
value.
The purchase information of the Dedicated Host reservation and the Dedicated Hosts + * associated with it.
*/ - MaxResults?: number; + Purchase?: Purchase[]; /** - *The token for the next page of results.
+ *The potential total hourly price of the reservation per hour.
*/ - NextToken?: string; + TotalHourlyPrice?: string; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The potential total upfront price. This is billed immediately.
*/ - DryRun?: boolean; + TotalUpfrontPrice?: string; } -export namespace GetTransitGatewayAttachmentPropagationsRequest { +export namespace GetHostReservationPurchasePreviewResult { /** * @internal */ - export const filterSensitiveLog = (obj: GetTransitGatewayAttachmentPropagationsRequest): any => ({ + export const filterSensitiveLog = (obj: GetHostReservationPurchasePreviewResult): any => ({ ...obj, }); } -/** - *Describes a propagation route table.
- */ -export interface TransitGatewayAttachmentPropagation { +export interface GetLaunchTemplateDataRequest { /** - *The ID of the propagation route table.
+ *Checks whether you have the required permissions for the action, without actually
+ * making the request, and provides an error response. If you have the required
+ * permissions, the error response is DryRunOperation
. Otherwise, it is
+ * UnauthorizedOperation
.
The state of the propagation route table.
+ *The ID of the instance.
*/ - State?: TransitGatewayPropagationState | string; + InstanceId: string | undefined; } -export namespace TransitGatewayAttachmentPropagation { +export namespace GetLaunchTemplateDataRequest { /** * @internal */ - export const filterSensitiveLog = (obj: TransitGatewayAttachmentPropagation): any => ({ + export const filterSensitiveLog = (obj: GetLaunchTemplateDataRequest): any => ({ ...obj, }); } -export interface GetTransitGatewayAttachmentPropagationsResult { - /** - *Information about the propagation route tables.
- */ - TransitGatewayAttachmentPropagations?: TransitGatewayAttachmentPropagation[]; - +export interface GetLaunchTemplateDataResult { /** - *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The instance data.
*/ - NextToken?: string; + LaunchTemplateData?: ResponseLaunchTemplateData; } -export namespace GetTransitGatewayAttachmentPropagationsResult { +export namespace GetLaunchTemplateDataResult { /** * @internal */ - export const filterSensitiveLog = (obj: GetTransitGatewayAttachmentPropagationsResult): any => ({ + export const filterSensitiveLog = (obj: GetLaunchTemplateDataResult): any => ({ ...obj, }); } -export interface GetTransitGatewayMulticastDomainAssociationsRequest { +export interface GetManagedPrefixListAssociationsRequest { /** - *The ID of the transit gateway multicast domain.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
One or more filters. The possible values are:
- *
- * resource-id
- The ID of the resource.
- * resource-type
- The type of resource. The valid value is: vpc
.
- * state
- The state of the subnet association. Valid values are
- * associated
|
- * associating
- * | disassociated
| disassociating
.
- * subnet-id
- The ID of the subnet.
- * transit-gateway-attachment-id
- The id of the transit gateway attachment.
The ID of the prefix list.
*/ - Filters?: Filter[]; + PrefixListId: string | undefined; /** *The maximum number of results to return with a single call. @@ -5136,68 +5163,46 @@ export interface GetTransitGatewayMulticastDomainAssociationsRequest { *
The token for the next page of results.
*/ NextToken?: string; - - /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
Describes the resources associated with the transit gateway multicast domain.
+ *Describes the resource with which a prefix list is associated.
*/ -export interface TransitGatewayMulticastDomainAssociation { - /** - *The ID of the transit gateway attachment.
- */ - TransitGatewayAttachmentId?: string; - +export interface PrefixListAssociation { /** *The ID of the resource.
*/ ResourceId?: string; /** - *The type of resource, for example a VPC attachment.
- */ - ResourceType?: TransitGatewayAttachmentResourceType | string; - - /** - *The ID of the Amazon Web Services account that owns the transit gateway multicast domain association resource.
- */ - ResourceOwnerId?: string; - - /** - *The subnet associated with the transit gateway multicast domain.
+ *The owner of the resource.
*/ - Subnet?: SubnetAssociation; + ResourceOwner?: string; } -export namespace TransitGatewayMulticastDomainAssociation { +export namespace PrefixListAssociation { /** * @internal */ - export const filterSensitiveLog = (obj: TransitGatewayMulticastDomainAssociation): any => ({ + export const filterSensitiveLog = (obj: PrefixListAssociation): any => ({ ...obj, }); } -export interface GetTransitGatewayMulticastDomainAssociationsResult { +export interface GetManagedPrefixListAssociationsResult { /** - *Information about the multicast domain associations.
+ *Information about the associations.
*/ - MulticastDomainAssociations?: TransitGatewayMulticastDomainAssociation[]; + PrefixListAssociations?: PrefixListAssociation[]; /** *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The ID of the transit gateway route table.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
One or more filters. The possible values are:
- *
- * attachment.resource-id
- The ID of the resource for the attachment.
- * attachment.resource-type
- The type of resource for the
- * attachment. Valid values are vpc
| vpn
|
- * direct-connect-gateway
| peering
.
- * attachment.transit-gateway-attachment-id
- The ID of the attachment.
- * is-blackhole
- Whether traffic matching the route is blocked (true
| false
).
- * prefix-list-id
- The ID of the prefix list.
- * prefix-list-owner-id
- The ID of the owner of the prefix list.
- * state
- The state of the prefix list reference (pending
| available
| modifying
| deleting
).
The ID of the prefix list.
*/ - Filters?: Filter[]; + PrefixListId: string | undefined; + + /** + *The version of the prefix list for which to return the entries. The default is the current version.
+ */ + TargetVersion?: number; /** *The maximum number of results to return with a single call. @@ -5267,82 +5247,67 @@ export interface GetTransitGatewayPrefixListReferencesRequest { *
The token for the next page of results.
*/ NextToken?: string; - - /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
Describes a prefix list entry.
+ */ +export interface PrefixListEntry { /** - *Information about the prefix list references.
+ *The CIDR block.
*/ - TransitGatewayPrefixListReferences?: TransitGatewayPrefixListReference[]; + Cidr?: string; /** - *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The description.
*/ - NextToken?: string; + Description?: string; } -export namespace GetTransitGatewayPrefixListReferencesResult { +export namespace PrefixListEntry { /** * @internal */ - export const filterSensitiveLog = (obj: GetTransitGatewayPrefixListReferencesResult): any => ({ + export const filterSensitiveLog = (obj: PrefixListEntry): any => ({ ...obj, }); } -export interface GetTransitGatewayRouteTableAssociationsRequest { +export interface GetManagedPrefixListEntriesResult { /** - *The ID of the transit gateway route table.
+ *Information about the prefix list entries.
*/ - TransitGatewayRouteTableId: string | undefined; + Entries?: PrefixListEntry[]; - /** - *One or more filters. The possible values are:
- *
- * resource-id
- The ID of the resource.
- * resource-type
- The resource type. Valid values are vpc
- * | vpn
| direct-connect-gateway
| peering
- * | connect
.
- * transit-gateway-attachment-id
- The ID of the attachment.
The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The maximum number of results to return with a single call.
- * To retrieve the remaining results, make another call with the returned nextToken
value.
The token for the next page of results.
+ *The ID of the Windows instance.
*/ - NextToken?: string; + InstanceId: string | undefined; /** *Checks whether you have the required permissions for the action, without actually making the request, @@ -5352,1075 +5317,1233 @@ export interface GetTransitGatewayRouteTableAssociationsRequest { DryRun?: boolean; } -export namespace GetTransitGatewayRouteTableAssociationsRequest { +export namespace GetPasswordDataRequest { /** * @internal */ - export const filterSensitiveLog = (obj: GetTransitGatewayRouteTableAssociationsRequest): any => ({ + export const filterSensitiveLog = (obj: GetPasswordDataRequest): any => ({ ...obj, }); } -/** - *
Describes an association between a route table and a resource attachment.
- */ -export interface TransitGatewayRouteTableAssociation { - /** - *The ID of the attachment.
- */ - TransitGatewayAttachmentId?: string; - +export interface GetPasswordDataResult { /** - *The ID of the resource.
+ *The ID of the Windows instance.
*/ - ResourceId?: string; + InstanceId?: string; /** - *The resource type. Note that the tgw-peering
resource type has been deprecated.
The password of the instance. Returns an empty string if the password is not + * available.
*/ - ResourceType?: TransitGatewayAttachmentResourceType | string; + PasswordData?: string; /** - *The state of the association.
+ *The time the data was last updated.
*/ - State?: TransitGatewayAssociationState | string; + Timestamp?: Date; } -export namespace TransitGatewayRouteTableAssociation { +export namespace GetPasswordDataResult { /** * @internal */ - export const filterSensitiveLog = (obj: TransitGatewayRouteTableAssociation): any => ({ + export const filterSensitiveLog = (obj: GetPasswordDataResult): any => ({ ...obj, }); } -export interface GetTransitGatewayRouteTableAssociationsResult { +/** + *Contains the parameters for GetReservedInstanceExchangeQuote.
+ */ +export interface GetReservedInstancesExchangeQuoteRequest { /** - *Information about the associations.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The IDs of the Convertible Reserved Instances to exchange.
*/ - NextToken?: string; + ReservedInstanceIds: string[] | undefined; + + /** + *The configuration of the target Convertible Reserved Instance to exchange for your + * current Convertible Reserved Instances.
+ */ + TargetConfigurations?: TargetConfigurationRequest[]; } -export namespace GetTransitGatewayRouteTableAssociationsResult { +export namespace GetReservedInstancesExchangeQuoteRequest { /** * @internal */ - export const filterSensitiveLog = (obj: GetTransitGatewayRouteTableAssociationsResult): any => ({ + export const filterSensitiveLog = (obj: GetReservedInstancesExchangeQuoteRequest): any => ({ ...obj, }); } -export interface GetTransitGatewayRouteTablePropagationsRequest { +/** + *The cost associated with the Reserved Instance.
+ */ +export interface ReservationValue { /** - *The ID of the transit gateway route table.
+ *The hourly rate of the reservation.
*/ - TransitGatewayRouteTableId: string | undefined; + HourlyPrice?: string; /** - *One or more filters. The possible values are:
- *
- * resource-id
- The ID of the resource.
- * resource-type
- The resource type. Valid values are vpc
- * | vpn
| direct-connect-gateway
| peering
- * | connect
.
- * transit-gateway-attachment-id
- The ID of the attachment.
The balance of the total value (the sum of remainingUpfrontValue + hourlyPrice * number of hours remaining).
*/ - Filters?: Filter[]; + RemainingTotalValue?: string; /** - *The maximum number of results to return with a single call.
- * To retrieve the remaining results, make another call with the returned nextToken
value.
The remaining upfront cost of the reservation.
*/ - MaxResults?: number; + RemainingUpfrontValue?: string; +} +export namespace ReservationValue { /** - *The token for the next page of results.
+ * @internal */ - NextToken?: string; + export const filterSensitiveLog = (obj: ReservationValue): any => ({ + ...obj, + }); +} +/** + *The total value of the Convertible Reserved Instance.
+ */ +export interface ReservedInstanceReservationValue { /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The total value of the Convertible Reserved Instance that you are exchanging.
*/ - DryRun?: boolean; + ReservationValue?: ReservationValue; + + /** + *The ID of the Convertible Reserved Instance that you are exchanging.
+ */ + ReservedInstanceId?: string; } -export namespace GetTransitGatewayRouteTablePropagationsRequest { +export namespace ReservedInstanceReservationValue { /** * @internal */ - export const filterSensitiveLog = (obj: GetTransitGatewayRouteTablePropagationsRequest): any => ({ + export const filterSensitiveLog = (obj: ReservedInstanceReservationValue): any => ({ ...obj, }); } /** - *Describes a route table propagation.
+ *Information about the Convertible Reserved Instance offering.
*/ -export interface TransitGatewayRouteTablePropagation { +export interface TargetConfiguration { /** - *The ID of the attachment.
+ *The number of instances the Convertible Reserved Instance offering can be applied to. This parameter is + * reserved and cannot be specified in a request
*/ - TransitGatewayAttachmentId?: string; + InstanceCount?: number; /** - *The ID of the resource.
+ *The ID of the Convertible Reserved Instance offering.
*/ - ResourceId?: string; + OfferingId?: string; +} +export namespace TargetConfiguration { /** - *The type of resource. Note that the tgw-peering
resource type has been deprecated.
The total value of the new Convertible Reserved Instances.
+ */ +export interface TargetReservationValue { + /** + *The total value of the Convertible Reserved Instances that make up the exchange. This is the sum of + * the list value, remaining upfront price, and additional upfront cost of the exchange.
+ */ + ReservationValue?: ReservationValue; /** - *The state of the resource.
+ *The configuration of the Convertible Reserved Instances that make up the exchange.
*/ - State?: TransitGatewayPropagationState | string; + TargetConfiguration?: TargetConfiguration; } -export namespace TransitGatewayRouteTablePropagation { +export namespace TargetReservationValue { /** * @internal */ - export const filterSensitiveLog = (obj: TransitGatewayRouteTablePropagation): any => ({ + export const filterSensitiveLog = (obj: TargetReservationValue): any => ({ ...obj, }); } -export interface GetTransitGatewayRouteTablePropagationsResult { +/** + *Contains the output of GetReservedInstancesExchangeQuote.
+ */ +export interface GetReservedInstancesExchangeQuoteResult { /** - *Information about the route table propagations.
+ *The currency of the transaction.
*/ - TransitGatewayRouteTablePropagations?: TransitGatewayRouteTablePropagation[]; + CurrencyCode?: string; /** - *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
If true
, the exchange is valid. If false
, the exchange cannot be completed.
The new end date of the reservation term.
*/ - export const filterSensitiveLog = (obj: GetTransitGatewayRouteTablePropagationsResult): any => ({ - ...obj, - }); -} + OutputReservedInstancesWillExpireAt?: Date; -export interface GetVpnConnectionDeviceSampleConfigurationRequest { /** - *The VpnConnectionId
specifies the Site-to-Site VPN connection used for the sample
- * configuration.
The total true upfront charge for the exchange.
*/ - VpnConnectionId: string | undefined; + PaymentDue?: string; /** - *Device identifier provided by the GetVpnConnectionDeviceTypes
API.
The cost associated with the Reserved Instance.
*/ - VpnConnectionDeviceTypeId: string | undefined; + ReservedInstanceValueRollup?: ReservationValue; /** - *The IKE version to be used in the sample configuration file for your customer gateway
- * device. You can specify one of the following versions: ikev1
or
- * ikev2
.
The configuration of your Convertible Reserved Instances.
*/ - InternetKeyExchangeVersion?: string; + ReservedInstanceValueSet?: ReservedInstanceReservationValue[]; /** - *Checks whether you have the required permissions for the action, without actually
- * making the request, and provides an error response. If you have the required
- * permissions, the error response is DryRunOperation
. Otherwise, it is
- * UnauthorizedOperation
.
The cost associated with the Reserved Instance.
*/ - DryRun?: boolean; -} + TargetConfigurationValueRollup?: ReservationValue; -export namespace GetVpnConnectionDeviceSampleConfigurationRequest { /** - * @internal + *The values of the target Convertible Reserved Instances.
*/ - export const filterSensitiveLog = (obj: GetVpnConnectionDeviceSampleConfigurationRequest): any => ({ - ...obj, - }); -} + TargetConfigurationValueSet?: TargetReservationValue[]; -export interface GetVpnConnectionDeviceSampleConfigurationResult { /** - *Sample configuration file for the specified customer gateway device.
+ *Describes the reason why the exchange cannot be completed.
*/ - VpnConnectionDeviceSampleConfiguration?: string; + ValidationFailureReason?: string; } -export namespace GetVpnConnectionDeviceSampleConfigurationResult { +export namespace GetReservedInstancesExchangeQuoteResult { /** * @internal */ - export const filterSensitiveLog = (obj: GetVpnConnectionDeviceSampleConfigurationResult): any => ({ + export const filterSensitiveLog = (obj: GetReservedInstancesExchangeQuoteResult): any => ({ ...obj, - ...(obj.VpnConnectionDeviceSampleConfiguration && { VpnConnectionDeviceSampleConfiguration: SENSITIVE_STRING }), }); } -export interface GetVpnConnectionDeviceTypesRequest { +export interface GetSerialConsoleAccessStatusRequest { /** - *The maximum number of results returned by GetVpnConnectionDeviceTypes
in
- * paginated output. When this parameter is used, GetVpnConnectionDeviceTypes
- * only returns MaxResults
results in a single page along with a
- * NextToken
response element. The remaining results of the initial
- * request can be seen by sending another GetVpnConnectionDeviceTypes
request
- * with the returned NextToken
value. This value can be between 200 and 1000.
- * If this parameter is not used, then GetVpnConnectionDeviceTypes
returns all
- * results.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
The NextToken
value returned from a previous paginated
- * GetVpnConnectionDeviceTypes
request where MaxResults
was
- * used and the results exceeded the value of that parameter. Pagination continues from the
- * end of the previous results that returned the NextToken
value. This value
- * is null when there are no more results to return.
Checks whether you have the required permissions for the action, without actually
- * making the request, and provides an error response. If you have the required
- * permissions, the error response is DryRunOperation
. Otherwise, it is
- * UnauthorizedOperation
.
If true
, access to the EC2 serial console of all instances is enabled for
+ * your account. If false
, access to the EC2 serial console of all instances
+ * is disabled for your account.
List of customer gateway devices that have a sample configuration file available for - * use. You can also see the list of device types with sample configuration files available - * under Your customer - * gateway device in the Amazon Web Services Site-to-Site VPN User Guide.
- */ -export interface VpnConnectionDeviceType { +export interface GetSubnetCidrReservationsRequest { /** - *Customer gateway device identifier.
+ *One or more filters.
+ *
+ * reservationType
- The type of reservation (prefix
|
+ * explicit
).
+ * subnet-id
- The ID of the subnet.
+ * tag
:Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.
+ * tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
Customer gateway device vendor.
+ *The ID of the subnet.
*/ - Vendor?: string; + SubnetId: string | undefined; /** - *Customer gateway device platform.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Customer gateway device software version.
+ *The token for the next page of results.
*/ - Software?: string; + NextToken?: string; + + /** + *The maximum number of results to return with a single call.
+ * To retrieve the remaining results, make another call with the returned nextToken
value.
List of customer gateway devices that have a sample configuration file available for - * use.
+ *Information about the IPv4 subnet CIDR reservations.
*/ - VpnConnectionDeviceTypes?: VpnConnectionDeviceType[]; + SubnetIpv4CidrReservations?: SubnetCidrReservation[]; /** - *The NextToken
value to include in a future
- * GetVpnConnectionDeviceTypes
request. When the results of a
- * GetVpnConnectionDeviceTypes
request exceed MaxResults
,
- * this value can be used to retrieve the next page of results. This value is null when
- * there are no more results to return.
Information about the IPv6 subnet CIDR reservations.
+ */ + SubnetIpv6CidrReservations?: SubnetCidrReservation[]; + + /** + *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The ID of the Client VPN endpoint to which the client certificate revocation list applies.
+ *The ID of the attachment.
*/ - ClientVpnEndpointId: string | undefined; + TransitGatewayAttachmentId: string | undefined; /** - *The client certificate revocation list file. For more information, see Generate a Client Certificate Revocation List in the - * Client VPN Administrator Guide.
+ *One or more filters. The possible values are:
+ *
+ * transit-gateway-route-table-id
- The ID of the transit gateway route table.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
The maximum number of results to return with a single call.
+ * To retrieve the remaining results, make another call with the returned nextToken
value.
The token for the next page of results.
*/ - export const filterSensitiveLog = (obj: ImportClientVpnClientCertificateRevocationListRequest): any => ({ - ...obj, - }); -} + NextToken?: string; -export interface ImportClientVpnClientCertificateRevocationListResult { /** - *Returns true
if the request succeeds; otherwise, it returns an error.
Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Describes the client-specific data.
+ *Describes a propagation route table.
*/ -export interface ClientData { - /** - *A user-defined comment about the disk upload.
- */ - Comment?: string; - - /** - *The time that the disk upload ends.
- */ - UploadEnd?: Date; - +export interface TransitGatewayAttachmentPropagation { /** - *The size of the uploaded disk image, in GiB.
+ *The ID of the propagation route table.
*/ - UploadSize?: number; + TransitGatewayRouteTableId?: string; /** - *The time that the disk upload starts.
+ *The state of the propagation route table.
*/ - UploadStart?: Date; + State?: TransitGatewayPropagationState | string; } -export namespace ClientData { +export namespace TransitGatewayAttachmentPropagation { /** * @internal */ - export const filterSensitiveLog = (obj: ClientData): any => ({ + export const filterSensitiveLog = (obj: TransitGatewayAttachmentPropagation): any => ({ ...obj, }); } -/** - *Describes the Amazon S3 bucket for the disk image.
- */ -export interface UserBucket { +export interface GetTransitGatewayAttachmentPropagationsResult { /** - *The name of the Amazon S3 bucket where the disk image is located.
+ *Information about the propagation route tables.
*/ - S3Bucket?: string; + TransitGatewayAttachmentPropagations?: TransitGatewayAttachmentPropagation[]; /** - *The file name of the disk image.
+ *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
Describes the disk container object for an import image task.
- */ -export interface ImageDiskContainer { - /** - *The description of the disk image.
- */ - Description?: string; - +export interface GetTransitGatewayMulticastDomainAssociationsRequest { /** - *The block device mapping for the disk.
+ *The ID of the transit gateway multicast domain.
*/ - DeviceName?: string; + TransitGatewayMulticastDomainId?: string; /** - *The format of the disk image being imported.
- *Valid values: OVA
| VHD
| VHDX
| VMDK
| RAW
- *
One or more filters. The possible values are:
+ *
+ * resource-id
- The ID of the resource.
+ * resource-type
- The type of resource. The valid value is: vpc
.
+ * state
- The state of the subnet association. Valid values are
+ * associated
|
+ * associating
+ * | disassociated
| disassociating
.
+ * subnet-id
- The ID of the subnet.
+ * transit-gateway-attachment-id
- The id of the transit gateway attachment.
The ID of the EBS snapshot to be used for importing the snapshot.
+ *The maximum number of results to return with a single call.
+ * To retrieve the remaining results, make another call with the returned nextToken
value.
The URL to the Amazon S3-based disk image being imported. The URL can either be a https URL (https://..) or an - * Amazon S3 URL (s3://..)
+ *The token for the next page of results.
*/ - Url?: string; + NextToken?: string; /** - *The S3 bucket for the disk image.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The request information of license configurations.
+ *Describes the resources associated with the transit gateway multicast domain.
*/ -export interface ImportImageLicenseConfigurationRequest { +export interface TransitGatewayMulticastDomainAssociation { /** - *The ARN of a license configuration.
+ *The ID of the transit gateway attachment.
*/ - LicenseConfigurationArn?: string; -} + TransitGatewayAttachmentId?: string; -export namespace ImportImageLicenseConfigurationRequest { /** - * @internal + *The ID of the resource.
*/ - export const filterSensitiveLog = (obj: ImportImageLicenseConfigurationRequest): any => ({ - ...obj, - }); -} + ResourceId?: string; -export interface ImportImageRequest { /** - *The architecture of the virtual machine.
- *Valid values: i386
| x86_64
| arm64
- *
The type of resource, for example a VPC attachment.
*/ - Architecture?: string; + ResourceType?: TransitGatewayAttachmentResourceType | string; /** - *The client-specific data.
+ *The ID of the Amazon Web Services account that owns the transit gateway multicast domain association resource.
*/ - ClientData?: ClientData; + ResourceOwnerId?: string; /** - *The token to enable idempotency for VM import requests.
+ *The subnet associated with the transit gateway multicast domain.
*/ - ClientToken?: string; + Subnet?: SubnetAssociation; +} +export namespace TransitGatewayMulticastDomainAssociation { /** - *A description string for the import image task.
+ * @internal */ - Description?: string; + export const filterSensitiveLog = (obj: TransitGatewayMulticastDomainAssociation): any => ({ + ...obj, + }); +} +export interface GetTransitGatewayMulticastDomainAssociationsResult { /** - *Information about the disk containers.
+ *Information about the multicast domain associations.
*/ - DiskContainers?: ImageDiskContainer[]; + MulticastDomainAssociations?: TransitGatewayMulticastDomainAssociation[]; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
Specifies whether the destination AMI of the imported image should be encrypted. The default KMS key for EBS is used
- * unless you specify a non-default KMS key using KmsKeyId
. For more information, see Amazon EBS Encryption in the
- * Amazon Elastic Compute Cloud User Guide.
The target hypervisor platform.
- *Valid values: xen
- *
The ID of the transit gateway route table.
*/ - Hypervisor?: string; + TransitGatewayRouteTableId: string | undefined; /** - *An identifier for the symmetric KMS key to use when creating the
- * encrypted AMI. This parameter is only required if you want to use a non-default KMS key; if this
- * parameter is not specified, the default KMS key for EBS is used. If a KmsKeyId
is
- * specified, the Encrypted
flag must also be set.
The KMS key identifier may be provided in any of the following formats:
- *One or more filters. The possible values are:
+ *Key ID
+ *
+ * attachment.resource-id
- The ID of the resource for the attachment.
Key alias. The alias ARN contains the arn:aws:kms
namespace, followed by the Region of the key, the Amazon Web Services account ID of the key owner, the alias
namespace, and then the key alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias.
+ * attachment.resource-type
- The type of resource for the
+ * attachment. Valid values are vpc
| vpn
|
+ * direct-connect-gateway
| peering
.
ARN using key ID. The ID ARN contains the arn:aws:kms
namespace, followed by the Region of the key, the Amazon Web Services account ID of the key owner, the key
namespace, and then the key ID. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef.
+ * attachment.transit-gateway-attachment-id
- The ID of the attachment.
ARN using key alias. The alias ARN contains the arn:aws:kms
namespace, followed by the Region of the key, the Amazon Web Services account ID of the key owner, the alias
namespace, and then the key alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias.
+ * is-blackhole
- Whether traffic matching the route is blocked (true
| false
).
+ * prefix-list-id
- The ID of the prefix list.
+ * prefix-list-owner-id
- The ID of the owner of the prefix list.
+ * state
- The state of the prefix list reference (pending
| available
| modifying
| deleting
).
Amazon Web Services parses KmsKeyId
asynchronously, meaning that the action you call may appear to complete even
- * though you provided an invalid identifier. This action will eventually report failure.
The specified KMS key must exist in the Region that the AMI is being copied to.
- *Amazon EBS does not support asymmetric KMS keys.
- */ - KmsKeyId?: string; - - /** - *The license type to be used for the Amazon Machine Image (AMI) after importing.
- *By default, we detect the source-system operating system (OS) and apply the appropriate license. Specify
- * AWS
to replace the source-system license with an Amazon Web Services license, if appropriate. Specify BYOL
- * to retain the source-system license, if appropriate.
To use BYOL
, you must have existing licenses with rights to use these licenses in a third party
- * cloud, such as Amazon Web Services. For more information, see Prerequisites in the
- * VM Import/Export User Guide.
The operating system of the virtual machine.
- *Valid values: Windows
| Linux
- *
The maximum number of results to return with a single call.
+ * To retrieve the remaining results, make another call with the returned nextToken
value.
The name of the role to use when not using the default role, 'vmimport'.
+ *The token for the next page of results.
*/ - RoleName?: string; + NextToken?: string; /** - *The ARNs of the license configurations.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The tags to apply to the import image task during creation.
+ * @internal */ - TagSpecifications?: TagSpecification[]; + export const filterSensitiveLog = (obj: GetTransitGatewayPrefixListReferencesRequest): any => ({ + ...obj, + }); +} +export interface GetTransitGatewayPrefixListReferencesResult { /** - *The usage operation value. For more information, see AMI billing information fields in the Amazon Elastic Compute Cloud User Guide.
+ *Information about the prefix list references.
*/ - UsageOperation?: string; + TransitGatewayPrefixListReferences?: TransitGatewayPrefixListReference[]; /** - *The boot mode of the virtual machine.
+ *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
The architecture of the virtual machine.
+ *The ID of the transit gateway route table.
*/ - Architecture?: string; + TransitGatewayRouteTableId: string | undefined; /** - *A description of the import task.
+ *One or more filters. The possible values are:
+ *
+ * resource-id
- The ID of the resource.
+ * resource-type
- The resource type. Valid values are vpc
+ * | vpn
| direct-connect-gateway
| peering
+ * | connect
.
+ * transit-gateway-attachment-id
- The ID of the attachment.
Indicates whether the AMI is encrypted.
+ *The maximum number of results to return with a single call.
+ * To retrieve the remaining results, make another call with the returned nextToken
value.
The target hypervisor of the import task.
+ *The token for the next page of results.
*/ - Hypervisor?: string; + NextToken?: string; /** - *The ID of the Amazon Machine Image (AMI) created by the import task.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The task ID of the import image task.
+ * @internal */ - ImportTaskId?: string; + export const filterSensitiveLog = (obj: GetTransitGatewayRouteTableAssociationsRequest): any => ({ + ...obj, + }); +} +/** + *Describes an association between a route table and a resource attachment.
+ */ +export interface TransitGatewayRouteTableAssociation { /** - *The identifier for the symmetric KMS key that was used to create the encrypted AMI.
+ *The ID of the attachment.
*/ - KmsKeyId?: string; + TransitGatewayAttachmentId?: string; /** - *The license type of the virtual machine.
+ *The ID of the resource.
*/ - LicenseType?: string; + ResourceId?: string; /** - *The operating system of the virtual machine.
+ *The resource type. Note that the tgw-peering
resource type has been deprecated.
The progress of the task.
+ *The state of the association.
*/ - Progress?: string; + State?: TransitGatewayAssociationState | string; +} +export namespace TransitGatewayRouteTableAssociation { /** - *Information about the snapshots.
+ * @internal */ - SnapshotDetails?: SnapshotDetail[]; + export const filterSensitiveLog = (obj: TransitGatewayRouteTableAssociation): any => ({ + ...obj, + }); +} + +export interface GetTransitGatewayRouteTableAssociationsResult { + /** + *Information about the associations.
+ */ + Associations?: TransitGatewayRouteTableAssociation[]; + + /** + *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
A brief status of the task.
+ *The ID of the transit gateway route table.
*/ - Status?: string; + TransitGatewayRouteTableId: string | undefined; /** - *A detailed status message of the import task.
+ *One or more filters. The possible values are:
+ *
+ * resource-id
- The ID of the resource.
+ * resource-type
- The resource type. Valid values are vpc
+ * | vpn
| direct-connect-gateway
| peering
+ * | connect
.
+ * transit-gateway-attachment-id
- The ID of the attachment.
The ARNs of the license configurations.
+ *The maximum number of results to return with a single call.
+ * To retrieve the remaining results, make another call with the returned nextToken
value.
Any tags assigned to the import image task.
+ *The token for the next page of results.
*/ - Tags?: Tag[]; + NextToken?: string; /** - *The usage operation value.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Describes a disk image.
+ *Describes a route table propagation.
*/ -export interface DiskImageDetail { +export interface TransitGatewayRouteTablePropagation { /** - *The size of the disk image, in GiB.
+ *The ID of the attachment.
*/ - Bytes: number | undefined; + TransitGatewayAttachmentId?: string; /** - *The disk image format.
+ *The ID of the resource.
*/ - Format: DiskImageFormat | string | undefined; + ResourceId?: string; /** - *A presigned URL for the import manifest stored in Amazon S3 and presented here as an Amazon S3 presigned URL. - * For information about creating a presigned URL for an Amazon S3 object, read the "Query String Request Authentication - * Alternative" section of the Authenticating REST Requests topic in the Amazon Simple Storage Service Developer - * Guide.
- *For information about the import manifest referenced by this API action, see VM Import Manifest.
+ *The type of resource. Note that the tgw-peering
resource type has been deprecated.
The state of the resource.
+ */ + State?: TransitGatewayPropagationState | string; } -export namespace DiskImageDetail { +export namespace TransitGatewayRouteTablePropagation { /** * @internal */ - export const filterSensitiveLog = (obj: DiskImageDetail): any => ({ + export const filterSensitiveLog = (obj: TransitGatewayRouteTablePropagation): any => ({ ...obj, }); } -/** - *Describes an EBS volume.
- */ -export interface VolumeDetail { +export interface GetTransitGatewayRouteTablePropagationsResult { /** - *The size of the volume, in GiB.
+ *Information about the route table propagations.
*/ - Size: number | undefined; + TransitGatewayRouteTablePropagations?: TransitGatewayRouteTablePropagation[]; + + /** + *The token to use to retrieve the next page of results. This value is null
when there are no more results to return.
Describes a disk image.
- */ -export interface DiskImage { +export interface GetVpnConnectionDeviceSampleConfigurationRequest { /** - *A description of the disk image.
+ *The VpnConnectionId
specifies the Site-to-Site VPN connection used for the sample
+ * configuration.
Information about the disk image.
+ *Device identifier provided by the GetVpnConnectionDeviceTypes
API.
Information about the volume.
+ *The IKE version to be used in the sample configuration file for your customer gateway
+ * device. You can specify one of the following versions: ikev1
or
+ * ikev2
.
Checks whether you have the required permissions for the action, without actually
+ * making the request, and provides an error response. If you have the required
+ * permissions, the error response is DryRunOperation
. Otherwise, it is
+ * UnauthorizedOperation
.
Describes the user data for an instance.
- */ -export interface UserData { +export interface GetVpnConnectionDeviceSampleConfigurationResult { /** - *The user data. If you are using an Amazon Web Services SDK or command line tool, Base64-encoding is performed for you, and you - * can load the text from a file. Otherwise, you must provide Base64-encoded text.
+ *Sample configuration file for the specified customer gateway device.
*/ - Data?: string; + VpnConnectionDeviceSampleConfiguration?: string; } -export namespace UserData { +export namespace GetVpnConnectionDeviceSampleConfigurationResult { /** * @internal */ - export const filterSensitiveLog = (obj: UserData): any => ({ + export const filterSensitiveLog = (obj: GetVpnConnectionDeviceSampleConfigurationResult): any => ({ ...obj, + ...(obj.VpnConnectionDeviceSampleConfiguration && { VpnConnectionDeviceSampleConfiguration: SENSITIVE_STRING }), }); } -/** - *Describes the launch specification for VM import.
- */ -export interface ImportInstanceLaunchSpecification { +export interface GetVpnConnectionDeviceTypesRequest { /** - *Reserved.
+ *The maximum number of results returned by GetVpnConnectionDeviceTypes
in
+ * paginated output. When this parameter is used, GetVpnConnectionDeviceTypes
+ * only returns MaxResults
results in a single page along with a
+ * NextToken
response element. The remaining results of the initial
+ * request can be seen by sending another GetVpnConnectionDeviceTypes
request
+ * with the returned NextToken
value. This value can be between 200 and 1000.
+ * If this parameter is not used, then GetVpnConnectionDeviceTypes
returns all
+ * results.
The architecture of the instance.
+ *The NextToken
value returned from a previous paginated
+ * GetVpnConnectionDeviceTypes
request where MaxResults
was
+ * used and the results exceeded the value of that parameter. Pagination continues from the
+ * end of the previous results that returned the NextToken
value. This value
+ * is null when there are no more results to return.
The security group IDs.
+ *Checks whether you have the required permissions for the action, without actually
+ * making the request, and provides an error response. If you have the required
+ * permissions, the error response is DryRunOperation
. Otherwise, it is
+ * UnauthorizedOperation
.
The security group names.
+ * @internal */ - GroupNames?: string[]; + export const filterSensitiveLog = (obj: GetVpnConnectionDeviceTypesRequest): any => ({ + ...obj, + }); +} +/** + *List of customer gateway devices that have a sample configuration file available for + * use. You can also see the list of device types with sample configuration files available + * under Your customer + * gateway device in the Amazon Web Services Site-to-Site VPN User Guide.
+ */ +export interface VpnConnectionDeviceType { /** - *Indicates whether an instance stops or terminates when you initiate shutdown from the instance (using the - * operating system command for system shutdown).
+ *Customer gateway device identifier.
*/ - InstanceInitiatedShutdownBehavior?: ShutdownBehavior | string; + VpnConnectionDeviceTypeId?: string; /** - *The instance type. For more information about the instance types that you can import, see Instance Types in the - * VM Import/Export User Guide.
+ *Customer gateway device vendor.
*/ - InstanceType?: _InstanceType | string; + Vendor?: string; /** - *Indicates whether monitoring is enabled.
+ *Customer gateway device platform.
*/ - Monitoring?: boolean; + Platform?: string; /** - *The placement information for the instance.
+ *Customer gateway device software version.
*/ - Placement?: Placement; + Software?: string; +} +export namespace VpnConnectionDeviceType { /** - *[EC2-VPC] An available IP address from the IP address range of the subnet.
+ * @internal */ - PrivateIpAddress?: string; + export const filterSensitiveLog = (obj: VpnConnectionDeviceType): any => ({ + ...obj, + }); +} +export interface GetVpnConnectionDeviceTypesResult { /** - *[EC2-VPC] The ID of the subnet in which to launch the instance.
+ *List of customer gateway devices that have a sample configuration file available for + * use.
*/ - SubnetId?: string; + VpnConnectionDeviceTypes?: VpnConnectionDeviceType[]; /** - *The Base64-encoded user data to make available to the instance.
+ *The NextToken
value to include in a future
+ * GetVpnConnectionDeviceTypes
request. When the results of a
+ * GetVpnConnectionDeviceTypes
request exceed MaxResults
,
+ * this value can be used to retrieve the next page of results. This value is null when
+ * there are no more results to return.
A description for the instance being imported.
- */ - Description?: string; - - /** - *The disk image.
- */ - DiskImages?: DiskImage[]; - +export interface ImportClientVpnClientCertificateRevocationListRequest { /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The ID of the Client VPN endpoint to which the client certificate revocation list applies.
*/ - DryRun?: boolean; + ClientVpnEndpointId: string | undefined; /** - *The launch specification.
+ *The client certificate revocation list file. For more information, see Generate a Client Certificate Revocation List in the + * Client VPN Administrator Guide.
*/ - LaunchSpecification?: ImportInstanceLaunchSpecification; + CertificateRevocationList: string | undefined; /** - *The instance operating system.
+ *Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
Information about the conversion task.
+ *Returns true
if the request succeeds; otherwise, it returns an error.
Describes the client-specific data.
+ */ +export interface ClientData { /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
A user-defined comment about the disk upload.
*/ - DryRun?: boolean; + Comment?: string; /** - *A unique name for the key pair.
+ *The time that the disk upload ends.
*/ - KeyName: string | undefined; + UploadEnd?: Date; /** - *The public key. For API calls, the text must be base64-encoded. For command line tools, base64 encoding is performed for you.
+ *The size of the uploaded disk image, in GiB.
*/ - PublicKeyMaterial: Uint8Array | undefined; + UploadSize?: number; /** - *The tags to apply to the imported key pair.
+ *The time that the disk upload starts.
*/ - TagSpecifications?: TagSpecification[]; + UploadStart?: Date; } -export namespace ImportKeyPairRequest { +export namespace ClientData { /** * @internal */ - export const filterSensitiveLog = (obj: ImportKeyPairRequest): any => ({ + export const filterSensitiveLog = (obj: ClientData): any => ({ ...obj, }); } -export interface ImportKeyPairResult { - /** - *The MD5 public key fingerprint as specified in section 4 of RFC 4716.
- */ - KeyFingerprint?: string; - - /** - *The key pair name that you provided.
- */ - KeyName?: string; - +/** + *Describes the Amazon S3 bucket for the disk image.
+ */ +export interface UserBucket { /** - *The ID of the resulting key pair.
+ *The name of the Amazon S3 bucket where the disk image is located.
*/ - KeyPairId?: string; + S3Bucket?: string; /** - *The tags applied to the imported key pair.
+ *The file name of the disk image.
*/ - Tags?: Tag[]; + S3Key?: string; } -export namespace ImportKeyPairResult { +export namespace UserBucket { /** * @internal */ - export const filterSensitiveLog = (obj: ImportKeyPairResult): any => ({ + export const filterSensitiveLog = (obj: UserBucket): any => ({ ...obj, }); } /** - *The disk container object for the import snapshot request.
+ *Describes the disk container object for an import image task.
*/ -export interface SnapshotDiskContainer { +export interface ImageDiskContainer { /** - *The description of the disk image being imported.
+ *The description of the disk image.
*/ Description?: string; + /** + *The block device mapping for the disk.
+ */ + DeviceName?: string; + /** *The format of the disk image being imported.
- *Valid values: VHD
| VMDK
| RAW
+ *
Valid values: OVA
| VHD
| VHDX
| VMDK
| RAW
*
The URL to the Amazon S3-based disk image being imported. It can either be a https URL (https://..) or an Amazon - * S3 URL (s3://..).
+ *The ID of the EBS snapshot to be used for importing the snapshot.
+ */ + SnapshotId?: string; + + /** + *The URL to the Amazon S3-based disk image being imported. The URL can either be a https URL (https://..) or an + * Amazon S3 URL (s3://..)
*/ Url?: string; /** - *The Amazon S3 bucket for the disk image.
+ *The S3 bucket for the disk image.
*/ UserBucket?: UserBucket; } -export namespace SnapshotDiskContainer { +export namespace ImageDiskContainer { /** * @internal */ - export const filterSensitiveLog = (obj: SnapshotDiskContainer): any => ({ + export const filterSensitiveLog = (obj: ImageDiskContainer): any => ({ ...obj, }); } -export interface ImportSnapshotRequest { +/** + *The request information of license configurations.
+ */ +export interface ImportImageLicenseConfigurationRequest { + /** + *The ARN of a license configuration.
+ */ + LicenseConfigurationArn?: string; +} + +export namespace ImportImageLicenseConfigurationRequest { + /** + * @internal + */ + export const filterSensitiveLog = (obj: ImportImageLicenseConfigurationRequest): any => ({ + ...obj, + }); +} + +export interface ImportImageRequest { + /** + *The architecture of the virtual machine.
+ *Valid values: i386
| x86_64
| arm64
+ *
The client-specific data.
*/ ClientData?: ClientData; /** - *Token to enable idempotency for VM import requests.
+ *The token to enable idempotency for VM import requests.
*/ ClientToken?: string; /** - *The description string for the import snapshot task.
+ *A description string for the import image task.
*/ Description?: string; /** - *Information about the disk container.
+ *Information about the disk containers.
*/ - DiskContainer?: SnapshotDiskContainer; + DiskContainers?: ImageDiskContainer[]; /** *Checks whether you have the required permissions for the action, without actually making the request, @@ -6430,15 +6553,22 @@ export interface ImportSnapshotRequest { DryRun?: boolean; /** - *
Specifies whether the destination snapshot of the imported image should be encrypted. The default KMS key for EBS is
- * used unless you specify a non-default KMS key using KmsKeyId
. For more information, see Amazon EBS Encryption in the
+ *
Specifies whether the destination AMI of the imported image should be encrypted. The default KMS key for EBS is used
+ * unless you specify a non-default KMS key using KmsKeyId
. For more information, see Amazon EBS Encryption in the
* Amazon Elastic Compute Cloud User Guide.
The target hypervisor platform.
+ *Valid values: xen
+ *
An identifier for the symmetric KMS key to use when creating the
- * encrypted snapshot. This parameter is only required if you want to use a non-default KMS key; if this
+ * encrypted AMI. This parameter is only required if you want to use a non-default KMS key; if this
* parameter is not specified, the default KMS key for EBS is used. If a KmsKeyId
is
* specified, the Encrypted
flag must also be set.
The KMS key identifier may be provided in any of the following formats:
@@ -6458,427 +6588,339 @@ export interface ImportSnapshotRequest { *Amazon Web Services parses KmsKeyId
asynchronously, meaning that the action you call may appear to complete even
* though you provided an invalid identifier. This action will eventually report failure.
The specified KMS key must exist in the Region that the snapshot is being copied to.
+ *The specified KMS key must exist in the Region that the AMI is being copied to.
*Amazon EBS does not support asymmetric KMS keys.
*/ KmsKeyId?: string; /** - *The name of the role to use when not using the default role, 'vmimport'.
+ *The license type to be used for the Amazon Machine Image (AMI) after importing.
+ *By default, we detect the source-system operating system (OS) and apply the appropriate license. Specify
+ * AWS
to replace the source-system license with an Amazon Web Services license, if appropriate. Specify BYOL
+ * to retain the source-system license, if appropriate.
To use BYOL
, you must have existing licenses with rights to use these licenses in a third party
+ * cloud, such as Amazon Web Services. For more information, see Prerequisites in the
+ * VM Import/Export User Guide.
The tags to apply to the import snapshot task during creation.
+ *The operating system of the virtual machine.
+ *Valid values: Windows
| Linux
+ *
The name of the role to use when not using the default role, 'vmimport'.
*/ - export const filterSensitiveLog = (obj: ImportSnapshotRequest): any => ({ - ...obj, - }); -} + RoleName?: string; -export interface ImportSnapshotResult { /** - *A description of the import snapshot task.
+ *The ARNs of the license configurations.
*/ - Description?: string; + LicenseSpecifications?: ImportImageLicenseConfigurationRequest[]; /** - *The ID of the import snapshot task.
+ *The tags to apply to the import image task during creation.
*/ - ImportTaskId?: string; + TagSpecifications?: TagSpecification[]; /** - *Information about the import snapshot task.
+ *The usage operation value. For more information, see AMI billing information fields in the Amazon Elastic Compute Cloud User Guide.
*/ - SnapshotTaskDetail?: SnapshotTaskDetail; + UsageOperation?: string; /** - *Any tags assigned to the import snapshot task.
+ *The boot mode of the virtual machine.
*/ - Tags?: Tag[]; + BootMode?: BootModeValues | string; } -export namespace ImportSnapshotResult { +export namespace ImportImageRequest { /** * @internal */ - export const filterSensitiveLog = (obj: ImportSnapshotResult): any => ({ + export const filterSensitiveLog = (obj: ImportImageRequest): any => ({ ...obj, }); } -export interface ImportVolumeRequest { +export interface ImportImageResult { /** - *The Availability Zone for the resulting EBS volume.
+ *The architecture of the virtual machine.
*/ - AvailabilityZone: string | undefined; + Architecture?: string; /** - *A description of the volume.
+ *A description of the import task.
*/ Description?: string; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The disk image.
- */ - Image: DiskImageDetail | undefined; - - /** - *The volume size.
- */ - Volume: VolumeDetail | undefined; -} - -export namespace ImportVolumeRequest { - /** - * @internal - */ - export const filterSensitiveLog = (obj: ImportVolumeRequest): any => ({ - ...obj, - }); -} - -export interface ImportVolumeResult { - /** - *Information about the conversion task.
- */ - ConversionTask?: ConversionTask; -} - -export namespace ImportVolumeResult { - /** - * @internal - */ - export const filterSensitiveLog = (obj: ImportVolumeResult): any => ({ - ...obj, - }); -} - -export interface ModifyAddressAttributeRequest { - /** - *[EC2-VPC] The allocation ID.
+ *Indicates whether the AMI is encrypted.
*/ - AllocationId: string | undefined; + Encrypted?: boolean; /** - *The domain name to modify for the IP address.
+ *The target hypervisor of the import task.
*/ - DomainName?: string; + Hypervisor?: string; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The ID of the Amazon Machine Image (AMI) created by the import task.
*/ - DryRun?: boolean; -} + ImageId?: string; -export namespace ModifyAddressAttributeRequest { /** - * @internal + *The task ID of the import image task.
*/ - export const filterSensitiveLog = (obj: ModifyAddressAttributeRequest): any => ({ - ...obj, - }); -} + ImportTaskId?: string; -export interface ModifyAddressAttributeResult { /** - *Information about the Elastic IP address.
+ *The identifier for the symmetric KMS key that was used to create the encrypted AMI.
*/ - Address?: AddressAttribute; -} + KmsKeyId?: string; -export namespace ModifyAddressAttributeResult { /** - * @internal + *The license type of the virtual machine.
*/ - export const filterSensitiveLog = (obj: ModifyAddressAttributeResult): any => ({ - ...obj, - }); -} - -export type ModifyAvailabilityZoneOptInStatus = "not-opted-in" | "opted-in"; + LicenseType?: string; -export interface ModifyAvailabilityZoneGroupRequest { /** - *The name of the Availability Zone group, Local Zone group, or Wavelength Zone - * group.
+ *The operating system of the virtual machine.
*/ - GroupName: string | undefined; + Platform?: string; /** - *Indicates whether you are opted in to the Local Zone group or Wavelength Zone group. The
- * only valid value is opted-in
. You must contact AWS Support to opt out of a Local Zone group, or Wavelength Zone group.
The progress of the task.
*/ - OptInStatus: ModifyAvailabilityZoneOptInStatus | string | undefined; + Progress?: string; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
Information about the snapshots.
*/ - DryRun?: boolean; -} + SnapshotDetails?: SnapshotDetail[]; -export namespace ModifyAvailabilityZoneGroupRequest { /** - * @internal + *A brief status of the task.
*/ - export const filterSensitiveLog = (obj: ModifyAvailabilityZoneGroupRequest): any => ({ - ...obj, - }); -} + Status?: string; -export interface ModifyAvailabilityZoneGroupResult { /** - *Is true
if the request succeeds, and an error otherwise.
A detailed status message of the import task.
*/ - Return?: boolean; -} + StatusMessage?: string; -export namespace ModifyAvailabilityZoneGroupResult { /** - * @internal + *The ARNs of the license configurations.
*/ - export const filterSensitiveLog = (obj: ModifyAvailabilityZoneGroupResult): any => ({ - ...obj, - }); -} + LicenseSpecifications?: ImportImageLicenseConfigurationResponse[]; -export interface ModifyCapacityReservationRequest { /** - *The ID of the Capacity Reservation.
+ *Any tags assigned to the import image task.
*/ - CapacityReservationId: string | undefined; + Tags?: Tag[]; /** - *The number of instances for which to reserve capacity. The number of instances can't be increased or
- * decreased by more than 1000
in a single request.
The usage operation value.
*/ - InstanceCount?: number; + UsageOperation?: string; +} +export namespace ImportImageResult { /** - *The date and time at which the Capacity Reservation expires. When a Capacity Reservation expires, the reserved capacity
- * is released and you can no longer launch instances into it. The Capacity Reservation's state changes to
- * expired
when it reaches its end date and time.
The Capacity Reservation is cancelled within an hour from the specified time. For example, if you specify - * 5/31/2019, 13:30:55, the Capacity Reservation is guaranteed to end between 13:30:55 and 14:30:55 on 5/31/2019.
- *You must provide an EndDate
value if EndDateType
is
- * limited
. Omit EndDate
if EndDateType
is
- * unlimited
.
Describes a disk image.
+ */ +export interface DiskImageDetail { /** - *Indicates the way in which the Capacity Reservation ends. A Capacity Reservation can have one of the following end - * types:
- *
- * unlimited
- The Capacity Reservation remains active until you explicitly cancel it. Do not
- * provide an EndDate
value if EndDateType
is
- * unlimited
.
- * limited
- The Capacity Reservation expires automatically at a specified date and time. You must
- * provide an EndDate
value if EndDateType
is
- * limited
.
The size of the disk image, in GiB.
*/ - EndDateType?: EndDateType | string; + Bytes: number | undefined; /** - *Reserved. Capacity Reservations you have created are accepted by default.
+ *The disk image format.
*/ - Accept?: boolean; + Format: DiskImageFormat | string | undefined; /** - *Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
A presigned URL for the import manifest stored in Amazon S3 and presented here as an Amazon S3 presigned URL. + * For information about creating a presigned URL for an Amazon S3 object, read the "Query String Request Authentication + * Alternative" section of the Authenticating REST Requests topic in the Amazon Simple Storage Service Developer + * Guide.
+ *For information about the import manifest referenced by this API action, see VM Import Manifest.
*/ - DryRun?: boolean; + ImportManifestUrl: string | undefined; } -export namespace ModifyCapacityReservationRequest { +export namespace DiskImageDetail { /** * @internal */ - export const filterSensitiveLog = (obj: ModifyCapacityReservationRequest): any => ({ + export const filterSensitiveLog = (obj: DiskImageDetail): any => ({ ...obj, }); } -export interface ModifyCapacityReservationResult { +/** + *Describes an EBS volume.
+ */ +export interface VolumeDetail { /** - *Returns true
if the request succeeds; otherwise, it returns an error.
The size of the volume, in GiB.
*/ - Return?: boolean; + Size: number | undefined; } -export namespace ModifyCapacityReservationResult { +export namespace VolumeDetail { /** * @internal */ - export const filterSensitiveLog = (obj: ModifyCapacityReservationResult): any => ({ + export const filterSensitiveLog = (obj: VolumeDetail): any => ({ ...obj, }); } /** - *Information about the DNS server to be used.
+ *Describes a disk image.
*/ -export interface DnsServersOptionsModifyStructure { +export interface DiskImage { /** - *The IPv4 address range, in CIDR notation, of the DNS servers to be used. You can specify up to - * two DNS servers. Ensure that the DNS servers can be reached by the clients. The specified values - * overwrite the existing values.
+ *A description of the disk image.
*/ - CustomDnsServers?: string[]; + Description?: string; /** - *Indicates whether DNS servers should be used. Specify False
to delete the existing DNS
- * servers.
Information about the disk image.
*/ - Enabled?: boolean; + Image?: DiskImageDetail; + + /** + *Information about the volume.
+ */ + Volume?: VolumeDetail; } -export namespace DnsServersOptionsModifyStructure { +export namespace DiskImage { /** * @internal */ - export const filterSensitiveLog = (obj: DnsServersOptionsModifyStructure): any => ({ + export const filterSensitiveLog = (obj: DiskImage): any => ({ ...obj, }); } -export interface ModifyClientVpnEndpointRequest { +/** + *Describes the user data for an instance.
+ */ +export interface UserData { /** - *The ID of the Client VPN endpoint to modify.
+ *The user data. If you are using an Amazon Web Services SDK or command line tool, Base64-encoding is performed for you, and you + * can load the text from a file. Otherwise, you must provide Base64-encoded text.
*/ - ClientVpnEndpointId: string | undefined; + Data?: string; +} +export namespace UserData { /** - *The ARN of the server certificate to be used. The server certificate must be provisioned in - * Certificate Manager (ACM).
+ * @internal */ - ServerCertificateArn?: string; + export const filterSensitiveLog = (obj: UserData): any => ({ + ...obj, + }); +} +/** + *Describes the launch specification for VM import.
+ */ +export interface ImportInstanceLaunchSpecification { /** - *Information about the client connection logging options.
- *If you enable client connection logging, data about client connections is sent to a - * Cloudwatch Logs log stream. The following information is logged:
- *Client connection requests
- *Client connection results (successful and unsuccessful)
- *Reasons for unsuccessful client connection requests
- *Client connection termination time
- *Reserved.
*/ - ConnectionLogOptions?: ConnectionLogOptions; + AdditionalInfo?: string; /** - *Information about the DNS servers to be used by Client VPN connections. A Client VPN endpoint can have - * up to two DNS servers.
+ *The architecture of the instance.
*/ - DnsServers?: DnsServersOptionsModifyStructure; + Architecture?: ArchitectureValues | string; /** - *The port number to assign to the Client VPN endpoint for TCP and UDP traffic.
- *Valid Values: 443
| 1194
- *
Default Value: 443
- *
The security group IDs.
*/ - VpnPort?: number; + GroupIds?: string[]; /** - *A brief description of the Client VPN endpoint.
+ *The security group names.
*/ - Description?: string; + GroupNames?: string[]; /** - *Indicates whether the VPN is split-tunnel.
- *For information about split-tunnel VPN endpoints, see Split-tunnel Client VPN endpoint in the - * Client VPN Administrator Guide.
+ *Indicates whether an instance stops or terminates when you initiate shutdown from the instance (using the + * operating system command for system shutdown).
*/ - SplitTunnel?: boolean; + InstanceInitiatedShutdownBehavior?: ShutdownBehavior | string; /** - *Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
The instance type. For more information about the instance types that you can import, see Instance Types in the + * VM Import/Export User Guide.
*/ - DryRun?: boolean; + InstanceType?: _InstanceType | string; /** - *The IDs of one or more security groups to apply to the target network.
+ *Indicates whether monitoring is enabled.
+ */ + Monitoring?: boolean; + + /** + *The placement information for the instance.
*/ - SecurityGroupIds?: string[]; + Placement?: Placement; /** - *The ID of the VPC to associate with the Client VPN endpoint.
+ *[EC2-VPC] An available IP address from the IP address range of the subnet.
*/ - VpcId?: string; + PrivateIpAddress?: string; /** - *Specify whether to enable the self-service portal for the Client VPN endpoint.
+ *[EC2-VPC] The ID of the subnet in which to launch the instance.
*/ - SelfServicePortal?: SelfServicePortal | string; + SubnetId?: string; /** - *The options for managing connection authorization for new client connections.
+ *The Base64-encoded user data to make available to the instance.
*/ - ClientConnectOptions?: ClientConnectOptions; + UserData?: UserData; } -export namespace ModifyClientVpnEndpointRequest { +export namespace ImportInstanceLaunchSpecification { /** * @internal */ - export const filterSensitiveLog = (obj: ModifyClientVpnEndpointRequest): any => ({ + export const filterSensitiveLog = (obj: ImportInstanceLaunchSpecification): any => ({ ...obj, + ...(obj.UserData && { UserData: SENSITIVE_STRING }), }); } -export interface ModifyClientVpnEndpointResult { +export interface ImportInstanceRequest { /** - *Returns true
if the request succeeds; otherwise, it returns an error.
A description for the instance being imported.
*/ - Return?: boolean; -} + Description?: string; -export namespace ModifyClientVpnEndpointResult { /** - * @internal + *The disk image.
*/ - export const filterSensitiveLog = (obj: ModifyClientVpnEndpointResult): any => ({ - ...obj, - }); -} + DiskImages?: DiskImage[]; -export interface ModifyDefaultCreditSpecificationRequest { /** *Checks whether you have the required permissions for the action, without actually making the request,
* and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
@@ -6887,213 +6929,166 @@ export interface ModifyDefaultCreditSpecificationRequest {
DryRun?: boolean;
/**
- *
The instance family.
+ *The launch specification.
*/ - InstanceFamily: UnlimitedSupportedInstanceFamily | string | undefined; + LaunchSpecification?: ImportInstanceLaunchSpecification; /** - *The credit option for CPU usage of the instance family.
- *Valid Values: standard
| unlimited
- *
The instance operating system.
*/ - CpuCredits: string | undefined; + Platform: PlatformValues | string | undefined; } -export namespace ModifyDefaultCreditSpecificationRequest { +export namespace ImportInstanceRequest { /** * @internal */ - export const filterSensitiveLog = (obj: ModifyDefaultCreditSpecificationRequest): any => ({ + export const filterSensitiveLog = (obj: ImportInstanceRequest): any => ({ ...obj, + ...(obj.LaunchSpecification && { + LaunchSpecification: ImportInstanceLaunchSpecification.filterSensitiveLog(obj.LaunchSpecification), + }), }); } -export interface ModifyDefaultCreditSpecificationResult { +export interface ImportInstanceResult { /** - *The default credit option for CPU usage of the instance family.
+ *Information about the conversion task.
*/ - InstanceFamilyCreditSpecification?: InstanceFamilyCreditSpecification; + ConversionTask?: ConversionTask; } -export namespace ModifyDefaultCreditSpecificationResult { +export namespace ImportInstanceResult { /** * @internal */ - export const filterSensitiveLog = (obj: ModifyDefaultCreditSpecificationResult): any => ({ + export const filterSensitiveLog = (obj: ImportInstanceResult): any => ({ ...obj, }); } -export interface ModifyEbsDefaultKmsKeyIdRequest { - /** - *The identifier of the Key Management Service (KMS) KMS key to use for Amazon EBS encryption.
- * If this parameter is not specified, your KMS key for Amazon EBS is used. If KmsKeyId
is
- * specified, the encrypted state must be true
.
You can specify the KMS key using any of the following:
- *Key ID. For example, 1234abcd-12ab-34cd-56ef-1234567890ab.
- *Key alias. For example, alias/ExampleAlias.
- *Key ARN. For example, arn:aws:kms:us-east-1:012345678910:key/1234abcd-12ab-34cd-56ef-1234567890ab.
- *Alias ARN. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias.
- *Amazon Web Services authenticates the KMS key asynchronously. Therefore, if you specify an ID, alias, or ARN that is not valid, - * the action can appear to complete, but eventually fails.
- *Amazon EBS does not support asymmetric KMS keys.
- */ - KmsKeyId: string | undefined; - +export interface ImportKeyPairRequest { /** *Checks whether you have the required permissions for the action, without actually making the request,
* and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
* Otherwise, it is UnauthorizedOperation
.
A unique name for the key pair.
*/ - export const filterSensitiveLog = (obj: ModifyEbsDefaultKmsKeyIdRequest): any => ({ - ...obj, - }); -} + KeyName: string | undefined; -export interface ModifyEbsDefaultKmsKeyIdResult { /** - *The Amazon Resource Name (ARN) of the default KMS key for encryption by default.
+ *The public key. For API calls, the text must be base64-encoded. For command line tools, base64 encoding is performed for you.
*/ - KmsKeyId?: string; + PublicKeyMaterial: Uint8Array | undefined; + + /** + *The tags to apply to the imported key pair.
+ */ + TagSpecifications?: TagSpecification[]; } -export namespace ModifyEbsDefaultKmsKeyIdResult { +export namespace ImportKeyPairRequest { /** * @internal */ - export const filterSensitiveLog = (obj: ModifyEbsDefaultKmsKeyIdResult): any => ({ + export const filterSensitiveLog = (obj: ImportKeyPairRequest): any => ({ ...obj, }); } -export interface ModifyFleetRequest { - /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
Indicates whether running instances should be terminated if the total target capacity of - * the EC2 Fleet is decreased below the current size of the EC2 Fleet.
- */ - ExcessCapacityTerminationPolicy?: FleetExcessCapacityTerminationPolicy | string; - +export interface ImportKeyPairResult { /** - *The launch template and overrides.
+ *The MD5 public key fingerprint as specified in section 4 of RFC 4716.
*/ - LaunchTemplateConfigs?: FleetLaunchTemplateConfigRequest[]; + KeyFingerprint?: string; /** - *The ID of the EC2 Fleet.
+ *The key pair name that you provided.
*/ - FleetId: string | undefined; + KeyName?: string; /** - *The size of the EC2 Fleet.
+ *The ID of the resulting key pair.
*/ - TargetCapacitySpecification?: TargetCapacitySpecificationRequest; + KeyPairId?: string; /** - *Reserved.
+ *The tags applied to the imported key pair.
*/ - Context?: string; + Tags?: Tag[]; } -export namespace ModifyFleetRequest { +export namespace ImportKeyPairResult { /** * @internal */ - export const filterSensitiveLog = (obj: ModifyFleetRequest): any => ({ + export const filterSensitiveLog = (obj: ImportKeyPairResult): any => ({ ...obj, }); } -export interface ModifyFleetResult { +/** + *The disk container object for the import snapshot request.
+ */ +export interface SnapshotDiskContainer { /** - *Is true
if the request succeeds, and an error otherwise.
The description of the disk image being imported.
*/ - Return?: boolean; -} + Description?: string; -export namespace ModifyFleetResult { /** - * @internal + *The format of the disk image being imported.
+ *Valid values: VHD
| VMDK
| RAW
+ *
Describes a load permission.
- */ -export interface LoadPermissionRequest { /** - *The name of the group.
+ *The URL to the Amazon S3-based disk image being imported. It can either be a https URL (https://..) or an Amazon + * S3 URL (s3://..).
*/ - Group?: PermissionGroup | string; + Url?: string; /** - *The AWS account ID.
+ *The Amazon S3 bucket for the disk image.
*/ - UserId?: string; + UserBucket?: UserBucket; } -export namespace LoadPermissionRequest { +export namespace SnapshotDiskContainer { /** * @internal */ - export const filterSensitiveLog = (obj: LoadPermissionRequest): any => ({ + export const filterSensitiveLog = (obj: SnapshotDiskContainer): any => ({ ...obj, }); } -/** - *Describes modifications to the load permissions of an Amazon FPGA image (AFI).
- */ -export interface LoadPermissionModifications { +export interface ImportSnapshotRequest { /** - *The load permissions to add.
+ *The client-specific data.
*/ - Add?: LoadPermissionRequest[]; + ClientData?: ClientData; /** - *The load permissions to remove.
+ *Token to enable idempotency for VM import requests.
*/ - Remove?: LoadPermissionRequest[]; -} + ClientToken?: string; -export namespace LoadPermissionModifications { /** - * @internal + *The description string for the import snapshot task.
*/ - export const filterSensitiveLog = (obj: LoadPermissionModifications): any => ({ - ...obj, - }); -} + Description?: string; -export type OperationType = "add" | "remove"; + /** + *Information about the disk container.
+ */ + DiskContainer?: SnapshotDiskContainer; -export interface ModifyFpgaImageAttributeRequest { /** *Checks whether you have the required permissions for the action, without actually making the request,
* and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
@@ -7102,1126 +7097,1162 @@ export interface ModifyFpgaImageAttributeRequest {
DryRun?: boolean;
/**
- *
The ID of the AFI.
- */ - FpgaImageId: string | undefined; - - /** - *The name of the attribute.
- */ - Attribute?: FpgaImageAttributeName | string; - - /** - *The operation type.
+ *Specifies whether the destination snapshot of the imported image should be encrypted. The default KMS key for EBS is
+ * used unless you specify a non-default KMS key using KmsKeyId
. For more information, see Amazon EBS Encryption in the
+ * Amazon Elastic Compute Cloud User Guide.
The AWS account IDs. This parameter is valid only when modifying the loadPermission
attribute.
An identifier for the symmetric KMS key to use when creating the
+ * encrypted snapshot. This parameter is only required if you want to use a non-default KMS key; if this
+ * parameter is not specified, the default KMS key for EBS is used. If a KmsKeyId
is
+ * specified, the Encrypted
flag must also be set.
The KMS key identifier may be provided in any of the following formats:
+ *Key ID
+ *Key alias. The alias ARN contains the arn:aws:kms
namespace, followed by the Region of the key, the Amazon Web Services account ID of the key owner, the alias
namespace, and then the key alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias.
ARN using key ID. The ID ARN contains the arn:aws:kms
namespace, followed by the Region of the key, the Amazon Web Services account ID of the key owner, the key
namespace, and then the key ID. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef.
ARN using key alias. The alias ARN contains the arn:aws:kms
namespace, followed by the Region of the key, the Amazon Web Services account ID of the key owner, the alias
namespace, and then the key alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias.
Amazon Web Services parses KmsKeyId
asynchronously, meaning that the action you call may appear to complete even
+ * though you provided an invalid identifier. This action will eventually report failure.
The specified KMS key must exist in the Region that the snapshot is being copied to.
+ *Amazon EBS does not support asymmetric KMS keys.
*/ - UserIds?: string[]; + KmsKeyId?: string; /** - *The user groups. This parameter is valid only when modifying the loadPermission
attribute.
The name of the role to use when not using the default role, 'vmimport'.
*/ - UserGroups?: string[]; + RoleName?: string; /** - *The product codes. After you add a product code to an AFI, it can't be removed.
- * This parameter is valid only when modifying the productCodes
attribute.
The tags to apply to the import snapshot task during creation.
*/ - ProductCodes?: string[]; + TagSpecifications?: TagSpecification[]; +} +export namespace ImportSnapshotRequest { /** - *The load permission for the AFI.
+ * @internal */ - LoadPermission?: LoadPermissionModifications; + export const filterSensitiveLog = (obj: ImportSnapshotRequest): any => ({ + ...obj, + }); +} +export interface ImportSnapshotResult { /** - *A description for the AFI.
+ *A description of the import snapshot task.
*/ Description?: string; /** - *A name for the AFI.
+ *The ID of the import snapshot task.
*/ - Name?: string; -} + ImportTaskId?: string; -export namespace ModifyFpgaImageAttributeRequest { /** - * @internal + *Information about the import snapshot task.
*/ - export const filterSensitiveLog = (obj: ModifyFpgaImageAttributeRequest): any => ({ - ...obj, - }); -} + SnapshotTaskDetail?: SnapshotTaskDetail; -export interface ModifyFpgaImageAttributeResult { /** - *Information about the attribute.
+ *Any tags assigned to the import snapshot task.
*/ - FpgaImageAttribute?: FpgaImageAttribute; + Tags?: Tag[]; } -export namespace ModifyFpgaImageAttributeResult { +export namespace ImportSnapshotResult { /** * @internal */ - export const filterSensitiveLog = (obj: ModifyFpgaImageAttributeResult): any => ({ + export const filterSensitiveLog = (obj: ImportSnapshotResult): any => ({ ...obj, }); } -export interface ModifyHostsRequest { +export interface ImportVolumeRequest { /** - *Specify whether to enable or disable auto-placement.
+ *The Availability Zone for the resulting EBS volume.
*/ - AutoPlacement?: AutoPlacement | string; + AvailabilityZone: string | undefined; /** - *The IDs of the Dedicated Hosts to modify.
+ *A description of the volume.
*/ - HostIds: string[] | undefined; + Description?: string; /** - *Indicates whether to enable or disable host recovery for the Dedicated Host. For more information, - * see - * Host recovery in the Amazon EC2 User Guide.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Specifies the instance type to be supported by the Dedicated Host. Specify this parameter to - * modify a Dedicated Host to support only a specific instance type.
- * - *If you want to modify a Dedicated Host to support multiple instance types in its current instance - * family, omit this parameter and specify InstanceFamily - * instead. You cannot specify InstanceType and - * InstanceFamily in the same request.
+ *The disk image.
*/ - InstanceType?: string; + Image: DiskImageDetail | undefined; /** - *Specifies the instance family to be supported by the Dedicated Host. Specify this parameter - * to modify a Dedicated Host to support multiple instance types within its current - * instance family.
- * - *If you want to modify a Dedicated Host to support a specific instance type only, omit this parameter - * and specify InstanceType instead. You cannot specify - * InstanceFamily and InstanceType - * in the same request.
+ *The volume size.
*/ - InstanceFamily?: string; + Volume: VolumeDetail | undefined; } -export namespace ModifyHostsRequest { +export namespace ImportVolumeRequest { /** * @internal */ - export const filterSensitiveLog = (obj: ModifyHostsRequest): any => ({ + export const filterSensitiveLog = (obj: ImportVolumeRequest): any => ({ ...obj, }); } -export interface ModifyHostsResult { - /** - *The IDs of the Dedicated Hosts that were successfully modified.
- */ - Successful?: string[]; - +export interface ImportVolumeResult { /** - *The IDs of the Dedicated Hosts that could not be modified. Check whether the - * setting you requested can be used.
+ *Information about the conversion task.
*/ - Unsuccessful?: UnsuccessfulItem[]; + ConversionTask?: ConversionTask; } -export namespace ModifyHostsResult { +export namespace ImportVolumeResult { /** * @internal */ - export const filterSensitiveLog = (obj: ModifyHostsResult): any => ({ + export const filterSensitiveLog = (obj: ImportVolumeResult): any => ({ ...obj, }); } -export interface ModifyIdentityIdFormatRequest { +export interface ModifyAddressAttributeRequest { /** - *The ARN of the principal, which can be an IAM user, IAM role, or the root user. Specify
- * all
to modify the ID format for all IAM users, IAM roles, and the root user of
- * the account.
[EC2-VPC] The allocation ID.
*/ - PrincipalArn: string | undefined; + AllocationId: string | undefined; /** - *The type of resource: bundle
| conversion-task
| customer-gateway
| dhcp-options
|
- * elastic-ip-allocation
| elastic-ip-association
|
- * export-task
| flow-log
| image
|
- * import-task
| internet-gateway
| network-acl
- * | network-acl-association
| network-interface
|
- * network-interface-attachment
| prefix-list
|
- * route-table
| route-table-association
|
- * security-group
| subnet
|
- * subnet-cidr-block-association
| vpc
|
- * vpc-cidr-block-association
| vpc-endpoint
| vpc-peering-connection
| vpn-connection
| vpn-gateway
.
Alternatively, use the all-current
option to include all resource types that are
- * currently within their opt-in period for longer IDs.
The domain name to modify for the IP address.
*/ - Resource: string | undefined; + DomainName?: string; /** - *Indicates whether the resource should use longer IDs (17-character IDs)
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The type of resource: bundle
| conversion-task
| customer-gateway
| dhcp-options
|
- * elastic-ip-allocation
| elastic-ip-association
|
- * export-task
| flow-log
| image
|
- * import-task
| internet-gateway
| network-acl
- * | network-acl-association
| network-interface
|
- * network-interface-attachment
| prefix-list
|
- * route-table
| route-table-association
|
- * security-group
| subnet
|
- * subnet-cidr-block-association
| vpc
|
- * vpc-cidr-block-association
| vpc-endpoint
| vpc-peering-connection
| vpn-connection
| vpn-gateway
.
Alternatively, use the all-current
option to include all resource types that are
- * currently within their opt-in period for longer IDs.
Indicate whether the resource should use longer IDs (17-character IDs).
+ *Information about the Elastic IP address.
*/ - UseLongIds: boolean | undefined; + Address?: AddressAttribute; } -export namespace ModifyIdFormatRequest { +export namespace ModifyAddressAttributeResult { /** * @internal */ - export const filterSensitiveLog = (obj: ModifyIdFormatRequest): any => ({ + export const filterSensitiveLog = (obj: ModifyAddressAttributeResult): any => ({ ...obj, }); } -/** - *Describes a launch permission modification.
- */ -export interface LaunchPermissionModifications { +export type ModifyAvailabilityZoneOptInStatus = "not-opted-in" | "opted-in"; + +export interface ModifyAvailabilityZoneGroupRequest { /** - *The Amazon Web Services account ID to add to the list of launch permissions for the AMI.
+ *The name of the Availability Zone group, Local Zone group, or Wavelength Zone + * group.
*/ - Add?: LaunchPermission[]; + GroupName: string | undefined; /** - *The Amazon Web Services account ID to remove from the list of launch permissions for the AMI.
+ *Indicates whether you are opted in to the Local Zone group or Wavelength Zone group. The
+ * only valid value is opted-in
. You must contact AWS Support to opt out of a Local Zone group, or Wavelength Zone group.
Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Contains the parameters for ModifyImageAttribute.
- */ -export interface ModifyImageAttributeRequest { - /** - *The name of the attribute to modify.
- * The valid values are description
and launchPermission
.
A new description for the AMI.
- */ - Description?: AttributeValue; - +export interface ModifyAvailabilityZoneGroupResult { /** - *The ID of the AMI.
+ *Is true
if the request succeeds, and an error otherwise.
A new launch permission for the AMI.
+ * @internal */ - LaunchPermission?: LaunchPermissionModifications; + export const filterSensitiveLog = (obj: ModifyAvailabilityZoneGroupResult): any => ({ + ...obj, + }); +} +export interface ModifyCapacityReservationRequest { /** - *The operation type.
- * This parameter can be used only when the Attribute
parameter is launchPermission
.
The ID of the Capacity Reservation.
*/ - OperationType?: OperationType | string; + CapacityReservationId: string | undefined; /** - *Not supported.
+ *The number of instances for which to reserve capacity. The number of instances can't be increased or
+ * decreased by more than 1000
in a single request.
The user groups.
- * This parameter can be used only when the Attribute
parameter is launchPermission
.
The date and time at which the Capacity Reservation expires. When a Capacity Reservation expires, the reserved capacity
+ * is released and you can no longer launch instances into it. The Capacity Reservation's state changes to
+ * expired
when it reaches its end date and time.
The Capacity Reservation is cancelled within an hour from the specified time. For example, if you specify + * 5/31/2019, 13:30:55, the Capacity Reservation is guaranteed to end between 13:30:55 and 14:30:55 on 5/31/2019.
+ *You must provide an EndDate
value if EndDateType
is
+ * limited
. Omit EndDate
if EndDateType
is
+ * unlimited
.
The Amazon Web Services account IDs.
- * This parameter can be used only when the Attribute
parameter is launchPermission
.
Indicates the way in which the Capacity Reservation ends. A Capacity Reservation can have one of the following end + * types:
+ *
+ * unlimited
- The Capacity Reservation remains active until you explicitly cancel it. Do not
+ * provide an EndDate
value if EndDateType
is
+ * unlimited
.
+ * limited
- The Capacity Reservation expires automatically at a specified date and time. You must
+ * provide an EndDate
value if EndDateType
is
+ * limited
.
The value of the attribute being modified.
- * This parameter can be used only when the Attribute
parameter is description
.
Reserved. Capacity Reservations you have created are accepted by default.
*/ - Value?: string; + Accept?: boolean; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
Describes information used to set up an EBS volume specified in a block device - * mapping.
- */ -export interface EbsInstanceBlockDeviceSpecification { - /** - *Indicates whether the volume is deleted on instance termination.
- */ - DeleteOnTermination?: boolean; - +export interface ModifyCapacityReservationResult { /** - *The ID of the EBS volume.
+ *Returns true
if the request succeeds; otherwise, it returns an error.
Describes a block device mapping entry.
- */ -export interface InstanceBlockDeviceMappingSpecification { +export interface ModifyCapacityReservationFleetRequest { /** - *The device name (for example, /dev/sdh
or xvdh
).
The ID of the Capacity Reservation Fleet to modify.
*/ - DeviceName?: string; + CapacityReservationFleetId: string | undefined; /** - *Parameters used to automatically set up EBS volumes when the instance is - * launched.
+ *The total number of capacity units to be reserved by the Capacity Reservation Fleet. This value, + * together with the instance type weights that you assign to each instance type used by the Fleet + * determine the number of instances for which the Fleet reserves capacity. Both values are based on + * units that make sense for your workload. For more information, see Total target capacity + * in the Amazon EC2 User Guide.
*/ - Ebs?: EbsInstanceBlockDeviceSpecification; + TotalTargetCapacity?: number; /** - *suppress the specified device included in the block device mapping.
+ *The date and time at which the Capacity Reservation Fleet expires. When the Capacity Reservation
+ * Fleet expires, its state changes to expired
and all of the Capacity Reservations in the
+ * Fleet expire.
The Capacity Reservation Fleet expires within an hour after the specified time. For example, if you
+ * specify 5/31/2019
, 13:30:55
, the Capacity Reservation Fleet is guaranteed
+ * to expire between 13:30:55
and 14:30:55
on 5/31/2019
.
You can't specify EndDate and + * RemoveEndDate in the same request.
*/ - NoDevice?: string; + EndDate?: Date; /** - *The virtual device name.
+ *Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
Indicates whether to remove the end date from the Capacity Reservation Fleet. If you remove the + * end date, the Capacity Reservation Fleet does not expire and it remains active until you explicitly + * cancel it using the CancelCapacityReservationFleet action.
+ *You can't specify RemoveEndDate and + * EndDate in the same request.
+ */ + RemoveEndDate?: boolean; } -export namespace InstanceBlockDeviceMappingSpecification { +export namespace ModifyCapacityReservationFleetRequest { /** * @internal */ - export const filterSensitiveLog = (obj: InstanceBlockDeviceMappingSpecification): any => ({ + export const filterSensitiveLog = (obj: ModifyCapacityReservationFleetRequest): any => ({ ...obj, }); } -export interface BlobAttributeValue { - Value?: Uint8Array; +export interface ModifyCapacityReservationFleetResult { + /** + *Returns true
if the request succeeds; otherwise, it returns an error.
Information about the DNS server to be used.
+ */ +export interface DnsServersOptionsModifyStructure { /** - *Enable or disable source/destination checks, which ensure that the instance
- * is either the source or the destination of any traffic that it receives.
- * If the value is true
, source/destination checks are enabled;
- * otherwise, they are disabled. The default value is true
.
- * You must disable source/destination checks if the instance runs services
- * such as network address translation, routing, or firewalls.
The IPv4 address range, in CIDR notation, of the DNS servers to be used. You can specify up to + * two DNS servers. Ensure that the DNS servers can be reached by the clients. The specified values + * overwrite the existing values.
*/ - SourceDestCheck?: AttributeBooleanValue; + CustomDnsServers?: string[]; /** - *The name of the attribute.
+ *Indicates whether DNS servers should be used. Specify False
to delete the existing DNS
+ * servers.
Modifies the DeleteOnTermination
attribute for volumes that are currently
- * attached. The volume must be owned by the caller. If no value is specified for
- * DeleteOnTermination
, the default is true
and the volume is
- * deleted when the instance is terminated.
To add instance store volumes to an Amazon EBS-backed instance, you must add them when - * you launch the instance. For more information, see Updating the block device mapping when launching an instance in the - * Amazon EC2 User Guide.
+ * @internal */ - BlockDeviceMappings?: InstanceBlockDeviceMappingSpecification[]; + export const filterSensitiveLog = (obj: DnsServersOptionsModifyStructure): any => ({ + ...obj, + }); +} +export interface ModifyClientVpnEndpointRequest { /** - *If the value is true
, you can't terminate the instance using the Amazon
- * EC2 console, CLI, or API; otherwise, you can. You cannot use this parameter for Spot
- * Instances.
The ID of the Client VPN endpoint to modify.
*/ - DisableApiTermination?: AttributeBooleanValue; + ClientVpnEndpointId: string | undefined; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The ARN of the server certificate to be used. The server certificate must be provisioned in + * Certificate Manager (ACM).
*/ - DryRun?: boolean; + ServerCertificateArn?: string; /** - *Specifies whether the instance is optimized for Amazon EBS I/O. This optimization - * provides dedicated throughput to Amazon EBS and an optimized configuration stack to - * provide optimal EBS I/O performance. This optimization isn't available with all instance - * types. Additional usage charges apply when using an EBS Optimized instance.
+ *Information about the client connection logging options.
+ *If you enable client connection logging, data about client connections is sent to a + * Cloudwatch Logs log stream. The following information is logged:
+ *Client connection requests
+ *Client connection results (successful and unsuccessful)
+ *Reasons for unsuccessful client connection requests
+ *Client connection termination time
+ *Set to true
to enable enhanced networking with ENA for the
- * instance.
This option is supported only for HVM instances. Specifying this option with a PV - * instance can make it unreachable.
+ *Information about the DNS servers to be used by Client VPN connections. A Client VPN endpoint can have + * up to two DNS servers.
*/ - EnaSupport?: AttributeBooleanValue; + DnsServers?: DnsServersOptionsModifyStructure; /** - *[EC2-VPC] Replaces the security groups of the instance with the specified security groups. - * You must specify at least one security group, even if it's just the default security group for the VPC. You must - * specify the security group ID, not the security group name.
+ *The port number to assign to the Client VPN endpoint for TCP and UDP traffic.
+ *Valid Values: 443
| 1194
+ *
Default Value: 443
+ *
The ID of the instance.
+ *A brief description of the Client VPN endpoint.
*/ - InstanceId: string | undefined; + Description?: string; /** - *Specifies whether an instance stops or terminates when you initiate shutdown from the - * instance (using the operating system command for system shutdown).
+ *Indicates whether the VPN is split-tunnel.
+ *For information about split-tunnel VPN endpoints, see Split-tunnel Client VPN endpoint in the + * Client VPN Administrator Guide.
*/ - InstanceInitiatedShutdownBehavior?: AttributeValue; + SplitTunnel?: boolean; /** - *Changes the instance type to the specified value. For more information, see Instance
- * types in the Amazon EC2 User Guide. If the instance type is not valid,
- * the error returned is InvalidInstanceAttributeValue
.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
Changes the instance's kernel to the specified value. We recommend that you use - * PV-GRUB instead of kernels and RAM disks. For more information, see PV-GRUB.
+ *The IDs of one or more security groups to apply to the target network.
*/ - Kernel?: AttributeValue; + SecurityGroupIds?: string[]; /** - *Changes the instance's RAM disk to the specified value. We recommend that you use - * PV-GRUB instead of kernels and RAM disks. For more information, see PV-GRUB.
+ *The ID of the VPC to associate with the Client VPN endpoint.
*/ - Ramdisk?: AttributeValue; + VpcId?: string; /** - *Set to simple
to enable enhanced networking with the Intel 82599 Virtual
- * Function interface for the instance.
There is no way to disable enhanced networking with the Intel 82599 Virtual Function - * interface at this time.
- *This option is supported only for HVM instances. Specifying this option with a PV - * instance can make it unreachable.
+ *Specify whether to enable the self-service portal for the Client VPN endpoint.
*/ - SriovNetSupport?: AttributeValue; + SelfServicePortal?: SelfServicePortal | string; /** - *Changes the instance's user data to the specified value. If you are using an Amazon Web Services SDK - * or command line tool, base64-encoding is performed for you, and you can load the text - * from a file. Otherwise, you must provide base64-encoded text.
+ *The options for managing connection authorization for new client connections.
*/ - UserData?: BlobAttributeValue; + ClientConnectOptions?: ClientConnectOptions; +} +export namespace ModifyClientVpnEndpointRequest { /** - *A new value for the attribute. Use only with the kernel
,
- * ramdisk
, userData
, disableApiTermination
, or
- * instanceInitiatedShutdownBehavior
attribute.
Returns true
if the request succeeds; otherwise, it returns an error.
Describes an instance's Capacity Reservation targeting option. You can specify only one parameter
- * at a time. If you specify CapacityReservationPreference
and
- * CapacityReservationTarget
, the request fails.
Use the CapacityReservationPreference
parameter to configure the instance
- * to run as an On-Demand Instance or to run in any open
Capacity Reservation that has
- * matching attributes (instance type, platform, Availability Zone). Use the
- * CapacityReservationTarget
parameter to explicitly target a specific
- * Capacity Reservation or a Capacity Reservation group.
Indicates the instance's Capacity Reservation preferences. Possible preferences include:
- *
- * open
- The instance can run in any open
Capacity Reservation that has matching attributes
- * (instance type, platform, Availability Zone).
- * none
- The instance avoids running in a Capacity Reservation even if one is available. The
- * instance runs as an On-Demand Instance.
Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Information about the target Capacity Reservation or Capacity Reservation group.
+ *The instance family.
+ */ + InstanceFamily: UnlimitedSupportedInstanceFamily | string | undefined; + + /** + *The credit option for CPU usage of the instance family.
+ *Valid Values: standard
| unlimited
+ *
The ID of the instance to be modified.
+ *The default credit option for CPU usage of the instance family.
*/ - InstanceId: string | undefined; + InstanceFamilyCreditSpecification?: InstanceFamilyCreditSpecification; +} +export namespace ModifyDefaultCreditSpecificationResult { /** - *Information about the Capacity Reservation targeting option.
+ * @internal */ - CapacityReservationSpecification: CapacityReservationSpecification | undefined; + export const filterSensitiveLog = (obj: ModifyDefaultCreditSpecificationResult): any => ({ + ...obj, + }); +} +export interface ModifyEbsDefaultKmsKeyIdRequest { /** - *Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
The identifier of the Key Management Service (KMS) KMS key to use for Amazon EBS encryption.
+ * If this parameter is not specified, your KMS key for Amazon EBS is used. If KmsKeyId
is
+ * specified, the encrypted state must be true
.
You can specify the KMS key using any of the following:
+ *Key ID. For example, 1234abcd-12ab-34cd-56ef-1234567890ab.
+ *Key alias. For example, alias/ExampleAlias.
+ *Key ARN. For example, arn:aws:kms:us-east-1:012345678910:key/1234abcd-12ab-34cd-56ef-1234567890ab.
+ *Alias ARN. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias.
+ *Amazon Web Services authenticates the KMS key asynchronously. Therefore, if you specify an ID, alias, or ARN that is not valid, + * the action can appear to complete, but eventually fails.
+ *Amazon EBS does not support asymmetric KMS keys.
+ */ + KmsKeyId: string | undefined; + + /** + *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Returns true
if the request succeeds; otherwise, it returns an error.
The Amazon Resource Name (ARN) of the default KMS key for encryption by default.
*/ - Return?: boolean; + KmsKeyId?: string; } -export namespace ModifyInstanceCapacityReservationAttributesResult { +export namespace ModifyEbsDefaultKmsKeyIdResult { /** * @internal */ - export const filterSensitiveLog = (obj: ModifyInstanceCapacityReservationAttributesResult): any => ({ + export const filterSensitiveLog = (obj: ModifyEbsDefaultKmsKeyIdResult): any => ({ ...obj, }); } -/** - *Describes the credit option for CPU usage of a burstable performance instance.
- */ -export interface InstanceCreditSpecificationRequest { +export interface ModifyFleetRequest { /** - *The ID of the instance.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The credit option for CPU usage of the instance. Valid values are
- * standard
and unlimited
.
T3 instances with host
tenancy do not support the unlimited
- * CPU credit option.
Indicates whether running instances should be terminated if the total target capacity of + * the EC2 Fleet is decreased below the current size of the EC2 Fleet.
*/ - CpuCredits?: string; -} + ExcessCapacityTerminationPolicy?: FleetExcessCapacityTerminationPolicy | string; -export namespace InstanceCreditSpecificationRequest { /** - * @internal + *The launch template and overrides.
*/ - export const filterSensitiveLog = (obj: InstanceCreditSpecificationRequest): any => ({ - ...obj, - }); -} + LaunchTemplateConfigs?: FleetLaunchTemplateConfigRequest[]; -export interface ModifyInstanceCreditSpecificationRequest { /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The ID of the EC2 Fleet.
*/ - DryRun?: boolean; + FleetId: string | undefined; /** - *A unique, case-sensitive token that you provide to ensure idempotency of your - * modification request. For more information, see Ensuring - * Idempotency.
+ *The size of the EC2 Fleet.
*/ - ClientToken?: string; + TargetCapacitySpecification?: TargetCapacitySpecificationRequest; /** - *Information about the credit option for CPU usage.
+ *Reserved.
*/ - InstanceCreditSpecifications: InstanceCreditSpecificationRequest[] | undefined; + Context?: string; } -export namespace ModifyInstanceCreditSpecificationRequest { +export namespace ModifyFleetRequest { /** * @internal */ - export const filterSensitiveLog = (obj: ModifyInstanceCreditSpecificationRequest): any => ({ + export const filterSensitiveLog = (obj: ModifyFleetRequest): any => ({ ...obj, }); } -/** - *Describes the burstable performance instance whose credit option for CPU usage was - * successfully modified.
- */ -export interface SuccessfulInstanceCreditSpecificationItem { +export interface ModifyFleetResult { /** - *The ID of the instance.
+ *Is true
if the request succeeds, and an error otherwise.
Information about the error for the burstable performance instance whose credit option - * for CPU usage was not modified.
+ *Describes a load permission.
*/ -export interface UnsuccessfulInstanceCreditSpecificationItemError { +export interface LoadPermissionRequest { /** - *The error code.
+ *The name of the group.
*/ - Code?: UnsuccessfulInstanceCreditSpecificationErrorCode | string; + Group?: PermissionGroup | string; /** - *The applicable error message.
+ *The AWS account ID.
*/ - Message?: string; + UserId?: string; } -export namespace UnsuccessfulInstanceCreditSpecificationItemError { +export namespace LoadPermissionRequest { /** * @internal */ - export const filterSensitiveLog = (obj: UnsuccessfulInstanceCreditSpecificationItemError): any => ({ + export const filterSensitiveLog = (obj: LoadPermissionRequest): any => ({ ...obj, }); } /** - *Describes the burstable performance instance whose credit option for CPU usage was not - * modified.
+ *Describes modifications to the load permissions of an Amazon FPGA image (AFI).
*/ -export interface UnsuccessfulInstanceCreditSpecificationItem { +export interface LoadPermissionModifications { /** - *The ID of the instance.
+ *The load permissions to add.
*/ - InstanceId?: string; + Add?: LoadPermissionRequest[]; /** - *The applicable error for the burstable performance instance whose credit option for - * CPU usage was not modified.
+ *The load permissions to remove.
*/ - Error?: UnsuccessfulInstanceCreditSpecificationItemError; + Remove?: LoadPermissionRequest[]; } -export namespace UnsuccessfulInstanceCreditSpecificationItem { +export namespace LoadPermissionModifications { /** * @internal */ - export const filterSensitiveLog = (obj: UnsuccessfulInstanceCreditSpecificationItem): any => ({ + export const filterSensitiveLog = (obj: LoadPermissionModifications): any => ({ ...obj, }); } -export interface ModifyInstanceCreditSpecificationResult { +export type OperationType = "add" | "remove"; + +export interface ModifyFpgaImageAttributeRequest { /** - *Information about the instances whose credit option for CPU usage was successfully - * modified.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Information about the instances whose credit option for CPU usage was not - * modified.
+ *The ID of the AFI.
*/ - UnsuccessfulInstanceCreditSpecifications?: UnsuccessfulInstanceCreditSpecificationItem[]; -} + FpgaImageId: string | undefined; -export namespace ModifyInstanceCreditSpecificationResult { /** - * @internal + *The name of the attribute.
*/ - export const filterSensitiveLog = (obj: ModifyInstanceCreditSpecificationResult): any => ({ - ...obj, - }); -} + Attribute?: FpgaImageAttributeName | string; -export interface ModifyInstanceEventStartTimeRequest { /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The operation type.
*/ - DryRun?: boolean; + OperationType?: OperationType | string; /** - *The ID of the instance with the scheduled event.
+ *The AWS account IDs. This parameter is valid only when modifying the loadPermission
attribute.
The ID of the event whose date and time you are modifying.
+ *The user groups. This parameter is valid only when modifying the loadPermission
attribute.
The new date and time when the event will take place.
+ *The product codes. After you add a product code to an AFI, it can't be removed.
+ * This parameter is valid only when modifying the productCodes
attribute.
The load permission for the AFI.
+ */ + LoadPermission?: LoadPermissionModifications; + + /** + *A description for the AFI.
+ */ + Description?: string; + + /** + *A name for the AFI.
+ */ + Name?: string; } -export namespace ModifyInstanceEventStartTimeRequest { +export namespace ModifyFpgaImageAttributeRequest { /** * @internal */ - export const filterSensitiveLog = (obj: ModifyInstanceEventStartTimeRequest): any => ({ + export const filterSensitiveLog = (obj: ModifyFpgaImageAttributeRequest): any => ({ ...obj, }); } -export interface ModifyInstanceEventStartTimeResult { +export interface ModifyFpgaImageAttributeResult { /** - *Describes a scheduled event for an instance.
+ *Information about the attribute.
*/ - Event?: InstanceStatusEvent; + FpgaImageAttribute?: FpgaImageAttribute; } -export namespace ModifyInstanceEventStartTimeResult { +export namespace ModifyFpgaImageAttributeResult { /** * @internal */ - export const filterSensitiveLog = (obj: ModifyInstanceEventStartTimeResult): any => ({ + export const filterSensitiveLog = (obj: ModifyFpgaImageAttributeResult): any => ({ ...obj, }); } -export interface ModifyInstanceEventWindowRequest { +export interface ModifyHostsRequest { /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
Specify whether to enable or disable auto-placement.
*/ - DryRun?: boolean; + AutoPlacement?: AutoPlacement | string; /** - *The name of the event window.
+ *The IDs of the Dedicated Hosts to modify.
*/ - Name?: string; + HostIds: string[] | undefined; /** - *The ID of the event window.
+ *Indicates whether to enable or disable host recovery for the Dedicated Host. For more information, + * see + * Host recovery in the Amazon EC2 User Guide.
*/ - InstanceEventWindowId: string | undefined; + HostRecovery?: HostRecovery | string; /** - *The time ranges of the event window.
+ *Specifies the instance type to be supported by the Dedicated Host. Specify this parameter to + * modify a Dedicated Host to support only a specific instance type.
+ * + *If you want to modify a Dedicated Host to support multiple instance types in its current instance + * family, omit this parameter and specify InstanceFamily + * instead. You cannot specify InstanceType and + * InstanceFamily in the same request.
*/ - TimeRanges?: InstanceEventWindowTimeRangeRequest[]; + InstanceType?: string; /** - *The cron expression of the event window, for example, * 0-4,20-23 * * 1,5
.
Constraints:
- *Only hour and day of the week values are supported.
- *For day of the week values, you can specify either integers 0
through
- * 6
, or alternative single values SUN
through
- * SAT
.
The minute, month, and year must be specified by *
.
The hour value must be one or a multiple range, for example, 0-4
or
- * 0-4,20-23
.
Each hour range must be >= 2 hours, for example, 0-2
or
- * 20-23
.
The event window must be >= 4 hours. The combined total time ranges in the event - * window must be >= 4 hours.
- *For more information about cron expressions, see cron on the Wikipedia - * website.
+ *Specifies the instance family to be supported by the Dedicated Host. Specify this parameter + * to modify a Dedicated Host to support multiple instance types within its current + * instance family.
+ * + *If you want to modify a Dedicated Host to support a specific instance type only, omit this parameter + * and specify InstanceType instead. You cannot specify + * InstanceFamily and InstanceType + * in the same request.
*/ - CronExpression?: string; + InstanceFamily?: string; } -export namespace ModifyInstanceEventWindowRequest { +export namespace ModifyHostsRequest { /** * @internal */ - export const filterSensitiveLog = (obj: ModifyInstanceEventWindowRequest): any => ({ + export const filterSensitiveLog = (obj: ModifyHostsRequest): any => ({ ...obj, }); } -export interface ModifyInstanceEventWindowResult { +export interface ModifyHostsResult { /** - *Information about the event window.
+ *The IDs of the Dedicated Hosts that were successfully modified.
*/ - InstanceEventWindow?: InstanceEventWindow; + Successful?: string[]; + + /** + *The IDs of the Dedicated Hosts that could not be modified. Check whether the + * setting you requested can be used.
+ */ + Unsuccessful?: UnsuccessfulItem[]; } -export namespace ModifyInstanceEventWindowResult { +export namespace ModifyHostsResult { /** * @internal */ - export const filterSensitiveLog = (obj: ModifyInstanceEventWindowResult): any => ({ + export const filterSensitiveLog = (obj: ModifyHostsResult): any => ({ ...obj, }); } -export interface ModifyInstanceMetadataOptionsRequest { +export interface ModifyIdentityIdFormatRequest { /** - *The ID of the instance.
+ *The ARN of the principal, which can be an IAM user, IAM role, or the root user. Specify
+ * all
to modify the ID format for all IAM users, IAM roles, and the root user of
+ * the account.
The state of token usage for your instance metadata requests. If the parameter is not
- * specified in the request, the default state is optional
.
If the state is optional
, you can choose to retrieve instance metadata
- * with or without a signed token header on your request. If you retrieve the IAM role
- * credentials without a token, the version 1.0 role credentials are returned. If you
- * retrieve the IAM role credentials using a valid signed token, the version 2.0 role
- * credentials are returned.
If the state is required
, you must send a signed token header with any
- * instance metadata retrieval requests. In this state, retrieving the IAM role credential
- * always returns the version 2.0 credentials; the version 1.0 credentials are not
- * available.
The type of resource: bundle
| conversion-task
| customer-gateway
| dhcp-options
|
+ * elastic-ip-allocation
| elastic-ip-association
|
+ * export-task
| flow-log
| image
|
+ * import-task
| internet-gateway
| network-acl
+ * | network-acl-association
| network-interface
|
+ * network-interface-attachment
| prefix-list
|
+ * route-table
| route-table-association
|
+ * security-group
| subnet
|
+ * subnet-cidr-block-association
| vpc
|
+ * vpc-cidr-block-association
| vpc-endpoint
| vpc-peering-connection
| vpn-connection
| vpn-gateway
.
Alternatively, use the all-current
option to include all resource types that are
+ * currently within their opt-in period for longer IDs.
The desired HTTP PUT response hop limit for instance metadata requests. The larger the - * number, the further instance metadata requests can travel. If no parameter is specified, the existing state is maintained.
- *Possible values: Integers from 1 to 64
+ *Indicates whether the resource should use longer IDs (17-character IDs)
*/ - HttpPutResponseHopLimit?: number; + UseLongIds: boolean | undefined; +} +export namespace ModifyIdentityIdFormatRequest { /** - *This parameter enables or disables the HTTP metadata endpoint on your instances. If - * the parameter is not specified, the existing state is maintained.
- *If you specify a value of disabled
, you will not be able to access your
- * instance metadata.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
The type of resource: bundle
| conversion-task
| customer-gateway
| dhcp-options
|
+ * elastic-ip-allocation
| elastic-ip-association
|
+ * export-task
| flow-log
| image
|
+ * import-task
| internet-gateway
| network-acl
+ * | network-acl-association
| network-interface
|
+ * network-interface-attachment
| prefix-list
|
+ * route-table
| route-table-association
|
+ * security-group
| subnet
|
+ * subnet-cidr-block-association
| vpc
|
+ * vpc-cidr-block-association
| vpc-endpoint
| vpc-peering-connection
| vpn-connection
| vpn-gateway
.
Alternatively, use the all-current
option to include all resource types that are
+ * currently within their opt-in period for longer IDs.
Enables or disables the IPv6 endpoint for the instance metadata service.
+ *Indicate whether the resource should use longer IDs (17-character IDs).
*/ - HttpProtocolIpv6?: InstanceMetadataProtocolState | string; + UseLongIds: boolean | undefined; } -export namespace ModifyInstanceMetadataOptionsRequest { +export namespace ModifyIdFormatRequest { /** * @internal */ - export const filterSensitiveLog = (obj: ModifyInstanceMetadataOptionsRequest): any => ({ + export const filterSensitiveLog = (obj: ModifyIdFormatRequest): any => ({ ...obj, }); } -export interface ModifyInstanceMetadataOptionsResult { +/** + *Describes a launch permission modification.
+ */ +export interface LaunchPermissionModifications { /** - *The ID of the instance.
+ *The Amazon Web Services account ID to add to the list of launch permissions for the AMI.
*/ - InstanceId?: string; + Add?: LaunchPermission[]; /** - *The metadata options for the instance.
+ *The Amazon Web Services account ID to remove from the list of launch permissions for the AMI.
*/ - InstanceMetadataOptions?: InstanceMetadataOptionsResponse; + Remove?: LaunchPermission[]; } -export namespace ModifyInstanceMetadataOptionsResult { +export namespace LaunchPermissionModifications { /** * @internal */ - export const filterSensitiveLog = (obj: ModifyInstanceMetadataOptionsResult): any => ({ + export const filterSensitiveLog = (obj: LaunchPermissionModifications): any => ({ ...obj, }); } -export type HostTenancy = "dedicated" | "host"; +/** + *Contains the parameters for ModifyImageAttribute.
+ */ +export interface ModifyImageAttributeRequest { + /** + *The name of the attribute to modify.
+ * The valid values are description
and launchPermission
.
The affinity setting for the instance.
+ *A new description for the AMI.
*/ - Affinity?: Affinity | string; + Description?: AttributeValue; /** - *The name of the placement group in which to place the instance. For spread placement
- * groups, the instance must have a tenancy of default
. For cluster and
- * partition placement groups, the instance must have a tenancy of default
or
- * dedicated
.
To remove an instance from a placement group, specify an empty string - * ("").
+ *The ID of the AMI.
*/ - GroupName?: string; + ImageId: string | undefined; /** - *The ID of the Dedicated Host with which to associate the instance.
+ *A new launch permission for the AMI.
*/ - HostId?: string; + LaunchPermission?: LaunchPermissionModifications; /** - *The ID of the instance that you are modifying.
+ *The operation type.
+ * This parameter can be used only when the Attribute
parameter is launchPermission
.
The tenancy for the instance.
- * - *For T3 instances, you can't change the tenancy from dedicated
- * to host
, or from host
to dedicated
.
- * Attempting to make one of these unsupported tenancy changes results in the
- * InvalidTenancy
error code.
Not supported.
*/ - Tenancy?: HostTenancy | string; + ProductCodes?: string[]; /** - *Reserved for future use.
+ *The user groups.
+ * This parameter can be used only when the Attribute
parameter is launchPermission
.
The ARN of the host resource group in which to place the instance.
+ *The Amazon Web Services account IDs.
+ * This parameter can be used only when the Attribute
parameter is launchPermission
.
The value of the attribute being modified.
+ * This parameter can be used only when the Attribute
parameter is description
.
Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Describes information used to set up an EBS volume specified in a block device + * mapping.
+ */ +export interface EbsInstanceBlockDeviceSpecification { /** - *Is true
if the request succeeds, and an error otherwise.
Indicates whether the volume is deleted on instance termination.
*/ - Return?: boolean; + DeleteOnTermination?: boolean; + + /** + *The ID of the EBS volume.
+ */ + VolumeId?: string; } -export namespace ModifyInstancePlacementResult { +export namespace EbsInstanceBlockDeviceSpecification { /** * @internal */ - export const filterSensitiveLog = (obj: ModifyInstancePlacementResult): any => ({ + export const filterSensitiveLog = (obj: EbsInstanceBlockDeviceSpecification): any => ({ ...obj, }); } -export interface ModifyLaunchTemplateRequest { - /** - *Checks whether you have the required permissions for the action, without actually
- * making the request, and provides an error response. If you have the required
- * permissions, the error response is DryRunOperation
. Otherwise, it is
- * UnauthorizedOperation
.
Describes a block device mapping entry.
+ */ +export interface InstanceBlockDeviceMappingSpecification { /** - *Unique, case-sensitive identifier you provide to ensure the idempotency of the - * request. For more information, see Ensuring - * Idempotency.
- *Constraint: Maximum 128 ASCII characters.
+ *The device name (for example, /dev/sdh
or xvdh
).
The ID of the launch template. You must specify either the launch template ID or - * launch template name in the request.
+ *Parameters used to automatically set up EBS volumes when the instance is + * launched.
*/ - LaunchTemplateId?: string; + Ebs?: EbsInstanceBlockDeviceSpecification; /** - *The name of the launch template. You must specify either the launch template ID or - * launch template name in the request.
+ *suppress the specified device included in the block device mapping.
*/ - LaunchTemplateName?: string; + NoDevice?: string; /** - *The version number of the launch template to set as the default version.
+ *The virtual device name.
*/ - DefaultVersion?: string; + VirtualName?: string; } -export namespace ModifyLaunchTemplateRequest { +export namespace InstanceBlockDeviceMappingSpecification { /** * @internal */ - export const filterSensitiveLog = (obj: ModifyLaunchTemplateRequest): any => ({ + export const filterSensitiveLog = (obj: InstanceBlockDeviceMappingSpecification): any => ({ ...obj, }); } -export interface ModifyLaunchTemplateResult { - /** - *Information about the launch template.
- */ - LaunchTemplate?: LaunchTemplate; +export interface BlobAttributeValue { + Value?: Uint8Array; } -export namespace ModifyLaunchTemplateResult { +export namespace BlobAttributeValue { /** * @internal */ - export const filterSensitiveLog = (obj: ModifyLaunchTemplateResult): any => ({ + export const filterSensitiveLog = (obj: BlobAttributeValue): any => ({ ...obj, }); } -/** - *An entry for a prefix list.
- */ -export interface RemovePrefixListEntry { +export interface ModifyInstanceAttributeRequest { /** - *The CIDR block.
+ *Enable or disable source/destination checks, which ensure that the instance
+ * is either the source or the destination of any traffic that it receives.
+ * If the value is true
, source/destination checks are enabled;
+ * otherwise, they are disabled. The default value is true
.
+ * You must disable source/destination checks if the instance runs services
+ * such as network address translation, routing, or firewalls.
The name of the attribute.
*/ - export const filterSensitiveLog = (obj: RemovePrefixListEntry): any => ({ - ...obj, - }); -} + Attribute?: InstanceAttributeName | string; + + /** + *Modifies the DeleteOnTermination
attribute for volumes that are currently
+ * attached. The volume must be owned by the caller. If no value is specified for
+ * DeleteOnTermination
, the default is true
and the volume is
+ * deleted when the instance is terminated.
To add instance store volumes to an Amazon EBS-backed instance, you must add them when + * you launch the instance. For more information, see Updating the block device mapping when launching an instance in the + * Amazon EC2 User Guide.
+ */ + BlockDeviceMappings?: InstanceBlockDeviceMappingSpecification[]; + + /** + *If the value is true
, you can't terminate the instance using the Amazon
+ * EC2 console, CLI, or API; otherwise, you can. You cannot use this parameter for Spot
+ * Instances.
Checks whether you have the required permissions for the action, without actually making the request,
* and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
@@ -8230,810 +8261,1000 @@ export interface ModifyManagedPrefixListRequest {
DryRun?: boolean;
/**
- *
The ID of the prefix list.
+ *Specifies whether the instance is optimized for Amazon EBS I/O. This optimization + * provides dedicated throughput to Amazon EBS and an optimized configuration stack to + * provide optimal EBS I/O performance. This optimization isn't available with all instance + * types. Additional usage charges apply when using an EBS Optimized instance.
*/ - PrefixListId: string | undefined; + EbsOptimized?: AttributeBooleanValue; /** - *The current version of the prefix list.
+ *Set to true
to enable enhanced networking with ENA for the
+ * instance.
This option is supported only for HVM instances. Specifying this option with a PV + * instance can make it unreachable.
*/ - CurrentVersion?: number; + EnaSupport?: AttributeBooleanValue; /** - *A name for the prefix list.
+ *[EC2-VPC] Replaces the security groups of the instance with the specified security groups. + * You must specify at least one security group, even if it's just the default security group for the VPC. You must + * specify the security group ID, not the security group name.
*/ - PrefixListName?: string; + Groups?: string[]; /** - *One or more entries to add to the prefix list.
+ *The ID of the instance.
*/ - AddEntries?: AddPrefixListEntry[]; + InstanceId: string | undefined; /** - *One or more entries to remove from the prefix list.
+ *Specifies whether an instance stops or terminates when you initiate shutdown from the + * instance (using the operating system command for system shutdown).
*/ - RemoveEntries?: RemovePrefixListEntry[]; + InstanceInitiatedShutdownBehavior?: AttributeValue; /** - *The maximum number of entries for the prefix list. You cannot modify the entries - * of a prefix list and modify the size of a prefix list at the same time.
- *If any of the resources that reference the prefix list cannot support the new - * maximum size, the modify operation fails. Check the state message for the IDs of - * the first ten resources that do not support the new maximum size.
+ *Changes the instance type to the specified value. For more information, see Instance
+ * types in the Amazon EC2 User Guide. If the instance type is not valid,
+ * the error returned is InvalidInstanceAttributeValue
.
Changes the instance's kernel to the specified value. We recommend that you use + * PV-GRUB instead of kernels and RAM disks. For more information, see PV-GRUB.
*/ - export const filterSensitiveLog = (obj: ModifyManagedPrefixListRequest): any => ({ - ...obj, - }); -} + Kernel?: AttributeValue; -export interface ModifyManagedPrefixListResult { /** - *Information about the prefix list.
+ *Changes the instance's RAM disk to the specified value. We recommend that you use + * PV-GRUB instead of kernels and RAM disks. For more information, see PV-GRUB.
*/ - PrefixList?: ManagedPrefixList; + Ramdisk?: AttributeValue; + + /** + *Set to simple
to enable enhanced networking with the Intel 82599 Virtual
+ * Function interface for the instance.
There is no way to disable enhanced networking with the Intel 82599 Virtual Function + * interface at this time.
+ *This option is supported only for HVM instances. Specifying this option with a PV + * instance can make it unreachable.
+ */ + SriovNetSupport?: AttributeValue; + + /** + *Changes the instance's user data to the specified value. If you are using an Amazon Web Services SDK + * or command line tool, base64-encoding is performed for you, and you can load the text + * from a file. Otherwise, you must provide base64-encoded text.
+ */ + UserData?: BlobAttributeValue; + + /** + *A new value for the attribute. Use only with the kernel
,
+ * ramdisk
, userData
, disableApiTermination
, or
+ * instanceInitiatedShutdownBehavior
attribute.
Describes an attachment change.
+ *Describes an instance's Capacity Reservation targeting option. You can specify only one parameter
+ * at a time. If you specify CapacityReservationPreference
and
+ * CapacityReservationTarget
, the request fails.
Use the CapacityReservationPreference
parameter to configure the instance
+ * to run as an On-Demand Instance or to run in any open
Capacity Reservation that has
+ * matching attributes (instance type, platform, Availability Zone). Use the
+ * CapacityReservationTarget
parameter to explicitly target a specific
+ * Capacity Reservation or a Capacity Reservation group.
The ID of the network interface attachment.
+ *Indicates the instance's Capacity Reservation preferences. Possible preferences include:
+ *
+ * open
- The instance can run in any open
Capacity Reservation that has matching attributes
+ * (instance type, platform, Availability Zone).
+ * none
- The instance avoids running in a Capacity Reservation even if one is available. The
+ * instance runs as an On-Demand Instance.
Indicates whether the network interface is deleted when the instance is terminated.
+ *Information about the target Capacity Reservation or Capacity Reservation group.
*/ - DeleteOnTermination?: boolean; + CapacityReservationTarget?: CapacityReservationTarget; } -export namespace NetworkInterfaceAttachmentChanges { +export namespace CapacityReservationSpecification { /** * @internal */ - export const filterSensitiveLog = (obj: NetworkInterfaceAttachmentChanges): any => ({ + export const filterSensitiveLog = (obj: CapacityReservationSpecification): any => ({ ...obj, }); } -/** - *Contains the parameters for ModifyNetworkInterfaceAttribute.
- */ -export interface ModifyNetworkInterfaceAttributeRequest { +export interface ModifyInstanceCapacityReservationAttributesRequest { /** - *Information about the interface attachment. If modifying the 'delete on termination' attribute, you must specify the ID of the interface attachment.
+ *The ID of the instance to be modified.
*/ - Attachment?: NetworkInterfaceAttachmentChanges; + InstanceId: string | undefined; /** - *A description for the network interface.
+ *Information about the Capacity Reservation targeting option.
*/ - Description?: AttributeValue; + CapacityReservationSpecification: CapacityReservationSpecification | undefined; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
Changes the security groups for the network interface. The new set of groups you specify replaces the current set. You must specify at least one group, even if it's just the default security group in the VPC. You must specify the ID of the security group, not the name.
+ * @internal */ - Groups?: string[]; + export const filterSensitiveLog = (obj: ModifyInstanceCapacityReservationAttributesRequest): any => ({ + ...obj, + }); +} + +export interface ModifyInstanceCapacityReservationAttributesResult { + /** + *Returns true
if the request succeeds; otherwise, it returns an error.
Describes the credit option for CPU usage of a burstable performance instance.
+ */ +export interface InstanceCreditSpecificationRequest { /** - *The ID of the network interface.
+ *The ID of the instance.
*/ - NetworkInterfaceId: string | undefined; + InstanceId?: string; /** - *Enable or disable source/destination checks, which ensure that the instance
- * is either the source or the destination of any traffic that it receives.
- * If the value is true
, source/destination checks are enabled;
- * otherwise, they are disabled. The default value is true
.
- * You must disable source/destination checks if the instance runs services
- * such as network address translation, routing, or firewalls.
The credit option for CPU usage of the instance. Valid values are
+ * standard
and unlimited
.
T3 instances with host
tenancy do not support the unlimited
+ * CPU credit option.
Contains the parameters for ModifyReservedInstances.
- */ -export interface ModifyReservedInstancesRequest { +export interface ModifyInstanceCreditSpecificationRequest { /** - *The IDs of the Reserved Instances to modify.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
A unique, case-sensitive token you provide to ensure idempotency of your modification request. For more information, see - * Ensuring Idempotency.
+ *A unique, case-sensitive token that you provide to ensure idempotency of your + * modification request. For more information, see Ensuring + * Idempotency.
*/ ClientToken?: string; /** - *The configuration settings for the Reserved Instances to modify.
+ *Information about the credit option for CPU usage.
*/ - TargetConfigurations: ReservedInstancesConfiguration[] | undefined; + InstanceCreditSpecifications: InstanceCreditSpecificationRequest[] | undefined; } -export namespace ModifyReservedInstancesRequest { +export namespace ModifyInstanceCreditSpecificationRequest { /** * @internal */ - export const filterSensitiveLog = (obj: ModifyReservedInstancesRequest): any => ({ + export const filterSensitiveLog = (obj: ModifyInstanceCreditSpecificationRequest): any => ({ ...obj, }); } /** - *Contains the output of ModifyReservedInstances.
+ *Describes the burstable performance instance whose credit option for CPU usage was + * successfully modified.
*/ -export interface ModifyReservedInstancesResult { +export interface SuccessfulInstanceCreditSpecificationItem { /** - *The ID for the modification.
+ *The ID of the instance.
*/ - ReservedInstancesModificationId?: string; + InstanceId?: string; } -export namespace ModifyReservedInstancesResult { +export namespace SuccessfulInstanceCreditSpecificationItem { /** * @internal */ - export const filterSensitiveLog = (obj: ModifyReservedInstancesResult): any => ({ + export const filterSensitiveLog = (obj: SuccessfulInstanceCreditSpecificationItem): any => ({ ...obj, }); } +export enum UnsuccessfulInstanceCreditSpecificationErrorCode { + INCORRECT_INSTANCE_STATE = "IncorrectInstanceState", + INSTANCE_CREDIT_SPECIFICATION_NOT_SUPPORTED = "InstanceCreditSpecification.NotSupported", + INSTANCE_NOT_FOUND = "InvalidInstanceID.NotFound", + INVALID_INSTANCE_ID = "InvalidInstanceID.Malformed", +} + /** - *Describes a security group rule.
- *You must specify exactly one of the following parameters, based on the rule type:
- *CidrIpv4
- *CidrIpv6
- *PrefixListId
- *ReferencedGroupId
- *When you modify a rule, you cannot change the rule type. For example, if the rule
- * uses an IPv4 address range, you must use CidrIpv4
to specify a new IPv4
- * address range.
Information about the error for the burstable performance instance whose credit option + * for CPU usage was not modified.
*/ -export interface SecurityGroupRuleRequest { +export interface UnsuccessfulInstanceCreditSpecificationItemError { /** - *The IP protocol name (tcp
, udp
, icmp
,
- * icmpv6
) or number (see Protocol Numbers).
Use -1
to specify all protocols.
The error code.
*/ - IpProtocol?: string; + Code?: UnsuccessfulInstanceCreditSpecificationErrorCode | string; /** - *The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.
+ *The applicable error message.
*/ - FromPort?: number; + Message?: string; +} +export namespace UnsuccessfulInstanceCreditSpecificationItemError { /** - *The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1
indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 types, you must specify all codes.
Describes the burstable performance instance whose credit option for CPU usage was not + * modified.
+ */ +export interface UnsuccessfulInstanceCreditSpecificationItem { /** - *The IPv4 CIDR range. To specify a single IPv4 address, use the /32 prefix length.
+ *The ID of the instance.
*/ - CidrIpv4?: string; + InstanceId?: string; /** - *The IPv6 CIDR range. To specify a single IPv6 address, use the /128 prefix length.
+ *The applicable error for the burstable performance instance whose credit option for + * CPU usage was not modified.
*/ - CidrIpv6?: string; + Error?: UnsuccessfulInstanceCreditSpecificationItemError; +} +export namespace UnsuccessfulInstanceCreditSpecificationItem { /** - *The ID of the prefix list.
+ * @internal */ - PrefixListId?: string; + export const filterSensitiveLog = (obj: UnsuccessfulInstanceCreditSpecificationItem): any => ({ + ...obj, + }); +} +export interface ModifyInstanceCreditSpecificationResult { /** - *The ID of the security group that is referenced in the security group rule.
+ *Information about the instances whose credit option for CPU usage was successfully + * modified.
*/ - ReferencedGroupId?: string; + SuccessfulInstanceCreditSpecifications?: SuccessfulInstanceCreditSpecificationItem[]; /** - *The description of the security group rule.
+ *Information about the instances whose credit option for CPU usage was not + * modified.
*/ - Description?: string; + UnsuccessfulInstanceCreditSpecifications?: UnsuccessfulInstanceCreditSpecificationItem[]; } -export namespace SecurityGroupRuleRequest { +export namespace ModifyInstanceCreditSpecificationResult { /** * @internal */ - export const filterSensitiveLog = (obj: SecurityGroupRuleRequest): any => ({ + export const filterSensitiveLog = (obj: ModifyInstanceCreditSpecificationResult): any => ({ ...obj, }); } -/** - *Describes an update to a security group rule.
- */ -export interface SecurityGroupRuleUpdate { +export interface ModifyInstanceEventStartTimeRequest { /** - *The ID of the security group rule.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Information about the security group rule.
+ *The ID of the instance with the scheduled event.
*/ - SecurityGroupRule?: SecurityGroupRuleRequest; + InstanceId: string | undefined; + + /** + *The ID of the event whose date and time you are modifying.
+ */ + InstanceEventId: string | undefined; + + /** + *The new date and time when the event will take place.
+ */ + NotBefore: Date | undefined; } -export namespace SecurityGroupRuleUpdate { +export namespace ModifyInstanceEventStartTimeRequest { /** * @internal */ - export const filterSensitiveLog = (obj: SecurityGroupRuleUpdate): any => ({ + export const filterSensitiveLog = (obj: ModifyInstanceEventStartTimeRequest): any => ({ ...obj, }); } -export interface ModifySecurityGroupRulesRequest { +export interface ModifyInstanceEventStartTimeResult { /** - *The ID of the security group.
+ *Describes a scheduled event for an instance.
*/ - GroupId: string | undefined; + Event?: InstanceStatusEvent; +} +export namespace ModifyInstanceEventStartTimeResult { /** - *Information about the security group properties to update.
+ * @internal */ - SecurityGroupRules: SecurityGroupRuleUpdate[] | undefined; + export const filterSensitiveLog = (obj: ModifyInstanceEventStartTimeResult): any => ({ + ...obj, + }); +} +export interface ModifyInstanceEventWindowRequest { /** *Checks whether you have the required permissions for the action, without actually making the request,
* and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
* Otherwise, it is UnauthorizedOperation
.
The name of the event window.
*/ - export const filterSensitiveLog = (obj: ModifySecurityGroupRulesRequest): any => ({ - ...obj, - }); -} + Name?: string; -export interface ModifySecurityGroupRulesResult { /** - *Returns true
if the request succeeds; otherwise, returns an error.
The ID of the event window.
*/ - Return?: boolean; -} + InstanceEventWindowId: string | undefined; -export namespace ModifySecurityGroupRulesResult { /** - * @internal + *The time ranges of the event window.
*/ - export const filterSensitiveLog = (obj: ModifySecurityGroupRulesResult): any => ({ - ...obj, - }); + TimeRanges?: InstanceEventWindowTimeRangeRequest[]; + + /** + *The cron expression of the event window, for example, * 0-4,20-23 * * 1,5
.
Constraints:
+ *Only hour and day of the week values are supported.
+ *For day of the week values, you can specify either integers 0
through
+ * 6
, or alternative single values SUN
through
+ * SAT
.
The minute, month, and year must be specified by *
.
The hour value must be one or a multiple range, for example, 0-4
or
+ * 0-4,20-23
.
Each hour range must be >= 2 hours, for example, 0-2
or
+ * 20-23
.
The event window must be >= 4 hours. The combined total time ranges in the event + * window must be >= 4 hours.
+ *For more information about cron expressions, see cron on the Wikipedia + * website.
+ */ + CronExpression?: string; } -/** - *Describes modifications to the list of create volume permissions for a volume.
- */ -export interface CreateVolumePermissionModifications { +export namespace ModifyInstanceEventWindowRequest { /** - *Adds the specified Amazon Web Services account ID or group to the list.
+ * @internal */ - Add?: CreateVolumePermission[]; + export const filterSensitiveLog = (obj: ModifyInstanceEventWindowRequest): any => ({ + ...obj, + }); +} +export interface ModifyInstanceEventWindowResult { /** - *Removes the specified Amazon Web Services account ID or group from the list.
+ *Information about the event window.
*/ - Remove?: CreateVolumePermission[]; + InstanceEventWindow?: InstanceEventWindow; } -export namespace CreateVolumePermissionModifications { +export namespace ModifyInstanceEventWindowResult { /** * @internal */ - export const filterSensitiveLog = (obj: CreateVolumePermissionModifications): any => ({ + export const filterSensitiveLog = (obj: ModifyInstanceEventWindowResult): any => ({ ...obj, }); } -export interface ModifySnapshotAttributeRequest { +export interface ModifyInstanceMetadataOptionsRequest { /** - *The snapshot attribute to modify. Only volume creation permissions can be modified.
+ *The ID of the instance.
*/ - Attribute?: SnapshotAttributeName | string; + InstanceId: string | undefined; /** - *A JSON representation of the snapshot attribute modification.
+ *The state of token usage for your instance metadata requests. If the parameter is not
+ * specified in the request, the default state is optional
.
If the state is optional
, you can choose to retrieve instance metadata
+ * with or without a signed token header on your request. If you retrieve the IAM role
+ * credentials without a token, the version 1.0 role credentials are returned. If you
+ * retrieve the IAM role credentials using a valid signed token, the version 2.0 role
+ * credentials are returned.
If the state is required
, you must send a signed token header with any
+ * instance metadata retrieval requests. In this state, retrieving the IAM role credential
+ * always returns the version 2.0 credentials; the version 1.0 credentials are not
+ * available.
The group to modify for the snapshot.
+ *The desired HTTP PUT response hop limit for instance metadata requests. The larger the + * number, the further instance metadata requests can travel. If no parameter is specified, the existing state is maintained.
+ *Possible values: Integers from 1 to 64
*/ - GroupNames?: string[]; + HttpPutResponseHopLimit?: number; /** - *The type of operation to perform to the attribute.
+ *This parameter enables or disables the HTTP metadata endpoint on your instances. If + * the parameter is not specified, the existing state is maintained.
+ *If you specify a value of disabled
, you will not be able to access your
+ * instance metadata.
The ID of the snapshot.
+ *Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation
. Otherwise, it is UnauthorizedOperation
.
The account ID to modify for the snapshot.
+ *Enables or disables the IPv6 endpoint for the instance metadata service.
*/ - UserIds?: string[]; + HttpProtocolIpv6?: InstanceMetadataProtocolState | string; +} +export namespace ModifyInstanceMetadataOptionsRequest { /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The ID of the instance.
+ */ + InstanceId?: string; + + /** + *The metadata options for the instance.
+ */ + InstanceMetadataOptions?: InstanceMetadataOptionsResponse; +} + +export namespace ModifyInstanceMetadataOptionsResult { /** * @internal */ - export const filterSensitiveLog = (obj: ModifySnapshotAttributeRequest): any => ({ + export const filterSensitiveLog = (obj: ModifyInstanceMetadataOptionsResult): any => ({ ...obj, }); } -/** - *Contains the parameters for ModifySpotFleetRequest.
- */ -export interface ModifySpotFleetRequestRequest { +export type HostTenancy = "dedicated" | "host"; + +export interface ModifyInstancePlacementRequest { /** - *Indicates whether running Spot Instances should be terminated if the target capacity - * of the Spot Fleet request is decreased below the current size of the Spot Fleet.
+ *The affinity setting for the instance.
*/ - ExcessCapacityTerminationPolicy?: ExcessCapacityTerminationPolicy | string; + Affinity?: Affinity | string; /** - *The launch template and overrides. You can only use this parameter if you specified a
- * launch template (LaunchTemplateConfigs
) in your Spot Fleet request. If you
- * specified LaunchSpecifications
in your Spot Fleet request, then omit this
- * parameter.
The name of the placement group in which to place the instance. For spread placement
+ * groups, the instance must have a tenancy of default
. For cluster and
+ * partition placement groups, the instance must have a tenancy of default
or
+ * dedicated
.
To remove an instance from a placement group, specify an empty string + * ("").
*/ - LaunchTemplateConfigs?: LaunchTemplateConfig[]; + GroupName?: string; /** - *The ID of the Spot Fleet request.
+ *The ID of the Dedicated Host with which to associate the instance.
*/ - SpotFleetRequestId: string | undefined; + HostId?: string; /** - *The size of the fleet.
+ *The ID of the instance that you are modifying.
*/ - TargetCapacity?: number; + InstanceId: string | undefined; /** - *The number of On-Demand Instances in the fleet.
+ *The tenancy for the instance.
+ * + *For T3 instances, you can't change the tenancy from dedicated
+ * to host
, or from host
to dedicated
.
+ * Attempting to make one of these unsupported tenancy changes results in the
+ * InvalidTenancy
error code.
Reserved.
+ *Reserved for future use.
*/ - Context?: string; + PartitionNumber?: number; + + /** + *The ARN of the host resource group in which to place the instance.
+ */ + HostResourceGroupArn?: string; } -export namespace ModifySpotFleetRequestRequest { +export namespace ModifyInstancePlacementRequest { /** * @internal */ - export const filterSensitiveLog = (obj: ModifySpotFleetRequestRequest): any => ({ + export const filterSensitiveLog = (obj: ModifyInstancePlacementRequest): any => ({ ...obj, }); } -/** - *Contains the output of ModifySpotFleetRequest.
- */ -export interface ModifySpotFleetRequestResponse { +export interface ModifyInstancePlacementResult { /** *Is true
if the request succeeds, and an error otherwise.
Specify true
to indicate that network interfaces created in the
- * specified subnet should be assigned an IPv6 address. This includes a network interface
- * that's created when launching an instance into the subnet (the instance therefore
- * receives an IPv6 address).
If you enable the IPv6 addressing feature for your subnet, your network interface
- * or instance only receives an IPv6 address if it's created using version
- * 2016-11-15
or later of the Amazon EC2 API.
Checks whether you have the required permissions for the action, without actually
+ * making the request, and provides an error response. If you have the required
+ * permissions, the error response is DryRunOperation
. Otherwise, it is
+ * UnauthorizedOperation
.
Specify true
to indicate that network interfaces attached to instances created in the
- * specified subnet should be assigned a public IPv4 address.
Unique, case-sensitive identifier you provide to ensure the idempotency of the + * request. For more information, see Ensuring + * Idempotency.
+ *Constraint: Maximum 128 ASCII characters.
*/ - MapPublicIpOnLaunch?: AttributeBooleanValue; + ClientToken?: string; /** - *The ID of the subnet.
+ *The ID of the launch template. You must specify either the launch template ID or + * launch template name in the request.
*/ - SubnetId: string | undefined; + LaunchTemplateId?: string; /** - *Specify true
to indicate that network interfaces attached to instances created in the
- * specified subnet should be assigned a customer-owned IPv4 address.
When this value is true
, you must specify the customer-owned IP pool using CustomerOwnedIpv4Pool
.
The name of the launch template. You must specify either the launch template ID or + * launch template name in the request.
*/ - MapCustomerOwnedIpOnLaunch?: AttributeBooleanValue; + LaunchTemplateName?: string; /** - *The customer-owned IPv4 address pool associated with the subnet.
- *You must set this value when you specify true
for MapCustomerOwnedIpOnLaunch
.
The version number of the launch template to set as the default version.
*/ - CustomerOwnedIpv4Pool?: string; + DefaultVersion?: string; } -export namespace ModifySubnetAttributeRequest { +export namespace ModifyLaunchTemplateRequest { /** * @internal */ - export const filterSensitiveLog = (obj: ModifySubnetAttributeRequest): any => ({ + export const filterSensitiveLog = (obj: ModifyLaunchTemplateRequest): any => ({ ...obj, }); } -export interface ModifyTrafficMirrorFilterNetworkServicesRequest { - /** - *The ID of the Traffic Mirror filter.
- */ - TrafficMirrorFilterId: string | undefined; - - /** - *The network service, for example Amazon DNS, that you want to mirror.
- */ - AddNetworkServices?: (TrafficMirrorNetworkService | string)[]; - - /** - *The network service, for example Amazon DNS, that you no longer want to mirror.
- */ - RemoveNetworkServices?: (TrafficMirrorNetworkService | string)[]; - +export interface ModifyLaunchTemplateResult { /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
Information about the launch template.
*/ - DryRun?: boolean; + LaunchTemplate?: LaunchTemplate; } -export namespace ModifyTrafficMirrorFilterNetworkServicesRequest { +export namespace ModifyLaunchTemplateResult { /** * @internal */ - export const filterSensitiveLog = (obj: ModifyTrafficMirrorFilterNetworkServicesRequest): any => ({ + export const filterSensitiveLog = (obj: ModifyLaunchTemplateResult): any => ({ ...obj, }); } -export interface ModifyTrafficMirrorFilterNetworkServicesResult { +/** + *An entry for a prefix list.
+ */ +export interface RemovePrefixListEntry { /** - *The Traffic Mirror filter that the network service is associated with.
+ *The CIDR block.
*/ - TrafficMirrorFilter?: TrafficMirrorFilter; + Cidr: string | undefined; } -export namespace ModifyTrafficMirrorFilterNetworkServicesResult { +export namespace RemovePrefixListEntry { /** * @internal */ - export const filterSensitiveLog = (obj: ModifyTrafficMirrorFilterNetworkServicesResult): any => ({ + export const filterSensitiveLog = (obj: RemovePrefixListEntry): any => ({ ...obj, }); } -export type TrafficMirrorFilterRuleField = "description" | "destination-port-range" | "protocol" | "source-port-range"; - -export interface ModifyTrafficMirrorFilterRuleRequest { - /** - *The ID of the Traffic Mirror rule.
- */ - TrafficMirrorFilterRuleId: string | undefined; - - /** - *The type of traffic (ingress
| egress
) to assign to the rule.
The number of the Traffic Mirror rule. This number must be unique for each Traffic Mirror rule in a given - * direction. The rules are processed in ascending order by rule number.
- */ - RuleNumber?: number; - +export interface ModifyManagedPrefixListRequest { /** - *The action to assign to the rule.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The destination ports that are associated with the Traffic Mirror rule.
+ *The ID of the prefix list.
*/ - DestinationPortRange?: TrafficMirrorPortRangeRequest; + PrefixListId: string | undefined; /** - *The port range to assign to the Traffic Mirror rule.
+ *The current version of the prefix list.
*/ - SourcePortRange?: TrafficMirrorPortRangeRequest; + CurrentVersion?: number; /** - *The protocol, for example TCP, to assign to the Traffic Mirror rule.
+ *A name for the prefix list.
*/ - Protocol?: number; + PrefixListName?: string; /** - *The destination CIDR block to assign to the Traffic Mirror rule.
+ *One or more entries to add to the prefix list.
*/ - DestinationCidrBlock?: string; + AddEntries?: AddPrefixListEntry[]; /** - *The source CIDR block to assign to the Traffic Mirror rule.
+ *One or more entries to remove from the prefix list.
*/ - SourceCidrBlock?: string; + RemoveEntries?: RemovePrefixListEntry[]; /** - *The description to assign to the Traffic Mirror rule.
+ *The maximum number of entries for the prefix list. You cannot modify the entries + * of a prefix list and modify the size of a prefix list at the same time.
+ *If any of the resources that reference the prefix list cannot support the new + * maximum size, the modify operation fails. Check the state message for the IDs of + * the first ten resources that do not support the new maximum size.
*/ - Description?: string; + MaxEntries?: number; +} +export namespace ModifyManagedPrefixListRequest { /** - *The properties that you want to remove from the Traffic Mirror filter rule.
- *When you remove a property from a Traffic Mirror filter rule, the property is set to the default.
+ * @internal */ - RemoveFields?: (TrafficMirrorFilterRuleField | string)[]; + export const filterSensitiveLog = (obj: ModifyManagedPrefixListRequest): any => ({ + ...obj, + }); +} +export interface ModifyManagedPrefixListResult { /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
Information about the prefix list.
*/ - DryRun?: boolean; + PrefixList?: ManagedPrefixList; } -export namespace ModifyTrafficMirrorFilterRuleRequest { +export namespace ModifyManagedPrefixListResult { /** * @internal */ - export const filterSensitiveLog = (obj: ModifyTrafficMirrorFilterRuleRequest): any => ({ + export const filterSensitiveLog = (obj: ModifyManagedPrefixListResult): any => ({ ...obj, }); } -export interface ModifyTrafficMirrorFilterRuleResult { +/** + *Describes an attachment change.
+ */ +export interface NetworkInterfaceAttachmentChanges { /** - *Modifies a Traffic Mirror rule.
+ *The ID of the network interface attachment.
*/ - TrafficMirrorFilterRule?: TrafficMirrorFilterRule; + AttachmentId?: string; + + /** + *Indicates whether the network interface is deleted when the instance is terminated.
+ */ + DeleteOnTermination?: boolean; } -export namespace ModifyTrafficMirrorFilterRuleResult { +export namespace NetworkInterfaceAttachmentChanges { /** * @internal */ - export const filterSensitiveLog = (obj: ModifyTrafficMirrorFilterRuleResult): any => ({ + export const filterSensitiveLog = (obj: NetworkInterfaceAttachmentChanges): any => ({ ...obj, }); } -export type TrafficMirrorSessionField = "description" | "packet-length" | "virtual-network-id"; +/** + *Contains the parameters for ModifyNetworkInterfaceAttribute.
+ */ +export interface ModifyNetworkInterfaceAttributeRequest { + /** + *Information about the interface attachment. If modifying the 'delete on termination' attribute, you must specify the ID of the interface attachment.
+ */ + Attachment?: NetworkInterfaceAttachmentChanges; -export interface ModifyTrafficMirrorSessionRequest { /** - *The ID of the Traffic Mirror session.
+ *A description for the network interface.
*/ - TrafficMirrorSessionId: string | undefined; + Description?: AttributeValue; /** - *The Traffic Mirror target. The target must be in the same VPC as the source, or have a VPC peering connection with the source.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The ID of the Traffic Mirror filter.
+ *Changes the security groups for the network interface. The new set of groups you specify replaces the current set. You must specify at least one group, even if it's just the default security group in the VPC. You must specify the ID of the security group, not the name.
*/ - TrafficMirrorFilterId?: string; + Groups?: string[]; /** - *The number of bytes in each packet to mirror. These are bytes after the VXLAN header. To mirror a subset, set this to the length (in bytes) to mirror. For example, if you set this value to 100, then the first 100 bytes that meet the filter criteria are copied to the target. Do not specify this parameter when you want to mirror the entire packet.
+ *The ID of the network interface.
*/ - PacketLength?: number; + NetworkInterfaceId: string | undefined; /** - *The session number determines the order in which sessions are evaluated when an interface is used by multiple sessions. The first session with a matching filter is the one that mirrors the packets.
- *Valid values are 1-32766.
+ *Enable or disable source/destination checks, which ensure that the instance
+ * is either the source or the destination of any traffic that it receives.
+ * If the value is true
, source/destination checks are enabled;
+ * otherwise, they are disabled. The default value is true
.
+ * You must disable source/destination checks if the instance runs services
+ * such as network address translation, routing, or firewalls.
The virtual network ID of the Traffic Mirror session.
+ * @internal */ - VirtualNetworkId?: number; + export const filterSensitiveLog = (obj: ModifyNetworkInterfaceAttributeRequest): any => ({ + ...obj, + }); +} +/** + *Contains the parameters for ModifyReservedInstances.
+ */ +export interface ModifyReservedInstancesRequest { /** - *The description to assign to the Traffic Mirror session.
+ *The IDs of the Reserved Instances to modify.
*/ - Description?: string; + ReservedInstancesIds: string[] | undefined; /** - *The properties that you want to remove from the Traffic Mirror session.
- *When you remove a property from a Traffic Mirror session, the property is set to the default.
+ *A unique, case-sensitive token you provide to ensure idempotency of your modification request. For more information, see + * Ensuring Idempotency.
*/ - RemoveFields?: (TrafficMirrorSessionField | string)[]; + ClientToken?: string; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The configuration settings for the Reserved Instances to modify.
*/ - DryRun?: boolean; + TargetConfigurations: ReservedInstancesConfiguration[] | undefined; } -export namespace ModifyTrafficMirrorSessionRequest { +export namespace ModifyReservedInstancesRequest { /** * @internal */ - export const filterSensitiveLog = (obj: ModifyTrafficMirrorSessionRequest): any => ({ + export const filterSensitiveLog = (obj: ModifyReservedInstancesRequest): any => ({ ...obj, }); } -export interface ModifyTrafficMirrorSessionResult { +/** + *Contains the output of ModifyReservedInstances.
+ */ +export interface ModifyReservedInstancesResult { /** - *Information about the Traffic Mirror session.
+ *The ID for the modification.
*/ - TrafficMirrorSession?: TrafficMirrorSession; + ReservedInstancesModificationId?: string; } -export namespace ModifyTrafficMirrorSessionResult { +export namespace ModifyReservedInstancesResult { /** * @internal */ - export const filterSensitiveLog = (obj: ModifyTrafficMirrorSessionResult): any => ({ + export const filterSensitiveLog = (obj: ModifyReservedInstancesResult): any => ({ ...obj, }); } /** - *The transit gateway options.
+ *Describes a security group rule.
+ *You must specify exactly one of the following parameters, based on the rule type:
+ *CidrIpv4
+ *CidrIpv6
+ *PrefixListId
+ *ReferencedGroupId
+ *When you modify a rule, you cannot change the rule type. For example, if the rule
+ * uses an IPv4 address range, you must use CidrIpv4
to specify a new IPv4
+ * address range.
Adds IPv4 or IPv6 CIDR blocks for the transit gateway. Must be a size /24 CIDR block or larger for IPv4, or a size /64 CIDR block or larger for IPv6.
- */ - AddTransitGatewayCidrBlocks?: string[]; - +export interface SecurityGroupRuleRequest { /** - *Removes CIDR blocks for the transit gateway.
+ *The IP protocol name (tcp
, udp
, icmp
,
+ * icmpv6
) or number (see Protocol Numbers).
Use -1
to specify all protocols.
Enable or disable Equal Cost Multipath Protocol support.
+ *The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.
*/ - VpnEcmpSupport?: VpnEcmpSupportValue | string; + FromPort?: number; /** - *Enable or disable DNS support.
+ *The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1
indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 types, you must specify all codes.
Enable or disable automatic acceptance of attachment requests.
+ *The IPv4 CIDR range. To specify a single IPv4 address, use the /32 prefix length.
*/ - AutoAcceptSharedAttachments?: AutoAcceptSharedAttachmentsValue | string; + CidrIpv4?: string; /** - *Enable or disable automatic association with the default association route table.
+ *The IPv6 CIDR range. To specify a single IPv6 address, use the /128 prefix length.
*/ - DefaultRouteTableAssociation?: DefaultRouteTableAssociationValue | string; + CidrIpv6?: string; /** - *The ID of the default association route table.
+ *The ID of the prefix list.
*/ - AssociationDefaultRouteTableId?: string; + PrefixListId?: string; /** - *Enable or disable automatic propagation of routes to the default propagation route table.
+ *The ID of the security group that is referenced in the security group rule.
*/ - DefaultRouteTablePropagation?: DefaultRouteTablePropagationValue | string; + ReferencedGroupId?: string; /** - *The ID of the default propagation route table.
+ *The description of the security group rule.
*/ - PropagationDefaultRouteTableId?: string; + Description?: string; } -export namespace ModifyTransitGatewayOptions { +export namespace SecurityGroupRuleRequest { /** * @internal */ - export const filterSensitiveLog = (obj: ModifyTransitGatewayOptions): any => ({ + export const filterSensitiveLog = (obj: SecurityGroupRuleRequest): any => ({ ...obj, }); } -export interface ModifyTransitGatewayRequest { +/** + *Describes an update to a security group rule.
+ */ +export interface SecurityGroupRuleUpdate { + /** + *The ID of the security group rule.
+ */ + SecurityGroupRuleId?: string; + + /** + *Information about the security group rule.
+ */ + SecurityGroupRule?: SecurityGroupRuleRequest; +} + +export namespace SecurityGroupRuleUpdate { /** - *The ID of the transit gateway.
+ * @internal */ - TransitGatewayId: string | undefined; + export const filterSensitiveLog = (obj: SecurityGroupRuleUpdate): any => ({ + ...obj, + }); +} +export interface ModifySecurityGroupRulesRequest { /** - *The description for the transit gateway.
+ *The ID of the security group.
*/ - Description?: string; + GroupId: string | undefined; /** - *The options to modify.
+ *Information about the security group properties to update.
*/ - Options?: ModifyTransitGatewayOptions; + SecurityGroupRules: SecurityGroupRuleUpdate[] | undefined; /** *Checks whether you have the required permissions for the action, without actually making the request, @@ -9043,290 +9264,231 @@ export interface ModifyTransitGatewayRequest { DryRun?: boolean; } -export namespace ModifyTransitGatewayRequest { +export namespace ModifySecurityGroupRulesRequest { /** * @internal */ - export const filterSensitiveLog = (obj: ModifyTransitGatewayRequest): any => ({ + export const filterSensitiveLog = (obj: ModifySecurityGroupRulesRequest): any => ({ ...obj, }); } -export interface ModifyTransitGatewayResult { +export interface ModifySecurityGroupRulesResult { /** - *
Describes a transit gateway.
+ *Returns true
if the request succeeds; otherwise, returns an error.
The ID of the transit gateway route table.
- */ - TransitGatewayRouteTableId: string | undefined; - +/** + *Describes modifications to the list of create volume permissions for a volume.
+ */ +export interface CreateVolumePermissionModifications { /** - *The ID of the prefix list.
+ *Adds the specified Amazon Web Services account ID or group to the list.
*/ - PrefixListId: string | undefined; + Add?: CreateVolumePermission[]; /** - *The ID of the attachment to which traffic is routed.
+ *Removes the specified Amazon Web Services account ID or group from the list.
*/ - TransitGatewayAttachmentId?: string; + Remove?: CreateVolumePermission[]; +} +export namespace CreateVolumePermissionModifications { /** - *Indicates whether to drop traffic that matches this route.
+ * @internal */ - Blackhole?: boolean; + export const filterSensitiveLog = (obj: CreateVolumePermissionModifications): any => ({ + ...obj, + }); +} +export interface ModifySnapshotAttributeRequest { /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The snapshot attribute to modify. Only volume creation permissions can be modified.
*/ - DryRun?: boolean; -} + Attribute?: SnapshotAttributeName | string; -export namespace ModifyTransitGatewayPrefixListReferenceRequest { /** - * @internal + *A JSON representation of the snapshot attribute modification.
*/ - export const filterSensitiveLog = (obj: ModifyTransitGatewayPrefixListReferenceRequest): any => ({ - ...obj, - }); -} + CreateVolumePermission?: CreateVolumePermissionModifications; -export interface ModifyTransitGatewayPrefixListReferenceResult { /** - *Information about the prefix list reference.
+ *The group to modify for the snapshot.
*/ - TransitGatewayPrefixListReference?: TransitGatewayPrefixListReference; -} + GroupNames?: string[]; -export namespace ModifyTransitGatewayPrefixListReferenceResult { /** - * @internal + *The type of operation to perform to the attribute.
*/ - export const filterSensitiveLog = (obj: ModifyTransitGatewayPrefixListReferenceResult): any => ({ - ...obj, - }); -} + OperationType?: OperationType | string; -/** - *Describes the options for a VPC attachment.
- */ -export interface ModifyTransitGatewayVpcAttachmentRequestOptions { /** - *Enable or disable DNS support. The default is enable
.
The ID of the snapshot.
*/ - DnsSupport?: DnsSupportValue | string; + SnapshotId: string | undefined; /** - *Enable or disable IPv6 support. The default is enable
.
The account ID to modify for the snapshot.
*/ - Ipv6Support?: Ipv6SupportValue | string; + UserIds?: string[]; /** - *Enable or disable support for appliance mode. If enabled, a traffic flow between a source and destination uses the same Availability Zone for the VPC attachment for the lifetime of that flow. The default is disable
.
Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Contains the parameters for ModifySpotFleetRequest.
+ */ +export interface ModifySpotFleetRequestRequest { /** - *The ID of the attachment.
+ *Indicates whether running Spot Instances should be terminated if the target capacity + * of the Spot Fleet request is decreased below the current size of the Spot Fleet.
*/ - TransitGatewayAttachmentId: string | undefined; + ExcessCapacityTerminationPolicy?: ExcessCapacityTerminationPolicy | string; /** - *The IDs of one or more subnets to add. You can specify at most one subnet per Availability Zone.
+ *The launch template and overrides. You can only use this parameter if you specified a
+ * launch template (LaunchTemplateConfigs
) in your Spot Fleet request. If you
+ * specified LaunchSpecifications
in your Spot Fleet request, then omit this
+ * parameter.
The IDs of one or more subnets to remove.
+ *The ID of the Spot Fleet request.
*/ - RemoveSubnetIds?: string[]; + SpotFleetRequestId: string | undefined; /** - *The new VPC attachment options.
+ *The size of the fleet.
*/ - Options?: ModifyTransitGatewayVpcAttachmentRequestOptions; + TargetCapacity?: number; /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The number of On-Demand Instances in the fleet.
*/ - DryRun?: boolean; + OnDemandTargetCapacity?: number; + + /** + *Reserved.
+ */ + Context?: string; } -export namespace ModifyTransitGatewayVpcAttachmentRequest { +export namespace ModifySpotFleetRequestRequest { /** * @internal */ - export const filterSensitiveLog = (obj: ModifyTransitGatewayVpcAttachmentRequest): any => ({ + export const filterSensitiveLog = (obj: ModifySpotFleetRequestRequest): any => ({ ...obj, }); } -export interface ModifyTransitGatewayVpcAttachmentResult { +/** + *Contains the output of ModifySpotFleetRequest.
+ */ +export interface ModifySpotFleetRequestResponse { /** - *Information about the modified attachment.
+ *Is true
if the request succeeds, and an error otherwise.
Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The ID of the volume.
- */ - VolumeId: string | undefined; - +export interface ModifySubnetAttributeRequest { /** - *The target size of the volume, in GiB. The target volume size must be greater than or - * equal to the existing size of the volume.
- *The following are the supported volumes sizes for each volume type:
- *
- * gp2
and gp3
: 1-16,384
- * io1
and io2
: 4-16,384
- * st1
and sc1
: 125-16,384
- * standard
: 1-1,024
Default: The existing size is retained.
+ *Specify true
to indicate that network interfaces created in the
+ * specified subnet should be assigned an IPv6 address. This includes a network interface
+ * that's created when launching an instance into the subnet (the instance therefore
+ * receives an IPv6 address).
If you enable the IPv6 addressing feature for your subnet, your network interface
+ * or instance only receives an IPv6 address if it's created using version
+ * 2016-11-15
or later of the Amazon EC2 API.
The target EBS volume type of the volume. For more information, see Amazon EBS volume types in the Amazon Elastic Compute Cloud User Guide.
- *Default: The existing type is retained.
+ *Specify true
to indicate that network interfaces attached to instances created in the
+ * specified subnet should be assigned a public IPv4 address.
The target IOPS rate of the volume. This parameter is valid only for gp3
, io1
, and io2
volumes.
The following are the supported values for each volume type:
- *
- * gp3
: 3,000-16,000 IOPS
- * io1
: 100-64,000 IOPS
- * io2
: 100-64,000 IOPS
Default: The existing value is retained if you keep the same volume type. If you change
- * the volume type to io1
, io2
, or gp3
, the default is 3,000.
The ID of the subnet.
*/ - Iops?: number; + SubnetId: string | undefined; /** - *The target throughput of the volume, in MiB/s. This parameter is valid only for gp3
volumes.
- * The maximum value is 1,000.
Default: The existing value is retained if the source and target volume type is gp3
.
- * Otherwise, the default value is 125.
Valid Range: Minimum value of 125. Maximum value of 1000.
+ *Specify true
to indicate that network interfaces attached to instances created in the
+ * specified subnet should be assigned a customer-owned IPv4 address.
When this value is true
, you must specify the customer-owned IP pool using CustomerOwnedIpv4Pool
.
Specifies whether to enable Amazon EBS Multi-Attach. If you enable Multi-Attach, you can attach the
- * volume to up to 16
- * Nitro-based instances in the same Availability Zone. This parameter is
- * supported with io1
and io2
volumes only. For more information, see
- *
- * Amazon EBS Multi-Attach in the Amazon Elastic Compute Cloud User Guide.
The customer-owned IPv4 address pool associated with the subnet.
+ *You must set this value when you specify true
for MapCustomerOwnedIpOnLaunch
.
Information about the volume modification.
- */ - VolumeModification?: VolumeModification; -} - -export namespace ModifyVolumeResult { +export interface ModifyTrafficMirrorFilterNetworkServicesRequest { /** - * @internal + *The ID of the Traffic Mirror filter.
*/ - export const filterSensitiveLog = (obj: ModifyVolumeResult): any => ({ - ...obj, - }); -} + TrafficMirrorFilterId: string | undefined; -export interface ModifyVolumeAttributeRequest { /** - *Indicates whether the volume should be auto-enabled for I/O operations.
+ *The network service, for example Amazon DNS, that you want to mirror.
*/ - AutoEnableIO?: AttributeBooleanValue; + AddNetworkServices?: (TrafficMirrorNetworkService | string)[]; /** - *The ID of the volume.
+ *The network service, for example Amazon DNS, that you no longer want to mirror.
*/ - VolumeId: string | undefined; + RemoveNetworkServices?: (TrafficMirrorNetworkService | string)[]; /** *Checks whether you have the required permissions for the action, without actually making the request, @@ -9336,183 +9498,182 @@ export interface ModifyVolumeAttributeRequest { DryRun?: boolean; } -export namespace ModifyVolumeAttributeRequest { +export namespace ModifyTrafficMirrorFilterNetworkServicesRequest { /** * @internal */ - export const filterSensitiveLog = (obj: ModifyVolumeAttributeRequest): any => ({ + export const filterSensitiveLog = (obj: ModifyTrafficMirrorFilterNetworkServicesRequest): any => ({ ...obj, }); } -export interface ModifyVpcAttributeRequest { - /** - *
Indicates whether the instances launched in the VPC get DNS hostnames. If enabled, instances in the VPC get DNS hostnames; otherwise, they do not.
- *You cannot modify the DNS resolution and DNS hostnames attributes in the same request. Use separate requests for each attribute. You can only enable DNS hostnames if you've enabled DNS support.
- */ - EnableDnsHostnames?: AttributeBooleanValue; - - /** - *Indicates whether the DNS resolution is supported for the VPC. If enabled, queries to - * the Amazon provided DNS server at the 169.254.169.253 IP address, or the reserved IP - * address at the base of the VPC network range "plus two" succeed. If disabled, the Amazon - * provided DNS service in the VPC that resolves public DNS hostnames to IP addresses is - * not enabled.
- *You cannot modify the DNS resolution and DNS hostnames attributes in the same request. Use separate requests for each attribute.
- */ - EnableDnsSupport?: AttributeBooleanValue; - +export interface ModifyTrafficMirrorFilterNetworkServicesResult { /** - *The ID of the VPC.
+ *The Traffic Mirror filter that the network service is associated with.
*/ - VpcId: string | undefined; + TrafficMirrorFilter?: TrafficMirrorFilter; } -export namespace ModifyVpcAttributeRequest { +export namespace ModifyTrafficMirrorFilterNetworkServicesResult { /** * @internal */ - export const filterSensitiveLog = (obj: ModifyVpcAttributeRequest): any => ({ + export const filterSensitiveLog = (obj: ModifyTrafficMirrorFilterNetworkServicesResult): any => ({ ...obj, }); } -/** - *Contains the parameters for ModifyVpcEndpoint.
- */ -export interface ModifyVpcEndpointRequest { +export type TrafficMirrorFilterRuleField = "description" | "destination-port-range" | "protocol" | "source-port-range"; + +export interface ModifyTrafficMirrorFilterRuleRequest { /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The ID of the Traffic Mirror rule.
*/ - DryRun?: boolean; + TrafficMirrorFilterRuleId: string | undefined; + + /** + *The type of traffic (ingress
| egress
) to assign to the rule.
The ID of the endpoint.
+ *The number of the Traffic Mirror rule. This number must be unique for each Traffic Mirror rule in a given + * direction. The rules are processed in ascending order by rule number.
*/ - VpcEndpointId: string | undefined; + RuleNumber?: number; /** - *(Gateway endpoint) Specify true
to reset the policy document to the
- * default policy. The default policy allows full access to the service.
The action to assign to the rule.
*/ - ResetPolicy?: boolean; + RuleAction?: TrafficMirrorRuleAction | string; /** - *(Interface and gateway endpoints) A policy to attach to the endpoint that controls access to the service. The policy must - * be in valid JSON format.
+ *The destination ports that are associated with the Traffic Mirror rule.
*/ - PolicyDocument?: string; + DestinationPortRange?: TrafficMirrorPortRangeRequest; /** - *(Gateway endpoint) One or more route tables IDs to associate with the endpoint.
+ *The port range to assign to the Traffic Mirror rule.
*/ - AddRouteTableIds?: string[]; + SourcePortRange?: TrafficMirrorPortRangeRequest; /** - *(Gateway endpoint) One or more route table IDs to disassociate from the endpoint.
+ *The protocol, for example TCP, to assign to the Traffic Mirror rule.
*/ - RemoveRouteTableIds?: string[]; + Protocol?: number; /** - *(Interface and Gateway Load Balancer endpoints) One or more subnet IDs in which to serve the endpoint. For a Gateway Load Balancer endpoint, you can specify only one subnet.
+ *The destination CIDR block to assign to the Traffic Mirror rule.
*/ - AddSubnetIds?: string[]; + DestinationCidrBlock?: string; /** - *(Interface endpoint) One or more subnets IDs in which to remove the endpoint.
+ *The source CIDR block to assign to the Traffic Mirror rule.
*/ - RemoveSubnetIds?: string[]; + SourceCidrBlock?: string; /** - *(Interface endpoint) One or more security group IDs to associate with the network interface.
+ *The description to assign to the Traffic Mirror rule.
*/ - AddSecurityGroupIds?: string[]; + Description?: string; /** - *(Interface endpoint) One or more security group IDs to disassociate from the network interface.
+ *The properties that you want to remove from the Traffic Mirror filter rule.
+ *When you remove a property from a Traffic Mirror filter rule, the property is set to the default.
*/ - RemoveSecurityGroupIds?: string[]; + RemoveFields?: (TrafficMirrorFilterRuleField | string)[]; /** - *(Interface endpoint) Indicates whether a private hosted zone is associated with the - * VPC.
+ *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Returns true
if the request succeeds; otherwise, it returns an error.
Modifies a Traffic Mirror rule.
*/ - Return?: boolean; + TrafficMirrorFilterRule?: TrafficMirrorFilterRule; } -export namespace ModifyVpcEndpointResult { +export namespace ModifyTrafficMirrorFilterRuleResult { /** * @internal */ - export const filterSensitiveLog = (obj: ModifyVpcEndpointResult): any => ({ + export const filterSensitiveLog = (obj: ModifyTrafficMirrorFilterRuleResult): any => ({ ...obj, }); } -export interface ModifyVpcEndpointConnectionNotificationRequest { +export type TrafficMirrorSessionField = "description" | "packet-length" | "virtual-network-id"; + +export interface ModifyTrafficMirrorSessionRequest { /** - *Checks whether you have the required permissions for the action, without actually making the request,
- * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
- * Otherwise, it is UnauthorizedOperation
.
The ID of the Traffic Mirror session.
*/ - DryRun?: boolean; + TrafficMirrorSessionId: string | undefined; /** - *The ID of the notification.
+ *The Traffic Mirror target. The target must be in the same VPC as the source, or have a VPC peering connection with the source.
+ */ + TrafficMirrorTargetId?: string; + + /** + *The ID of the Traffic Mirror filter.
*/ - ConnectionNotificationId: string | undefined; + TrafficMirrorFilterId?: string; /** - *The ARN for the SNS topic for the notification.
+ *The number of bytes in each packet to mirror. These are bytes after the VXLAN header. To mirror a subset, set this to the length (in bytes) to mirror. For example, if you set this value to 100, then the first 100 bytes that meet the filter criteria are copied to the target. Do not specify this parameter when you want to mirror the entire packet.
*/ - ConnectionNotificationArn?: string; + PacketLength?: number; /** - *One or more events for the endpoint. Valid values are Accept
,
- * Connect
, Delete
, and Reject
.
The session number determines the order in which sessions are evaluated when an interface is used by multiple sessions. The first session with a matching filter is the one that mirrors the packets.
+ *Valid values are 1-32766.
*/ - ConnectionEvents?: string[]; -} + SessionNumber?: number; -export namespace ModifyVpcEndpointConnectionNotificationRequest { /** - * @internal + *The virtual network ID of the Traffic Mirror session.
*/ - export const filterSensitiveLog = (obj: ModifyVpcEndpointConnectionNotificationRequest): any => ({ - ...obj, - }); -} + VirtualNetworkId?: number; -export interface ModifyVpcEndpointConnectionNotificationResult { /** - *Returns true
if the request succeeds; otherwise, it returns an error.
The description to assign to the Traffic Mirror session.
*/ - ReturnValue?: boolean; + Description?: string; + + /** + *The properties that you want to remove from the Traffic Mirror session.
+ *When you remove a property from a Traffic Mirror session, the property is set to the default.
+ */ + RemoveFields?: (TrafficMirrorSessionField | string)[]; + + /** + *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Information about the Traffic Mirror session.
+ */ + TrafficMirrorSession?: TrafficMirrorSession; +} + +export namespace ModifyTrafficMirrorSessionResult { + /** + * @internal + */ + export const filterSensitiveLog = (obj: ModifyTrafficMirrorSessionResult): any => ({ + ...obj, + }); +} + +/** + *The transit gateway options.
+ */ +export interface ModifyTransitGatewayOptions { + /** + *Adds IPv4 or IPv6 CIDR blocks for the transit gateway. Must be a size /24 CIDR block or larger for IPv4, or a size /64 CIDR block or larger for IPv6.
+ */ + AddTransitGatewayCidrBlocks?: string[]; + + /** + *Removes CIDR blocks for the transit gateway.
+ */ + RemoveTransitGatewayCidrBlocks?: string[]; + + /** + *Enable or disable Equal Cost Multipath Protocol support.
+ */ + VpnEcmpSupport?: VpnEcmpSupportValue | string; + + /** + *Enable or disable DNS support.
+ */ + DnsSupport?: DnsSupportValue | string; + + /** + *Enable or disable automatic acceptance of attachment requests.
+ */ + AutoAcceptSharedAttachments?: AutoAcceptSharedAttachmentsValue | string; + + /** + *Enable or disable automatic association with the default association route table.
+ */ + DefaultRouteTableAssociation?: DefaultRouteTableAssociationValue | string; + + /** + *The ID of the default association route table.
+ */ + AssociationDefaultRouteTableId?: string; + + /** + *Enable or disable automatic propagation of routes to the default propagation route table.
+ */ + DefaultRouteTablePropagation?: DefaultRouteTablePropagationValue | string; + + /** + *The ID of the default propagation route table.
+ */ + PropagationDefaultRouteTableId?: string; +} + +export namespace ModifyTransitGatewayOptions { + /** + * @internal + */ + export const filterSensitiveLog = (obj: ModifyTransitGatewayOptions): any => ({ + ...obj, + }); +} + +export interface ModifyTransitGatewayRequest { + /** + *The ID of the transit gateway.
+ */ + TransitGatewayId: string | undefined; + + /** + *The description for the transit gateway.
+ */ + Description?: string; + + /** + *The options to modify.
+ */ + Options?: ModifyTransitGatewayOptions; + + /** + *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Describes a transit gateway.
+ */ + TransitGateway?: TransitGateway; +} + +export namespace ModifyTransitGatewayResult { + /** + * @internal + */ + export const filterSensitiveLog = (obj: ModifyTransitGatewayResult): any => ({ + ...obj, + }); +} + +export interface ModifyTransitGatewayPrefixListReferenceRequest { + /** + *The ID of the transit gateway route table.
+ */ + TransitGatewayRouteTableId: string | undefined; + + /** + *The ID of the prefix list.
+ */ + PrefixListId: string | undefined; + + /** + *The ID of the attachment to which traffic is routed.
+ */ + TransitGatewayAttachmentId?: string; + + /** + *Indicates whether to drop traffic that matches this route.
+ */ + Blackhole?: boolean; + + /** + *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Information about the prefix list reference.
+ */ + TransitGatewayPrefixListReference?: TransitGatewayPrefixListReference; +} + +export namespace ModifyTransitGatewayPrefixListReferenceResult { + /** + * @internal + */ + export const filterSensitiveLog = (obj: ModifyTransitGatewayPrefixListReferenceResult): any => ({ + ...obj, + }); +} + +/** + *Describes the options for a VPC attachment.
+ */ +export interface ModifyTransitGatewayVpcAttachmentRequestOptions { + /** + *Enable or disable DNS support. The default is enable
.
Enable or disable IPv6 support. The default is enable
.
Enable or disable support for appliance mode. If enabled, a traffic flow between a source and destination uses the same Availability Zone for the VPC attachment for the lifetime of that flow. The default is disable
.
The ID of the attachment.
+ */ + TransitGatewayAttachmentId: string | undefined; + + /** + *The IDs of one or more subnets to add. You can specify at most one subnet per Availability Zone.
+ */ + AddSubnetIds?: string[]; + + /** + *The IDs of one or more subnets to remove.
+ */ + RemoveSubnetIds?: string[]; + + /** + *The new VPC attachment options.
+ */ + Options?: ModifyTransitGatewayVpcAttachmentRequestOptions; + + /** + *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Information about the modified attachment.
+ */ + TransitGatewayVpcAttachment?: TransitGatewayVpcAttachment; +} + +export namespace ModifyTransitGatewayVpcAttachmentResult { + /** + * @internal + */ + export const filterSensitiveLog = (obj: ModifyTransitGatewayVpcAttachmentResult): any => ({ + ...obj, + }); +} + +export interface ModifyVolumeRequest { + /** + *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The ID of the volume.
+ */ + VolumeId: string | undefined; + + /** + *The target size of the volume, in GiB. The target volume size must be greater than or + * equal to the existing size of the volume.
+ *The following are the supported volumes sizes for each volume type:
+ *
+ * gp2
and gp3
: 1-16,384
+ * io1
and io2
: 4-16,384
+ * st1
and sc1
: 125-16,384
+ * standard
: 1-1,024
Default: The existing size is retained.
+ */ + Size?: number; + + /** + *The target EBS volume type of the volume. For more information, see Amazon EBS volume types in the Amazon Elastic Compute Cloud User Guide.
+ *Default: The existing type is retained.
+ */ + VolumeType?: VolumeType | string; + + /** + *The target IOPS rate of the volume. This parameter is valid only for gp3
, io1
, and io2
volumes.
The following are the supported values for each volume type:
+ *
+ * gp3
: 3,000-16,000 IOPS
+ * io1
: 100-64,000 IOPS
+ * io2
: 100-64,000 IOPS
Default: The existing value is retained if you keep the same volume type. If you change
+ * the volume type to io1
, io2
, or gp3
, the default is 3,000.
The target throughput of the volume, in MiB/s. This parameter is valid only for gp3
volumes.
+ * The maximum value is 1,000.
Default: The existing value is retained if the source and target volume type is gp3
.
+ * Otherwise, the default value is 125.
Valid Range: Minimum value of 125. Maximum value of 1000.
+ */ + Throughput?: number; + + /** + *Specifies whether to enable Amazon EBS Multi-Attach. If you enable Multi-Attach, you can attach the
+ * volume to up to 16
+ * Nitro-based instances in the same Availability Zone. This parameter is
+ * supported with io1
and io2
volumes only. For more information, see
+ *
+ * Amazon EBS Multi-Attach in the Amazon Elastic Compute Cloud User Guide.
Information about the volume modification.
+ */ + VolumeModification?: VolumeModification; +} + +export namespace ModifyVolumeResult { + /** + * @internal + */ + export const filterSensitiveLog = (obj: ModifyVolumeResult): any => ({ + ...obj, + }); +} + +export interface ModifyVolumeAttributeRequest { + /** + *Indicates whether the volume should be auto-enabled for I/O operations.
+ */ + AutoEnableIO?: AttributeBooleanValue; + + /** + *The ID of the volume.
+ */ + VolumeId: string | undefined; + + /** + *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
Indicates whether the instances launched in the VPC get DNS hostnames. If enabled, instances in the VPC get DNS hostnames; otherwise, they do not.
+ *You cannot modify the DNS resolution and DNS hostnames attributes in the same request. Use separate requests for each attribute. You can only enable DNS hostnames if you've enabled DNS support.
+ */ + EnableDnsHostnames?: AttributeBooleanValue; + + /** + *Indicates whether the DNS resolution is supported for the VPC. If enabled, queries to + * the Amazon provided DNS server at the 169.254.169.253 IP address, or the reserved IP + * address at the base of the VPC network range "plus two" succeed. If disabled, the Amazon + * provided DNS service in the VPC that resolves public DNS hostnames to IP addresses is + * not enabled.
+ *You cannot modify the DNS resolution and DNS hostnames attributes in the same request. Use separate requests for each attribute.
+ */ + EnableDnsSupport?: AttributeBooleanValue; + + /** + *The ID of the VPC.
+ */ + VpcId: string | undefined; +} + +export namespace ModifyVpcAttributeRequest { + /** + * @internal + */ + export const filterSensitiveLog = (obj: ModifyVpcAttributeRequest): any => ({ + ...obj, + }); +} + +/** + *Contains the parameters for ModifyVpcEndpoint.
+ */ +export interface ModifyVpcEndpointRequest { + /** + *Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The ID of the endpoint.
+ */ + VpcEndpointId: string | undefined; + + /** + *(Gateway endpoint) Specify true
to reset the policy document to the
+ * default policy. The default policy allows full access to the service.
(Interface and gateway endpoints) A policy to attach to the endpoint that controls access to the service. The policy must + * be in valid JSON format.
+ */ + PolicyDocument?: string; + + /** + *(Gateway endpoint) One or more route tables IDs to associate with the endpoint.
+ */ + AddRouteTableIds?: string[]; + + /** + *(Gateway endpoint) One or more route table IDs to disassociate from the endpoint.
+ */ + RemoveRouteTableIds?: string[]; + + /** + *(Interface and Gateway Load Balancer endpoints) One or more subnet IDs in which to serve the endpoint. For a Gateway Load Balancer endpoint, you can specify only one subnet.
+ */ + AddSubnetIds?: string[]; + + /** + *(Interface endpoint) One or more subnets IDs in which to remove the endpoint.
+ */ + RemoveSubnetIds?: string[]; + + /** + *(Interface endpoint) One or more security group IDs to associate with the network interface.
+ */ + AddSecurityGroupIds?: string[]; + + /** + *(Interface endpoint) One or more security group IDs to disassociate from the network interface.
+ */ + RemoveSecurityGroupIds?: string[]; + + /** + *(Interface endpoint) Indicates whether a private hosted zone is associated with the + * VPC.
+ */ + PrivateDnsEnabled?: boolean; +} + +export namespace ModifyVpcEndpointRequest { + /** + * @internal + */ + export const filterSensitiveLog = (obj: ModifyVpcEndpointRequest): any => ({ + ...obj, + }); +} + +export interface ModifyVpcEndpointResult { + /** + *Returns true
if the request succeeds; otherwise, it returns an error.
Checks whether you have the required permissions for the action, without actually making the request,
+ * and provides an error response. If you have the required permissions, the error response is DryRunOperation
.
+ * Otherwise, it is UnauthorizedOperation
.
The ID of the notification.
+ */ + ConnectionNotificationId: string | undefined; + + /** + *The ARN for the SNS topic for the notification.
+ */ + ConnectionNotificationArn?: string; + + /** + *One or more events for the endpoint. Valid values are Accept
,
+ * Connect
, Delete
, and Reject
.
Returns true
if the request succeeds; otherwise, it returns an error.
Describes hints for the buffering to perform before delivering data to the
- * destination. These options are treated as hints, and therefore Kinesis Data Firehose might
- * choose to use different values when it is optimal. The SizeInMBs
and
- * IntervalInSeconds
parameters are optional. However, if specify a value for
- * one of them, you must also provide a value for the other.
Buffer incoming data to the specified size, in MiBs, before delivering it to the
- * destination. The default value is 5. This parameter is optional but if you specify a value
- * for it, you must also specify a value for IntervalInSeconds
, and vice
- * versa.
We recommend setting this parameter to a value greater than the amount of data you - * typically ingest into the delivery stream in 10 seconds. For example, if you typically - * ingest data at 1 MiB/sec, the value should be 10 MiB or higher.
- */ - SizeInMBs?: number; - - /** - *Buffer incoming data for the specified period of time, in seconds, before delivering
- * it to the destination. The default value is 300. This parameter is optional but if you
- * specify a value for it, you must also specify a value for SizeInMBs
, and vice
- * versa.
Another modification has already happened. Fetch VersionId
again and use
- * it to update the destination.
A message that provides information about the error.
- */ - message?: string; -} - -export namespace ConcurrentModificationException { - /** - * @internal - */ - export const filterSensitiveLog = (obj: ConcurrentModificationException): any => ({ - ...obj, - }); -} - -export enum ContentEncoding { - GZIP = "GZIP", - NONE = "NONE", -} - -/** - *Describes a COPY
command for Amazon Redshift.
The name of the target table. The table must already exist in the database.
- */ - DataTableName: string | undefined; - - /** - *A comma-separated list of column names.
- */ - DataTableColumns?: string; - - /** - *Optional parameters to use with the Amazon Redshift COPY
command. For
- * more information, see the "Optional Parameters" section of Amazon Redshift COPY command. Some possible
- * examples that would apply to Kinesis Data Firehose are as follows:
- * delimiter '\t' lzop;
- fields are delimited with "\t" (TAB character) and
- * compressed using lzop.
- * delimiter '|'
- fields are delimited with "|" (this is the default
- * delimiter).
- * delimiter '|' escape
- the delimiter should be escaped.
- * fixedwidth 'venueid:3,venuename:25,venuecity:12,venuestate:2,venueseats:6'
-
- * fields are fixed width in the source, with each width specified after every column in the
- * table.
- * JSON 's3://mybucket/jsonpaths.txt'
- data is in JSON format, and the path
- * specified is the format of the data.
For more examples, see Amazon Redshift COPY command - * examples.
- */ - CopyOptions?: string; -} - -export namespace CopyCommand { - /** - * @internal - */ - export const filterSensitiveLog = (obj: CopyCommand): any => ({ - ...obj, - }); -} - -export enum KeyType { - AWS_OWNED_CMK = "AWS_OWNED_CMK", - CUSTOMER_MANAGED_CMK = "CUSTOMER_MANAGED_CMK", -} - -/** - *Specifies the type and Amazon Resource Name (ARN) of the CMK to use for Server-Side - * Encryption (SSE).
- */ -export interface DeliveryStreamEncryptionConfigurationInput { - /** - *If you set KeyType
to CUSTOMER_MANAGED_CMK
, you must specify
- * the Amazon Resource Name (ARN) of the CMK. If you set KeyType
to
- * AWS_OWNED_CMK
, Kinesis Data Firehose uses a service-account CMK.
Indicates the type of customer master key (CMK) to use for encryption. The default
- * setting is AWS_OWNED_CMK
. For more information about CMKs, see Customer
- * Master Keys (CMKs). When you invoke CreateDeliveryStream or
- * StartDeliveryStreamEncryption with KeyType
set to
- * CUSTOMER_MANAGED_CMK, Kinesis Data Firehose invokes the Amazon KMS operation CreateGrant to create a grant that allows the Kinesis Data Firehose service to
- * use the customer managed CMK to perform encryption and decryption. Kinesis Data Firehose
- * manages that grant.
When you invoke StartDeliveryStreamEncryption to change the CMK for a - * delivery stream that is encrypted with a customer managed CMK, Kinesis Data Firehose - * schedules the grant it had on the old CMK for retirement.
- *You can use a CMK of type CUSTOMER_MANAGED_CMK to encrypt up to 500 delivery streams. If
- * a CreateDeliveryStream or StartDeliveryStreamEncryption
- * operation exceeds this limit, Kinesis Data Firehose throws a
- * LimitExceededException
.
To encrypt your delivery stream, use symmetric CMKs. Kinesis Data Firehose doesn't - * support asymmetric CMKs. For information about symmetric and asymmetric CMKs, see About - * Symmetric and Asymmetric CMKs in the AWS Key Management Service developer - * guide.
- *Describes the buffering to perform before delivering data to the Amazon ES - * destination.
- */ -export interface ElasticsearchBufferingHints { - /** - *Buffer incoming data for the specified period of time, in seconds, before delivering - * it to the destination. The default value is 300 (5 minutes).
- */ - IntervalInSeconds?: number; - - /** - *Buffer incoming data to the specified size, in MBs, before delivering it to the - * destination. The default value is 5.
- *We recommend setting this parameter to a value greater than the amount of data you - * typically ingest into the delivery stream in 10 seconds. For example, if you typically - * ingest data at 1 MB/sec, the value should be 10 MB or higher.
- */ - SizeInMBs?: number; -} - -export namespace ElasticsearchBufferingHints { - /** - * @internal - */ - export const filterSensitiveLog = (obj: ElasticsearchBufferingHints): any => ({ - ...obj, - }); +export enum AmazonopensearchserviceIndexRotationPeriod { + NoRotation = "NoRotation", + OneDay = "OneDay", + OneHour = "OneHour", + OneMonth = "OneMonth", + OneWeek = "OneWeek", } -export type ElasticsearchIndexRotationPeriod = "NoRotation" | "OneDay" | "OneHour" | "OneMonth" | "OneWeek"; - export enum ProcessorParameterName { BUFFER_INTERVAL_IN_SECONDS = "BufferIntervalInSeconds", BUFFER_SIZE_IN_MB = "BufferSizeInMBs", @@ -323,30 +140,68 @@ export namespace ProcessingConfiguration { }); } +export interface AmazonopensearchserviceRetryOptions { + DurationInSeconds?: number; +} + +export namespace AmazonopensearchserviceRetryOptions { + /** + * @internal + */ + export const filterSensitiveLog = (obj: AmazonopensearchserviceRetryOptions): any => ({ + ...obj, + }); +} + +export enum AmazonopensearchserviceS3BackupMode { + AllDocuments = "AllDocuments", + FailedDocumentsOnly = "FailedDocumentsOnly", +} + /** - *Configures retry behavior in case Kinesis Data Firehose is unable to deliver - * documents to Amazon ES.
+ *Describes hints for the buffering to perform before delivering data to the
+ * destination. These options are treated as hints, and therefore Kinesis Data Firehose might
+ * choose to use different values when it is optimal. The SizeInMBs
and
+ * IntervalInSeconds
parameters are optional. However, if specify a value for
+ * one of them, you must also provide a value for the other.
After an initial failure to deliver to Amazon ES, the total amount of time during - * which Kinesis Data Firehose retries delivery (including the first attempt). After this time - * has elapsed, the failed documents are written to Amazon S3. Default value is 300 seconds (5 - * minutes). A value of 0 (zero) results in no retries.
+ *Buffer incoming data to the specified size, in MiBs, before delivering it to the
+ * destination. The default value is 5. This parameter is optional but if you specify a value
+ * for it, you must also specify a value for IntervalInSeconds
, and vice
+ * versa.
We recommend setting this parameter to a value greater than the amount of data you + * typically ingest into the delivery stream in 10 seconds. For example, if you typically + * ingest data at 1 MiB/sec, the value should be 10 MiB or higher.
*/ - DurationInSeconds?: number; + SizeInMBs?: number; + + /** + *Buffer incoming data for the specified period of time, in seconds, before delivering
+ * it to the destination. The default value is 300. This parameter is optional but if you
+ * specify a value for it, you must also specify a value for SizeInMBs
, and vice
+ * versa.
Describes an encryption key for a destination in Amazon S3.
@@ -539,28 +394,561 @@ export interface VpcConfiguration { RoleARN: string | undefined; /** - *The IDs of the security groups that you want Kinesis Data Firehose to use when it - * creates ENIs in the VPC of the Amazon ES destination. You can use the same security group - * that the Amazon ES domain uses or different ones. If you specify different security groups - * here, ensure that they allow outbound HTTPS traffic to the Amazon ES domain's security - * group. Also ensure that the Amazon ES domain's security group allows HTTPS traffic from the - * security groups specified here. If you use the same security group for both your delivery - * stream and the Amazon ES domain, make sure the security group inbound rule allows HTTPS - * traffic. For more information about security group rules, see Security group - * rules in the Amazon VPC documentation.
+ *The IDs of the security groups that you want Kinesis Data Firehose to use when it + * creates ENIs in the VPC of the Amazon ES destination. You can use the same security group + * that the Amazon ES domain uses or different ones. If you specify different security groups + * here, ensure that they allow outbound HTTPS traffic to the Amazon ES domain's security + * group. Also ensure that the Amazon ES domain's security group allows HTTPS traffic from the + * security groups specified here. If you use the same security group for both your delivery + * stream and the Amazon ES domain, make sure the security group inbound rule allows HTTPS + * traffic. For more information about security group rules, see Security group + * rules in the Amazon VPC documentation.
+ */ + SecurityGroupIds: string[] | undefined; +} + +export namespace VpcConfiguration { + /** + * @internal + */ + export const filterSensitiveLog = (obj: VpcConfiguration): any => ({ + ...obj, + }); +} + +export interface AmazonopensearchserviceDestinationConfiguration { + RoleARN: string | undefined; + DomainARN?: string; + ClusterEndpoint?: string; + IndexName: string | undefined; + TypeName?: string; + IndexRotationPeriod?: AmazonopensearchserviceIndexRotationPeriod | string; + BufferingHints?: AmazonopensearchserviceBufferingHints; + RetryOptions?: AmazonopensearchserviceRetryOptions; + S3BackupMode?: AmazonopensearchserviceS3BackupMode | string; + /** + *Describes the configuration of a destination in Amazon S3.
+ */ + S3Configuration: S3DestinationConfiguration | undefined; + + /** + *Describes a data processing configuration.
+ */ + ProcessingConfiguration?: ProcessingConfiguration; + + /** + *Describes the Amazon CloudWatch logging options for your delivery stream.
+ */ + CloudWatchLoggingOptions?: CloudWatchLoggingOptions; + + /** + *The details of the VPC of the Amazon ES destination.
+ */ + VpcConfiguration?: VpcConfiguration; +} + +export namespace AmazonopensearchserviceDestinationConfiguration { + /** + * @internal + */ + export const filterSensitiveLog = (obj: AmazonopensearchserviceDestinationConfiguration): any => ({ + ...obj, + }); +} + +/** + *Describes a destination in Amazon S3.
+ */ +export interface S3DestinationDescription { + /** + *The Amazon Resource Name (ARN) of the AWS credentials. For more information, see + * Amazon + * Resource Names (ARNs) and AWS Service Namespaces.
+ */ + RoleARN: string | undefined; + + /** + *The ARN of the S3 bucket. For more information, see Amazon Resource Names (ARNs) and + * AWS Service Namespaces.
+ */ + BucketARN: string | undefined; + + /** + *The "YYYY/MM/DD/HH" time format prefix is automatically used for delivered Amazon S3 + * files. You can also specify a custom prefix, as described in Custom Prefixes for Amazon S3 + * Objects.
+ */ + Prefix?: string; + + /** + *A prefix that Kinesis Data Firehose evaluates and adds to failed records before writing + * them to S3. This prefix appears immediately following the bucket name. For information + * about how to specify this prefix, see Custom Prefixes for Amazon S3 + * Objects.
+ */ + ErrorOutputPrefix?: string; + + /** + *The buffering option. If no value is specified, BufferingHints
object
+ * default values are used.
The compression format. If no value is specified, the default is
+ * UNCOMPRESSED
.
The encryption configuration. If no value is specified, the default is no + * encryption.
+ */ + EncryptionConfiguration: EncryptionConfiguration | undefined; + + /** + *The Amazon CloudWatch logging options for your delivery stream.
+ */ + CloudWatchLoggingOptions?: CloudWatchLoggingOptions; +} + +export namespace S3DestinationDescription { + /** + * @internal + */ + export const filterSensitiveLog = (obj: S3DestinationDescription): any => ({ + ...obj, + }); +} + +/** + *The details of the VPC of the Amazon ES destination.
+ */ +export interface VpcConfigurationDescription { + /** + *The IDs of the subnets that Kinesis Data Firehose uses to create ENIs in the VPC of the + * Amazon ES destination. Make sure that the routing tables and inbound and outbound rules + * allow traffic to flow from the subnets whose IDs are specified here to the subnets that + * have the destination Amazon ES endpoints. Kinesis Data Firehose creates at least one ENI in + * each of the subnets that are specified here. Do not delete or modify these ENIs.
+ *The number of ENIs that Kinesis Data Firehose creates in the subnets specified here + * scales up and down automatically based on throughput. To enable Kinesis Data Firehose to + * scale up the number of ENIs to match throughput, ensure that you have sufficient quota. To + * help you calculate the quota you need, assume that Kinesis Data Firehose can create up to + * three ENIs for this delivery stream for each of the subnets specified here. For more + * information about ENI quota, see Network Interfaces + * in the Amazon VPC Quotas topic.
+ */ + SubnetIds: string[] | undefined; + + /** + *The ARN of the IAM role that the delivery stream uses to create endpoints in the + * destination VPC. You can use your existing Kinesis Data Firehose delivery role or you can + * specify a new role. In either case, make sure that the role trusts the Kinesis Data + * Firehose service principal and that it grants the following permissions:
+ *
+ * ec2:DescribeVpcs
+ *
+ * ec2:DescribeVpcAttribute
+ *
+ * ec2:DescribeSubnets
+ *
+ * ec2:DescribeSecurityGroups
+ *
+ * ec2:DescribeNetworkInterfaces
+ *
+ * ec2:CreateNetworkInterface
+ *
+ * ec2:CreateNetworkInterfacePermission
+ *
+ * ec2:DeleteNetworkInterface
+ *
If you revoke these permissions after you create the delivery stream, Kinesis Data + * Firehose can't scale out by creating more ENIs when necessary. You might therefore see a + * degradation in performance.
+ */ + RoleARN: string | undefined; + + /** + *The IDs of the security groups that Kinesis Data Firehose uses when it creates ENIs in + * the VPC of the Amazon ES destination. You can use the same security group that the Amazon + * ES domain uses or different ones. If you specify different security groups, ensure that + * they allow outbound HTTPS traffic to the Amazon ES domain's security group. Also ensure + * that the Amazon ES domain's security group allows HTTPS traffic from the security groups + * specified here. If you use the same security group for both your delivery stream and the + * Amazon ES domain, make sure the security group inbound rule allows HTTPS traffic. For more + * information about security group rules, see Security group + * rules in the Amazon VPC documentation.
+ */ + SecurityGroupIds: string[] | undefined; + + /** + *The ID of the Amazon ES destination's VPC.
+ */ + VpcId: string | undefined; +} + +export namespace VpcConfigurationDescription { + /** + * @internal + */ + export const filterSensitiveLog = (obj: VpcConfigurationDescription): any => ({ + ...obj, + }); +} + +export interface AmazonopensearchserviceDestinationDescription { + RoleARN?: string; + DomainARN?: string; + ClusterEndpoint?: string; + IndexName?: string; + TypeName?: string; + IndexRotationPeriod?: AmazonopensearchserviceIndexRotationPeriod | string; + BufferingHints?: AmazonopensearchserviceBufferingHints; + RetryOptions?: AmazonopensearchserviceRetryOptions; + S3BackupMode?: AmazonopensearchserviceS3BackupMode | string; + /** + *Describes a destination in Amazon S3.
+ */ + S3DestinationDescription?: S3DestinationDescription; + + /** + *Describes a data processing configuration.
+ */ + ProcessingConfiguration?: ProcessingConfiguration; + + /** + *Describes the Amazon CloudWatch logging options for your delivery stream.
+ */ + CloudWatchLoggingOptions?: CloudWatchLoggingOptions; + + /** + *The details of the VPC of the Amazon ES destination.
+ */ + VpcConfigurationDescription?: VpcConfigurationDescription; +} + +export namespace AmazonopensearchserviceDestinationDescription { + /** + * @internal + */ + export const filterSensitiveLog = (obj: AmazonopensearchserviceDestinationDescription): any => ({ + ...obj, + }); +} + +/** + *Describes an update for a destination in Amazon S3.
+ */ +export interface S3DestinationUpdate { + /** + *The Amazon Resource Name (ARN) of the AWS credentials. For more information, see + * Amazon + * Resource Names (ARNs) and AWS Service Namespaces.
+ */ + RoleARN?: string; + + /** + *The ARN of the S3 bucket. For more information, see Amazon Resource Names (ARNs) and + * AWS Service Namespaces.
+ */ + BucketARN?: string; + + /** + *The "YYYY/MM/DD/HH" time format prefix is automatically used for delivered Amazon S3 + * files. You can also specify a custom prefix, as described in Custom Prefixes for Amazon S3 + * Objects.
+ */ + Prefix?: string; + + /** + *A prefix that Kinesis Data Firehose evaluates and adds to failed records before writing + * them to S3. This prefix appears immediately following the bucket name. For information + * about how to specify this prefix, see Custom Prefixes for Amazon S3 + * Objects.
+ */ + ErrorOutputPrefix?: string; + + /** + *The buffering option. If no value is specified, BufferingHints
object
+ * default values are used.
The compression format. If no value is specified, the default is
+ * UNCOMPRESSED
.
The compression formats SNAPPY
or ZIP
cannot be specified
+ * for Amazon Redshift destinations because they are not supported by the Amazon Redshift
+ * COPY
operation that reads from the S3 bucket.
The encryption configuration. If no value is specified, the default is no + * encryption.
+ */ + EncryptionConfiguration?: EncryptionConfiguration; + + /** + *The CloudWatch logging options for your delivery stream.
+ */ + CloudWatchLoggingOptions?: CloudWatchLoggingOptions; +} + +export namespace S3DestinationUpdate { + /** + * @internal + */ + export const filterSensitiveLog = (obj: S3DestinationUpdate): any => ({ + ...obj, + }); +} + +export interface AmazonopensearchserviceDestinationUpdate { + RoleARN?: string; + DomainARN?: string; + ClusterEndpoint?: string; + IndexName?: string; + TypeName?: string; + IndexRotationPeriod?: AmazonopensearchserviceIndexRotationPeriod | string; + BufferingHints?: AmazonopensearchserviceBufferingHints; + RetryOptions?: AmazonopensearchserviceRetryOptions; + /** + *Describes an update for a destination in Amazon S3.
+ */ + S3Update?: S3DestinationUpdate; + + /** + *Describes a data processing configuration.
+ */ + ProcessingConfiguration?: ProcessingConfiguration; + + /** + *Describes the Amazon CloudWatch logging options for your delivery stream.
+ */ + CloudWatchLoggingOptions?: CloudWatchLoggingOptions; +} + +export namespace AmazonopensearchserviceDestinationUpdate { + /** + * @internal + */ + export const filterSensitiveLog = (obj: AmazonopensearchserviceDestinationUpdate): any => ({ + ...obj, + }); +} + +/** + *Another modification has already happened. Fetch VersionId
again and use
+ * it to update the destination.
A message that provides information about the error.
+ */ + message?: string; +} + +export namespace ConcurrentModificationException { + /** + * @internal + */ + export const filterSensitiveLog = (obj: ConcurrentModificationException): any => ({ + ...obj, + }); +} + +export enum ContentEncoding { + GZIP = "GZIP", + NONE = "NONE", +} + +/** + *Describes a COPY
command for Amazon Redshift.
The name of the target table. The table must already exist in the database.
+ */ + DataTableName: string | undefined; + + /** + *A comma-separated list of column names.
+ */ + DataTableColumns?: string; + + /** + *Optional parameters to use with the Amazon Redshift COPY
command. For
+ * more information, see the "Optional Parameters" section of Amazon Redshift COPY command. Some possible
+ * examples that would apply to Kinesis Data Firehose are as follows:
+ * delimiter '\t' lzop;
- fields are delimited with "\t" (TAB character) and
+ * compressed using lzop.
+ * delimiter '|'
- fields are delimited with "|" (this is the default
+ * delimiter).
+ * delimiter '|' escape
- the delimiter should be escaped.
+ * fixedwidth 'venueid:3,venuename:25,venuecity:12,venuestate:2,venueseats:6'
-
+ * fields are fixed width in the source, with each width specified after every column in the
+ * table.
+ * JSON 's3://mybucket/jsonpaths.txt'
- data is in JSON format, and the path
+ * specified is the format of the data.
For more examples, see Amazon Redshift COPY command + * examples.
+ */ + CopyOptions?: string; +} + +export namespace CopyCommand { + /** + * @internal + */ + export const filterSensitiveLog = (obj: CopyCommand): any => ({ + ...obj, + }); +} + +export enum KeyType { + AWS_OWNED_CMK = "AWS_OWNED_CMK", + CUSTOMER_MANAGED_CMK = "CUSTOMER_MANAGED_CMK", +} + +/** + *Specifies the type and Amazon Resource Name (ARN) of the CMK to use for Server-Side + * Encryption (SSE).
+ */ +export interface DeliveryStreamEncryptionConfigurationInput { + /** + *If you set KeyType
to CUSTOMER_MANAGED_CMK
, you must specify
+ * the Amazon Resource Name (ARN) of the CMK. If you set KeyType
to
+ * AWS_OWNED_CMK
, Kinesis Data Firehose uses a service-account CMK.
Indicates the type of customer master key (CMK) to use for encryption. The default
+ * setting is AWS_OWNED_CMK
. For more information about CMKs, see Customer
+ * Master Keys (CMKs). When you invoke CreateDeliveryStream or
+ * StartDeliveryStreamEncryption with KeyType
set to
+ * CUSTOMER_MANAGED_CMK, Kinesis Data Firehose invokes the Amazon KMS operation CreateGrant to create a grant that allows the Kinesis Data Firehose service to
+ * use the customer managed CMK to perform encryption and decryption. Kinesis Data Firehose
+ * manages that grant.
When you invoke StartDeliveryStreamEncryption to change the CMK for a + * delivery stream that is encrypted with a customer managed CMK, Kinesis Data Firehose + * schedules the grant it had on the old CMK for retirement.
+ *You can use a CMK of type CUSTOMER_MANAGED_CMK to encrypt up to 500 delivery streams. If
+ * a CreateDeliveryStream or StartDeliveryStreamEncryption
+ * operation exceeds this limit, Kinesis Data Firehose throws a
+ * LimitExceededException
.
To encrypt your delivery stream, use symmetric CMKs. Kinesis Data Firehose doesn't + * support asymmetric CMKs. For information about symmetric and asymmetric CMKs, see About + * Symmetric and Asymmetric CMKs in the AWS Key Management Service developer + * guide.
+ *Describes the buffering to perform before delivering data to the Amazon ES + * destination.
+ */ +export interface ElasticsearchBufferingHints { + /** + *Buffer incoming data for the specified period of time, in seconds, before delivering + * it to the destination. The default value is 300 (5 minutes).
+ */ + IntervalInSeconds?: number; + + /** + *Buffer incoming data to the specified size, in MBs, before delivering it to the + * destination. The default value is 5.
+ *We recommend setting this parameter to a value greater than the amount of data you + * typically ingest into the delivery stream in 10 seconds. For example, if you typically + * ingest data at 1 MB/sec, the value should be 10 MB or higher.
+ */ + SizeInMBs?: number; +} + +export namespace ElasticsearchBufferingHints { + /** + * @internal + */ + export const filterSensitiveLog = (obj: ElasticsearchBufferingHints): any => ({ + ...obj, + }); +} + +export type ElasticsearchIndexRotationPeriod = "NoRotation" | "OneDay" | "OneHour" | "OneMonth" | "OneWeek"; + +/** + *Configures retry behavior in case Kinesis Data Firehose is unable to deliver + * documents to Amazon ES.
+ */ +export interface ElasticsearchRetryOptions { + /** + *After an initial failure to deliver to Amazon ES, the total amount of time during + * which Kinesis Data Firehose retries delivery (including the first attempt). After this time + * has elapsed, the failed documents are written to Amazon S3. Default value is 300 seconds (5 + * minutes). A value of 0 (zero) results in no retries.
*/ - SecurityGroupIds: string[] | undefined; + DurationInSeconds?: number; } -export namespace VpcConfiguration { +export namespace ElasticsearchRetryOptions { /** * @internal */ - export const filterSensitiveLog = (obj: VpcConfiguration): any => ({ + export const filterSensitiveLog = (obj: ElasticsearchRetryOptions): any => ({ ...obj, }); } +export type ElasticsearchS3BackupMode = "AllDocuments" | "FailedDocumentsOnly"; + /** *Describes the configuration of a destination in Amazon ES.
*/ @@ -1815,6 +2203,7 @@ export interface CreateDeliveryStreamInput { */ ElasticsearchDestinationConfiguration?: ElasticsearchDestinationConfiguration; + AmazonopensearchserviceDestinationConfiguration?: AmazonopensearchserviceDestinationConfiguration; /** *The destination in Splunk. You can specify only one destination.
*/ @@ -2126,172 +2515,6 @@ export enum DeliveryStreamStatus { DELETING_FAILED = "DELETING_FAILED", } -/** - *Describes a destination in Amazon S3.
- */ -export interface S3DestinationDescription { - /** - *The Amazon Resource Name (ARN) of the AWS credentials. For more information, see - * Amazon - * Resource Names (ARNs) and AWS Service Namespaces.
- */ - RoleARN: string | undefined; - - /** - *The ARN of the S3 bucket. For more information, see Amazon Resource Names (ARNs) and - * AWS Service Namespaces.
- */ - BucketARN: string | undefined; - - /** - *The "YYYY/MM/DD/HH" time format prefix is automatically used for delivered Amazon S3 - * files. You can also specify a custom prefix, as described in Custom Prefixes for Amazon S3 - * Objects.
- */ - Prefix?: string; - - /** - *A prefix that Kinesis Data Firehose evaluates and adds to failed records before writing - * them to S3. This prefix appears immediately following the bucket name. For information - * about how to specify this prefix, see Custom Prefixes for Amazon S3 - * Objects.
- */ - ErrorOutputPrefix?: string; - - /** - *The buffering option. If no value is specified, BufferingHints
object
- * default values are used.
The compression format. If no value is specified, the default is
- * UNCOMPRESSED
.
The encryption configuration. If no value is specified, the default is no - * encryption.
- */ - EncryptionConfiguration: EncryptionConfiguration | undefined; - - /** - *The Amazon CloudWatch logging options for your delivery stream.
- */ - CloudWatchLoggingOptions?: CloudWatchLoggingOptions; -} - -export namespace S3DestinationDescription { - /** - * @internal - */ - export const filterSensitiveLog = (obj: S3DestinationDescription): any => ({ - ...obj, - }); -} - -/** - *The details of the VPC of the Amazon ES destination.
- */ -export interface VpcConfigurationDescription { - /** - *The IDs of the subnets that Kinesis Data Firehose uses to create ENIs in the VPC of the - * Amazon ES destination. Make sure that the routing tables and inbound and outbound rules - * allow traffic to flow from the subnets whose IDs are specified here to the subnets that - * have the destination Amazon ES endpoints. Kinesis Data Firehose creates at least one ENI in - * each of the subnets that are specified here. Do not delete or modify these ENIs.
- *The number of ENIs that Kinesis Data Firehose creates in the subnets specified here - * scales up and down automatically based on throughput. To enable Kinesis Data Firehose to - * scale up the number of ENIs to match throughput, ensure that you have sufficient quota. To - * help you calculate the quota you need, assume that Kinesis Data Firehose can create up to - * three ENIs for this delivery stream for each of the subnets specified here. For more - * information about ENI quota, see Network Interfaces - * in the Amazon VPC Quotas topic.
- */ - SubnetIds: string[] | undefined; - - /** - *The ARN of the IAM role that the delivery stream uses to create endpoints in the - * destination VPC. You can use your existing Kinesis Data Firehose delivery role or you can - * specify a new role. In either case, make sure that the role trusts the Kinesis Data - * Firehose service principal and that it grants the following permissions:
- *
- * ec2:DescribeVpcs
- *
- * ec2:DescribeVpcAttribute
- *
- * ec2:DescribeSubnets
- *
- * ec2:DescribeSecurityGroups
- *
- * ec2:DescribeNetworkInterfaces
- *
- * ec2:CreateNetworkInterface
- *
- * ec2:CreateNetworkInterfacePermission
- *
- * ec2:DeleteNetworkInterface
- *
If you revoke these permissions after you create the delivery stream, Kinesis Data - * Firehose can't scale out by creating more ENIs when necessary. You might therefore see a - * degradation in performance.
- */ - RoleARN: string | undefined; - - /** - *The IDs of the security groups that Kinesis Data Firehose uses when it creates ENIs in - * the VPC of the Amazon ES destination. You can use the same security group that the Amazon - * ES domain uses or different ones. If you specify different security groups, ensure that - * they allow outbound HTTPS traffic to the Amazon ES domain's security group. Also ensure - * that the Amazon ES domain's security group allows HTTPS traffic from the security groups - * specified here. If you use the same security group for both your delivery stream and the - * Amazon ES domain, make sure the security group inbound rule allows HTTPS traffic. For more - * information about security group rules, see Security group - * rules in the Amazon VPC documentation.
- */ - SecurityGroupIds: string[] | undefined; - - /** - *The ID of the Amazon ES destination's VPC.
- */ - VpcId: string | undefined; -} - -export namespace VpcConfigurationDescription { - /** - * @internal - */ - export const filterSensitiveLog = (obj: VpcConfigurationDescription): any => ({ - ...obj, - }); -} - /** *The destination description in Amazon ES.
*/ @@ -2740,6 +2963,7 @@ export interface DestinationDescription { */ ElasticsearchDestinationDescription?: ElasticsearchDestinationDescription; + AmazonopensearchserviceDestinationDescription?: AmazonopensearchserviceDestinationDescription; /** *The destination in Splunk.
*/ @@ -2973,74 +3197,6 @@ export namespace DescribeDeliveryStreamOutput { }); } -/** - *Describes an update for a destination in Amazon S3.
- */ -export interface S3DestinationUpdate { - /** - *The Amazon Resource Name (ARN) of the AWS credentials. For more information, see - * Amazon - * Resource Names (ARNs) and AWS Service Namespaces.
- */ - RoleARN?: string; - - /** - *The ARN of the S3 bucket. For more information, see Amazon Resource Names (ARNs) and - * AWS Service Namespaces.
- */ - BucketARN?: string; - - /** - *The "YYYY/MM/DD/HH" time format prefix is automatically used for delivered Amazon S3 - * files. You can also specify a custom prefix, as described in Custom Prefixes for Amazon S3 - * Objects.
- */ - Prefix?: string; - - /** - *A prefix that Kinesis Data Firehose evaluates and adds to failed records before writing - * them to S3. This prefix appears immediately following the bucket name. For information - * about how to specify this prefix, see Custom Prefixes for Amazon S3 - * Objects.
- */ - ErrorOutputPrefix?: string; - - /** - *The buffering option. If no value is specified, BufferingHints
object
- * default values are used.
The compression format. If no value is specified, the default is
- * UNCOMPRESSED
.
The compression formats SNAPPY
or ZIP
cannot be specified
- * for Amazon Redshift destinations because they are not supported by the Amazon Redshift
- * COPY
operation that reads from the S3 bucket.
The encryption configuration. If no value is specified, the default is no - * encryption.
- */ - EncryptionConfiguration?: EncryptionConfiguration; - - /** - *The CloudWatch logging options for your delivery stream.
- */ - CloudWatchLoggingOptions?: CloudWatchLoggingOptions; -} - -export namespace S3DestinationUpdate { - /** - * @internal - */ - export const filterSensitiveLog = (obj: S3DestinationUpdate): any => ({ - ...obj, - }); -} - /** *Describes an update for a destination in Amazon ES.
*/ @@ -3912,6 +4068,7 @@ export interface UpdateDestinationInput { */ ElasticsearchDestinationUpdate?: ElasticsearchDestinationUpdate; + AmazonopensearchserviceDestinationUpdate?: AmazonopensearchserviceDestinationUpdate; /** *Describes an update for a destination in Splunk.
*/ diff --git a/clients/client-firehose/src/protocols/Aws_json1_1.ts b/clients/client-firehose/src/protocols/Aws_json1_1.ts index 29d41ea25638..d00d360746e8 100644 --- a/clients/client-firehose/src/protocols/Aws_json1_1.ts +++ b/clients/client-firehose/src/protocols/Aws_json1_1.ts @@ -56,6 +56,11 @@ import { import { UpdateDestinationCommandInput, UpdateDestinationCommandOutput } from "../commands/UpdateDestinationCommand"; import { _Record, + AmazonopensearchserviceBufferingHints, + AmazonopensearchserviceDestinationConfiguration, + AmazonopensearchserviceDestinationDescription, + AmazonopensearchserviceDestinationUpdate, + AmazonopensearchserviceRetryOptions, BufferingHints, CloudWatchLoggingOptions, ConcurrentModificationException, @@ -1274,6 +1279,102 @@ const deserializeAws_json1_1ServiceUnavailableExceptionResponse = async ( return contents; }; +const serializeAws_json1_1AmazonopensearchserviceBufferingHints = ( + input: AmazonopensearchserviceBufferingHints, + context: __SerdeContext +): any => { + return { + ...(input.IntervalInSeconds !== undefined && + input.IntervalInSeconds !== null && { IntervalInSeconds: input.IntervalInSeconds }), + ...(input.SizeInMBs !== undefined && input.SizeInMBs !== null && { SizeInMBs: input.SizeInMBs }), + }; +}; + +const serializeAws_json1_1AmazonopensearchserviceDestinationConfiguration = ( + input: AmazonopensearchserviceDestinationConfiguration, + context: __SerdeContext +): any => { + return { + ...(input.BufferingHints !== undefined && + input.BufferingHints !== null && { + BufferingHints: serializeAws_json1_1AmazonopensearchserviceBufferingHints(input.BufferingHints, context), + }), + ...(input.CloudWatchLoggingOptions !== undefined && + input.CloudWatchLoggingOptions !== null && { + CloudWatchLoggingOptions: serializeAws_json1_1CloudWatchLoggingOptions(input.CloudWatchLoggingOptions, context), + }), + ...(input.ClusterEndpoint !== undefined && + input.ClusterEndpoint !== null && { ClusterEndpoint: input.ClusterEndpoint }), + ...(input.DomainARN !== undefined && input.DomainARN !== null && { DomainARN: input.DomainARN }), + ...(input.IndexName !== undefined && input.IndexName !== null && { IndexName: input.IndexName }), + ...(input.IndexRotationPeriod !== undefined && + input.IndexRotationPeriod !== null && { IndexRotationPeriod: input.IndexRotationPeriod }), + ...(input.ProcessingConfiguration !== undefined && + input.ProcessingConfiguration !== null && { + ProcessingConfiguration: serializeAws_json1_1ProcessingConfiguration(input.ProcessingConfiguration, context), + }), + ...(input.RetryOptions !== undefined && + input.RetryOptions !== null && { + RetryOptions: serializeAws_json1_1AmazonopensearchserviceRetryOptions(input.RetryOptions, context), + }), + ...(input.RoleARN !== undefined && input.RoleARN !== null && { RoleARN: input.RoleARN }), + ...(input.S3BackupMode !== undefined && input.S3BackupMode !== null && { S3BackupMode: input.S3BackupMode }), + ...(input.S3Configuration !== undefined && + input.S3Configuration !== null && { + S3Configuration: serializeAws_json1_1S3DestinationConfiguration(input.S3Configuration, context), + }), + ...(input.TypeName !== undefined && input.TypeName !== null && { TypeName: input.TypeName }), + ...(input.VpcConfiguration !== undefined && + input.VpcConfiguration !== null && { + VpcConfiguration: serializeAws_json1_1VpcConfiguration(input.VpcConfiguration, context), + }), + }; +}; + +const serializeAws_json1_1AmazonopensearchserviceDestinationUpdate = ( + input: AmazonopensearchserviceDestinationUpdate, + context: __SerdeContext +): any => { + return { + ...(input.BufferingHints !== undefined && + input.BufferingHints !== null && { + BufferingHints: serializeAws_json1_1AmazonopensearchserviceBufferingHints(input.BufferingHints, context), + }), + ...(input.CloudWatchLoggingOptions !== undefined && + input.CloudWatchLoggingOptions !== null && { + CloudWatchLoggingOptions: serializeAws_json1_1CloudWatchLoggingOptions(input.CloudWatchLoggingOptions, context), + }), + ...(input.ClusterEndpoint !== undefined && + input.ClusterEndpoint !== null && { ClusterEndpoint: input.ClusterEndpoint }), + ...(input.DomainARN !== undefined && input.DomainARN !== null && { DomainARN: input.DomainARN }), + ...(input.IndexName !== undefined && input.IndexName !== null && { IndexName: input.IndexName }), + ...(input.IndexRotationPeriod !== undefined && + input.IndexRotationPeriod !== null && { IndexRotationPeriod: input.IndexRotationPeriod }), + ...(input.ProcessingConfiguration !== undefined && + input.ProcessingConfiguration !== null && { + ProcessingConfiguration: serializeAws_json1_1ProcessingConfiguration(input.ProcessingConfiguration, context), + }), + ...(input.RetryOptions !== undefined && + input.RetryOptions !== null && { + RetryOptions: serializeAws_json1_1AmazonopensearchserviceRetryOptions(input.RetryOptions, context), + }), + ...(input.RoleARN !== undefined && input.RoleARN !== null && { RoleARN: input.RoleARN }), + ...(input.S3Update !== undefined && + input.S3Update !== null && { S3Update: serializeAws_json1_1S3DestinationUpdate(input.S3Update, context) }), + ...(input.TypeName !== undefined && input.TypeName !== null && { TypeName: input.TypeName }), + }; +}; + +const serializeAws_json1_1AmazonopensearchserviceRetryOptions = ( + input: AmazonopensearchserviceRetryOptions, + context: __SerdeContext +): any => { + return { + ...(input.DurationInSeconds !== undefined && + input.DurationInSeconds !== null && { DurationInSeconds: input.DurationInSeconds }), + }; +}; + const serializeAws_json1_1BufferingHints = (input: BufferingHints, context: __SerdeContext): any => { return { ...(input.IntervalInSeconds !== undefined && @@ -1322,6 +1423,14 @@ const serializeAws_json1_1CreateDeliveryStreamInput = ( context: __SerdeContext ): any => { return { + ...(input.AmazonopensearchserviceDestinationConfiguration !== undefined && + input.AmazonopensearchserviceDestinationConfiguration !== null && { + AmazonopensearchserviceDestinationConfiguration: + serializeAws_json1_1AmazonopensearchserviceDestinationConfiguration( + input.AmazonopensearchserviceDestinationConfiguration, + context + ), + }), ...(input.DeliveryStreamEncryptionConfigurationInput !== undefined && input.DeliveryStreamEncryptionConfigurationInput !== null && { DeliveryStreamEncryptionConfigurationInput: serializeAws_json1_1DeliveryStreamEncryptionConfigurationInput( @@ -2387,6 +2496,13 @@ const serializeAws_json1_1UntagDeliveryStreamInput = ( const serializeAws_json1_1UpdateDestinationInput = (input: UpdateDestinationInput, context: __SerdeContext): any => { return { + ...(input.AmazonopensearchserviceDestinationUpdate !== undefined && + input.AmazonopensearchserviceDestinationUpdate !== null && { + AmazonopensearchserviceDestinationUpdate: serializeAws_json1_1AmazonopensearchserviceDestinationUpdate( + input.AmazonopensearchserviceDestinationUpdate, + context + ), + }), ...(input.CurrentDeliveryStreamVersionId !== undefined && input.CurrentDeliveryStreamVersionId !== null && { CurrentDeliveryStreamVersionId: input.CurrentDeliveryStreamVersionId, @@ -2445,6 +2561,64 @@ const serializeAws_json1_1VpcConfiguration = (input: VpcConfiguration, context: }; }; +const deserializeAws_json1_1AmazonopensearchserviceBufferingHints = ( + output: any, + context: __SerdeContext +): AmazonopensearchserviceBufferingHints => { + return { + IntervalInSeconds: __expectInt32(output.IntervalInSeconds), + SizeInMBs: __expectInt32(output.SizeInMBs), + } as any; +}; + +const deserializeAws_json1_1AmazonopensearchserviceDestinationDescription = ( + output: any, + context: __SerdeContext +): AmazonopensearchserviceDestinationDescription => { + return { + BufferingHints: + output.BufferingHints !== undefined && output.BufferingHints !== null + ? deserializeAws_json1_1AmazonopensearchserviceBufferingHints(output.BufferingHints, context) + : undefined, + CloudWatchLoggingOptions: + output.CloudWatchLoggingOptions !== undefined && output.CloudWatchLoggingOptions !== null + ? deserializeAws_json1_1CloudWatchLoggingOptions(output.CloudWatchLoggingOptions, context) + : undefined, + ClusterEndpoint: __expectString(output.ClusterEndpoint), + DomainARN: __expectString(output.DomainARN), + IndexName: __expectString(output.IndexName), + IndexRotationPeriod: __expectString(output.IndexRotationPeriod), + ProcessingConfiguration: + output.ProcessingConfiguration !== undefined && output.ProcessingConfiguration !== null + ? deserializeAws_json1_1ProcessingConfiguration(output.ProcessingConfiguration, context) + : undefined, + RetryOptions: + output.RetryOptions !== undefined && output.RetryOptions !== null + ? deserializeAws_json1_1AmazonopensearchserviceRetryOptions(output.RetryOptions, context) + : undefined, + RoleARN: __expectString(output.RoleARN), + S3BackupMode: __expectString(output.S3BackupMode), + S3DestinationDescription: + output.S3DestinationDescription !== undefined && output.S3DestinationDescription !== null + ? deserializeAws_json1_1S3DestinationDescription(output.S3DestinationDescription, context) + : undefined, + TypeName: __expectString(output.TypeName), + VpcConfigurationDescription: + output.VpcConfigurationDescription !== undefined && output.VpcConfigurationDescription !== null + ? deserializeAws_json1_1VpcConfigurationDescription(output.VpcConfigurationDescription, context) + : undefined, + } as any; +}; + +const deserializeAws_json1_1AmazonopensearchserviceRetryOptions = ( + output: any, + context: __SerdeContext +): AmazonopensearchserviceRetryOptions => { + return { + DurationInSeconds: __expectInt32(output.DurationInSeconds), + } as any; +}; + const deserializeAws_json1_1BufferingHints = (output: any, context: __SerdeContext): BufferingHints => { return { IntervalInSeconds: __expectInt32(output.IntervalInSeconds), @@ -2627,6 +2801,14 @@ const deserializeAws_json1_1Deserializer = (output: any, context: __SerdeContext const deserializeAws_json1_1DestinationDescription = (output: any, context: __SerdeContext): DestinationDescription => { return { + AmazonopensearchserviceDestinationDescription: + output.AmazonopensearchserviceDestinationDescription !== undefined && + output.AmazonopensearchserviceDestinationDescription !== null + ? deserializeAws_json1_1AmazonopensearchserviceDestinationDescription( + output.AmazonopensearchserviceDestinationDescription, + context + ) + : undefined, DestinationId: __expectString(output.DestinationId), ElasticsearchDestinationDescription: output.ElasticsearchDestinationDescription !== undefined && output.ElasticsearchDestinationDescription !== null diff --git a/clients/client-fsx/src/models/models_0.ts b/clients/client-fsx/src/models/models_0.ts index 83c181e92c08..72ee5d84fc5e 100644 --- a/clients/client-fsx/src/models/models_0.ts +++ b/clients/client-fsx/src/models/models_0.ts @@ -818,7 +818,7 @@ export interface SelfManagedActiveDirectoryAttributes { UserName?: string; /** - *A list of up to two IP addresses of DNS servers or domain controllers in the + *
A list of up to three IP addresses of DNS servers or domain controllers in the * self-managed AD directory.
*/ DnsIps?: string[]; @@ -2635,7 +2635,7 @@ export namespace WindowsAuditLogCreateConfiguration { } /** - *The configuration that Amazon FSx uses to join a Amazon FSx for Windows File Server file system or an ONTAP storage virtual machine (SVM) to + *
The configuration that Amazon FSx uses to join a FSx for Windows File Server file system or an ONTAP storage virtual machine (SVM) to
* a self-managed (including on-premises) Microsoft Active Directory (AD)
* directory. For more information, see
*
@@ -2688,7 +2688,7 @@ export interface SelfManagedActiveDirectoryConfiguration {
Password: string | undefined;
/**
- * A list of up to two IP addresses of DNS servers or domain controllers in the
+ * A list of up to three IP addresses of DNS servers or domain controllers in the
* self-managed AD directory. The configuration that Amazon FSx uses to join a Amazon FSx for Windows File Server file system or an ONTAP storage virtual machine (SVM) to
+ * The configuration that Amazon FSx uses to join a FSx for Windows File Server file system or an ONTAP storage virtual machine (SVM) to
* a self-managed (including on-premises) Microsoft Active Directory (AD)
* directory. For more information, see
*
@@ -2980,6 +2980,23 @@ export interface CreateFileSystemRequest {
* The ONTAP configuration properties of the FSx for NetApp ONTAP file system that you are creating. Sets the version of the Amazon FSx for Lustre file system you're creating.
+ * Valid values are Set the value to Set the value to Default value is Sets the version for the Amazon FSx for Lustre file system you're creating from a backup.
+ * Valid values are You don't need to specify The configuration that Amazon FSx uses to join a Amazon FSx for Windows File Server file system or an ONTAP storage virtual machine (SVM) to
+ * The tags you assign to the connection. When true, specifies not returning the partition column schema. Useful when you are interested only in other partition attributes such as partition values or location. This approach avoids the problem of a large response by not returning duplicate data. Amazon Managed Grafana is a fully managed and secure data visualization service that you can use to
+instantly query, correlate, and visualize operational metrics, logs, and traces from multiple sources.
+Amazon Managed Grafana makes it easy to deploy, operate, and scale Grafana, a widely deployed data visualization tool
+that is popular for its extensible data support. With Amazon Managed Grafana, you create logically isolated Grafana servers called workspaces. In
+a workspace, you can create Grafana dashboards and visualizations to analyze your metrics, logs, and traces without having to
+build, package, or deploy any hardware to run Grafana servers. Amazon Managed Grafana is a fully managed and secure data visualization service that you can use to
+ * instantly query, correlate, and visualize operational metrics, logs, and traces from multiple sources.
+ * Amazon Managed Grafana makes it easy to deploy, operate, and scale Grafana, a widely deployed data visualization tool
+ * that is popular for its extensible data support. With Amazon Managed Grafana, you create logically isolated Grafana servers called workspaces. In
+ * a workspace, you can create Grafana dashboards and visualizations to analyze your metrics, logs, and traces without having to
+ * build, package, or deploy any hardware to run Grafana servers. Assigns a Grafana Enterprise license to a workspace. Upgrading to Grafana Enterprise
+ * incurs additional fees. For more information, see Upgrade a workspace to
+ * Grafana Enterprise. Creates a workspace. In a workspace, you can create Grafana
+ * dashboards and visualizations to analyze your metrics, logs, and traces. You don't have to
+ * build, package, or deploy any hardware to run the Grafana server. Don't use Deletes an Amazon Managed Grafana workspace. Displays information about one Amazon Managed Grafana workspace. Displays information about the authentication methods used in one Amazon Managed Grafana workspace. Removes the Grafana Enterprise license from a workspace. Lists the users and groups who have the Grafana Returns a list of Amazon Managed Grafana workspaces in the account, with some information
+ * about each workspace. For more complete information about one workspace, use DescribeWorkspace. Updates which users in a workspace have the Grafana Modifies an existing Amazon Managed Grafana workspace. If you use this operation and omit any
+ * optional parameters, the existing values of those parameters are not changed. To modify the user authentication methods that the workspace uses, such as SAML or Amazon Web Services SSO,
+ * use UpdateWorkspaceAuthentication. To modify which users in the workspace have the Use this operation to define the identity provider (IdP) that this workspace
+ * authenticates users from, using SAML. You can also map SAML assertion attributes to
+ * workspace user information and define which groups in the assertion attribute are to have
+ * the Amazon Managed Grafana is a fully managed and secure data visualization service that you can use to
+ * instantly query, correlate, and visualize operational metrics, logs, and traces from multiple sources.
+ * Amazon Managed Grafana makes it easy to deploy, operate, and scale Grafana, a widely deployed data visualization tool
+ * that is popular for its extensible data support. With Amazon Managed Grafana, you create logically isolated Grafana servers called workspaces. In
+ * a workspace, you can create Grafana dashboards and visualizations to analyze your metrics, logs, and traces without having to
+ * build, package, or deploy any hardware to run Grafana servers. Assigns a Grafana Enterprise license to a workspace. Upgrading to Grafana Enterprise
+ * incurs additional fees. For more information, see Upgrade a workspace to
+ * Grafana Enterprise. Creates a workspace. In a workspace, you can create Grafana
+ * dashboards and visualizations to analyze your metrics, logs, and traces. You don't have to
+ * build, package, or deploy any hardware to run the Grafana server. Don't use Deletes an Amazon Managed Grafana workspace. Displays information about the authentication methods used in one Amazon Managed Grafana workspace. Displays information about one Amazon Managed Grafana workspace. Removes the Grafana Enterprise license from a workspace. Lists the users and groups who have the Grafana Returns a list of Amazon Managed Grafana workspaces in the account, with some information
+ * about each workspace. For more complete information about one workspace, use DescribeWorkspace. Updates which users in a workspace have the Grafana Use this operation to define the identity provider (IdP) that this workspace
+ * authenticates users from, using SAML. You can also map SAML assertion attributes to
+ * workspace user information and define which groups in the assertion attribute are to have
+ * the Modifies an existing Amazon Managed Grafana workspace. If you use this operation and omit any
+ * optional parameters, the existing values of those parameters are not changed. To modify the user authentication methods that the workspace uses, such as SAML or Amazon Web Services SSO,
+ * use UpdateWorkspaceAuthentication. To modify which users in the workspace have the You do not have sufficient permissions to perform this action. A structure that defines which attributes in the IdP assertion are to be used to define
+ * information about the users authenticated by the IdP to use the workspace. The name of the attribute within the SAML assertion to use as the user full "friendly" names for SAML users. The name of the attribute within the SAML assertion to use as the login names for SAML users. The name of the attribute within the SAML assertion to use as the email names for SAML users. The name of the attribute within the SAML assertion to use as the user full "friendly" names for user groups. The name of the attribute within the SAML assertion to use as the user roles. The name of the attribute within the SAML assertion to use as the user full "friendly" names for the users' organizations. The ID of the workspace to associate the license with. The type of license to associate with the workspace. A structure that describes whether the workspace uses SAML, Amazon Web Services SSO, or both methods
+ * for user authentication, and whether that authentication is fully configured. Specifies whether the workspace uses SAML, Amazon Web Services SSO, or both methods for user
+ * authentication. Specifies whether the workplace's user authentication method is fully configured. A structure containing information about an Amazon Managed Grafana workspace in your account. Specifies whether the workspace can access Amazon Web Services resources in this Amazon Web Services account only, or whether it can also access Amazon Web Services resources in
+ * other accounts in the same organization. If this is The date that the workspace was created. Specifies the Amazon Web Services data sources that have been configured to have IAM
+ * roles and permissions created to allow
+ * Amazon Managed Grafana to read data from these sources. The user-defined description of the workspace. The URL that users can use to access the Grafana console in the workspace. The version of Grafana supported in this workspace. The unique ID of this workspace. The most recent date that the workspace was modified. The name of the workspace. The name of the IAM role that is used to access resources through Organizations. The Amazon Web Services notification channels that Amazon Managed Grafana can automatically create IAM
+ * roles and permissions for, to allow
+ * Amazon Managed Grafana to use these channels. Specifies the organizational units that this workspace is allowed to use data sources
+ * from, if this workspace is in an account that is part of an organization. If this is If this is For more information, see Amazon Managed Grafana permissions and policies for
+ * Amazon Web Services data sources and notification channels
+ * The name of the CloudFormation stack set that is used to generate IAM roles
+ * to be used for this workspace. The current status of the workspace. The IAM role that grants permissions to the Amazon Web Services resources that the
+ * workspace will view data from. This role must already exist. Specifies whether this workspace has a full Grafana Enterprise license or a free trial license. Specifies whether this workspace has already fully used its free trial for Grafana Enterprise. If this workspace has a full Grafana Enterprise license, this specifies when the license ends and
+ * will need to be renewed. If this workspace is currently in the free trial period for Grafana Enterprise, this value specifies
+ * when that free trial ends. A structure that describes whether the workspace uses SAML, Amazon Web Services SSO, or both methods
+ * for user authentication. A structure containing data about the workspace. Unexpected error while processing the request. Retry the request. A description of the error. How long to wait before you retry this operation. The request references a resource that does not exist. The value of a parameter in the request caused an error. The ID of the resource that is associated with the error. The type of the resource that is associated with the error. The request was denied because of request throttling. Retry the request. A description of the error. The ID of the service that is associated with the error. The ID of the service quota that was exceeded. The value of a parameter in the request caused an error. A structure that contains information about a request parameter that caused an error. The name of the field that caused the validation error. A message describing why this field couldn't be validated. The value of a parameter in the request caused an error. A description of the error. The reason that the operation failed. A list of fields that might be associated with the error. The ID of the workspace to return authentication information about. A structure containing information about how this workspace works with
+ * Amazon Web Services SSO. The ID of the Amazon Web Services SSO-managed application that is created by Amazon Managed Grafana. A structure containing the identity provider (IdP) metadata used to integrate the
+ * identity provider with this workspace. You can specify the metadata either by providing a
+ * URL to its location in the The URL of the location containing the metadata. The actual full metadata file, in XML format. This structure defines which groups defined in the SAML assertion attribute are to be mapped
+ * to the Grafana A list of groups from the SAML assertion attribute to grant the Grafana
+ * A list of groups from the SAML assertion attribute to grant the Grafana
+ * A structure containing information about how this workspace works with
+ * SAML. A structure containing the identity provider (IdP) metadata used to integrate the
+ * identity provider with this workspace. A structure that defines which attributes in the SAML assertion are to be used to define information about
+ * the users authenticated by that IdP to use the workspace. A structure containing arrays that map group names in the SAML assertion to the
+ * Grafana Lists which organizations defined in the SAML assertion are allowed to use the Amazon Managed Grafana workspace.
+ * If this is empty, all organizations in the assertion attribute have access. How long a sign-on session by a SAML user is valid, before the user has to sign on
+ * again. A structure containing information about how this workspace works with
+ * SAML. Specifies whether the workspace's SAML configuration is complete. A structure containing details about how this workspace works with
+ * SAML. A structure containing information about the user authentication methods used by the workspace. Specifies whether this workspace uses Amazon Web Services SSO, SAML, or both methods to authenticate
+ * users to use the Grafana console in the Amazon Managed Grafana workspace. A structure containing information about how this workspace works with
+ * SAML, including what attributes within the assertion are to be mapped to user information in the workspace. A structure containing information about how this workspace works with
+ * Amazon Web Services SSO. A structure containing information about the authentication methods used in
+ * the workspace. A resource was in an inconsistent state during an update or a deletion. A description of the error. The ID of the resource that is associated with the error. The type of the resource that is associated with the error. The ID of the workspace to update the authentication for. Specifies whether this workspace uses SAML 2.0, Amazon Web Services Single Sign On, or both to authenticate
+ * users for using the Grafana console within a workspace. For more information,
+ * see User authentication in
+ * Amazon Managed Grafana. If the workspace uses SAML, use this structure to
+ * map SAML assertion attributes to workspace user information and
+ * define which groups in the assertion attribute are to have the A structure that describes the user authentication for this workspace after the update is made. The ID of the workspace to remove the Grafana Enterprise license from. The type of license to remove from the workspace. A structure containing information about the workspace. The maximum number of results to include in the response. The token to use when requesting the next set of results. You received this token from a previous
+ * (Optional) If you specify (Optional) Limits the results to only the user that matches this ID. (Optional) Limits the results to only the group that matches this ID. The ID of the workspace to list permissions for. This parameter is required. A structure that specifies one user or group in the workspace. The ID of the user or group. Specifies whether this is a single user or a group. A structure containing the identity of one user or group and the A structure with the ID of the user or group with this role. Specifies whether the user or group has the The token to use in a subsequent The permissions returned by the operation. Contains the instructions for one Grafana role permission update in a
+ * UpdatePermissions operation. Specifies whether this update is to add or revoke role permissions. The role to add or revoke for the user or the group specified in A structure that specifies the user or group to add or revoke the role for. An array of structures that contain the permission updates to make. The ID of the workspace to update. A structure containing information about one error encountered while performing an
+ * UpdatePermissions operation. The error code. The message for this error. Specifies which permission update caused the error. An array of structures that contain the errors from the operation, if any. Specifies whether the workspace can access Amazon Web Services resources in this Amazon Web Services account only, or whether it can also access Amazon Web Services resources in
+ * other accounts in the same organization. If you specify A unique, case-sensitive, user-provided identifier to ensure the idempotency of the request. The name of an IAM role that already exists to use with Organizations to access Amazon Web Services
+ * data sources and notification channels in other accounts in an organization. If you specify If you specify For more information, see Amazon Managed Grafana permissions and policies for
+ * Amazon Web Services data sources and notification channels
+ * The name of the CloudFormation stack set to use to generate IAM roles
+ * to be used for this workspace. Specify the Amazon Web Services data sources that you want to be queried in this
+ * workspace. Specifying these data sources here enables Amazon Managed Grafana to create IAM roles and permissions that allow Amazon Managed Grafana to read data from these
+ * sources. You must still add them as data sources in the Grafana console in the
+ * workspace. If you don't specify a data source here, you can still add it as a data source in the
+ * workspace console later. However, you will then have to manually configure permissions for
+ * it. A description for the workspace. This is used only to help you identify this workspace. The name for the workspace. It does not have to be unique. Specify the Amazon Web Services notification channels that you plan to use in this workspace. Specifying these
+ * data sources here enables Amazon Managed Grafana to create IAM roles and permissions that allow
+ * Amazon Managed Grafana to use these channels. Specifies the organizational units that this workspace is allowed to use data sources
+ * from, if this workspace is in an account that is part of an organization. The workspace needs an IAM role that grants permissions to the Amazon Web Services resources that the
+ * workspace will view data from. If you already have a role that you want to use, specify it here. If you omit
+ * this field and you specify some Amazon Web Services resources in Specifies whether this workspace uses SAML 2.0, Amazon Web Services Single Sign On, or both to authenticate
+ * users for using the Grafana console within a workspace. For more information,
+ * see User authentication in
+ * Amazon Managed Grafana. A structure containing data about the workspace that was created. The request would cause a service quota to be exceeded. A description of the error. The ID of the resource that is associated with the error. The type of the resource that is associated with the error. The value of a parameter in the request caused an error. The ID of the service quota that was exceeded. The ID of the workspace to delete. A structure containing information about the workspace that was deleted. The ID of the workspace to display information about. A structure containing information about the workspace. The maximum number of workspaces to include in the results. The token for the next set of workspaces to return. (You receive this token from a
+ * previous A structure that contains some information about one workspace in the account. The date that the workspace was created. The customer-entered description of the workspace. The URL endpoint to use to access the Grafana console in the workspace. The Grafana version that the workspace is running. The unique ID of the workspace. The most recent date that the workspace was modified. The name of the workspace. The Amazon Web Services notification channels that Amazon Managed Grafana can automatically
+ * create IAM roles and permissions for, which allows Amazon Managed Grafana to use
+ * these channels. The current status of the workspace. A structure containing information about the authentication methods used in
+ * the workspace. An array of structures that contain some information about the workspaces in the account. The token to use when requesting the next set of workspaces. Specifies whether the workspace can access Amazon Web Services resources in this Amazon Web Services account only, or whether it can also access Amazon Web Services resources in
+ * other accounts in the same organization. If you specify The name of an IAM role that already exists to use to access resources through Organizations. If you specify If you specify For more information, see Amazon Managed Grafana permissions and policies for
+ * Amazon Web Services data sources and notification channels
+ * The name of the CloudFormation stack set to use to generate IAM roles
+ * to be used for this workspace. Specify the Amazon Web Services data sources that you want to be queried in this
+ * workspace. Specifying these data sources here enables Amazon Managed Grafana to create IAM roles and permissions that allow Amazon Managed Grafana to read data from these
+ * sources. You must still add them as data sources in the Grafana console in the
+ * workspace. If you don't specify a data source here, you can still add it as a data source later in
+ * the workspace console. However, you will then have to manually configure permissions for
+ * it. A description for the workspace. This is used only to help you identify this workspace. The ID of the workspace to update. A new name for the workspace to update. Specify the Amazon Web Services notification channels that you plan to use in this workspace. Specifying these
+ * data sources here enables Amazon Managed Grafana to create IAM roles and permissions that allow
+ * Amazon Managed Grafana to use these channels. Specifies the organizational units that this workspace is allowed to use data sources
+ * from, if this workspace is in an account that is part of an organization. The workspace needs an IAM role that grants permissions to the Amazon Web Services resources that the
+ * workspace will view data from. If you already have a role that you want to use, specify it here. If you omit
+ * this field and you specify some Amazon Web Services resources in A structure containing data about the workspace that was created. Creates a data source that you use to with an Amazon Kendra index. Creates a data source that you want to use with an Amazon Kendra index. You specify a name, data source connector type and description for
- * your data source. You also specify configuration information such as
- * document metadata (author, source URI, and so on) and user context
- * information.2.10
and 2.12
.
+ *
+ * 2.10
to create a Lustre 2.10
+ * file system.2.12
to create a Lustre 2.12
+ * file system.2.10
.2.10
and 2.12
.FileSystemTypeVersion
because it will
+ * be applied using the backup's FileSystemTypeVersion
setting.
+ * If you choose to specify FileSystemTypeVersion
when creating from backup, the
+ * value must match the backup's FileSystemTypeVersion
setting.CreateWorkspace
to modify an existing workspace. Instead,
+ * use UpdateWorkspace.Admin
and
+ * Editor
roles in this workspace. If you use this
+ * operation without specifying userId
or groupId
, the operation returns
+ * the roles of all users
+ * and groups. If you specify a userId
or a groupId
, only the roles
+ * for that user or group are returned. If you do this, you can specify only one userId
or
+ * one groupId
.Admin
or Editor
roles.Admin
and Editor
Grafana roles,
+ * use UpdatePermissions.Admin
and Editor
roles in the workspace.CreateWorkspace
to modify an existing workspace. Instead,
+ * use UpdateWorkspace.Admin
and
+ * Editor
roles in this workspace. If you use this
+ * operation without specifying userId
or groupId
, the operation returns
+ * the roles of all users
+ * and groups. If you specify a userId
or a groupId
, only the roles
+ * for that user or group are returned. If you do this, you can specify only one userId
or
+ * one groupId
.Admin
or Editor
roles.Admin
and Editor
roles in the workspace.Admin
and Editor
Grafana roles,
+ * use UpdatePermissions.ORGANIZATION
, the
+ * workspaceOrganizationalUnits
parameter specifies which organizational units
+ * the workspace can access.Service Managed
, Amazon Managed Grafana automatically creates the IAM roles
+ * and provisions the permissions that the workspace needs to use Amazon Web Services data sources and notification channels.CUSTOMER_MANAGED
, you manage those roles and permissions
+ * yourself. If you are creating this workspace in a member account of an organization and that account is not a
+ * delegated administrator account, and
+ * you want the workspace to access data sources in other Amazon Web Services accounts in the
+ * organization, you must choose CUSTOMER_MANAGED
.url
parameter, or by specifying the full metadata
+ * in XML format in the xml
parameter.Admin
and Editor
roles in the workspace.Editor
role to.Admin
role to.Admin
and Editor
roles in the workspace.Admin
and Editor
roles
+ * in the workspace.ListPermissions
operation.SSO_USER
, then only the permissions of Amazon Web Services SSO users
+ * are returned. If you specify SSO_GROUP
, only the permissions of Amazon Web Services SSO groups
+ * are returned.Admin
+ * or Editor
role that they have.Admin
+ * or Editor
role.ListPermissions
operation to return
+ * the next set of results.users
.ORGANIZATION
, you must
+ * specify which organizational units the workspace can access in the
+ * workspaceOrganizationalUnits
parameter.Service Managed
, Amazon Managed Grafana automatically creates
+ * the IAM roles and provisions the permissions that the workspace needs to use
+ * Amazon Web Services data sources and notification channels.CUSTOMER_MANAGED
, you will manage those roles and
+ * permissions yourself. If you are creating this workspace in a member account of an
+ * organization that is not a delegated administrator account, and you want the workspace to access data sources in other Amazon Web Services
+ * accounts in the organization, you must choose CUSTOMER_MANAGED
.workspaceDataSources
or
+ * workspaceNotificationDestinations
, a new IAM role with the necessary permissions is
+ * automatically created.ListWorkspaces
operation.)ORGANIZATION
, you must
+ * specify which organizational units the workspace can access in the
+ * workspaceOrganizationalUnits
parameter.Service Managed
, Amazon Managed Grafana automatically creates
+ * the IAM roles and provisions the permissions that the workspace needs to use
+ * Amazon Web Services data sources and notification channels.CUSTOMER_MANAGED
, you will manage those roles and
+ * permissions yourself. If you are creating this workspace in a member account of an
+ * organization and that account is not a delegated administrator account, and you want the workspace to access data sources in other Amazon Web Services
+ * accounts in the organization, you must choose CUSTOMER_MANAGED
.workspaceDataSources
or
+ * workspaceNotificationDestinations
, a new IAM role with the necessary permissions is
+ * automatically created.
* CreateDataSource
is a synchronous operation. The
* operation returns 200 if the data source was successfully created.
@@ -1221,13 +1220,15 @@ export class Kendra extends KendraClient {
}
/**
- *
Maps users to their groups. You can also map sub groups to groups. + *
Maps users to their groups so that you only need to provide + * the user ID when you issue the query.
+ *You can also map sub groups to groups. * For example, the group "Company Intellectual Property Teams" includes * sub groups "Research" and "Engineering". These sub groups include their * own list of users or people who work in these teams. Only users who work * in research and engineering, and therefore belong in the intellectual * property group, can see top-secret company documents in their search - * results.
+ * results. *You map users to their groups when you want to filter search results * for different users based on their group’s access to documents. For more * information on filtering search results for different users, see diff --git a/clients/client-kendra/src/commands/CreateDataSourceCommand.ts b/clients/client-kendra/src/commands/CreateDataSourceCommand.ts index cc060133fdc3..122b9317abf5 100644 --- a/clients/client-kendra/src/commands/CreateDataSourceCommand.ts +++ b/clients/client-kendra/src/commands/CreateDataSourceCommand.ts @@ -22,11 +22,10 @@ export interface CreateDataSourceCommandInput extends CreateDataSourceRequest {} export interface CreateDataSourceCommandOutput extends CreateDataSourceResponse, __MetadataBearer {} /** - *
Creates a data source that you use to with an Amazon Kendra index.
+ *Creates a data source that you want to use with an Amazon Kendra index.
*You specify a name, data source connector type and description for - * your data source. You also specify configuration information such as - * document metadata (author, source URI, and so on) and user context - * information.
+ * your data source. You also specify configuration information for the + * data source connector. *
* CreateDataSource
is a synchronous operation. The
* operation returns 200 if the data source was successfully created.
diff --git a/clients/client-kendra/src/commands/PutPrincipalMappingCommand.ts b/clients/client-kendra/src/commands/PutPrincipalMappingCommand.ts
index 6da32b5ef28d..9733b7bd5625 100644
--- a/clients/client-kendra/src/commands/PutPrincipalMappingCommand.ts
+++ b/clients/client-kendra/src/commands/PutPrincipalMappingCommand.ts
@@ -22,13 +22,15 @@ export interface PutPrincipalMappingCommandInput extends PutPrincipalMappingRequ
export interface PutPrincipalMappingCommandOutput extends __MetadataBearer {}
/**
- *
Maps users to their groups. You can also map sub groups to groups. + *
Maps users to their groups so that you only need to provide + * the user ID when you issue the query.
+ *You can also map sub groups to groups. * For example, the group "Company Intellectual Property Teams" includes * sub groups "Research" and "Engineering". These sub groups include their * own list of users or people who work in these teams. Only users who work * in research and engineering, and therefore belong in the intellectual * property group, can see top-secret company documents in their search - * results.
+ * results. *You map users to their groups when you want to filter search results * for different users based on their group’s access to documents. For more * information on filtering search results for different users, see diff --git a/clients/client-kendra/src/endpoints.ts b/clients/client-kendra/src/endpoints.ts index 982122bdd59d..2897ee2a4c52 100644 --- a/clients/client-kendra/src/endpoints.ts +++ b/clients/client-kendra/src/endpoints.ts @@ -1,7 +1,20 @@ import { getRegionInfo, PartitionHash, RegionHash } from "@aws-sdk/config-resolver"; import { RegionInfoProvider } from "@aws-sdk/types"; -const regionHash: RegionHash = {}; +const regionHash: RegionHash = { + "fips-us-east-1": { + hostname: "kendra-fips.us-east-1.amazonaws.com", + signingRegion: "us-east-1", + }, + "fips-us-east-2": { + hostname: "kendra-fips.us-east-2.amazonaws.com", + signingRegion: "us-east-2", + }, + "fips-us-west-2": { + hostname: "kendra-fips.us-west-2.amazonaws.com", + signingRegion: "us-west-2", + }, +}; const partitionHash: PartitionHash = { aws: { @@ -21,6 +34,9 @@ const partitionHash: PartitionHash = { "eu-west-1", "eu-west-2", "eu-west-3", + "fips-us-east-1", + "fips-us-east-2", + "fips-us-west-2", "me-south-1", "sa-east-1", "us-east-1", diff --git a/clients/client-kendra/src/models/models_0.ts b/clients/client-kendra/src/models/models_0.ts index 36acf5343ab1..02b8d2610093 100644 --- a/clients/client-kendra/src/models/models_0.ts +++ b/clients/client-kendra/src/models/models_0.ts @@ -2856,6 +2856,9 @@ export namespace SiteMapsConfiguration { /** *
Provides the configuration information of the URLs to crawl.
+ *You can only crawl websites that use the secure communication protocol, + * Hypertext Transfer Protocol Secure (HTTPS). If you receive an error when + * crawling a website, it could be that the website is blocked from crawling.
** When selecting websites to index, you must adhere to * the Amazon Acceptable Use Policy @@ -2902,6 +2905,9 @@ export interface WebCrawlerConfiguration { * websites or the sitemap URLs of the websites you want to crawl.
*You can include website subdomains. You can list up to 100 seed * URLs and up to three sitemap URLs.
+ *You can only crawl websites that use the secure communication protocol, + * Hypertext Transfer Protocol Secure (HTTPS). If you receive an error when + * crawling a website, it could be that the website is blocked from crawling.
** When selecting websites to index, you must adhere to * the Amazon Acceptable Use Policy @@ -3262,6 +3268,15 @@ export interface CreateDataSourceRequest { * the same client token will create only one data source.
*/ ClientToken?: string; + + /** + *The code for a language. This allows you to support a language for all + * documents when creating the data source. English is supported + * by default. For more information on supported languages, including their codes, + * see Adding + * documents in languages other than English.
+ */ + LanguageCode?: string; } export namespace CreateDataSourceRequest { @@ -3363,6 +3378,15 @@ export interface CreateFaqRequest { * one FAQ. */ ClientToken?: string; + + /** + *The code for a language. This allows you to support a language + * for the FAQ document. English is supported by default. + * For more information on supported languages, including their codes, + * see Adding + * documents in languages other than English.
+ */ + LanguageCode?: string; } export namespace CreateFaqRequest { @@ -3423,6 +3447,46 @@ export enum UserContextPolicy { USER_TOKEN = "USER_TOKEN", } +export enum UserGroupResolutionMode { + AWS_SSO = "AWS_SSO", + NONE = "NONE", +} + +/** + *Provides the configuration information to fetch access levels + * of groups and users from an AWS Single Sign-On identity + * source. This is useful for setting up user context filtering, where + * Amazon Kendra filters search results for different users based on their + * group's access to documents. You can also map your users to their + * groups for user context filtering using the + * PutPrincipalMapping + * operation.
+ *To set up an AWS SSO identity source in the console to use with + * Amazon Kendra, see Getting started + * with an AWS SSO identity source. You must also grant the required + * permissions to use AWS SSO with Amazon Kendra. For more information, see + * IAM roles for + * AWS Single Sign-On.
+ */ +export interface UserGroupResolutionConfiguration { + /** + *The identity store provider (mode) you want to use to fetch access levels of groups and + * users. AWS Single Sign-On is currently the only available mode. Your users and groups + * must + * exist in an AWS SSO identity source in order to use this mode.
+ */ + UserGroupResolutionMode: UserGroupResolutionMode | string | undefined; +} + +export namespace UserGroupResolutionConfiguration { + /** + * @internal + */ + export const filterSensitiveLog = (obj: UserGroupResolutionConfiguration): any => ({ + ...obj, + }); +} + /** *Configuration information for the JSON token type.
*/ @@ -3590,21 +3654,30 @@ export interface CreateIndexRequest { *All indexed content is searchable and displayable
- * for all users. If there is an access control list, it
- * is ignored. You can filter on user and group attributes.
+ * for all users. If you want to filter search results on
+ * user context, you can use the attribute filters of
+ * _user_id
and _group_ids
or
+ * you can provide user and group information in UserContext
.
*
Enables SSO and token-based user access control. - * All documents with no access control and all documents - * accessible to the user will be searchable and - * displayable. + *
Enables token-based user access control to filter + * search results on user context. All documents with no + * access control and all documents accessible to the user + * will be searchable and displayable. *
*Enables fetching access levels of groups and users from an AWS Single Sign-On + * identity source. To configure this, see + * UserGroupResolutionConfiguration.
+ */ + UserGroupResolutionConfiguration?: UserGroupResolutionConfiguration; } export namespace CreateIndexRequest { @@ -3757,7 +3830,7 @@ export interface CreateThesaurusRequest { /** *A token that you provide to identify the request to create a
* thesaurus. Multiple calls to the CreateThesaurus
operation
- * with the same client token will create only one index.
+ * with the same client token will create only one thesaurus.
*
The code for a language. This shows a supported language for all + * documents in the data source. English is supported by + * default. For more information on supported languages, including their codes, + * see Adding + * documents in languages other than English.
+ */ + LanguageCode?: string; } export namespace DescribeDataSourceResponse { @@ -4138,6 +4220,15 @@ export interface DescribeFaqResponse { *The file format used by the input files for the FAQ.
*/ FileFormat?: FaqFileFormat | string; + + /** + *The code for a language. This shows a supported language + * for the FAQ document. English is supported by default. + * For more information on supported languages, including their codes, + * see Adding + * documents in languages other than English.
+ */ + LanguageCode?: string; } export namespace DescribeFaqResponse { @@ -4543,6 +4634,12 @@ export interface DescribeIndexResponse { *The user context policy for the Amazon Kendra index.
*/ UserContextPolicy?: UserContextPolicy | string; + + /** + *Shows whether you have enabled the configuration for fetching access + * levels of groups and users from an AWS Single Sign-On identity source.
+ */ + UserGroupResolutionConfiguration?: UserGroupResolutionConfiguration; } export namespace DescribeIndexResponse { @@ -4771,7 +4868,7 @@ export interface DescribeQuerySuggestionsBlockListResponse { ErrorMessage?: string; /** - *Shows the date-time a block list for query suggestions was last created.
+ *Shows the date-time a block list for query suggestions was created.
*/ CreatedAt?: Date; @@ -5256,6 +5353,15 @@ export interface DataSourceSummary { *ACTIVE
the data source is ready to use.
*/
Status?: DataSourceStatus | string;
+
+ /**
+ * The code for a language. This shows a supported language for all documents + * in the data source. English is supported by default. + * For more information on supported languages, including their codes, + * see Adding + * documents in languages other than English.
+ */ + LanguageCode?: string; } export namespace DataSourceSummary { @@ -5336,9 +5442,9 @@ export interface ListDataSourceSyncJobsRequest { IndexId: string | undefined; /** - *If the result of the previous request to
- * GetDataSourceSyncJobHistory
was truncated, include the
- * NextToken
to fetch the next set of jobs.
If the previous response was incomplete (because there is more data to retrieve), + * Amazon Kendra returns a pagination token in the response. You can use this pagination token + * to retrieve the next set of jobs.
*/ NextToken?: string; @@ -5492,12 +5598,8 @@ export interface ListDataSourceSyncJobsResponse { History?: DataSourceSyncJob[]; /** - *The GetDataSourceSyncJobHistory
operation returns a page
- * of vocabularies at a time. The maximum size of the page is set by the
- * MaxResults
parameter. If there are more jobs in the list
- * than the page size, Amazon Kendra returns the NextPage token. Include the
- * token in the next request to the GetDataSourceSyncJobHistory
- * operation to return in the next page of jobs.
If the response is truncated, Amazon Kendra returns this token that you + * can use in the subsequent request to retrieve the next set of jobs.
*/ NextToken?: string; } @@ -5518,8 +5620,9 @@ export interface ListFaqsRequest { IndexId: string | undefined; /** - *If the result of the previous request to ListFaqs
was truncated, include
- * the NextToken
to fetch the next set of FAQs.
If the previous response was incomplete (because there is more data to retrieve), + * Amazon Kendra returns a pagination token in the response. You can use this pagination token + * to retrieve the next set of FAQs.
*/ NextToken?: string; @@ -5575,6 +5678,15 @@ export interface FaqSummary { *The file type used to create the FAQ.
*/ FileFormat?: FaqFileFormat | string; + + /** + *The code for a language. This shows a supported language for the FAQ document + * as part of the summary information for FAQs. English is supported by default. + * For more information on supported languages, including their codes, + * see Adding + * documents in languages other than English.
+ */ + LanguageCode?: string; } export namespace FaqSummary { @@ -5588,11 +5700,8 @@ export namespace FaqSummary { export interface ListFaqsResponse { /** - *The ListFaqs
operation returns a page of FAQs at a time. The maximum size
- * of the page is set by the MaxResults
parameter. If there are more jobs in
- * the list than the page size, Amazon Kendra returns the NextPage
token.
- * Include the token in the next request to the ListFaqs
operation to return
- * the next page of FAQs.
If the response is truncated, Amazon Kendra returns this token that you can use + * in the subsequent request to retrieve the next set of FAQs.
*/ NextToken?: string; @@ -5632,14 +5741,17 @@ export interface ListGroupsOlderThanOrderingIdRequest { /** *- * The next items in the list of groups that go beyond the maximum. + * If the previous response was incomplete (because there is more data to retrieve), + * Amazon Kendra returns a pagination token in the response. You can use this pagination + * token to retrieve the next set of groups that are mapped to users before a + * given ordering or timestamp identifier. *
*/ NextToken?: string; /** *- * The maximum results shown for a list of groups that are mapped to users before a + * The maximum number of returned groups that are mapped to users before a * given ordering or timestamp identifier. *
*/ @@ -5697,7 +5809,9 @@ export interface ListGroupsOlderThanOrderingIdResponse { /** *- * The next items in the list of groups that go beyond the maximum. + * If the response is truncated, Amazon Kendra returns this token that you can use + * in the subsequent request to retrieve the next set of groups that are + * mapped to users before a given ordering or timestamp identifier. *
*/ NextToken?: string; @@ -6001,7 +6115,7 @@ export namespace ListThesauriRequest { } /** - *An array of summary information for one or more thesauruses.
+ *An array of summary information for a thesaurus or multiple thesauri.
*/ export interface ThesaurusSummary { /** @@ -6049,7 +6163,7 @@ export interface ListThesauriResponse { NextToken?: string; /** - *An array of summary information for one or more thesauruses.
+ *An array of summary information for a thesaurus or multiple thesauri.
*/ ThesaurusSummaryItems?: ThesaurusSummary[]; } @@ -6132,6 +6246,12 @@ export interface GroupMembers { * groups for a group. Your sub groups can contain more than 1000 users, but * the list of sub groups that belong to a group (and/or users) must be no * more than 1000. + *You can download this
+ * example
+ * S3 file that uses the correct format for listing group members. Note,
+ * dataSourceId
is optional. The value of type
+ * for a group is always GROUP
and for a user it is
+ * always USER
.
Provides information about the user context for a Amazon Kendra index.
+ *Provides information about the user context for + * an + * Amazon Kendra index.
*This is used for filtering search results for different users based on their access * to documents.
*You provide one of the following:
@@ -6381,8 +6503,8 @@ export namespace DataSourceGroup { *User token
* *User ID, the groups the user belongs to, and the data sources - * the groups can access
+ *User ID, the groups the user belongs to, and any data sources the groups can + * access.
*If you provide both, an exception is thrown.
@@ -6493,6 +6615,7 @@ export enum ScoreConfidence { HIGH = "HIGH", LOW = "LOW", MEDIUM = "MEDIUM", + NOT_AVAILABLE = "NOT_AVAILABLE", VERY_HIGH = "VERY_HIGH", } @@ -6920,6 +7043,15 @@ export interface UpdateDataSourceRequest { * source is accessing resources on your behalf. */ RoleArn?: string; + + /** + *The code for a language. This allows you to support a language for all + * documents when updating the data source. English is supported + * by default. For more information on supported languages, including their codes, + * see Adding + * documents in languages other than English.
+ */ + LanguageCode?: string; } export namespace UpdateDataSourceRequest { @@ -6974,9 +7106,16 @@ export interface UpdateIndexRequest { UserTokenConfigurations?: UserTokenConfiguration[]; /** - *The user user token context policy.
+ *The user context policy.
*/ UserContextPolicy?: UserContextPolicy | string; + + /** + *Enables fetching access levels of groups and users from an AWS Single Sign-On + * identity source. To configure this, see + * UserGroupResolutionConfiguration.
+ */ + UserGroupResolutionConfiguration?: UserGroupResolutionConfiguration; } export namespace UpdateIndexRequest { @@ -7172,10 +7311,11 @@ export namespace UpdateThesaurusRequest { * *If you use more than 2 layers, you receive a
* ValidationException
exception with the message
- * "AttributeFilter
cannot have a depth of more than
- * 2."
If you use more than 10 attribute filters, you receive a
- * ValidationException
exception with the message
+ * "AttributeFilter
cannot have a depth of more
+ * than 2."
If you use more than 10 attribute filters in a given list for
+ * AndAllFilters
or OrAllFilters
, you receive
+ * a ValidationException
with the message
* "AttributeFilter
cannot have a length of more than 10".
Performs a greater than operation on two document attributes. Use
- * with a document attribute of type Integer
or
+ * with a document attribute of type Date
or
* Long
.
Performs a greater or equals than operation on two document
- * attributes. Use with a document attribute of type Integer
+ * attributes. Use with a document attribute of type Date
* or Long
.
Performs a less than operation on two document attributes. Use with
- * a document attribute of type Integer
or
+ * a document attribute of type Date
or
* Long
.
Performs a less than or equals operation on two document attributes.
- * Use with a document attribute of type Integer
or
+ * Use with a document attribute of type Date
or
* Long
.
The user context token.
+ *The user context token or user and group information.
*/ UserContext?: UserContext; diff --git a/clients/client-kendra/src/protocols/Aws_json1_1.ts b/clients/client-kendra/src/protocols/Aws_json1_1.ts index f1d9588e2f58..a0e7d4c9f462 100644 --- a/clients/client-kendra/src/protocols/Aws_json1_1.ts +++ b/clients/client-kendra/src/protocols/Aws_json1_1.ts @@ -300,6 +300,7 @@ import { UpdateThesaurusRequest, Urls, UserContext, + UserGroupResolutionConfiguration, UserTokenConfiguration, ValidationException, WebCrawlerConfiguration, @@ -5430,6 +5431,7 @@ const serializeAws_json1_1CreateDataSourceRequest = (input: CreateDataSourceRequ }), ...(input.Description !== undefined && input.Description !== null && { Description: input.Description }), ...(input.IndexId !== undefined && input.IndexId !== null && { IndexId: input.IndexId }), + ...(input.LanguageCode !== undefined && input.LanguageCode !== null && { LanguageCode: input.LanguageCode }), ...(input.Name !== undefined && input.Name !== null && { Name: input.Name }), ...(input.RoleArn !== undefined && input.RoleArn !== null && { RoleArn: input.RoleArn }), ...(input.Schedule !== undefined && input.Schedule !== null && { Schedule: input.Schedule }), @@ -5444,6 +5446,7 @@ const serializeAws_json1_1CreateFaqRequest = (input: CreateFaqRequest, context: ...(input.Description !== undefined && input.Description !== null && { Description: input.Description }), ...(input.FileFormat !== undefined && input.FileFormat !== null && { FileFormat: input.FileFormat }), ...(input.IndexId !== undefined && input.IndexId !== null && { IndexId: input.IndexId }), + ...(input.LanguageCode !== undefined && input.LanguageCode !== null && { LanguageCode: input.LanguageCode }), ...(input.Name !== undefined && input.Name !== null && { Name: input.Name }), ...(input.RoleArn !== undefined && input.RoleArn !== null && { RoleArn: input.RoleArn }), ...(input.S3Path !== undefined && @@ -5469,6 +5472,13 @@ const serializeAws_json1_1CreateIndexRequest = (input: CreateIndexRequest, conte ...(input.Tags !== undefined && input.Tags !== null && { Tags: serializeAws_json1_1TagList(input.Tags, context) }), ...(input.UserContextPolicy !== undefined && input.UserContextPolicy !== null && { UserContextPolicy: input.UserContextPolicy }), + ...(input.UserGroupResolutionConfiguration !== undefined && + input.UserGroupResolutionConfiguration !== null && { + UserGroupResolutionConfiguration: serializeAws_json1_1UserGroupResolutionConfiguration( + input.UserGroupResolutionConfiguration, + context + ), + }), ...(input.UserTokenConfigurations !== undefined && input.UserTokenConfigurations !== null && { UserTokenConfigurations: serializeAws_json1_1UserTokenConfigurationList(input.UserTokenConfigurations, context), @@ -7000,6 +7010,7 @@ const serializeAws_json1_1UpdateDataSourceRequest = (input: UpdateDataSourceRequ ...(input.Description !== undefined && input.Description !== null && { Description: input.Description }), ...(input.Id !== undefined && input.Id !== null && { Id: input.Id }), ...(input.IndexId !== undefined && input.IndexId !== null && { IndexId: input.IndexId }), + ...(input.LanguageCode !== undefined && input.LanguageCode !== null && { LanguageCode: input.LanguageCode }), ...(input.Name !== undefined && input.Name !== null && { Name: input.Name }), ...(input.RoleArn !== undefined && input.RoleArn !== null && { RoleArn: input.RoleArn }), ...(input.Schedule !== undefined && input.Schedule !== null && { Schedule: input.Schedule }), @@ -7025,6 +7036,13 @@ const serializeAws_json1_1UpdateIndexRequest = (input: UpdateIndexRequest, conte ...(input.RoleArn !== undefined && input.RoleArn !== null && { RoleArn: input.RoleArn }), ...(input.UserContextPolicy !== undefined && input.UserContextPolicy !== null && { UserContextPolicy: input.UserContextPolicy }), + ...(input.UserGroupResolutionConfiguration !== undefined && + input.UserGroupResolutionConfiguration !== null && { + UserGroupResolutionConfiguration: serializeAws_json1_1UserGroupResolutionConfiguration( + input.UserGroupResolutionConfiguration, + context + ), + }), ...(input.UserTokenConfigurations !== undefined && input.UserTokenConfigurations !== null && { UserTokenConfigurations: serializeAws_json1_1UserTokenConfigurationList(input.UserTokenConfigurations, context), @@ -7109,6 +7127,16 @@ const serializeAws_json1_1UserContext = (input: UserContext, context: __SerdeCon }; }; +const serializeAws_json1_1UserGroupResolutionConfiguration = ( + input: UserGroupResolutionConfiguration, + context: __SerdeContext +): any => { + return { + ...(input.UserGroupResolutionMode !== undefined && + input.UserGroupResolutionMode !== null && { UserGroupResolutionMode: input.UserGroupResolutionMode }), + }; +}; + const serializeAws_json1_1UserTokenConfiguration = (input: UserTokenConfiguration, context: __SerdeContext): any => { return { ...(input.JsonTokenTypeConfiguration !== undefined && @@ -7827,6 +7855,7 @@ const deserializeAws_json1_1DataSourceSummary = (output: any, context: __SerdeCo ? __expectNonNull(__parseEpochTimestamp(__expectNumber(output.CreatedAt))) : undefined, Id: __expectString(output.Id), + LanguageCode: __expectString(output.LanguageCode), Name: __expectString(output.Name), Status: __expectString(output.Status), Type: __expectString(output.Type), @@ -7955,6 +7984,7 @@ const deserializeAws_json1_1DescribeDataSourceResponse = ( ErrorMessage: __expectString(output.ErrorMessage), Id: __expectString(output.Id), IndexId: __expectString(output.IndexId), + LanguageCode: __expectString(output.LanguageCode), Name: __expectString(output.Name), RoleArn: __expectString(output.RoleArn), Schedule: __expectString(output.Schedule), @@ -7978,6 +8008,7 @@ const deserializeAws_json1_1DescribeFaqResponse = (output: any, context: __Serde FileFormat: __expectString(output.FileFormat), Id: __expectString(output.Id), IndexId: __expectString(output.IndexId), + LanguageCode: __expectString(output.LanguageCode), Name: __expectString(output.Name), RoleArn: __expectString(output.RoleArn), S3Path: @@ -8026,6 +8057,10 @@ const deserializeAws_json1_1DescribeIndexResponse = (output: any, context: __Ser ? __expectNonNull(__parseEpochTimestamp(__expectNumber(output.UpdatedAt))) : undefined, UserContextPolicy: __expectString(output.UserContextPolicy), + UserGroupResolutionConfiguration: + output.UserGroupResolutionConfiguration !== undefined && output.UserGroupResolutionConfiguration !== null + ? deserializeAws_json1_1UserGroupResolutionConfiguration(output.UserGroupResolutionConfiguration, context) + : undefined, UserTokenConfigurations: output.UserTokenConfigurations !== undefined && output.UserTokenConfigurations !== null ? deserializeAws_json1_1UserTokenConfigurationList(output.UserTokenConfigurations, context) @@ -8330,6 +8365,7 @@ const deserializeAws_json1_1FaqSummary = (output: any, context: __SerdeContext): : undefined, FileFormat: __expectString(output.FileFormat), Id: __expectString(output.Id), + LanguageCode: __expectString(output.LanguageCode), Name: __expectString(output.Name), Status: __expectString(output.Status), UpdatedAt: @@ -9451,6 +9487,15 @@ const deserializeAws_json1_1Urls = (output: any, context: __SerdeContext): Urls } as any; }; +const deserializeAws_json1_1UserGroupResolutionConfiguration = ( + output: any, + context: __SerdeContext +): UserGroupResolutionConfiguration => { + return { + UserGroupResolutionMode: __expectString(output.UserGroupResolutionMode), + } as any; +}; + const deserializeAws_json1_1UserTokenConfiguration = (output: any, context: __SerdeContext): UserTokenConfiguration => { return { JsonTokenTypeConfiguration: diff --git a/clients/client-kms/README.md b/clients/client-kms/README.md index 68939fd128a3..eb229a50f4cf 100644 --- a/clients/client-kms/README.md +++ b/clients/client-kms/README.md @@ -41,10 +41,11 @@ security credentials that you can use to sign requests.Logging API Requests
-KMS supports CloudTrail, a service that logs Amazon Web Services API calls and related events for your Amazon Web Services account and delivers them to an Amazon S3 bucket that you specify. By using the information -collected by CloudTrail, you can determine what requests were made to KMS, who made the request, -when it was made, and so on. To learn more about CloudTrail, including how to turn it on and find -your log files, see the CloudTrail User Guide.
+KMS supports CloudTrail, a service that logs Amazon Web Services API calls and related events for your +Amazon Web Services account and delivers them to an Amazon S3 bucket that you specify. By using the +information collected by CloudTrail, you can determine what requests were made to KMS, who made +the request, when it was made, and so on. To learn more about CloudTrail, including how to turn it +on and find your log files, see the CloudTrail User Guide.
Additional Resources
@@ -52,9 +53,9 @@ your log files, see the Amazon Web Services Security -Credentials - This topic provides general information about the types of -credentials used to access Amazon Web Services. +Amazon Web Services +Security Credentials - This topic provides general information about the types +of credentials used to access Amazon Web Services.diff --git a/clients/client-kms/src/KMS.ts b/clients/client-kms/src/KMS.ts index 2a06e6dada25..a93c27896aa4 100644 --- a/clients/client-kms/src/KMS.ts +++ b/clients/client-kms/src/KMS.ts @@ -200,10 +200,11 @@ import { KMSClient } from "./KMSClient"; *
* Logging API Requests *
- *KMS supports CloudTrail, a service that logs Amazon Web Services API calls and related events for your Amazon Web Services account and delivers them to an Amazon S3 bucket that you specify. By using the information - * collected by CloudTrail, you can determine what requests were made to KMS, who made the request, - * when it was made, and so on. To learn more about CloudTrail, including how to turn it on and find - * your log files, see the CloudTrail User Guide.
+ *KMS supports CloudTrail, a service that logs Amazon Web Services API calls and related events for your + * Amazon Web Services account and delivers them to an Amazon S3 bucket that you specify. By using the + * information collected by CloudTrail, you can determine what requests were made to KMS, who made + * the request, when it was made, and so on. To learn more about CloudTrail, including how to turn it + * on and find your log files, see the CloudTrail User Guide.
** Additional Resources *
@@ -211,9 +212,9 @@ import { KMSClient } from "./KMSClient"; *- * Amazon Web Services Security - * Credentials - This topic provides general information about the types of - * credentials used to access Amazon Web Services.
+ * Amazon Web Services + * Security Credentials - This topic provides general information about the types + * of credentials used to access Amazon Web Services. *@@ -259,13 +260,15 @@ import { KMSClient } from "./KMSClient"; */ export class KMS extends KMSClient { /** - *
Cancels the deletion of a KMS key. When this operation succeeds, the key
- * state of the KMS key is Disabled
. To enable the KMS key, use EnableKey.
For more information about scheduling and canceling deletion of a KMS key, see Deleting KMS keys in the Key Management Service Developer Guide.
+ *Cancels the deletion of a KMS key. When this operation succeeds, the key state of the KMS
+ * key is Disabled
. To enable the KMS key, use EnableKey.
For more information about scheduling and canceling deletion of a KMS key, see Deleting KMS keys in the + * Key Management Service Developer Guide.
*The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
*- * Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
+ * Cross-account + * use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. ** Required permissions: kms:CancelKeyDeletion (key policy)
*@@ -303,9 +306,9 @@ export class KMS extends KMSClient { /** *
Connects or reconnects a custom key store to its associated CloudHSM cluster.
- *The custom key store must be connected before you can create KMS keys - * in the key store or use the KMS keys it contains. You can disconnect and reconnect a custom key - * store at any time.
+ *The custom key store must be connected before you can create KMS keys in the key store or + * use the KMS keys it contains. You can disconnect and reconnect a custom key store at any + * time.
*To connect a custom key store, its associated CloudHSM cluster must have at least one active
* HSM. To get the number of active HSMs in a cluster, use the DescribeClusters operation. To add HSMs
* to the cluster, use the CreateHsm operation. Also, the
@@ -400,11 +403,12 @@ export class KMS extends KMSClient {
* Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see Using ABAC in KMS in the Key Management Service Developer Guide. You can use an alias to identify a KMS key in the KMS console, in the DescribeKey operation and in cryptographic operations, such as Encrypt and
- * GenerateDataKey. You can also change the KMS key that's associated with the
- * alias (UpdateAlias) or delete the alias (DeleteAlias) at
- * any time. These operations don't affect the underlying KMS key.
You can associate the alias with any customer managed key in the same Amazon Web Services Region. Each - * alias is associated with only one KMS key at a time, but a KMS key can have multiple aliases. A valid KMS key is required. You can't create an alias without a KMS key.
+ * alias is associated with only one KMS key at a time, but a KMS key can have multiple aliases. + * A valid KMS key is required. You can't create an alias without a KMS key. *The alias must be unique in the account and Region, but you can have aliases with the same * name in different Regions. For detailed information about aliases, see Using aliases in the * Key Management Service Developer Guide.
@@ -421,14 +425,17 @@ export class KMS extends KMSClient { *- * kms:CreateAlias on the alias (IAM policy).
+ * kms:CreateAlias on + * the alias (IAM policy). *- * kms:CreateAlias on the KMS key (key policy).
+ * kms:CreateAlias on + * the KMS key (key policy). *For details, see Controlling access to aliases in the Key Management Service Developer Guide.
+ *For details, see Controlling access to aliases in the + * Key Management Service Developer Guide.
** Related operations: *
@@ -556,7 +563,9 @@ export class KMS extends KMSClient { /** *Adds a grant to a KMS key.
- *A grant is a policy instrument that allows Amazon Web Services principals to use KMS keys in cryptographic operations. It also can allow them to view a KMS key (DescribeKey) and create and manage grants. When authorizing access to a KMS key, grants are considered along with key policies and IAM policies. Grants are often used for + *
A grant is a policy instrument that allows Amazon Web Services principals to use + * KMS keys in cryptographic operations. It also can allow them to view a KMS key (DescribeKey) and create and manage grants. When authorizing access to a KMS key, + * grants are considered along with key policies and IAM policies. Grants are often used for * temporary permissions because you can create one, use its permissions, and delete it without * changing your key policies or IAM policies.
*For detailed information about grants, including grant terminology, see Using grants in the @@ -565,28 +574,29 @@ export class KMS extends KMSClient { * . For examples of working with grants in several * programming languages, see Programming grants.
*The CreateGrant
operation returns a GrantToken
and a
- * GrantId
.
GrantId
.
* When you create, retire, or revoke a grant, there might be a brief delay, usually less than five minutes, until the grant is available throughout KMS. This state is known as eventual consistency. Once the grant has achieved eventual consistency, the grantee principal - * can use the permissions in the grant without identifying the grant.
+ *When you create, retire, or revoke a grant, there might be a brief delay, usually less than five minutes, until the grant is available throughout KMS. This state is known as eventual consistency. Once the grant has achieved eventual consistency, the grantee + * principal can use the permissions in the grant without identifying the grant.
*However, to use the permissions in the grant immediately, use the
- * GrantToken
that CreateGrant
returns. For details, see Using a grant
- * token in the
+ * GrantToken
that CreateGrant
returns. For details, see Using a
+ * grant token in the
* Key Management Service Developer Guide
* .
The CreateGrant
operation also returns a GrantId
. You can use the
- * GrantId
and a key identifier to identify the grant in the RetireGrant and RevokeGrant operations. To find the grant
- * ID, use the ListGrants or ListRetirableGrants
- * operations.
The CreateGrant
operation also returns a GrantId
. You can
+ * use the GrantId
and a key identifier to identify the grant in the RetireGrant and RevokeGrant operations. To find the grant
+ * ID, use the ListGrants or ListRetirableGrants
+ * operations.
The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
*
- * Cross-account use: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key
+ * Cross-account use: Yes.
+ * To perform this operation on a KMS key in a different Amazon Web Services account, specify the key
* ARN in the value of the KeyId
parameter.
* Required permissions: kms:CreateGrant (key policy)
@@ -640,20 +650,21 @@ export class KMS extends KMSClient { } /** - *Creates a unique customer managed KMS key in your Amazon Web Services account and Region.
+ *Creates a unique customer managed KMS key in your Amazon Web Services account and + * Region.
*KMS is replacing the term customer master key (CMK) with KMS key and KMS key. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term.
*You can use the CreateKey
operation to create symmetric or asymmetric KMS keys.
You can use the CreateKey
operation to create symmetric or asymmetric KMS
+ * keys.
- * Symmetric KMS keys contain a 256-bit symmetric key that - * never leaves KMS unencrypted. To use the KMS key, you must call KMS. You can use a - * symmetric KMS key to encrypt and decrypt small amounts of data, but they are typically used to - * generate data - * keys and data keys pairs. For details, + * Symmetric KMS keys contain a 256-bit symmetric key + * that never leaves KMS unencrypted. To use the KMS key, you must call KMS. You can use + * a symmetric KMS key to encrypt and decrypt small amounts of data, but they are typically + * used to generate data keys and data keys pairs. For details, * see GenerateDataKey and GenerateDataKeyPair.
*For information about symmetric and asymmetric KMS keys, see Using Symmetric and Asymmetric KMS keys in the Key Management Service Developer Guide.
@@ -694,8 +705,8 @@ export class KMS extends KMSClient { *To create a multi-Region primary key in the local Amazon Web Services Region,
* use the MultiRegion
parameter with a value of True
. To create
- * a multi-Region replica key, that is, a KMS key with the same key ID and
- * key material as a primary key, but in a different Amazon Web Services Region, use the ReplicateKey operation. To change a replica key to a primary key, and its
+ * a multi-Region replica key, that is, a KMS key with the same key ID
+ * and key material as a primary key, but in a different Amazon Web Services Region, use the ReplicateKey operation. To change a replica key to a primary key, and its
* primary key to a replica key, use the UpdatePrimaryRegion
* operation.
This operation supports multi-Region keys, an KMS feature that lets you create multiple @@ -736,13 +747,14 @@ export class KMS extends KMSClient { *
- * Cross-account use: No. You cannot use this operation to + * Cross-account use: No. You cannot use this operation to * create a KMS key in a different Amazon Web Services account.
* *
* Required permissions: kms:CreateKey (IAM policy). To use the
* Tags
parameter, kms:TagResource (IAM policy). For examples and information about related
- * permissions, see Allow a user to create KMS keys in the Key Management Service Developer Guide.
* Related operations: *
@@ -788,8 +800,8 @@ export class KMS extends KMSClient { } /** - *Decrypts ciphertext that was encrypted by a KMS key using any of - * the following operations:
+ *Decrypts ciphertext that was encrypted by a KMS key using any of the following + * operations:
*@@ -818,33 +830,36 @@ export class KMS extends KMSClient { *
You can use this operation to decrypt ciphertext that was encrypted under a symmetric or - * asymmetric KMS key. When the KMS key is asymmetric, you must specify the KMS key and the encryption - * algorithm that was used to encrypt the ciphertext. For information about symmetric and asymmetric KMS keys, see Using Symmetric and Asymmetric KMS keys in the Key Management Service Developer Guide.
+ * asymmetric KMS key. When the KMS key is asymmetric, you must specify the KMS key and the + * encryption algorithm that was used to encrypt the ciphertext. For information about symmetric and asymmetric KMS keys, see Using Symmetric and Asymmetric KMS keys in the Key Management Service Developer Guide. *The Decrypt operation also decrypts ciphertext that was encrypted outside of KMS by the - * public key in an KMS asymmetric KMS key. However, it cannot decrypt ciphertext produced by other - * libraries, such as the Amazon Web Services Encryption - * SDK or Amazon S3 client-side encryption. These libraries return a ciphertext format that - * is incompatible with KMS.
- *If the ciphertext was encrypted under a symmetric KMS key, the KeyId
parameter is
- * optional. KMS can get this information from metadata that it adds to the symmetric
- * ciphertext blob. This feature adds durability to your implementation by ensuring that
- * authorized users can decrypt ciphertext decades after it was encrypted, even if they've lost
- * track of the key ID. However, specifying the KMS key is always recommended as a best practice.
- * When you use the KeyId
parameter to specify a KMS key, KMS only uses the KMS key you
- * specify. If the ciphertext was encrypted under a different KMS key, the Decrypt
- * operation fails. This practice ensures that you use the KMS key that you intend.
If the ciphertext was encrypted under a symmetric KMS key, the KeyId
+ * parameter is optional. KMS can get this information from metadata that it adds to the
+ * symmetric ciphertext blob. This feature adds durability to your implementation by ensuring
+ * that authorized users can decrypt ciphertext decades after it was encrypted, even if they've
+ * lost track of the key ID. However, specifying the KMS key is always recommended as a best
+ * practice. When you use the KeyId
parameter to specify a KMS key, KMS only uses
+ * the KMS key you specify. If the ciphertext was encrypted under a different KMS key, the
+ * Decrypt
operation fails. This practice ensures that you use the KMS key that
+ * you intend.
Whenever possible, use key policies to give users permission to call the
* Decrypt
operation on a particular KMS key, instead of using IAM policies.
* Otherwise, you might create an IAM user policy that gives the user Decrypt
- * permission on all KMS keys. This user could decrypt ciphertext that was encrypted by KMS keys in other
- * accounts if the key policy for the cross-account KMS key permits it. If you must use an IAM policy
- * for Decrypt
permissions, limit the user to particular KMS keys or particular trusted
- * accounts. For details, see Best practices for IAM policies in the Key Management Service Developer Guide.
Decrypt
permissions, limit the user to particular KMS keys or
+ * particular trusted accounts. For details, see Best practices for IAM
+ * policies in the Key Management Service Developer Guide.
* Applications in Amazon Web Services Nitro Enclaves can call this operation by using the Amazon Web Services Nitro Enclaves Development Kit. For information about the supporting parameters, see How Amazon Web Services Nitro Enclaves use KMS in the Key Management Service Developer Guide.
*The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
*
- * Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
+ * Cross-account
+ * use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
* the key ARN or alias ARN in the value of the KeyId
parameter.
@@ -899,14 +914,15 @@ export class KMS extends KMSClient { } /** - *
Deletes the specified alias.
+ *Deletes the specified alias.
*Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see Using ABAC in KMS in the Key Management Service Developer Guide.
*Because an alias is not a property of a KMS key, you can delete and change the aliases of a KMS key without affecting the KMS key. Also, aliases do not appear in the response from the DescribeKey operation. To get the aliases of all KMS keys, use the ListAliases operation.
+ *Because an alias is not a property of a KMS key, you can delete and change the aliases of + * a KMS key without affecting the KMS key. Also, aliases do not appear in the response from the + * DescribeKey operation. To get the aliases of all KMS keys, use the ListAliases operation.
*Each KMS key can have multiple aliases. To change the alias of a KMS key, use DeleteAlias to delete the current alias and CreateAlias to - * create a new alias. To associate an existing alias with a different KMS key, - * call UpdateAlias.
+ * create a new alias. To associate an existing alias with a different KMS key, call UpdateAlias. ** Cross-account use: No. You cannot perform this operation on an alias in a different Amazon Web Services account.
*@@ -915,14 +931,17 @@ export class KMS extends KMSClient { *
- * kms:DeleteAlias on the alias (IAM policy).
+ * kms:DeleteAlias on + * the alias (IAM policy). *- * kms:DeleteAlias on the KMS key (key policy).
+ * kms:DeleteAlias on + * the KMS key (key policy). *For details, see Controlling access to aliases in the Key Management Service Developer Guide.
+ *For details, see Controlling access to aliases in the + * Key Management Service Developer Guide.
** Related operations: *
@@ -970,16 +989,15 @@ export class KMS extends KMSClient { /** *Deletes a custom key store. This operation does not delete the CloudHSM cluster that is * associated with the custom key store, or affect any users or keys in the cluster.
- *The custom key store that you delete cannot contain any KMS KMS keys. Before
- * deleting the key store, verify that you will never need to use any of the KMS keys in the key
- * store for any cryptographic operations. Then, use ScheduleKeyDeletion to delete the
- * KMS keys from the key store. When the scheduled waiting period
- * expires, the The custom key store that you delete cannot contain any KMS KMS keys. Before deleting the key store,
+ * verify that you will never need to use any of the KMS keys in the key store for any
+ * cryptographic operations. Then, use ScheduleKeyDeletion to delete the KMS keys from the
+ * key store. When the scheduled waiting period expires, the After all KMS keys are deleted from KMS, use DisconnectCustomKeyStore to
- * disconnect the key store from KMS. Then, you can delete the custom key store. After all KMS keys are deleted from KMS, use DisconnectCustomKeyStore
+ * to disconnect the key store from KMS. Then, you can delete the custom key store. Instead of deleting the custom key store, consider using DisconnectCustomKeyStore to disconnect it from KMS. While the key store is
* disconnected, you cannot create or use the KMS keys in the key store. But, you do not need to
* delete KMS keys and you can reconnect a disconnected custom key store at any time. This operation is part of the Custom Key Store feature feature in KMS, which
* combines the convenience and extensive integration of KMS with the isolation and control of a
* single-tenant key store.
- * Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.ScheduleKeyDeletion
operation deletes the KMS keys. Then it makes a best
- * effort to delete the key material from the associated cluster. However, you might need to
- * manually delete the orphaned key
+ * ScheduleKeyDeletion
+ * operation deletes the KMS keys. Then it makes a best effort to delete the key material from
+ * the associated cluster. However, you might need to manually delete the orphaned key
* material from the cluster and its backups.
* Required permissions: kms:DeleteCustomKeyStore (IAM policy)
@@ -1055,12 +1073,11 @@ export class KMS extends KMSClient { } /** - *Deletes key material that you previously imported. This operation makes the specified - * KMS key unusable. For more information about importing key material into - * KMS, see Importing Key - * Material in the Key Management Service Developer Guide.
- *When the specified KMS key is in the PendingDeletion
state, this operation does
- * not change the KMS key's state. Otherwise, it changes the KMS key's state to
+ *
Deletes key material that you previously imported. This operation makes the specified KMS + * key unusable. For more information about importing key material into KMS, see Importing Key Material + * in the Key Management Service Developer Guide.
+ *When the specified KMS key is in the PendingDeletion
state, this operation
+ * does not change the KMS key's state. Otherwise, it changes the KMS key's state to
* PendingImport
.
After you delete key material, you can use ImportKeyMaterial to reimport * the same key material into the KMS key.
@@ -1121,10 +1138,10 @@ export class KMS extends KMSClient { *This operation is part of the Custom Key Store feature feature in KMS, which * combines the convenience and extensive integration of KMS with the isolation and control of a * single-tenant key store.
- *By default, this operation returns information about all custom key stores in the account and
- * Region. To get only information about a particular custom key store, use either the
- * CustomKeyStoreName
or CustomKeyStoreId
parameter (but not
- * both).
By default, this operation returns information about all custom key
+ * stores in the account and Region. To get only information about a particular custom key store,
+ * use either the CustomKeyStoreName
or CustomKeyStoreId
parameter (but
+ * not both).
To determine whether the custom key store is connected to its CloudHSM cluster, use the
* ConnectionState
element in the response. If an attempt to connect the custom
* key store failed, the ConnectionState
value is FAILED
and the
@@ -1202,16 +1219,17 @@ export class KMS extends KMSClient {
}
/**
- *
Provides detailed information about a KMS key. You can run
- * DescribeKey
on a customer managed key or an Amazon Web Services managed key.
Provides detailed information about a KMS key. You can run DescribeKey
on a
+ * customer managed
+ * key or an Amazon Web Services managed key.
This detailed information includes the key ARN, creation date (and deletion date, if
* applicable), the key state, and the origin and expiration date (if any) of the key material.
* It includes fields, like KeySpec
, that help you distinguish symmetric from
* asymmetric KMS keys. It also provides information that is particularly important to asymmetric
* keys, such as the key usage (encryption or signing) and the encryption algorithms or signing
- * algorithms that the KMS key supports. For KMS keys in custom key stores, it includes information about
- * the custom key store, such as the key store ID and the CloudHSM cluster ID. For multi-Region
- * keys, it displays the primary key and all related replica keys.
* DescribeKey
does not return the following information:
Whether automatic key rotation is enabled on the KMS key. To get this information, use - * GetKeyRotationStatus. Also, some key states prevent a KMS key from being - * automatically rotated. For details, see How Automatic Key Rotation + * GetKeyRotationStatus. Also, some key states prevent a KMS key from + * being automatically rotated. For details, see How Automatic Key Rotation * Works in Key Management Service Developer Guide.
*Key policies and grants on the KMS key. To get this information, use GetKeyPolicy and ListGrants.
*If you call the DescribeKey
operation on a predefined Amazon Web Services alias, that is, an Amazon Web Services alias with no key ID, KMS creates an Amazon Web Services managed key.
- * Then, it associates the alias with the new KMS key, and returns the KeyId
and
- * Arn
of the new KMS key in the response.
If you call the DescribeKey
operation on a predefined Amazon Web Services
+ * alias, that is, an Amazon Web Services alias with no key ID, KMS creates an Amazon Web Services managed
+ * key. Then, it associates the alias with the new KMS key, and returns the
+ * KeyId
and Arn
of the new KMS key in the response.
* Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
* the key ARN or alias ARN in the value of the KeyId
parameter.
Sets the state of a KMS key to disabled. This change temporarily - * prevents use of the KMS key for cryptographic operations.
- *For more information about how key state affects the use of a KMS key, see Key state: Effect on your KMS key in the + *
Sets the state of a KMS key to disabled. This change temporarily prevents use of the KMS + * key for cryptographic operations.
+ *For more information about how key state affects the use of a KMS key, see Key state: Effect on your KMS + * key in the * Key Management Service Developer Guide * .
*The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
- *+ *
* Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
* *@@ -1351,7 +1371,8 @@ export class KMS extends KMSClient { *
The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
*- * Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
+ * Cross-account + * use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. * ** Required permissions: kms:DisableKeyRotation (key policy)
@@ -1402,8 +1423,9 @@ export class KMS extends KMSClient { /** *Disconnects the custom key store from its associated CloudHSM cluster. While a custom key - * store is disconnected, you can manage the custom key store and its KMS keys, but you cannot create or use KMS keys in the custom key store. You can reconnect the - * custom key store at any time.
+ * store is disconnected, you can manage the custom key store and its KMS keys, but you cannot + * create or use KMS keys in the custom key store. You can reconnect the custom key store at any + * time. *While a custom key store is disconnected, all attempts to create KMS keys in the custom key store or to use existing KMS keys in cryptographic operations will * fail. This action can prevent users from storing and accessing sensitive data.
@@ -1417,8 +1439,9 @@ export class KMS extends KMSClient { * combines the convenience and extensive integration of KMS with the isolation and control of a * single-tenant key store. * - *- * Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.
+ *+ * Cross-account use: No. + * You cannot perform this operation on a custom key store in a different Amazon Web Services account.
* ** Required permissions: kms:DisconnectCustomKeyStore (IAM policy)
@@ -1483,11 +1506,13 @@ export class KMS extends KMSClient { } /** - *Sets the key state of a KMS key to enabled. This allows you to use the KMS key for cryptographic operations.
+ *Sets the key state of a KMS key to enabled. This allows you to use the KMS key for + * cryptographic operations.
*The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
*- * Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
+ * Cross-account + * use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. * ** Required permissions: kms:EnableKey (key policy)
@@ -1525,7 +1550,8 @@ export class KMS extends KMSClient { *The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
*- * Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
+ * Cross-account + * use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. * ** Required permissions: kms:EnableKeyRotation (key policy)
@@ -1575,19 +1601,20 @@ export class KMS extends KMSClient { } /** - *Encrypts plaintext into ciphertext by using a KMS key. The
- * Encrypt
operation has two primary use cases:
Encrypts plaintext into ciphertext by using a KMS key. The Encrypt
operation
+ * has two primary use cases:
You can encrypt small amounts of arbitrary data, such as a personal identifier or * database password, or other sensitive information.
*You can use the Encrypt
operation to move encrypted data from one Amazon Web Services Region to another. For example, in Region A, generate a data key and use the plaintext key to encrypt
- * your data. Then, in Region A, use the Encrypt
operation to encrypt the
- * plaintext data key under a KMS key in Region B. Now, you can move the encrypted data and the
- * encrypted data key to Region B. When necessary, you can decrypt the encrypted data key and
- * the encrypted data entirely within in Region B.
You can use the Encrypt
operation to move encrypted data from one Amazon Web Services
+ * Region to another. For example, in Region A, generate a data key and use the plaintext key
+ * to encrypt your data. Then, in Region A, use the Encrypt
operation to encrypt
+ * the plaintext data key under a KMS key in Region B. Now, you can move the encrypted data
+ * and the encrypted data key to Region B. When necessary, you can decrypt the encrypted data
+ * key and the encrypted data entirely within in Region B.
KeyUsage
value of
* ENCRYPT_DECRYPT.
To find the KeyUsage
of a KMS key, use the DescribeKey operation.
*
- * If you use a symmetric KMS key, you can use an encryption context to add additional security
- * to your encryption operation. If you specify an EncryptionContext
when encrypting
- * data, you must specify the same encryption context (a case-sensitive exact match) when
- * decrypting the data. Otherwise, the request to decrypt fails with an
+ *
If you use a symmetric KMS key, you can use an encryption context to add additional
+ * security to your encryption operation. If you specify an EncryptionContext
when
+ * encrypting data, you must specify the same encryption context (a case-sensitive exact match)
+ * when decrypting the data. Otherwise, the request to decrypt fails with an
* InvalidCiphertextException
. For more information, see Encryption
* Context in the Key Management Service Developer Guide.
If you specify an asymmetric KMS key, you must also specify the encryption algorithm. The @@ -1673,7 +1700,8 @@ export class KMS extends KMSClient { *
The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
*
- * Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
+ * Cross-account use: Yes.
+ * To perform this operation with a KMS key in a different Amazon Web Services account, specify
* the key ARN or alias ARN in the value of the KeyId
parameter.
@@ -1724,19 +1752,19 @@ export class KMS extends KMSClient { /** *
Generates a unique symmetric data key for client-side encryption. This operation returns a - * plaintext copy of the data key and a copy that is encrypted under a KMS key - * that you specify. You can use the plaintext key to encrypt your data outside of KMS and - * store the encrypted data key with the encrypted data.
+ * plaintext copy of the data key and a copy that is encrypted under a KMS key that you specify. + * You can use the plaintext key to encrypt your data outside of KMS and store the encrypted + * data key with the encrypted data. * *
* GenerateDataKey
returns a unique data key for each request. The bytes in the
* plaintext key are not related to the caller or the KMS key.
To generate a data key, specify the symmetric KMS key that will be used to encrypt the data
- * key. You cannot use an asymmetric KMS key to generate data keys. To get the type of your KMS key, use
- * the DescribeKey operation. You must also specify the length of the data key.
- * Use either the KeySpec
or NumberOfBytes
parameters (but not both).
- * For 128-bit and 256-bit data keys, use the KeySpec
parameter.
To generate a data key, specify the symmetric KMS key that will be used to encrypt the
+ * data key. You cannot use an asymmetric KMS key to generate data keys. To get the type of your
+ * KMS key, use the DescribeKey operation. You must also specify the length of
+ * the data key. Use either the KeySpec
or NumberOfBytes
parameters
+ * (but not both). For 128-bit and 256-bit data keys, use the KeySpec
parameter.
To get only an encrypted copy of the data key, use GenerateDataKeyWithoutPlaintext. To generate an asymmetric data key pair, use * the GenerateDataKeyPair or GenerateDataKeyPairWithoutPlaintext operation. To get a cryptographically secure @@ -1751,11 +1779,14 @@ export class KMS extends KMSClient { *
The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
*- * How to use your data key + * How to use your data + * key *
- *We recommend that you use the following pattern to encrypt data locally in your application.
- * You can write your own code or use a client-side encryption library, such as the Amazon Web Services Encryption SDK, the Amazon DynamoDB Encryption Client, or
- * Amazon S3
+ * We recommend that you use the following pattern to encrypt data locally in your
+ * application. You can write your own code or use a client-side encryption library, such as the
+ * Amazon Web Services Encryption SDK, the
+ * Amazon DynamoDB Encryption Client,
+ * or Amazon S3
* client-side encryption to do these tasks for you. To encrypt data outside of KMS: Generates a unique asymmetric data key pair. The
@@ -1851,20 +1882,21 @@ export class KMS extends KMSClient {
/**
*
GenerateDataKeyPair
* operation returns a plaintext public key, a plaintext private key, and a copy of the private
- * key that is encrypted under the symmetric KMS key you specify. You can use the data key pair to
- * perform asymmetric cryptography and implement digital signatures outside of KMS.
You can use the public key that GenerateDataKeyPair
returns to encrypt data
* or verify a signature outside of KMS. Then, store the encrypted private key with the data.
* When you are ready to decrypt data or sign a message, you can use the Decrypt operation to decrypt the encrypted private key.
To generate a data key pair, you must specify a symmetric KMS key to - * encrypt the private key in a data key pair. You cannot use an asymmetric KMS key or a KMS key in a - * custom key store. To get the type and origin of your KMS key, use the DescribeKey operation.
+ *To generate a data key pair, you must specify a symmetric KMS key to encrypt the private + * key in a data key pair. You cannot use an asymmetric KMS key or a KMS key in a custom key + * store. To get the type and origin of your KMS key, use the DescribeKey + * operation.
*Use the KeyPairSpec
parameter to choose an RSA or Elliptic Curve (ECC) data
- * key pair. KMS recommends that your use ECC key pairs for signing, and use RSA key pairs
- * for either encryption or signing, but not both. However, KMS cannot enforce any restrictions
- * on the use of data key pairs outside of KMS.
If you are using the data key pair to encrypt data, or for any operation where you don't * immediately need a private key, consider using the GenerateDataKeyPairWithoutPlaintext operation. @@ -1876,10 +1908,10 @@ export class KMS extends KMSClient { * *
* GenerateDataKeyPair
returns a unique data key pair for each request. The
- * bytes in the keys are not related to the caller or the KMS key that is used to encrypt the private
- * key. The public key is a DER-encoded X.509 SubjectPublicKeyInfo, as specified in RFC 5280. The
- * private key is a DER-encoded PKCS8 PrivateKeyInfo, as specified in RFC
- * 5958.
You can use the optional encryption context to add additional security to the encryption
* operation. If you specify an EncryptionContext
, you must specify the same
@@ -1889,7 +1921,8 @@ export class KMS extends KMSClient {
*
The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
*
- * Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
+ * Cross-account
+ * use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
* the key ARN or alias ARN in the value of the KeyId
parameter.
@@ -1957,23 +1990,24 @@ export class KMS extends KMSClient { /** *
Generates a unique asymmetric data key pair. The
* GenerateDataKeyPairWithoutPlaintext
operation returns a plaintext public key
- * and a copy of the private key that is encrypted under the symmetric KMS key you specify. Unlike
- * GenerateDataKeyPair, this operation does not return a plaintext private
- * key.
You can use the public key that GenerateDataKeyPairWithoutPlaintext
returns
* to encrypt data or verify a signature outside of KMS. Then, store the encrypted private key
* with the data. When you are ready to decrypt data or sign a message, you can use the Decrypt operation to decrypt the encrypted private key.
To generate a data key pair, you must specify a symmetric KMS key to - * encrypt the private key in a data key pair. You cannot use an asymmetric KMS key or a KMS key in a - * custom key store. To get the type and origin of your KMS key, use the DescribeKey operation.
+ *To generate a data key pair, you must specify a symmetric KMS key to encrypt the private + * key in a data key pair. You cannot use an asymmetric KMS key or a KMS key in a custom key + * store. To get the type and origin of your KMS key, use the DescribeKey + * operation.
*Use the KeyPairSpec
parameter to choose an RSA or Elliptic Curve (ECC) data
- * key pair. KMS recommends that your use ECC key pairs for signing, and use RSA key pairs
- * for either encryption or signing, but not both. However, KMS cannot enforce any restrictions
- * on the use of data key pairs outside of KMS.
* GenerateDataKeyPairWithoutPlaintext
returns a unique data key pair for each
- * request. The bytes in the key are not related to the caller or KMS key that is used to encrypt the
- * private key. The public key is a DER-encoded X.509 SubjectPublicKeyInfo, as specified in
+ * request. The bytes in the key are not related to the caller or KMS key that is used to encrypt
+ * the private key. The public key is a DER-encoded X.509 SubjectPublicKeyInfo, as specified in
* RFC 5280.
You can use the optional encryption context to add additional security to the encryption @@ -1984,11 +2018,13 @@ export class KMS extends KMSClient { *
The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
*
- * Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
+ * Cross-account
+ * use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
* the key ARN or alias ARN in the value of the KeyId
parameter.
- * Required permissions: kms:GenerateDataKeyPairWithoutPlaintext (key policy)
+ * Required permissions: kms:GenerateDataKeyPairWithoutPlaintext (key + * policy) ** Related operations: *
@@ -2051,8 +2087,8 @@ export class KMS extends KMSClient { /** *Generates a unique symmetric data key. This operation returns a data key that is encrypted - * under a KMS key that you specify. To request an asymmetric data key pair, - * use the GenerateDataKeyPair or GenerateDataKeyPairWithoutPlaintext operations.
+ * under a KMS key that you specify. To request an asymmetric data key pair, use the GenerateDataKeyPair or GenerateDataKeyPairWithoutPlaintext + * operations. *
* GenerateDataKeyWithoutPlaintext
is identical to the GenerateDataKey operation except that returns only the encrypted copy of the
* data key. This operation is useful for systems that need to encrypt data at some point, but
@@ -2067,12 +2103,12 @@ export class KMS extends KMSClient {
* plaintext data key.
* GenerateDataKeyWithoutPlaintext
returns a unique data key for each request.
- * The bytes in the keys are not related to the caller or KMS key that is used to encrypt the private
- * key.
To generate a data key, you must specify the symmetric KMS key that is - * used to encrypt the data key. You cannot use an asymmetric KMS key to generate a data key. To get - * the type of your KMS key, use the DescribeKey operation.
+ *To generate a data key, you must specify the symmetric KMS key that is used to encrypt the + * data key. You cannot use an asymmetric KMS key to generate a data key. To get the type of your + * KMS key, use the DescribeKey operation.
* *If the operation succeeds, you will find the encrypted copy of the data key in the
* CiphertextBlob
field.
The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
*
- * Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
+ * Cross-account
+ * use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
* the key ARN or alias ARN in the value of the KeyId
parameter.
- * Required permissions: kms:GenerateDataKeyWithoutPlaintext (key policy)
+ * Required permissions: kms:GenerateDataKeyWithoutPlaintext (key + * policy) ** Related operations: *
@@ -2156,7 +2194,8 @@ export class KMS extends KMSClient { * the CloudHSM cluster that is associated with a custom key store, specify the custom key store * ID. *Applications in Amazon Web Services Nitro Enclaves can call this operation by using the Amazon Web Services Nitro Enclaves Development Kit. For information about the supporting parameters, see How Amazon Web Services Nitro Enclaves use KMS in the Key Management Service Developer Guide.
- *For more information about entropy and random number generation, see Key Management Service Cryptographic Details.
+ *For more information about entropy and random number generation, see + * Key Management Service Cryptographic Details.
* ** Required permissions: kms:GenerateRandom (IAM policy)
@@ -2230,7 +2269,8 @@ export class KMS extends KMSClient { /** *Gets a Boolean value that indicates whether automatic rotation of the key material is * enabled for the specified KMS key.
- *You cannot enable automatic rotation of asymmetric KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key. The key rotation status for these KMS keys is always false
.
You cannot enable automatic rotation of asymmetric KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key. The key rotation status for these KMS keys is always
+ * false
.
The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
*Returns the items you need to import key material into a symmetric, customer managed - * KMS key. For more information about importing key material into KMS, see - * Importing Key - * Material in the Key Management Service Developer Guide.
+ *Returns the items you need to import key material into a symmetric, customer managed KMS + * key. For more information about importing key material into KMS, see Importing Key Material + * in the Key Management Service Developer Guide.
*This operation returns a public key and an import token. Use the public key to encrypt the * symmetric key material. Store the import token to send with a subsequent ImportKeyMaterial request.
- *You must specify the key ID of the symmetric KMS key into which you will import key material.
- * This KMS key's Origin
must be EXTERNAL
. You must also specify the
- * wrapping algorithm and type of wrapping key (public key) that you will use to encrypt the key
- * material. You cannot perform this operation on an asymmetric KMS key or on any KMS key in a different Amazon Web Services account.
You must specify the key ID of the symmetric KMS key into which you will import key
+ * material. This KMS key's Origin
must be EXTERNAL
. You must also
+ * specify the wrapping algorithm and type of wrapping key (public key) that you will use to
+ * encrypt the key material. You cannot perform this operation on an asymmetric KMS key or on any KMS key in a different Amazon Web Services account.
To import key material, you must use the public key and import token from the same
* response. These items are valid for 24 hours. The expiration date and time appear in the
* GetParametersForImport
response. You cannot use an expired token in an ImportKeyMaterial request. If your key and token expire, send another
@@ -2363,10 +2402,11 @@ export class KMS extends KMSClient {
}
/**
- *
Returns the public key of an asymmetric KMS key. Unlike the private key of a asymmetric KMS key,
- * which never leaves KMS unencrypted, callers with kms:GetPublicKey
permission
- * can download the public key of an asymmetric KMS key. You can share the public key to allow others
- * to encrypt messages and verify signatures outside of KMS. For information about symmetric and asymmetric KMS keys, see Using Symmetric and Asymmetric KMS keys in the Key Management Service Developer Guide.
Returns the public key of an asymmetric KMS key. Unlike the private key of a asymmetric
+ * KMS key, which never leaves KMS unencrypted, callers with kms:GetPublicKey
+ * permission can download the public key of an asymmetric KMS key. You can share the public key
+ * to allow others to encrypt messages and verify signatures outside of KMS.
+ * For information about symmetric and asymmetric KMS keys, see Using Symmetric and Asymmetric KMS keys in the Key Management Service Developer Guide.
You do not need to download the public key. Instead, you can use the public key within * KMS by calling the Encrypt, ReEncrypt, or Verify operations with the identifier of an asymmetric KMS key. When you use the * public key within KMS, you benefit from the authentication, authorization, and logging that @@ -2400,7 +2440,8 @@ export class KMS extends KMSClient { *
The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
*
- * Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
+ * Cross-account use:
+ * Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
* the key ARN or alias ARN in the value of the KeyId
parameter.
@@ -2436,12 +2477,12 @@ export class KMS extends KMSClient { } /** - *
Imports key material into an existing symmetric KMS KMS key that was - * created without key material. After you successfully import key material into a KMS key, you can - * reimport the same key material into that KMS key, but you cannot import different key + *
Imports key material into an existing symmetric KMS KMS key that was created without key + * material. After you successfully import key material into a KMS key, you can reimport + * the same key material into that KMS key, but you cannot import different key * material.
- *You cannot perform this operation on an asymmetric KMS key or on any KMS key in a different Amazon Web Services account. For more information about creating KMS keys with no key material and - * then importing key material, see Importing Key Material in the + *
You cannot perform this operation on an asymmetric KMS key or on any KMS key in a different Amazon Web Services account. For more information about creating KMS keys with no key material + * and then importing key material, see Importing Key Material in the * Key Management Service Developer Guide.
*Before using this operation, call GetParametersForImport. Its response * includes a public key and an import token. Use the public key to encrypt the key material. @@ -2450,8 +2491,8 @@ export class KMS extends KMSClient { *
When calling this operation, you must specify the following values:
*The key ID or key ARN of a KMS key with no key material. Its Origin
must be
- * EXTERNAL
.
The key ID or key ARN of a KMS key with no key material. Its Origin
must
+ * be EXTERNAL
.
To create a KMS key with no key material, call CreateKey and set the
* value of its Origin
parameter to EXTERNAL
. To get the
* Origin
of a KMS key, call DescribeKey.)
Whether the key material expires and if so, when. If you set an expiration date, KMS - * deletes the key material from the KMS key on the specified date, and the KMS key becomes unusable. - * To use the KMS key again, you must reimport the same key material. The only way to change an - * expiration date is by reimporting the same key material and specifying a new expiration - * date.
+ * deletes the key material from the KMS key on the specified date, and the KMS key becomes + * unusable. To use the KMS key again, you must reimport the same key material. The only way + * to change an expiration date is by reimporting the same key material and specifying a new + * expiration date. *When this operation is successful, the key state of the KMS key changes from
* PendingImport
to Enabled
, and you can use the KMS key.
If this operation fails, use the exception to help determine the problem. If the error is - * related to the key material, the import token, or wrapping key, use GetParametersForImport to get a new public key and import token for the KMS key and - * repeat the import procedure. For help, see How To Import Key + * related to the key material, the import token, or wrapping key, use GetParametersForImport to get a new public key and import token for the KMS key + * and repeat the import procedure. For help, see How To Import Key * Material in the Key Management Service Developer Guide.
*The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
@@ -2531,26 +2572,29 @@ export class KMS extends KMSClient { } /** - *Gets a list of aliases in the caller's Amazon Web Services account and region. For more information about - * aliases, see CreateAlias.
+ *Gets a list of aliases in the caller's Amazon Web Services account and region. For more information + * about aliases, see CreateAlias.
*By default, the ListAliases
operation returns all aliases in the account and
- * region. To get only the aliases associated with a particular KMS key, use
- * the KeyId
parameter.
KeyId
parameter.
* The ListAliases
response can include aliases that you created and associated
- * with your customer managed keys, and aliases that Amazon Web Services created and associated with Amazon Web Services managed keys in your account. You can recognize Amazon Web Services aliases because their names have the format
- * aws/
, such as aws/dynamodb
.
aws/
, such as aws/dynamodb
.
* The response might also include aliases that have no TargetKeyId
field. These
- * are predefined aliases that Amazon Web Services has created but has not yet associated with a KMS key. Aliases
- * that Amazon Web Services creates in your account, including predefined aliases, do not count against your
- * KMS aliases
+ * are predefined aliases that Amazon Web Services has created but has not yet associated with a KMS key.
+ * Aliases that Amazon Web Services creates in your account, including predefined aliases, do not count against
+ * your KMS aliases
* quota.
* Cross-account use: No. ListAliases
does not
* return aliases in other Amazon Web Services accounts.
* Required permissions: kms:ListAliases (IAM policy)
- *For details, see Controlling access to aliases in the Key Management Service Developer Guide.
+ *For details, see Controlling access to aliases in the + * Key Management Service Developer Guide.
** Related operations: *
@@ -2597,8 +2641,8 @@ export class KMS extends KMSClient { /** *Gets a list of all grants for the specified KMS key.
- *You must specify the KMS key in all requests. You can filter the grant list by grant ID - * or grantee principal.
+ *You must specify the KMS key in all requests. You can filter the grant list by grant ID or + * grantee principal.
*For detailed information about grants, including grant terminology, see Using grants in the * * Key Management Service Developer Guide @@ -2667,9 +2711,9 @@ export class KMS extends KMSClient { } /** - *
Gets the names of the key policies that are attached to a KMS key. This
- * operation is designed to get policy names that you can use in a GetKeyPolicy
- * operation. However, the only valid policy name is default
.
Gets the names of the key policies that are attached to a KMS key. This operation is
+ * designed to get policy names that you can use in a GetKeyPolicy operation.
+ * However, the only valid policy name is default
.
* Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
* @@ -2721,8 +2765,7 @@ export class KMS extends KMSClient { } /** - *Gets a list of all KMS keys in the caller's Amazon Web Services account and - * Region.
+ *Gets a list of all KMS keys in the caller's Amazon Web Services account and Region.
** Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
* @@ -2844,11 +2887,11 @@ export class KMS extends KMSClient { } /** - *Returns information about all grants in the Amazon Web Services account and Region that have the specified - * retiring principal.
+ *Returns information about all grants in the Amazon Web Services account and Region that have the + * specified retiring principal.
*You can specify any principal in your Amazon Web Services account. The grants that are returned include - * grants for KMS keys in your Amazon Web Services account and other Amazon Web Services accounts. You might use this operation to - * determine which grants you may retire. To retire a grant, use the RetireGrant operation.
+ * grants for KMS keys in your Amazon Web Services account and other Amazon Web Services accounts. You might use this + * operation to determine which grants you may retire. To retire a grant, use the RetireGrant operation. *For detailed information about grants, including grant terminology, see Using grants in the * * Key Management Service Developer Guide @@ -2857,11 +2900,12 @@ export class KMS extends KMSClient { *
* Cross-account use: You must specify a principal in your
* Amazon Web Services account. However, this operation can return grants in any Amazon Web Services account. You do not need
- * kms:ListRetirableGrants
permission (or any other additional permission) in any
+ * kms:ListRetirableGrants
permission (or any other additional permission) in any
* Amazon Web Services account other than your own.
- * Required permissions: kms:ListRetirableGrants (IAM policy) in your Amazon Web Services account.
+ * Required permissions: kms:ListRetirableGrants (IAM policy) in your + * Amazon Web Services account. ** Related operations: *
@@ -2961,39 +3005,45 @@ export class KMS extends KMSClient { /** *Decrypts ciphertext and then reencrypts it entirely within KMS. You can use this - * operation to change the KMS key under which data is encrypted, such as when - * you manually rotate a KMS key or change the KMS key that protects a ciphertext. You can also - * use it to reencrypt ciphertext under the same KMS key, such as to change the encryption + * operation to change the KMS key under which data is encrypted, such as when you manually + * rotate a KMS key or change the KMS key that protects a ciphertext. You can also use + * it to reencrypt ciphertext under the same KMS key, such as to change the encryption * context of a ciphertext.
*The ReEncrypt
operation can decrypt ciphertext that was encrypted by using an
* KMS KMS key in an KMS operation, such as Encrypt or GenerateDataKey. It can also decrypt ciphertext that was encrypted by using the
- * public key of an asymmetric KMS key outside of KMS. However, it cannot decrypt ciphertext
- * produced by other libraries, such as the Amazon Web Services Encryption SDK or Amazon S3 client-side encryption.
- * These libraries return a ciphertext format that is incompatible with KMS.
When you use the ReEncrypt
operation, you need to provide information for the
* decrypt operation and the subsequent encrypt operation.
If your ciphertext was encrypted under an asymmetric KMS key, you must use the
- * SourceKeyId
parameter to identify the KMS key that encrypted the ciphertext.
- * You must also supply the encryption algorithm that was used. This information is required
- * to decrypt the data.
SourceKeyId
parameter to identify the KMS key that encrypted the
+ * ciphertext. You must also supply the encryption algorithm that was used. This information
+ * is required to decrypt the data.
* If your ciphertext was encrypted under a symmetric KMS key, the SourceKeyId
- * parameter is optional. KMS can get this information from metadata that it adds to the
- * symmetric ciphertext blob. This feature adds durability to your implementation by ensuring
- * that authorized users can decrypt ciphertext decades after it was encrypted, even if
- * they've lost track of the key ID. However, specifying the source KMS key is always recommended
- * as a best practice. When you use the SourceKeyId
parameter to specify a KMS key,
- * KMS uses only the KMS key you specify. If the ciphertext was encrypted under a different KMS key, the ReEncrypt
operation fails. This practice ensures that you use the KMS key that you intend.
If your ciphertext was encrypted under a symmetric KMS key, the
+ * SourceKeyId
parameter is optional. KMS can get this information from
+ * metadata that it adds to the symmetric ciphertext blob. This feature adds durability to
+ * your implementation by ensuring that authorized users can decrypt ciphertext decades after
+ * it was encrypted, even if they've lost track of the key ID. However, specifying the source
+ * KMS key is always recommended as a best practice. When you use the
+ * SourceKeyId
parameter to specify a KMS key, KMS uses only the KMS key you
+ * specify. If the ciphertext was encrypted under a different KMS key, the
+ * ReEncrypt
operation fails. This practice ensures that you use the KMS key
+ * that you intend.
To reencrypt the data, you must use the DestinationKeyId
parameter
* specify the KMS key that re-encrypts the data after it is decrypted. You can select a
- * symmetric or asymmetric KMS key. If the destination KMS key is an asymmetric KMS key, you must also
- * provide the encryption algorithm. The algorithm that you choose must be compatible with
- * the KMS key.
When you use an asymmetric KMS key to encrypt or reencrypt data, be sure to record the KMS key and encryption algorithm that you choose. You will be required to provide the same KMS key and encryption algorithm when you decrypt the data. If the KMS key and algorithm do not match the values used to encrypt the data, the decrypt operation fails.
@@ -3001,26 +3051,26 @@ export class KMS extends KMSClient { *The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
*- * Cross-account use: Yes. The source KMS key and destination KMS key can be in different Amazon Web Services accounts. Either or both KMS keys can be in a different account than - * the caller. To specify a KMS key in a different account, you must use its key ARN or alias - * ARN.
+ * Cross-account use: Yes. + * The source KMS key and destination KMS key can be in different Amazon Web Services accounts. Either or both + * KMS keys can be in a different account than the caller. To specify a KMS key in a different + * account, you must use its key ARN or alias ARN. * ** Required permissions:
*- * kms:ReEncryptFrom permission on the source KMS key (key policy)
+ * kms:ReEncryptFrom + * permission on the source KMS key (key policy) *- * kms:ReEncryptTo permission on the destination KMS key (key policy)
+ * kms:ReEncryptTo + * permission on the destination KMS key (key policy) *To permit reencryption from or to a KMS key, include the "kms:ReEncrypt*"
@@ -3109,7 +3159,7 @@ export class KMS extends KMSClient {
* details about the Creating
key state, see Key state: Effect on your KMS key in the
* Key Management Service Developer Guide.
The CloudTrail log of a ReplicateKey
operation records a
- * ReplicateKey
operation in the primary key's Region and a CreateKey operation in the replica key's Region.
ReplicateKey
operation in the primary key's Region and a CreateKey operation in the replica key's Region.
* If you replicate a multi-Region primary key with imported key material, the replica key is * created with no key material. You must import the same key material that you imported into the * primary key. For details, see Importing key material into multi-Region keys in the Key Management Service Developer Guide.
@@ -3117,8 +3167,8 @@ export class KMS extends KMSClient { * operation. *
- * ReplicateKey
uses different default values for the KeyPolicy
and
- * Tags
parameters than those used in the KMS console. For details, see the
+ * ReplicateKey
uses different default values for the KeyPolicy
+ * and Tags
parameters than those used in the KMS console. For details, see the
* parameter descriptions.
@@ -3129,8 +3179,8 @@ export class KMS extends KMSClient { *
- * kms:ReplicateKey
on the primary key (in the primary key's Region). Include this
- * permission in the primary key's key policy.
kms:ReplicateKey
on the primary key (in the primary key's Region).
+ * Include this permission in the primary key's key policy.
* @@ -3186,12 +3236,13 @@ export class KMS extends KMSClient { /** *
Deletes a grant. Typically, you retire a grant when you no longer need its permissions. To * identify the grant to retire, use a grant token, or both the grant ID and a - * key identifier (key ID or key ARN) of the KMS key. The CreateGrant operation returns both values.
+ * key identifier (key ID or key ARN) of the KMS key. The CreateGrant operation + * returns both values. *This operation can be called by the retiring principal for a grant,
* by the grantee principal if the grant allows the RetireGrant
* operation, and by the Amazon Web Services account (root user) in which the grant is created. It can also be
* called by principals to whom permission for retiring a grant is delegated. For details, see
- * Retiring and
+ * Retiring and
* revoking grants in the Key Management Service Developer Guide.
For detailed information about grants, including grant terminology, see Using grants in the * @@ -3199,11 +3250,12 @@ export class KMS extends KMSClient { * . For examples of working with grants in several * programming languages, see Programming grants.
*- * Cross-account use: Yes. You can retire a grant on a KMS key - * in a different Amazon Web Services account.
+ * Cross-account use: Yes. You can retire a grant on a KMS + * key in a different Amazon Web Services account. ** Required permissions::Permission to retire a grant is - * determined primarily by the grant. For details, see Retiring and revoking grants in the Key Management Service Developer Guide.
+ * determined primarily by the grant. For details, see Retiring and revoking grants in + * the Key Management Service Developer Guide. ** Related operations: *
@@ -3255,8 +3307,7 @@ export class KMS extends KMSClient { /** *Deletes the specified grant. You revoke a grant to terminate the permissions that the - * grant allows. For more - * information, see Retiring and revoking grants in + * grant allows. For more information, see Retiring and revoking grants in * the * Key Management Service Developer Guide * .
@@ -3324,22 +3375,24 @@ export class KMS extends KMSClient { } /** - *Schedules the deletion of a KMS key. By default, KMS applies a waiting
- * period of 30 days, but you can specify a waiting period of 7-30 days. When this operation is
- * successful, the key state of the KMS key changes to PendingDeletion
and the key can't
- * be used in any cryptographic operations. It remains in this state for the duration of the
- * waiting period. Before the waiting period ends, you can use CancelKeyDeletion to cancel the deletion of the KMS key. After the waiting period ends, KMS deletes the KMS key,
+ *
Schedules the deletion of a KMS key. By default, KMS applies a waiting period of 30
+ * days, but you can specify a waiting period of 7-30 days. When this operation is successful,
+ * the key state of the KMS key changes to PendingDeletion
and the key can't be used
+ * in any cryptographic operations. It remains in this state for the duration of the waiting
+ * period. Before the waiting period ends, you can use CancelKeyDeletion to
+ * cancel the deletion of the KMS key. After the waiting period ends, KMS deletes the KMS key,
* its key material, and all KMS data associated with it, including all aliases that refer to
* it.
Deleting a KMS key is a destructive and potentially dangerous operation. When a KMS key is - * deleted, all data that was encrypted under the KMS key is unrecoverable. (The only exception is - * a multi-Region replica key.) To prevent the use of a KMS key without deleting it, use DisableKey.
+ *Deleting a KMS key is a destructive and potentially dangerous operation. When a KMS key + * is deleted, all data that was encrypted under the KMS key is unrecoverable. (The only + * exception is a multi-Region replica key.) To prevent the use of a KMS key without deleting + * it, use DisableKey.
*If you schedule deletion of a KMS key from a custom key store, when the waiting period
- * expires, ScheduleKeyDeletion
deletes the KMS key from KMS. Then KMS makes a best
- * effort to delete the key material from the associated CloudHSM cluster. However, you might need
- * to manually delete the orphaned key
+ * expires, ScheduleKeyDeletion
deletes the KMS key from KMS. Then KMS makes a
+ * best effort to delete the key material from the associated CloudHSM cluster. However, you might
+ * need to manually delete the orphaned key
* material from the cluster and its backups.
You can schedule the deletion of a multi-Region primary key and its replica keys at any
* time. However, KMS will not delete a multi-Region primary key with existing replica keys. If
@@ -3348,18 +3401,20 @@ export class KMS extends KMSClient {
* operations. This status can continue indefinitely. When the last of its replicas keys is
* deleted (not just scheduled), the key state of the primary key changes to
* PendingDeletion
and its waiting period (PendingWindowInDays
)
- * begins. For details, see Deleting multi-Region keys in the Key Management Service Developer Guide.
For more information about scheduling a KMS key for deletion, see Deleting KMS keys in the * Key Management Service Developer Guide.
*The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
- * *- * Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
+ * Cross-account + * use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. * * *- * Required permissions: kms:ScheduleKeyDeletion (key policy)
+ * Required permissions: kms:ScheduleKeyDeletion (key + * policy) ** Related operations *
@@ -3407,20 +3462,21 @@ export class KMS extends KMSClient { /** *Creates a digital - * signature for a message or message digest by using the private key in an asymmetric KMS key. To verify the signature, use the Verify operation, or use the public - * key in the same asymmetric KMS key outside of KMS. For information about symmetric and asymmetric KMS keys, see Using Symmetric and Asymmetric KMS keys in the Key Management Service Developer Guide.
+ * signature for a message or message digest by using the private key in an asymmetric + * KMS key. To verify the signature, use the Verify operation, or use the + * public key in the same asymmetric KMS key outside of KMS. For information about symmetric and asymmetric KMS keys, see Using Symmetric and Asymmetric KMS keys in the Key Management Service Developer Guide. *Digital signatures are generated and verified by using asymmetric key pair, such as an RSA - * or ECC pair that is represented by an asymmetric KMS key. The key owner (or - * an authorized user) uses their private key to sign a message. Anyone with the public key can - * verify that the message was signed with that particular private key and that the message - * hasn't changed since it was signed.
+ * or ECC pair that is represented by an asymmetric KMS key. The key owner (or an authorized + * user) uses their private key to sign a message. Anyone with the public key can verify that the + * message was signed with that particular private key and that the message hasn't changed since + * it was signed. *To use the Sign
operation, provide the following information:
Use the KeyId
parameter to identify an asymmetric KMS key with a
* KeyUsage
value of SIGN_VERIFY
. To get the
- * KeyUsage
value of a KMS key, use the DescribeKey operation.
- * The caller must have kms:Sign
permission on the KMS key.
KeyUsage
value of a KMS key, use the DescribeKey
+ * operation. The caller must have kms:Sign
permission on the KMS key.
* Use the Message
parameter to specify the message or message digest to
@@ -3442,7 +3498,7 @@ export class KMS extends KMSClient {
* then use the public key to verify the signature outside of KMS.
The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
- *+ *
* Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
* the key ARN or alias ARN in the value of the KeyId
parameter.
You can use this operation to tag a customer managed key, but you cannot - * tag an Amazon Web Services managed key, an Amazon Web Services owned key, a custom key store, or - * an alias.
- *You can also add tags to a KMS key while creating it (CreateKey) or replicating it (ReplicateKey).
+ * tag an Amazon Web Services + * managed key, an Amazon Web Services owned key, a custom key + * store, or an alias. + *You can also add tags to a KMS key while creating it (CreateKey) or + * replicating it (ReplicateKey).
*For information about using tags in KMS, see Tagging keys. For general information about * tags, including the format and syntax, see Tagging Amazon Web Services resources in the Amazon * Web Services General Reference.
*The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
*- * Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
+ * Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. * ** Required permissions: kms:TagResource (key policy)
@@ -3553,8 +3611,8 @@ export class KMS extends KMSClient { *Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see Using ABAC in KMS in the Key Management Service Developer Guide.
*When it succeeds, the UntagResource
operation doesn't return any output.
- * Also, if the specified tag key isn't found on the KMS key, it doesn't throw an exception or return
- * a response. To confirm that the operation worked, use the ListResourceTags operation.
For information about using tags in KMS, see Tagging keys. For general information about * tags, including the format and syntax, see Tagging Amazon Web Services resources in the Amazon @@ -3562,7 +3620,7 @@ export class KMS extends KMSClient { *
The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
*- * Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
+ * Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. * ** Required permissions: kms:UntagResource (key policy)
@@ -3622,9 +3680,9 @@ export class KMS extends KMSClient { } /** - *Associates an existing KMS alias with a different KMS key. Each alias - * is associated with only one KMS key at a time, although a KMS key can have multiple aliases. The alias - * and the KMS key must be in the same Amazon Web Services account and Region.
+ *Associates an existing KMS alias with a different KMS key. Each alias is associated with + * only one KMS key at a time, although a KMS key can have multiple aliases. The alias and the + * KMS key must be in the same Amazon Web Services account and Region.
*Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see Using ABAC in KMS in the Key Management Service Developer Guide.
*Because an alias is not a property of a KMS key, you can create, update, and delete the - * aliases of a KMS key without affecting the KMS key. Also, aliases do not appear in the response from - * the DescribeKey operation. To get the aliases of all KMS keys in the account, - * use the ListAliases operation.
+ * aliases of a KMS key without affecting the KMS key. Also, aliases do not appear in the + * response from the DescribeKey operation. To get the aliases of all KMS keys + * in the account, use the ListAliases operation. *The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
- *+ *
* Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
** Required permissions @@ -3649,18 +3707,22 @@ export class KMS extends KMSClient { *
- * kms:UpdateAlias on the alias (IAM policy).
+ * kms:UpdateAlias on + * the alias (IAM policy). *- * kms:UpdateAlias on the current KMS key (key policy).
+ * kms:UpdateAlias on + * the current KMS key (key policy). *- * kms:UpdateAlias on the new KMS key (key policy).
+ * kms:UpdateAlias on + * the new KMS key (key policy). *For details, see Controlling access to aliases in the Key Management Service Developer Guide.
+ *For details, see Controlling access to aliases in the + * Key Management Service Developer Guide.
** Related operations: *
@@ -3714,29 +3776,29 @@ export class KMS extends KMSClient { * the update completes, use ConnectCustomKeyStore. To find the connection * state of a custom key store, use the DescribeCustomKeyStores * operation. - *Use the parameters of UpdateCustomKeyStore
to edit your keystore
- * settings.
The CustomKeyStoreId
parameter is required in all commands. Use the other
+ * parameters of UpdateCustomKeyStore
to edit your key store settings.
Use the NewCustomKeyStoreName parameter to change the - * friendly name of the custom key store to the value that you specify.
+ *Use the NewCustomKeyStoreName
parameter to change the friendly name of
+ * the custom key store to the value that you specify.
*
Use the KeyStorePassword parameter tell KMS the
- * current password of the
- * kmsuser
crypto
- * user (CU) in the associated CloudHSM cluster. You can use this parameter to fix
- * connection failures that occur when KMS cannot log into the associated cluster
- * because the kmsuser
password has changed. This value does not change the
- * password in the CloudHSM cluster.
Use the KeyStorePassword
parameter tell KMS the current password of the
+ *
+ * kmsuser
crypto user (CU) in the associated CloudHSM cluster. You
+ * can use this parameter to fix connection
+ * failures that occur when KMS cannot log into the associated cluster because
+ * the kmsuser
password has changed. This value does not change the password in
+ * the CloudHSM cluster.
*
Use the CloudHsmClusterId parameter to associate the - * custom key store with a different, but related, CloudHSM cluster. You can use this parameter - * to repair a custom key store if its CloudHSM cluster becomes corrupted or is deleted, or when - * you need to create or restore a cluster from a backup.
+ *Use the CloudHsmClusterId
parameter to associate the custom key store
+ * with a different, but related, CloudHSM cluster. You can use this parameter to repair a
+ * custom key store if its CloudHSM cluster becomes corrupted or is deleted, or when you need to
+ * create or restore a cluster from a backup.
If the operation succeeds, it returns a JSON object with no @@ -3744,9 +3806,9 @@ export class KMS extends KMSClient { *
This operation is part of the Custom Key Store feature feature in KMS, which * combines the convenience and extensive integration of KMS with the isolation and control of a * single-tenant key store.
- * *- * Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.
+ * Cross-account + * use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account. ** Required permissions: kms:UpdateCustomKeyStore (IAM policy)
*@@ -3810,12 +3872,12 @@ export class KMS extends KMSClient { } /** - *
Updates the description of a KMS key. To see the description of a KMS key, - * use DescribeKey.
+ *Updates the description of a KMS key. To see the description of a KMS key, use DescribeKey.
*The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
*- * Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
+ * Cross-account + * use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. * ** Required permissions: kms:UpdateKeyDescription (key policy)
@@ -3880,7 +3942,7 @@ export class KMS extends KMSClient { * that are always shared by primary and replica keys, including the key material, key ID, key spec, key usage, key material * origin, and automatic * key rotation. It's the only key that can be replicated. You cannot delete the primary - * key until all replica keys are deleted. + * key until all replica keys are deleted. *The key ID and primary Region that you specify uniquely identify the replica key that will * become the primary key. The primary Region must already have a replica key. This operation * does not create a KMS key in the specified Region. To find the replica keys, use the DescribeKey operation on the primary key or any replica key. To create a replica @@ -3964,9 +4026,9 @@ export class KMS extends KMSClient { /** *
Verifies a digital signature that was generated by the Sign operation.
* - *Verification confirms that an authorized user signed the message with the specified KMS key
- * and signing algorithm, and the message hasn't changed since it was signed. If the signature is
- * verified, the value of the SignatureValid
field in the response is
+ *
Verification confirms that an authorized user signed the message with the specified KMS
+ * key and signing algorithm, and the message hasn't changed since it was signed. If the
+ * signature is verified, the value of the SignatureValid
field in the response is
* True
. If the signature verification fails, the Verify
operation
* fails with an KMSInvalidSignatureException
exception.
A digital signature is generated by using the private key in an asymmetric KMS key. The @@ -3975,8 +4037,8 @@ export class KMS extends KMSClient { *
To verify a digital signature, you can use the Verify
operation. Specify the
* same asymmetric KMS key, message, and signing algorithm that were used to produce the
* signature.
You can also verify the digital signature by using the public key of the KMS key outside of - * KMS. Use the GetPublicKey operation to download the public key in the + *
You can also verify the digital signature by using the public key of the KMS key outside
+ * of KMS. Use the GetPublicKey operation to download the public key in the
* asymmetric KMS key and then use the public key to verify the signature outside of KMS. The
* advantage of using the Verify
operation is that it is performed within KMS. As
* a result, it's easy to call, the operation is performed within the FIPS boundary, it is logged
diff --git a/clients/client-kms/src/KMSClient.ts b/clients/client-kms/src/KMSClient.ts
index 224b3a5c18bb..5976cc11f4e9 100644
--- a/clients/client-kms/src/KMSClient.ts
+++ b/clients/client-kms/src/KMSClient.ts
@@ -419,10 +419,11 @@ export interface KMSClientResolvedConfig extends KMSClientResolvedConfigType {}
*
* Logging API Requests *
- *KMS supports CloudTrail, a service that logs Amazon Web Services API calls and related events for your Amazon Web Services account and delivers them to an Amazon S3 bucket that you specify. By using the information - * collected by CloudTrail, you can determine what requests were made to KMS, who made the request, - * when it was made, and so on. To learn more about CloudTrail, including how to turn it on and find - * your log files, see the CloudTrail User Guide.
+ *KMS supports CloudTrail, a service that logs Amazon Web Services API calls and related events for your + * Amazon Web Services account and delivers them to an Amazon S3 bucket that you specify. By using the + * information collected by CloudTrail, you can determine what requests were made to KMS, who made + * the request, when it was made, and so on. To learn more about CloudTrail, including how to turn it + * on and find your log files, see the CloudTrail User Guide.
** Additional Resources *
@@ -430,9 +431,9 @@ export interface KMSClientResolvedConfig extends KMSClientResolvedConfigType {} *- * Amazon Web Services Security - * Credentials - This topic provides general information about the types of - * credentials used to access Amazon Web Services.
+ * Amazon Web Services + * Security Credentials - This topic provides general information about the types + * of credentials used to access Amazon Web Services. *diff --git a/clients/client-kms/src/commands/CancelKeyDeletionCommand.ts b/clients/client-kms/src/commands/CancelKeyDeletionCommand.ts index 475e77fd7ea7..d9c3fb318b58 100644 --- a/clients/client-kms/src/commands/CancelKeyDeletionCommand.ts +++ b/clients/client-kms/src/commands/CancelKeyDeletionCommand.ts @@ -22,13 +22,15 @@ export interface CancelKeyDeletionCommandInput extends CancelKeyDeletionRequest export interface CancelKeyDeletionCommandOutput extends CancelKeyDeletionResponse, __MetadataBearer {} /** - *
Cancels the deletion of a KMS key. When this operation succeeds, the key
- * state of the KMS key is Disabled
. To enable the KMS key, use EnableKey.
For more information about scheduling and canceling deletion of a KMS key, see Deleting KMS keys in the Key Management Service Developer Guide.
+ *Cancels the deletion of a KMS key. When this operation succeeds, the key state of the KMS
+ * key is Disabled
. To enable the KMS key, use EnableKey.
For more information about scheduling and canceling deletion of a KMS key, see Deleting KMS keys in the + * Key Management Service Developer Guide.
*The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
*- * Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
+ * Cross-account + * use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. ** Required permissions: kms:CancelKeyDeletion (key policy)
*diff --git a/clients/client-kms/src/commands/ConnectCustomKeyStoreCommand.ts b/clients/client-kms/src/commands/ConnectCustomKeyStoreCommand.ts index 39bd4414fbe3..0c0229aa9982 100644 --- a/clients/client-kms/src/commands/ConnectCustomKeyStoreCommand.ts +++ b/clients/client-kms/src/commands/ConnectCustomKeyStoreCommand.ts @@ -23,9 +23,9 @@ export interface ConnectCustomKeyStoreCommandOutput extends ConnectCustomKeyStor /** *
Connects or reconnects a custom key store to its associated CloudHSM cluster.
- *The custom key store must be connected before you can create KMS keys - * in the key store or use the KMS keys it contains. You can disconnect and reconnect a custom key - * store at any time.
+ *The custom key store must be connected before you can create KMS keys in the key store or + * use the KMS keys it contains. You can disconnect and reconnect a custom key store at any + * time.
*To connect a custom key store, its associated CloudHSM cluster must have at least one active
* HSM. To get the number of active HSMs in a cluster, use the DescribeClusters operation. To add HSMs
* to the cluster, use the CreateHsm operation. Also, the
diff --git a/clients/client-kms/src/commands/CreateAliasCommand.ts b/clients/client-kms/src/commands/CreateAliasCommand.ts
index cac2bb9ffc01..990ea472dd11 100644
--- a/clients/client-kms/src/commands/CreateAliasCommand.ts
+++ b/clients/client-kms/src/commands/CreateAliasCommand.ts
@@ -27,11 +27,12 @@ export interface CreateAliasCommandOutput extends __MetadataBearer {}
* Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see Using ABAC in KMS in the Key Management Service Developer Guide. You can use an alias to identify a KMS key in the KMS console, in the DescribeKey operation and in cryptographic operations, such as Encrypt and
- * GenerateDataKey. You can also change the KMS key that's associated with the
- * alias (UpdateAlias) or delete the alias (DeleteAlias) at
- * any time. These operations don't affect the underlying KMS key.
You can associate the alias with any customer managed key in the same Amazon Web Services Region. Each - * alias is associated with only one KMS key at a time, but a KMS key can have multiple aliases. A valid KMS key is required. You can't create an alias without a KMS key.
+ * alias is associated with only one KMS key at a time, but a KMS key can have multiple aliases. + * A valid KMS key is required. You can't create an alias without a KMS key. *The alias must be unique in the account and Region, but you can have aliases with the same * name in different Regions. For detailed information about aliases, see Using aliases in the * Key Management Service Developer Guide.
@@ -48,14 +49,17 @@ export interface CreateAliasCommandOutput extends __MetadataBearer {} *- * kms:CreateAlias on the alias (IAM policy).
+ * kms:CreateAlias on + * the alias (IAM policy). *- * kms:CreateAlias on the KMS key (key policy).
+ * kms:CreateAlias on + * the KMS key (key policy). *For details, see Controlling access to aliases in the Key Management Service Developer Guide.
+ *For details, see Controlling access to aliases in the + * Key Management Service Developer Guide.
** Related operations: *
diff --git a/clients/client-kms/src/commands/CreateGrantCommand.ts b/clients/client-kms/src/commands/CreateGrantCommand.ts index 0217d045302e..08ca9adb0584 100644 --- a/clients/client-kms/src/commands/CreateGrantCommand.ts +++ b/clients/client-kms/src/commands/CreateGrantCommand.ts @@ -23,7 +23,9 @@ export interface CreateGrantCommandOutput extends CreateGrantResponse, __Metadat /** *Adds a grant to a KMS key.
- *A grant is a policy instrument that allows Amazon Web Services principals to use KMS keys in cryptographic operations. It also can allow them to view a KMS key (DescribeKey) and create and manage grants. When authorizing access to a KMS key, grants are considered along with key policies and IAM policies. Grants are often used for + *
A grant is a policy instrument that allows Amazon Web Services principals to use + * KMS keys in cryptographic operations. It also can allow them to view a KMS key (DescribeKey) and create and manage grants. When authorizing access to a KMS key, + * grants are considered along with key policies and IAM policies. Grants are often used for * temporary permissions because you can create one, use its permissions, and delete it without * changing your key policies or IAM policies.
*For detailed information about grants, including grant terminology, see Using grants in the @@ -32,28 +34,29 @@ export interface CreateGrantCommandOutput extends CreateGrantResponse, __Metadat * . For examples of working with grants in several * programming languages, see Programming grants.
*The CreateGrant
operation returns a GrantToken
and a
- * GrantId
.
GrantId
.
* When you create, retire, or revoke a grant, there might be a brief delay, usually less than five minutes, until the grant is available throughout KMS. This state is known as eventual consistency. Once the grant has achieved eventual consistency, the grantee principal - * can use the permissions in the grant without identifying the grant.
+ *When you create, retire, or revoke a grant, there might be a brief delay, usually less than five minutes, until the grant is available throughout KMS. This state is known as eventual consistency. Once the grant has achieved eventual consistency, the grantee + * principal can use the permissions in the grant without identifying the grant.
*However, to use the permissions in the grant immediately, use the
- * GrantToken
that CreateGrant
returns. For details, see Using a grant
- * token in the
+ * GrantToken
that CreateGrant
returns. For details, see Using a
+ * grant token in the
* Key Management Service Developer Guide
* .
The CreateGrant
operation also returns a GrantId
. You can use the
- * GrantId
and a key identifier to identify the grant in the RetireGrant and RevokeGrant operations. To find the grant
- * ID, use the ListGrants or ListRetirableGrants
- * operations.
The CreateGrant
operation also returns a GrantId
. You can
+ * use the GrantId
and a key identifier to identify the grant in the RetireGrant and RevokeGrant operations. To find the grant
+ * ID, use the ListGrants or ListRetirableGrants
+ * operations.
The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
*
- * Cross-account use: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key
+ * Cross-account use: Yes.
+ * To perform this operation on a KMS key in a different Amazon Web Services account, specify the key
* ARN in the value of the KeyId
parameter.
* Required permissions: kms:CreateGrant (key policy)
diff --git a/clients/client-kms/src/commands/CreateKeyCommand.ts b/clients/client-kms/src/commands/CreateKeyCommand.ts index c75e7d276e3f..e6c8e89c538e 100644 --- a/clients/client-kms/src/commands/CreateKeyCommand.ts +++ b/clients/client-kms/src/commands/CreateKeyCommand.ts @@ -19,20 +19,21 @@ export interface CreateKeyCommandInput extends CreateKeyRequest {} export interface CreateKeyCommandOutput extends CreateKeyResponse, __MetadataBearer {} /** - *Creates a unique customer managed KMS key in your Amazon Web Services account and Region.
+ *Creates a unique customer managed KMS key in your Amazon Web Services account and + * Region.
*KMS is replacing the term customer master key (CMK) with KMS key and KMS key. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term.
*You can use the CreateKey
operation to create symmetric or asymmetric KMS keys.
You can use the CreateKey
operation to create symmetric or asymmetric KMS
+ * keys.
- * Symmetric KMS keys contain a 256-bit symmetric key that - * never leaves KMS unencrypted. To use the KMS key, you must call KMS. You can use a - * symmetric KMS key to encrypt and decrypt small amounts of data, but they are typically used to - * generate data - * keys and data keys pairs. For details, + * Symmetric KMS keys contain a 256-bit symmetric key + * that never leaves KMS unencrypted. To use the KMS key, you must call KMS. You can use + * a symmetric KMS key to encrypt and decrypt small amounts of data, but they are typically + * used to generate data keys and data keys pairs. For details, * see GenerateDataKey and GenerateDataKeyPair.
*For information about symmetric and asymmetric KMS keys, see Using Symmetric and Asymmetric KMS keys in the Key Management Service Developer Guide.
@@ -73,8 +74,8 @@ export interface CreateKeyCommandOutput extends CreateKeyResponse, __MetadataBea *To create a multi-Region primary key in the local Amazon Web Services Region,
* use the MultiRegion
parameter with a value of True
. To create
- * a multi-Region replica key, that is, a KMS key with the same key ID and
- * key material as a primary key, but in a different Amazon Web Services Region, use the ReplicateKey operation. To change a replica key to a primary key, and its
+ * a multi-Region replica key, that is, a KMS key with the same key ID
+ * and key material as a primary key, but in a different Amazon Web Services Region, use the ReplicateKey operation. To change a replica key to a primary key, and its
* primary key to a replica key, use the UpdatePrimaryRegion
* operation.
This operation supports multi-Region keys, an KMS feature that lets you create multiple @@ -115,13 +116,14 @@ export interface CreateKeyCommandOutput extends CreateKeyResponse, __MetadataBea *
- * Cross-account use: No. You cannot use this operation to + * Cross-account use: No. You cannot use this operation to * create a KMS key in a different Amazon Web Services account.
* *
* Required permissions: kms:CreateKey (IAM policy). To use the
* Tags
parameter, kms:TagResource (IAM policy). For examples and information about related
- * permissions, see Allow a user to create KMS keys in the Key Management Service Developer Guide.
* Related operations: *
diff --git a/clients/client-kms/src/commands/DecryptCommand.ts b/clients/client-kms/src/commands/DecryptCommand.ts index a2840b6705bf..1dfc2e095949 100644 --- a/clients/client-kms/src/commands/DecryptCommand.ts +++ b/clients/client-kms/src/commands/DecryptCommand.ts @@ -19,8 +19,8 @@ export interface DecryptCommandInput extends DecryptRequest {} export interface DecryptCommandOutput extends DecryptResponse, __MetadataBearer {} /** - *Decrypts ciphertext that was encrypted by a KMS key using any of - * the following operations:
+ *Decrypts ciphertext that was encrypted by a KMS key using any of the following + * operations:
*@@ -49,33 +49,36 @@ export interface DecryptCommandOutput extends DecryptResponse, __MetadataBearer *
You can use this operation to decrypt ciphertext that was encrypted under a symmetric or - * asymmetric KMS key. When the KMS key is asymmetric, you must specify the KMS key and the encryption - * algorithm that was used to encrypt the ciphertext. For information about symmetric and asymmetric KMS keys, see Using Symmetric and Asymmetric KMS keys in the Key Management Service Developer Guide.
+ * asymmetric KMS key. When the KMS key is asymmetric, you must specify the KMS key and the + * encryption algorithm that was used to encrypt the ciphertext. For information about symmetric and asymmetric KMS keys, see Using Symmetric and Asymmetric KMS keys in the Key Management Service Developer Guide. *The Decrypt operation also decrypts ciphertext that was encrypted outside of KMS by the - * public key in an KMS asymmetric KMS key. However, it cannot decrypt ciphertext produced by other - * libraries, such as the Amazon Web Services Encryption - * SDK or Amazon S3 client-side encryption. These libraries return a ciphertext format that - * is incompatible with KMS.
- *If the ciphertext was encrypted under a symmetric KMS key, the KeyId
parameter is
- * optional. KMS can get this information from metadata that it adds to the symmetric
- * ciphertext blob. This feature adds durability to your implementation by ensuring that
- * authorized users can decrypt ciphertext decades after it was encrypted, even if they've lost
- * track of the key ID. However, specifying the KMS key is always recommended as a best practice.
- * When you use the KeyId
parameter to specify a KMS key, KMS only uses the KMS key you
- * specify. If the ciphertext was encrypted under a different KMS key, the Decrypt
- * operation fails. This practice ensures that you use the KMS key that you intend.
If the ciphertext was encrypted under a symmetric KMS key, the KeyId
+ * parameter is optional. KMS can get this information from metadata that it adds to the
+ * symmetric ciphertext blob. This feature adds durability to your implementation by ensuring
+ * that authorized users can decrypt ciphertext decades after it was encrypted, even if they've
+ * lost track of the key ID. However, specifying the KMS key is always recommended as a best
+ * practice. When you use the KeyId
parameter to specify a KMS key, KMS only uses
+ * the KMS key you specify. If the ciphertext was encrypted under a different KMS key, the
+ * Decrypt
operation fails. This practice ensures that you use the KMS key that
+ * you intend.
Whenever possible, use key policies to give users permission to call the
* Decrypt
operation on a particular KMS key, instead of using IAM policies.
* Otherwise, you might create an IAM user policy that gives the user Decrypt
- * permission on all KMS keys. This user could decrypt ciphertext that was encrypted by KMS keys in other
- * accounts if the key policy for the cross-account KMS key permits it. If you must use an IAM policy
- * for Decrypt
permissions, limit the user to particular KMS keys or particular trusted
- * accounts. For details, see Best practices for IAM policies in the Key Management Service Developer Guide.
Decrypt
permissions, limit the user to particular KMS keys or
+ * particular trusted accounts. For details, see Best practices for IAM
+ * policies in the Key Management Service Developer Guide.
* Applications in Amazon Web Services Nitro Enclaves can call this operation by using the Amazon Web Services Nitro Enclaves Development Kit. For information about the supporting parameters, see How Amazon Web Services Nitro Enclaves use KMS in the Key Management Service Developer Guide.
*The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
*
- * Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
+ * Cross-account
+ * use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
* the key ARN or alias ARN in the value of the KeyId
parameter.
diff --git a/clients/client-kms/src/commands/DeleteAliasCommand.ts b/clients/client-kms/src/commands/DeleteAliasCommand.ts index 03ff0652aeb0..f7d0c22fd942 100644 --- a/clients/client-kms/src/commands/DeleteAliasCommand.ts +++ b/clients/client-kms/src/commands/DeleteAliasCommand.ts @@ -22,14 +22,15 @@ export interface DeleteAliasCommandInput extends DeleteAliasRequest {} export interface DeleteAliasCommandOutput extends __MetadataBearer {} /** - *
Deletes the specified alias.
+ *Deletes the specified alias.
*Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see Using ABAC in KMS in the Key Management Service Developer Guide.
*Because an alias is not a property of a KMS key, you can delete and change the aliases of a KMS key without affecting the KMS key. Also, aliases do not appear in the response from the DescribeKey operation. To get the aliases of all KMS keys, use the ListAliases operation.
+ *Because an alias is not a property of a KMS key, you can delete and change the aliases of + * a KMS key without affecting the KMS key. Also, aliases do not appear in the response from the + * DescribeKey operation. To get the aliases of all KMS keys, use the ListAliases operation.
*Each KMS key can have multiple aliases. To change the alias of a KMS key, use DeleteAlias to delete the current alias and CreateAlias to - * create a new alias. To associate an existing alias with a different KMS key, - * call UpdateAlias.
+ * create a new alias. To associate an existing alias with a different KMS key, call UpdateAlias. ** Cross-account use: No. You cannot perform this operation on an alias in a different Amazon Web Services account.
*@@ -38,14 +39,17 @@ export interface DeleteAliasCommandOutput extends __MetadataBearer {} *
- * kms:DeleteAlias on the alias (IAM policy).
+ * kms:DeleteAlias on + * the alias (IAM policy). *- * kms:DeleteAlias on the KMS key (key policy).
+ * kms:DeleteAlias on + * the KMS key (key policy). *For details, see Controlling access to aliases in the Key Management Service Developer Guide.
+ *For details, see Controlling access to aliases in the + * Key Management Service Developer Guide.
** Related operations: *
diff --git a/clients/client-kms/src/commands/DeleteCustomKeyStoreCommand.ts b/clients/client-kms/src/commands/DeleteCustomKeyStoreCommand.ts index b0be799c9315..58876fc627ff 100644 --- a/clients/client-kms/src/commands/DeleteCustomKeyStoreCommand.ts +++ b/clients/client-kms/src/commands/DeleteCustomKeyStoreCommand.ts @@ -24,16 +24,15 @@ export interface DeleteCustomKeyStoreCommandOutput extends DeleteCustomKeyStoreR /** *Deletes a custom key store. This operation does not delete the CloudHSM cluster that is * associated with the custom key store, or affect any users or keys in the cluster.
- *The custom key store that you delete cannot contain any KMS KMS keys. Before
- * deleting the key store, verify that you will never need to use any of the KMS keys in the key
- * store for any cryptographic operations. Then, use ScheduleKeyDeletion to delete the
- * KMS keys from the key store. When the scheduled waiting period
- * expires, the The custom key store that you delete cannot contain any KMS KMS keys. Before deleting the key store,
+ * verify that you will never need to use any of the KMS keys in the key store for any
+ * cryptographic operations. Then, use ScheduleKeyDeletion to delete the KMS keys from the
+ * key store. When the scheduled waiting period expires, the After all KMS keys are deleted from KMS, use DisconnectCustomKeyStore to
- * disconnect the key store from KMS. Then, you can delete the custom key store. After all KMS keys are deleted from KMS, use DisconnectCustomKeyStore
+ * to disconnect the key store from KMS. Then, you can delete the custom key store. Instead of deleting the custom key store, consider using DisconnectCustomKeyStore to disconnect it from KMS. While the key store is
* disconnected, you cannot create or use the KMS keys in the key store. But, you do not need to
* delete KMS keys and you can reconnect a disconnected custom key store at any time. This operation is part of the Custom Key Store feature feature in KMS, which
* combines the convenience and extensive integration of KMS with the isolation and control of a
* single-tenant key store.
- * Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.ScheduleKeyDeletion
operation deletes the KMS keys. Then it makes a best
- * effort to delete the key material from the associated cluster. However, you might need to
- * manually delete the orphaned key
+ * ScheduleKeyDeletion
+ * operation deletes the KMS keys. Then it makes a best effort to delete the key material from
+ * the associated cluster. However, you might need to manually delete the orphaned key
* material from the cluster and its backups.
* Required permissions: kms:DeleteCustomKeyStore (IAM policy)
diff --git a/clients/client-kms/src/commands/DeleteImportedKeyMaterialCommand.ts b/clients/client-kms/src/commands/DeleteImportedKeyMaterialCommand.ts index 46805231b789..ff40dc7b386d 100644 --- a/clients/client-kms/src/commands/DeleteImportedKeyMaterialCommand.ts +++ b/clients/client-kms/src/commands/DeleteImportedKeyMaterialCommand.ts @@ -22,12 +22,11 @@ export interface DeleteImportedKeyMaterialCommandInput extends DeleteImportedKey export interface DeleteImportedKeyMaterialCommandOutput extends __MetadataBearer {} /** - *Deletes key material that you previously imported. This operation makes the specified - * KMS key unusable. For more information about importing key material into - * KMS, see Importing Key - * Material in the Key Management Service Developer Guide.
- *When the specified KMS key is in the PendingDeletion
state, this operation does
- * not change the KMS key's state. Otherwise, it changes the KMS key's state to
+ *
Deletes key material that you previously imported. This operation makes the specified KMS + * key unusable. For more information about importing key material into KMS, see Importing Key Material + * in the Key Management Service Developer Guide.
+ *When the specified KMS key is in the PendingDeletion
state, this operation
+ * does not change the KMS key's state. Otherwise, it changes the KMS key's state to
* PendingImport
.
After you delete key material, you can use ImportKeyMaterial to reimport * the same key material into the KMS key.
diff --git a/clients/client-kms/src/commands/DescribeCustomKeyStoresCommand.ts b/clients/client-kms/src/commands/DescribeCustomKeyStoresCommand.ts index 6d9ff7465af0..96bd738af1d3 100644 --- a/clients/client-kms/src/commands/DescribeCustomKeyStoresCommand.ts +++ b/clients/client-kms/src/commands/DescribeCustomKeyStoresCommand.ts @@ -26,10 +26,10 @@ export interface DescribeCustomKeyStoresCommandOutput extends DescribeCustomKeyS *This operation is part of the Custom Key Store feature feature in KMS, which * combines the convenience and extensive integration of KMS with the isolation and control of a * single-tenant key store.
- *By default, this operation returns information about all custom key stores in the account and
- * Region. To get only information about a particular custom key store, use either the
- * CustomKeyStoreName
or CustomKeyStoreId
parameter (but not
- * both).
By default, this operation returns information about all custom key
+ * stores in the account and Region. To get only information about a particular custom key store,
+ * use either the CustomKeyStoreName
or CustomKeyStoreId
parameter (but
+ * not both).
To determine whether the custom key store is connected to its CloudHSM cluster, use the
* ConnectionState
element in the response. If an attempt to connect the custom
* key store failed, the ConnectionState
value is FAILED
and the
diff --git a/clients/client-kms/src/commands/DescribeKeyCommand.ts b/clients/client-kms/src/commands/DescribeKeyCommand.ts
index 3d2e392e929b..eb937435336b 100644
--- a/clients/client-kms/src/commands/DescribeKeyCommand.ts
+++ b/clients/client-kms/src/commands/DescribeKeyCommand.ts
@@ -22,16 +22,17 @@ export interface DescribeKeyCommandInput extends DescribeKeyRequest {}
export interface DescribeKeyCommandOutput extends DescribeKeyResponse, __MetadataBearer {}
/**
- *
Provides detailed information about a KMS key. You can run
- * DescribeKey
on a customer managed key or an Amazon Web Services managed key.
Provides detailed information about a KMS key. You can run DescribeKey
on a
+ * customer managed
+ * key or an Amazon Web Services managed key.
This detailed information includes the key ARN, creation date (and deletion date, if
* applicable), the key state, and the origin and expiration date (if any) of the key material.
* It includes fields, like KeySpec
, that help you distinguish symmetric from
* asymmetric KMS keys. It also provides information that is particularly important to asymmetric
* keys, such as the key usage (encryption or signing) and the encryption algorithms or signing
- * algorithms that the KMS key supports. For KMS keys in custom key stores, it includes information about
- * the custom key store, such as the key store ID and the CloudHSM cluster ID. For multi-Region
- * keys, it displays the primary key and all related replica keys.
* DescribeKey
does not return the following information:
Whether automatic key rotation is enabled on the KMS key. To get this information, use - * GetKeyRotationStatus. Also, some key states prevent a KMS key from being - * automatically rotated. For details, see How Automatic Key Rotation + * GetKeyRotationStatus. Also, some key states prevent a KMS key from + * being automatically rotated. For details, see How Automatic Key Rotation * Works in Key Management Service Developer Guide.
*Key policies and grants on the KMS key. To get this information, use GetKeyPolicy and ListGrants.
*If you call the DescribeKey
operation on a predefined Amazon Web Services alias, that is, an Amazon Web Services alias with no key ID, KMS creates an Amazon Web Services managed key.
- * Then, it associates the alias with the new KMS key, and returns the KeyId
and
- * Arn
of the new KMS key in the response.
If you call the DescribeKey
operation on a predefined Amazon Web Services
+ * alias, that is, an Amazon Web Services alias with no key ID, KMS creates an Amazon Web Services managed
+ * key. Then, it associates the alias with the new KMS key, and returns the
+ * KeyId
and Arn
of the new KMS key in the response.
* Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
* the key ARN or alias ARN in the value of the KeyId
parameter.
Sets the state of a KMS key to disabled. This change temporarily - * prevents use of the KMS key for cryptographic operations.
- *For more information about how key state affects the use of a KMS key, see Key state: Effect on your KMS key in the + *
Sets the state of a KMS key to disabled. This change temporarily prevents use of the KMS + * key for cryptographic operations.
+ *For more information about how key state affects the use of a KMS key, see Key state: Effect on your KMS + * key in the * Key Management Service Developer Guide * .
*The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
- *+ *
* Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
* *diff --git a/clients/client-kms/src/commands/DisableKeyRotationCommand.ts b/clients/client-kms/src/commands/DisableKeyRotationCommand.ts index 3c756a12338a..228ddd03cc69 100644 --- a/clients/client-kms/src/commands/DisableKeyRotationCommand.ts +++ b/clients/client-kms/src/commands/DisableKeyRotationCommand.ts @@ -28,7 +28,8 @@ export interface DisableKeyRotationCommandOutput extends __MetadataBearer {} *
The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
*- * Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
+ * Cross-account + * use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. * ** Required permissions: kms:DisableKeyRotation (key policy)
diff --git a/clients/client-kms/src/commands/DisconnectCustomKeyStoreCommand.ts b/clients/client-kms/src/commands/DisconnectCustomKeyStoreCommand.ts index b53791cf02d7..ed8e177c675b 100644 --- a/clients/client-kms/src/commands/DisconnectCustomKeyStoreCommand.ts +++ b/clients/client-kms/src/commands/DisconnectCustomKeyStoreCommand.ts @@ -23,8 +23,9 @@ export interface DisconnectCustomKeyStoreCommandOutput extends DisconnectCustomK /** *Disconnects the custom key store from its associated CloudHSM cluster. While a custom key - * store is disconnected, you can manage the custom key store and its KMS keys, but you cannot create or use KMS keys in the custom key store. You can reconnect the - * custom key store at any time.
+ * store is disconnected, you can manage the custom key store and its KMS keys, but you cannot + * create or use KMS keys in the custom key store. You can reconnect the custom key store at any + * time. *While a custom key store is disconnected, all attempts to create KMS keys in the custom key store or to use existing KMS keys in cryptographic operations will * fail. This action can prevent users from storing and accessing sensitive data.
@@ -38,8 +39,9 @@ export interface DisconnectCustomKeyStoreCommandOutput extends DisconnectCustomK * combines the convenience and extensive integration of KMS with the isolation and control of a * single-tenant key store. * - *- * Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.
+ *+ * Cross-account use: No. + * You cannot perform this operation on a custom key store in a different Amazon Web Services account.
* ** Required permissions: kms:DisconnectCustomKeyStore (IAM policy)
diff --git a/clients/client-kms/src/commands/EnableKeyCommand.ts b/clients/client-kms/src/commands/EnableKeyCommand.ts index 70f799045f9c..a8fe7f86a95b 100644 --- a/clients/client-kms/src/commands/EnableKeyCommand.ts +++ b/clients/client-kms/src/commands/EnableKeyCommand.ts @@ -19,11 +19,13 @@ export interface EnableKeyCommandInput extends EnableKeyRequest {} export interface EnableKeyCommandOutput extends __MetadataBearer {} /** - *Sets the key state of a KMS key to enabled. This allows you to use the KMS key for cryptographic operations.
+ *Sets the key state of a KMS key to enabled. This allows you to use the KMS key for + * cryptographic operations.
*The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
*- * Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
+ * Cross-account + * use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. * ** Required permissions: kms:EnableKey (key policy)
diff --git a/clients/client-kms/src/commands/EnableKeyRotationCommand.ts b/clients/client-kms/src/commands/EnableKeyRotationCommand.ts index 437e01dec88e..96293df58e64 100644 --- a/clients/client-kms/src/commands/EnableKeyRotationCommand.ts +++ b/clients/client-kms/src/commands/EnableKeyRotationCommand.ts @@ -28,7 +28,8 @@ export interface EnableKeyRotationCommandOutput extends __MetadataBearer {} *The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
*- * Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
+ * Cross-account + * use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. * ** Required permissions: kms:EnableKeyRotation (key policy)
diff --git a/clients/client-kms/src/commands/EncryptCommand.ts b/clients/client-kms/src/commands/EncryptCommand.ts index 5a9c1e9f64b0..698e7172b5da 100644 --- a/clients/client-kms/src/commands/EncryptCommand.ts +++ b/clients/client-kms/src/commands/EncryptCommand.ts @@ -19,19 +19,20 @@ export interface EncryptCommandInput extends EncryptRequest {} export interface EncryptCommandOutput extends EncryptResponse, __MetadataBearer {} /** - *Encrypts plaintext into ciphertext by using a KMS key. The
- * Encrypt
operation has two primary use cases:
Encrypts plaintext into ciphertext by using a KMS key. The Encrypt
operation
+ * has two primary use cases:
You can encrypt small amounts of arbitrary data, such as a personal identifier or * database password, or other sensitive information.
*You can use the Encrypt
operation to move encrypted data from one Amazon Web Services Region to another. For example, in Region A, generate a data key and use the plaintext key to encrypt
- * your data. Then, in Region A, use the Encrypt
operation to encrypt the
- * plaintext data key under a KMS key in Region B. Now, you can move the encrypted data and the
- * encrypted data key to Region B. When necessary, you can decrypt the encrypted data key and
- * the encrypted data entirely within in Region B.
You can use the Encrypt
operation to move encrypted data from one Amazon Web Services
+ * Region to another. For example, in Region A, generate a data key and use the plaintext key
+ * to encrypt your data. Then, in Region A, use the Encrypt
operation to encrypt
+ * the plaintext data key under a KMS key in Region B. Now, you can move the encrypted data
+ * and the encrypted data key to Region B. When necessary, you can decrypt the encrypted data
+ * key and the encrypted data entirely within in Region B.
KeyUsage
value of
* ENCRYPT_DECRYPT.
To find the KeyUsage
of a KMS key, use the DescribeKey operation.
*
- * If you use a symmetric KMS key, you can use an encryption context to add additional security
- * to your encryption operation. If you specify an EncryptionContext
when encrypting
- * data, you must specify the same encryption context (a case-sensitive exact match) when
- * decrypting the data. Otherwise, the request to decrypt fails with an
+ *
If you use a symmetric KMS key, you can use an encryption context to add additional
+ * security to your encryption operation. If you specify an EncryptionContext
when
+ * encrypting data, you must specify the same encryption context (a case-sensitive exact match)
+ * when decrypting the data. Otherwise, the request to decrypt fails with an
* InvalidCiphertextException
. For more information, see Encryption
* Context in the Key Management Service Developer Guide.
If you specify an asymmetric KMS key, you must also specify the encryption algorithm. The @@ -117,7 +118,8 @@ export interface EncryptCommandOutput extends EncryptResponse, __MetadataBearer *
The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
*
- * Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
+ * Cross-account use: Yes.
+ * To perform this operation with a KMS key in a different Amazon Web Services account, specify
* the key ARN or alias ARN in the value of the KeyId
parameter.
diff --git a/clients/client-kms/src/commands/GenerateDataKeyCommand.ts b/clients/client-kms/src/commands/GenerateDataKeyCommand.ts index 8304d409ee39..48e538e7b5a5 100644 --- a/clients/client-kms/src/commands/GenerateDataKeyCommand.ts +++ b/clients/client-kms/src/commands/GenerateDataKeyCommand.ts @@ -23,19 +23,19 @@ export interface GenerateDataKeyCommandOutput extends GenerateDataKeyResponse, _ /** *
Generates a unique symmetric data key for client-side encryption. This operation returns a - * plaintext copy of the data key and a copy that is encrypted under a KMS key - * that you specify. You can use the plaintext key to encrypt your data outside of KMS and - * store the encrypted data key with the encrypted data.
+ * plaintext copy of the data key and a copy that is encrypted under a KMS key that you specify. + * You can use the plaintext key to encrypt your data outside of KMS and store the encrypted + * data key with the encrypted data. * *
* GenerateDataKey
returns a unique data key for each request. The bytes in the
* plaintext key are not related to the caller or the KMS key.
To generate a data key, specify the symmetric KMS key that will be used to encrypt the data
- * key. You cannot use an asymmetric KMS key to generate data keys. To get the type of your KMS key, use
- * the DescribeKey operation. You must also specify the length of the data key.
- * Use either the KeySpec
or NumberOfBytes
parameters (but not both).
- * For 128-bit and 256-bit data keys, use the KeySpec
parameter.
To generate a data key, specify the symmetric KMS key that will be used to encrypt the
+ * data key. You cannot use an asymmetric KMS key to generate data keys. To get the type of your
+ * KMS key, use the DescribeKey operation. You must also specify the length of
+ * the data key. Use either the KeySpec
or NumberOfBytes
parameters
+ * (but not both). For 128-bit and 256-bit data keys, use the KeySpec
parameter.
To get only an encrypted copy of the data key, use GenerateDataKeyWithoutPlaintext. To generate an asymmetric data key pair, use * the GenerateDataKeyPair or GenerateDataKeyPairWithoutPlaintext operation. To get a cryptographically secure @@ -50,11 +50,14 @@ export interface GenerateDataKeyCommandOutput extends GenerateDataKeyResponse, _ *
The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
*- * How to use your data key + * How to use your data + * key *
- *We recommend that you use the following pattern to encrypt data locally in your application.
- * You can write your own code or use a client-side encryption library, such as the Amazon Web Services Encryption SDK, the Amazon DynamoDB Encryption Client, or
- * Amazon S3
+ * We recommend that you use the following pattern to encrypt data locally in your
+ * application. You can write your own code or use a client-side encryption library, such as the
+ * Amazon Web Services Encryption SDK, the
+ * Amazon DynamoDB Encryption Client,
+ * or Amazon S3
* client-side encryption to do these tasks for you. To encrypt data outside of KMS: Generates a unique asymmetric data key pair. The
diff --git a/clients/client-kms/src/commands/GenerateDataKeyPairCommand.ts b/clients/client-kms/src/commands/GenerateDataKeyPairCommand.ts
index 83768f7749e9..e55795f40ceb 100644
--- a/clients/client-kms/src/commands/GenerateDataKeyPairCommand.ts
+++ b/clients/client-kms/src/commands/GenerateDataKeyPairCommand.ts
@@ -24,20 +24,21 @@ export interface GenerateDataKeyPairCommandOutput extends GenerateDataKeyPairRes
/**
*
GenerateDataKeyPair
* operation returns a plaintext public key, a plaintext private key, and a copy of the private
- * key that is encrypted under the symmetric KMS key you specify. You can use the data key pair to
- * perform asymmetric cryptography and implement digital signatures outside of KMS.
You can use the public key that GenerateDataKeyPair
returns to encrypt data
* or verify a signature outside of KMS. Then, store the encrypted private key with the data.
* When you are ready to decrypt data or sign a message, you can use the Decrypt operation to decrypt the encrypted private key.
To generate a data key pair, you must specify a symmetric KMS key to - * encrypt the private key in a data key pair. You cannot use an asymmetric KMS key or a KMS key in a - * custom key store. To get the type and origin of your KMS key, use the DescribeKey operation.
+ *To generate a data key pair, you must specify a symmetric KMS key to encrypt the private + * key in a data key pair. You cannot use an asymmetric KMS key or a KMS key in a custom key + * store. To get the type and origin of your KMS key, use the DescribeKey + * operation.
*Use the KeyPairSpec
parameter to choose an RSA or Elliptic Curve (ECC) data
- * key pair. KMS recommends that your use ECC key pairs for signing, and use RSA key pairs
- * for either encryption or signing, but not both. However, KMS cannot enforce any restrictions
- * on the use of data key pairs outside of KMS.
If you are using the data key pair to encrypt data, or for any operation where you don't * immediately need a private key, consider using the GenerateDataKeyPairWithoutPlaintext operation. @@ -49,10 +50,10 @@ export interface GenerateDataKeyPairCommandOutput extends GenerateDataKeyPairRes * *
* GenerateDataKeyPair
returns a unique data key pair for each request. The
- * bytes in the keys are not related to the caller or the KMS key that is used to encrypt the private
- * key. The public key is a DER-encoded X.509 SubjectPublicKeyInfo, as specified in RFC 5280. The
- * private key is a DER-encoded PKCS8 PrivateKeyInfo, as specified in RFC
- * 5958.
You can use the optional encryption context to add additional security to the encryption
* operation. If you specify an EncryptionContext
, you must specify the same
@@ -62,7 +63,8 @@ export interface GenerateDataKeyPairCommandOutput extends GenerateDataKeyPairRes
*
The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
*
- * Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
+ * Cross-account
+ * use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
* the key ARN or alias ARN in the value of the KeyId
parameter.
diff --git a/clients/client-kms/src/commands/GenerateDataKeyPairWithoutPlaintextCommand.ts b/clients/client-kms/src/commands/GenerateDataKeyPairWithoutPlaintextCommand.ts index 8d7aef24166d..15fe62e61827 100644 --- a/clients/client-kms/src/commands/GenerateDataKeyPairWithoutPlaintextCommand.ts +++ b/clients/client-kms/src/commands/GenerateDataKeyPairWithoutPlaintextCommand.ts @@ -29,23 +29,24 @@ export interface GenerateDataKeyPairWithoutPlaintextCommandOutput /** *
Generates a unique asymmetric data key pair. The
* GenerateDataKeyPairWithoutPlaintext
operation returns a plaintext public key
- * and a copy of the private key that is encrypted under the symmetric KMS key you specify. Unlike
- * GenerateDataKeyPair, this operation does not return a plaintext private
- * key.
You can use the public key that GenerateDataKeyPairWithoutPlaintext
returns
* to encrypt data or verify a signature outside of KMS. Then, store the encrypted private key
* with the data. When you are ready to decrypt data or sign a message, you can use the Decrypt operation to decrypt the encrypted private key.
To generate a data key pair, you must specify a symmetric KMS key to - * encrypt the private key in a data key pair. You cannot use an asymmetric KMS key or a KMS key in a - * custom key store. To get the type and origin of your KMS key, use the DescribeKey operation.
+ *To generate a data key pair, you must specify a symmetric KMS key to encrypt the private + * key in a data key pair. You cannot use an asymmetric KMS key or a KMS key in a custom key + * store. To get the type and origin of your KMS key, use the DescribeKey + * operation.
*Use the KeyPairSpec
parameter to choose an RSA or Elliptic Curve (ECC) data
- * key pair. KMS recommends that your use ECC key pairs for signing, and use RSA key pairs
- * for either encryption or signing, but not both. However, KMS cannot enforce any restrictions
- * on the use of data key pairs outside of KMS.
* GenerateDataKeyPairWithoutPlaintext
returns a unique data key pair for each
- * request. The bytes in the key are not related to the caller or KMS key that is used to encrypt the
- * private key. The public key is a DER-encoded X.509 SubjectPublicKeyInfo, as specified in
+ * request. The bytes in the key are not related to the caller or KMS key that is used to encrypt
+ * the private key. The public key is a DER-encoded X.509 SubjectPublicKeyInfo, as specified in
* RFC 5280.
You can use the optional encryption context to add additional security to the encryption @@ -56,11 +57,13 @@ export interface GenerateDataKeyPairWithoutPlaintextCommandOutput *
The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
*
- * Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
+ * Cross-account
+ * use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
* the key ARN or alias ARN in the value of the KeyId
parameter.
- * Required permissions: kms:GenerateDataKeyPairWithoutPlaintext (key policy)
+ * Required permissions: kms:GenerateDataKeyPairWithoutPlaintext (key + * policy) ** Related operations: *
diff --git a/clients/client-kms/src/commands/GenerateDataKeyWithoutPlaintextCommand.ts b/clients/client-kms/src/commands/GenerateDataKeyWithoutPlaintextCommand.ts index 5caaeb713def..df75387a3e4f 100644 --- a/clients/client-kms/src/commands/GenerateDataKeyWithoutPlaintextCommand.ts +++ b/clients/client-kms/src/commands/GenerateDataKeyWithoutPlaintextCommand.ts @@ -25,8 +25,8 @@ export interface GenerateDataKeyWithoutPlaintextCommandOutput /** *Generates a unique symmetric data key. This operation returns a data key that is encrypted - * under a KMS key that you specify. To request an asymmetric data key pair, - * use the GenerateDataKeyPair or GenerateDataKeyPairWithoutPlaintext operations.
+ * under a KMS key that you specify. To request an asymmetric data key pair, use the GenerateDataKeyPair or GenerateDataKeyPairWithoutPlaintext + * operations. *
* GenerateDataKeyWithoutPlaintext
is identical to the GenerateDataKey operation except that returns only the encrypted copy of the
* data key. This operation is useful for systems that need to encrypt data at some point, but
@@ -41,12 +41,12 @@ export interface GenerateDataKeyWithoutPlaintextCommandOutput
* plaintext data key.
* GenerateDataKeyWithoutPlaintext
returns a unique data key for each request.
- * The bytes in the keys are not related to the caller or KMS key that is used to encrypt the private
- * key.
To generate a data key, you must specify the symmetric KMS key that is - * used to encrypt the data key. You cannot use an asymmetric KMS key to generate a data key. To get - * the type of your KMS key, use the DescribeKey operation.
+ *To generate a data key, you must specify the symmetric KMS key that is used to encrypt the + * data key. You cannot use an asymmetric KMS key to generate a data key. To get the type of your + * KMS key, use the DescribeKey operation.
* *If the operation succeeds, you will find the encrypted copy of the data key in the
* CiphertextBlob
field.
The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
*
- * Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
+ * Cross-account
+ * use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
* the key ARN or alias ARN in the value of the KeyId
parameter.
- * Required permissions: kms:GenerateDataKeyWithoutPlaintext (key policy)
+ * Required permissions: kms:GenerateDataKeyWithoutPlaintext (key + * policy) ** Related operations: *
diff --git a/clients/client-kms/src/commands/GenerateRandomCommand.ts b/clients/client-kms/src/commands/GenerateRandomCommand.ts index 712ea7219b44..80724f57ee6f 100644 --- a/clients/client-kms/src/commands/GenerateRandomCommand.ts +++ b/clients/client-kms/src/commands/GenerateRandomCommand.ts @@ -27,7 +27,8 @@ export interface GenerateRandomCommandOutput extends GenerateRandomResponse, __M * the CloudHSM cluster that is associated with a custom key store, specify the custom key store * ID. *Applications in Amazon Web Services Nitro Enclaves can call this operation by using the Amazon Web Services Nitro Enclaves Development Kit. For information about the supporting parameters, see How Amazon Web Services Nitro Enclaves use KMS in the Key Management Service Developer Guide.
- *For more information about entropy and random number generation, see Key Management Service Cryptographic Details.
+ *For more information about entropy and random number generation, see + * Key Management Service Cryptographic Details.
* ** Required permissions: kms:GenerateRandom (IAM policy)
diff --git a/clients/client-kms/src/commands/GetKeyRotationStatusCommand.ts b/clients/client-kms/src/commands/GetKeyRotationStatusCommand.ts index ebe0863dcb35..ba2bedb9bdcb 100644 --- a/clients/client-kms/src/commands/GetKeyRotationStatusCommand.ts +++ b/clients/client-kms/src/commands/GetKeyRotationStatusCommand.ts @@ -24,7 +24,8 @@ export interface GetKeyRotationStatusCommandOutput extends GetKeyRotationStatusR /** *Gets a Boolean value that indicates whether automatic rotation of the key material is * enabled for the specified KMS key.
- *You cannot enable automatic rotation of asymmetric KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key. The key rotation status for these KMS keys is always false
.
You cannot enable automatic rotation of asymmetric KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key. The key rotation status for these KMS keys is always
+ * false
.
The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
*Returns the items you need to import key material into a symmetric, customer managed - * KMS key. For more information about importing key material into KMS, see - * Importing Key - * Material in the Key Management Service Developer Guide.
+ *Returns the items you need to import key material into a symmetric, customer managed KMS + * key. For more information about importing key material into KMS, see Importing Key Material + * in the Key Management Service Developer Guide.
*This operation returns a public key and an import token. Use the public key to encrypt the * symmetric key material. Store the import token to send with a subsequent ImportKeyMaterial request.
- *You must specify the key ID of the symmetric KMS key into which you will import key material.
- * This KMS key's Origin
must be EXTERNAL
. You must also specify the
- * wrapping algorithm and type of wrapping key (public key) that you will use to encrypt the key
- * material. You cannot perform this operation on an asymmetric KMS key or on any KMS key in a different Amazon Web Services account.
You must specify the key ID of the symmetric KMS key into which you will import key
+ * material. This KMS key's Origin
must be EXTERNAL
. You must also
+ * specify the wrapping algorithm and type of wrapping key (public key) that you will use to
+ * encrypt the key material. You cannot perform this operation on an asymmetric KMS key or on any KMS key in a different Amazon Web Services account.
To import key material, you must use the public key and import token from the same
* response. These items are valid for 24 hours. The expiration date and time appear in the
* GetParametersForImport
response. You cannot use an expired token in an ImportKeyMaterial request. If your key and token expire, send another
diff --git a/clients/client-kms/src/commands/GetPublicKeyCommand.ts b/clients/client-kms/src/commands/GetPublicKeyCommand.ts
index c783d65fc26b..8b2e0f5667a6 100644
--- a/clients/client-kms/src/commands/GetPublicKeyCommand.ts
+++ b/clients/client-kms/src/commands/GetPublicKeyCommand.ts
@@ -22,10 +22,11 @@ export interface GetPublicKeyCommandInput extends GetPublicKeyRequest {}
export interface GetPublicKeyCommandOutput extends GetPublicKeyResponse, __MetadataBearer {}
/**
- *
Returns the public key of an asymmetric KMS key. Unlike the private key of a asymmetric KMS key,
- * which never leaves KMS unencrypted, callers with kms:GetPublicKey
permission
- * can download the public key of an asymmetric KMS key. You can share the public key to allow others
- * to encrypt messages and verify signatures outside of KMS. For information about symmetric and asymmetric KMS keys, see Using Symmetric and Asymmetric KMS keys in the Key Management Service Developer Guide.
Returns the public key of an asymmetric KMS key. Unlike the private key of a asymmetric
+ * KMS key, which never leaves KMS unencrypted, callers with kms:GetPublicKey
+ * permission can download the public key of an asymmetric KMS key. You can share the public key
+ * to allow others to encrypt messages and verify signatures outside of KMS.
+ * For information about symmetric and asymmetric KMS keys, see Using Symmetric and Asymmetric KMS keys in the Key Management Service Developer Guide.
You do not need to download the public key. Instead, you can use the public key within * KMS by calling the Encrypt, ReEncrypt, or Verify operations with the identifier of an asymmetric KMS key. When you use the * public key within KMS, you benefit from the authentication, authorization, and logging that @@ -59,7 +60,8 @@ export interface GetPublicKeyCommandOutput extends GetPublicKeyResponse, __Metad *
The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
*
- * Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
+ * Cross-account use:
+ * Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
* the key ARN or alias ARN in the value of the KeyId
parameter.
diff --git a/clients/client-kms/src/commands/ImportKeyMaterialCommand.ts b/clients/client-kms/src/commands/ImportKeyMaterialCommand.ts index 655f98e5fc13..46f504ba2e70 100644 --- a/clients/client-kms/src/commands/ImportKeyMaterialCommand.ts +++ b/clients/client-kms/src/commands/ImportKeyMaterialCommand.ts @@ -22,12 +22,12 @@ export interface ImportKeyMaterialCommandInput extends ImportKeyMaterialRequest export interface ImportKeyMaterialCommandOutput extends ImportKeyMaterialResponse, __MetadataBearer {} /** - *
Imports key material into an existing symmetric KMS KMS key that was - * created without key material. After you successfully import key material into a KMS key, you can - * reimport the same key material into that KMS key, but you cannot import different key + *
Imports key material into an existing symmetric KMS KMS key that was created without key + * material. After you successfully import key material into a KMS key, you can reimport + * the same key material into that KMS key, but you cannot import different key * material.
- *You cannot perform this operation on an asymmetric KMS key or on any KMS key in a different Amazon Web Services account. For more information about creating KMS keys with no key material and - * then importing key material, see Importing Key Material in the + *
You cannot perform this operation on an asymmetric KMS key or on any KMS key in a different Amazon Web Services account. For more information about creating KMS keys with no key material + * and then importing key material, see Importing Key Material in the * Key Management Service Developer Guide.
*Before using this operation, call GetParametersForImport. Its response * includes a public key and an import token. Use the public key to encrypt the key material. @@ -36,8 +36,8 @@ export interface ImportKeyMaterialCommandOutput extends ImportKeyMaterialRespons *
When calling this operation, you must specify the following values:
*The key ID or key ARN of a KMS key with no key material. Its Origin
must be
- * EXTERNAL
.
The key ID or key ARN of a KMS key with no key material. Its Origin
must
+ * be EXTERNAL
.
To create a KMS key with no key material, call CreateKey and set the
* value of its Origin
parameter to EXTERNAL
. To get the
* Origin
of a KMS key, call DescribeKey.)
Whether the key material expires and if so, when. If you set an expiration date, KMS - * deletes the key material from the KMS key on the specified date, and the KMS key becomes unusable. - * To use the KMS key again, you must reimport the same key material. The only way to change an - * expiration date is by reimporting the same key material and specifying a new expiration - * date.
+ * deletes the key material from the KMS key on the specified date, and the KMS key becomes + * unusable. To use the KMS key again, you must reimport the same key material. The only way + * to change an expiration date is by reimporting the same key material and specifying a new + * expiration date. *When this operation is successful, the key state of the KMS key changes from
* PendingImport
to Enabled
, and you can use the KMS key.
If this operation fails, use the exception to help determine the problem. If the error is - * related to the key material, the import token, or wrapping key, use GetParametersForImport to get a new public key and import token for the KMS key and - * repeat the import procedure. For help, see How To Import Key + * related to the key material, the import token, or wrapping key, use GetParametersForImport to get a new public key and import token for the KMS key + * and repeat the import procedure. For help, see How To Import Key * Material in the Key Management Service Developer Guide.
*The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
diff --git a/clients/client-kms/src/commands/ListAliasesCommand.ts b/clients/client-kms/src/commands/ListAliasesCommand.ts index d02f05fdf06e..b89bd951bab6 100644 --- a/clients/client-kms/src/commands/ListAliasesCommand.ts +++ b/clients/client-kms/src/commands/ListAliasesCommand.ts @@ -22,26 +22,29 @@ export interface ListAliasesCommandInput extends ListAliasesRequest {} export interface ListAliasesCommandOutput extends ListAliasesResponse, __MetadataBearer {} /** - *Gets a list of aliases in the caller's Amazon Web Services account and region. For more information about - * aliases, see CreateAlias.
+ *Gets a list of aliases in the caller's Amazon Web Services account and region. For more information + * about aliases, see CreateAlias.
*By default, the ListAliases
operation returns all aliases in the account and
- * region. To get only the aliases associated with a particular KMS key, use
- * the KeyId
parameter.
KeyId
parameter.
* The ListAliases
response can include aliases that you created and associated
- * with your customer managed keys, and aliases that Amazon Web Services created and associated with Amazon Web Services managed keys in your account. You can recognize Amazon Web Services aliases because their names have the format
- * aws/
, such as aws/dynamodb
.
aws/
, such as aws/dynamodb
.
* The response might also include aliases that have no TargetKeyId
field. These
- * are predefined aliases that Amazon Web Services has created but has not yet associated with a KMS key. Aliases
- * that Amazon Web Services creates in your account, including predefined aliases, do not count against your
- * KMS aliases
+ * are predefined aliases that Amazon Web Services has created but has not yet associated with a KMS key.
+ * Aliases that Amazon Web Services creates in your account, including predefined aliases, do not count against
+ * your KMS aliases
* quota.
* Cross-account use: No. ListAliases
does not
* return aliases in other Amazon Web Services accounts.
* Required permissions: kms:ListAliases (IAM policy)
- *For details, see Controlling access to aliases in the Key Management Service Developer Guide.
+ *For details, see Controlling access to aliases in the + * Key Management Service Developer Guide.
** Related operations: *
diff --git a/clients/client-kms/src/commands/ListGrantsCommand.ts b/clients/client-kms/src/commands/ListGrantsCommand.ts index cec381cc3ab8..0e1b07edbedf 100644 --- a/clients/client-kms/src/commands/ListGrantsCommand.ts +++ b/clients/client-kms/src/commands/ListGrantsCommand.ts @@ -23,8 +23,8 @@ export interface ListGrantsCommandOutput extends ListGrantsResponse, __MetadataB /** *Gets a list of all grants for the specified KMS key.
- *You must specify the KMS key in all requests. You can filter the grant list by grant ID - * or grantee principal.
+ *You must specify the KMS key in all requests. You can filter the grant list by grant ID or + * grantee principal.
*For detailed information about grants, including grant terminology, see Using grants in the * * Key Management Service Developer Guide diff --git a/clients/client-kms/src/commands/ListKeyPoliciesCommand.ts b/clients/client-kms/src/commands/ListKeyPoliciesCommand.ts index fb528690ae28..88ef7483b8ca 100644 --- a/clients/client-kms/src/commands/ListKeyPoliciesCommand.ts +++ b/clients/client-kms/src/commands/ListKeyPoliciesCommand.ts @@ -22,9 +22,9 @@ export interface ListKeyPoliciesCommandInput extends ListKeyPoliciesRequest {} export interface ListKeyPoliciesCommandOutput extends ListKeyPoliciesResponse, __MetadataBearer {} /** - *
Gets the names of the key policies that are attached to a KMS key. This
- * operation is designed to get policy names that you can use in a GetKeyPolicy
- * operation. However, the only valid policy name is default
.
Gets the names of the key policies that are attached to a KMS key. This operation is
+ * designed to get policy names that you can use in a GetKeyPolicy operation.
+ * However, the only valid policy name is default
.
* Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
* diff --git a/clients/client-kms/src/commands/ListKeysCommand.ts b/clients/client-kms/src/commands/ListKeysCommand.ts index 33a658c147e3..424d6531b78d 100644 --- a/clients/client-kms/src/commands/ListKeysCommand.ts +++ b/clients/client-kms/src/commands/ListKeysCommand.ts @@ -19,8 +19,7 @@ export interface ListKeysCommandInput extends ListKeysRequest {} export interface ListKeysCommandOutput extends ListKeysResponse, __MetadataBearer {} /** - *Gets a list of all KMS keys in the caller's Amazon Web Services account and - * Region.
+ *Gets a list of all KMS keys in the caller's Amazon Web Services account and Region.
** Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
* diff --git a/clients/client-kms/src/commands/ListRetirableGrantsCommand.ts b/clients/client-kms/src/commands/ListRetirableGrantsCommand.ts index cfe7a250efc9..5ecaa5c4d909 100644 --- a/clients/client-kms/src/commands/ListRetirableGrantsCommand.ts +++ b/clients/client-kms/src/commands/ListRetirableGrantsCommand.ts @@ -22,11 +22,11 @@ export interface ListRetirableGrantsCommandInput extends ListRetirableGrantsRequ export interface ListRetirableGrantsCommandOutput extends ListGrantsResponse, __MetadataBearer {} /** - *Returns information about all grants in the Amazon Web Services account and Region that have the specified - * retiring principal.
+ *Returns information about all grants in the Amazon Web Services account and Region that have the + * specified retiring principal.
*You can specify any principal in your Amazon Web Services account. The grants that are returned include - * grants for KMS keys in your Amazon Web Services account and other Amazon Web Services accounts. You might use this operation to - * determine which grants you may retire. To retire a grant, use the RetireGrant operation.
+ * grants for KMS keys in your Amazon Web Services account and other Amazon Web Services accounts. You might use this + * operation to determine which grants you may retire. To retire a grant, use the RetireGrant operation. *For detailed information about grants, including grant terminology, see Using grants in the * * Key Management Service Developer Guide @@ -35,11 +35,12 @@ export interface ListRetirableGrantsCommandOutput extends ListGrantsResponse, __ *
* Cross-account use: You must specify a principal in your
* Amazon Web Services account. However, this operation can return grants in any Amazon Web Services account. You do not need
- * kms:ListRetirableGrants
permission (or any other additional permission) in any
+ * kms:ListRetirableGrants
permission (or any other additional permission) in any
* Amazon Web Services account other than your own.
- * Required permissions: kms:ListRetirableGrants (IAM policy) in your Amazon Web Services account.
+ * Required permissions: kms:ListRetirableGrants (IAM policy) in your + * Amazon Web Services account. ** Related operations: *
diff --git a/clients/client-kms/src/commands/ReEncryptCommand.ts b/clients/client-kms/src/commands/ReEncryptCommand.ts index 31656a30206d..7c70503e5d73 100644 --- a/clients/client-kms/src/commands/ReEncryptCommand.ts +++ b/clients/client-kms/src/commands/ReEncryptCommand.ts @@ -20,39 +20,45 @@ export interface ReEncryptCommandOutput extends ReEncryptResponse, __MetadataBea /** *Decrypts ciphertext and then reencrypts it entirely within KMS. You can use this - * operation to change the KMS key under which data is encrypted, such as when - * you manually rotate a KMS key or change the KMS key that protects a ciphertext. You can also - * use it to reencrypt ciphertext under the same KMS key, such as to change the encryption + * operation to change the KMS key under which data is encrypted, such as when you manually + * rotate a KMS key or change the KMS key that protects a ciphertext. You can also use + * it to reencrypt ciphertext under the same KMS key, such as to change the encryption * context of a ciphertext.
*The ReEncrypt
operation can decrypt ciphertext that was encrypted by using an
* KMS KMS key in an KMS operation, such as Encrypt or GenerateDataKey. It can also decrypt ciphertext that was encrypted by using the
- * public key of an asymmetric KMS key outside of KMS. However, it cannot decrypt ciphertext
- * produced by other libraries, such as the Amazon Web Services Encryption SDK or Amazon S3 client-side encryption.
- * These libraries return a ciphertext format that is incompatible with KMS.
When you use the ReEncrypt
operation, you need to provide information for the
* decrypt operation and the subsequent encrypt operation.
If your ciphertext was encrypted under an asymmetric KMS key, you must use the
- * SourceKeyId
parameter to identify the KMS key that encrypted the ciphertext.
- * You must also supply the encryption algorithm that was used. This information is required
- * to decrypt the data.
SourceKeyId
parameter to identify the KMS key that encrypted the
+ * ciphertext. You must also supply the encryption algorithm that was used. This information
+ * is required to decrypt the data.
* If your ciphertext was encrypted under a symmetric KMS key, the SourceKeyId
- * parameter is optional. KMS can get this information from metadata that it adds to the
- * symmetric ciphertext blob. This feature adds durability to your implementation by ensuring
- * that authorized users can decrypt ciphertext decades after it was encrypted, even if
- * they've lost track of the key ID. However, specifying the source KMS key is always recommended
- * as a best practice. When you use the SourceKeyId
parameter to specify a KMS key,
- * KMS uses only the KMS key you specify. If the ciphertext was encrypted under a different KMS key, the ReEncrypt
operation fails. This practice ensures that you use the KMS key that you intend.
If your ciphertext was encrypted under a symmetric KMS key, the
+ * SourceKeyId
parameter is optional. KMS can get this information from
+ * metadata that it adds to the symmetric ciphertext blob. This feature adds durability to
+ * your implementation by ensuring that authorized users can decrypt ciphertext decades after
+ * it was encrypted, even if they've lost track of the key ID. However, specifying the source
+ * KMS key is always recommended as a best practice. When you use the
+ * SourceKeyId
parameter to specify a KMS key, KMS uses only the KMS key you
+ * specify. If the ciphertext was encrypted under a different KMS key, the
+ * ReEncrypt
operation fails. This practice ensures that you use the KMS key
+ * that you intend.
To reencrypt the data, you must use the DestinationKeyId
parameter
* specify the KMS key that re-encrypts the data after it is decrypted. You can select a
- * symmetric or asymmetric KMS key. If the destination KMS key is an asymmetric KMS key, you must also
- * provide the encryption algorithm. The algorithm that you choose must be compatible with
- * the KMS key.
When you use an asymmetric KMS key to encrypt or reencrypt data, be sure to record the KMS key and encryption algorithm that you choose. You will be required to provide the same KMS key and encryption algorithm when you decrypt the data. If the KMS key and algorithm do not match the values used to encrypt the data, the decrypt operation fails.
@@ -60,26 +66,26 @@ export interface ReEncryptCommandOutput extends ReEncryptResponse, __MetadataBea *The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
*- * Cross-account use: Yes. The source KMS key and destination KMS key can be in different Amazon Web Services accounts. Either or both KMS keys can be in a different account than - * the caller. To specify a KMS key in a different account, you must use its key ARN or alias - * ARN.
+ * Cross-account use: Yes. + * The source KMS key and destination KMS key can be in different Amazon Web Services accounts. Either or both + * KMS keys can be in a different account than the caller. To specify a KMS key in a different + * account, you must use its key ARN or alias ARN. * ** Required permissions:
*- * kms:ReEncryptFrom permission on the source KMS key (key policy)
+ * kms:ReEncryptFrom + * permission on the source KMS key (key policy) *- * kms:ReEncryptTo permission on the destination KMS key (key policy)
+ * kms:ReEncryptTo + * permission on the destination KMS key (key policy) *To permit reencryption from or to a KMS key, include the "kms:ReEncrypt*"
diff --git a/clients/client-kms/src/commands/ReplicateKeyCommand.ts b/clients/client-kms/src/commands/ReplicateKeyCommand.ts
index fac2d9479cb4..9c8206631ac7 100644
--- a/clients/client-kms/src/commands/ReplicateKeyCommand.ts
+++ b/clients/client-kms/src/commands/ReplicateKeyCommand.ts
@@ -53,7 +53,7 @@ export interface ReplicateKeyCommandOutput extends ReplicateKeyResponse, __Metad
* details about the Creating
key state, see Key state: Effect on your KMS key in the
* Key Management Service Developer Guide.
The CloudTrail log of a ReplicateKey
operation records a
- * ReplicateKey
operation in the primary key's Region and a CreateKey operation in the replica key's Region.
ReplicateKey
operation in the primary key's Region and a CreateKey operation in the replica key's Region.
* If you replicate a multi-Region primary key with imported key material, the replica key is * created with no key material. You must import the same key material that you imported into the * primary key. For details, see Importing key material into multi-Region keys in the Key Management Service Developer Guide.
@@ -61,8 +61,8 @@ export interface ReplicateKeyCommandOutput extends ReplicateKeyResponse, __Metad * operation. *
- * ReplicateKey
uses different default values for the KeyPolicy
and
- * Tags
parameters than those used in the KMS console. For details, see the
+ * ReplicateKey
uses different default values for the KeyPolicy
+ * and Tags
parameters than those used in the KMS console. For details, see the
* parameter descriptions.
@@ -73,8 +73,8 @@ export interface ReplicateKeyCommandOutput extends ReplicateKeyResponse, __Metad *
- * kms:ReplicateKey
on the primary key (in the primary key's Region). Include this
- * permission in the primary key's key policy.
kms:ReplicateKey
on the primary key (in the primary key's Region).
+ * Include this permission in the primary key's key policy.
* diff --git a/clients/client-kms/src/commands/RetireGrantCommand.ts b/clients/client-kms/src/commands/RetireGrantCommand.ts index 08df8c8229c1..da2c0ea7da91 100644 --- a/clients/client-kms/src/commands/RetireGrantCommand.ts +++ b/clients/client-kms/src/commands/RetireGrantCommand.ts @@ -24,12 +24,13 @@ export interface RetireGrantCommandOutput extends __MetadataBearer {} /** *
Deletes a grant. Typically, you retire a grant when you no longer need its permissions. To * identify the grant to retire, use a grant token, or both the grant ID and a - * key identifier (key ID or key ARN) of the KMS key. The CreateGrant operation returns both values.
+ * key identifier (key ID or key ARN) of the KMS key. The CreateGrant operation + * returns both values. *This operation can be called by the retiring principal for a grant,
* by the grantee principal if the grant allows the RetireGrant
* operation, and by the Amazon Web Services account (root user) in which the grant is created. It can also be
* called by principals to whom permission for retiring a grant is delegated. For details, see
- * Retiring and
+ * Retiring and
* revoking grants in the Key Management Service Developer Guide.
For detailed information about grants, including grant terminology, see Using grants in the * @@ -37,11 +38,12 @@ export interface RetireGrantCommandOutput extends __MetadataBearer {} * . For examples of working with grants in several * programming languages, see Programming grants.
*- * Cross-account use: Yes. You can retire a grant on a KMS key - * in a different Amazon Web Services account.
+ * Cross-account use: Yes. You can retire a grant on a KMS + * key in a different Amazon Web Services account. ** Required permissions::Permission to retire a grant is - * determined primarily by the grant. For details, see Retiring and revoking grants in the Key Management Service Developer Guide.
+ * determined primarily by the grant. For details, see Retiring and revoking grants in + * the Key Management Service Developer Guide. ** Related operations: *
diff --git a/clients/client-kms/src/commands/RevokeGrantCommand.ts b/clients/client-kms/src/commands/RevokeGrantCommand.ts index c9054f979401..81ccbb4d373c 100644 --- a/clients/client-kms/src/commands/RevokeGrantCommand.ts +++ b/clients/client-kms/src/commands/RevokeGrantCommand.ts @@ -23,8 +23,7 @@ export interface RevokeGrantCommandOutput extends __MetadataBearer {} /** *Deletes the specified grant. You revoke a grant to terminate the permissions that the - * grant allows. For more - * information, see Retiring and revoking grants in + * grant allows. For more information, see Retiring and revoking grants in * the * Key Management Service Developer Guide * .
diff --git a/clients/client-kms/src/commands/ScheduleKeyDeletionCommand.ts b/clients/client-kms/src/commands/ScheduleKeyDeletionCommand.ts index 27666c067e6b..72f8723092f4 100644 --- a/clients/client-kms/src/commands/ScheduleKeyDeletionCommand.ts +++ b/clients/client-kms/src/commands/ScheduleKeyDeletionCommand.ts @@ -22,22 +22,24 @@ export interface ScheduleKeyDeletionCommandInput extends ScheduleKeyDeletionRequ export interface ScheduleKeyDeletionCommandOutput extends ScheduleKeyDeletionResponse, __MetadataBearer {} /** - *Schedules the deletion of a KMS key. By default, KMS applies a waiting
- * period of 30 days, but you can specify a waiting period of 7-30 days. When this operation is
- * successful, the key state of the KMS key changes to PendingDeletion
and the key can't
- * be used in any cryptographic operations. It remains in this state for the duration of the
- * waiting period. Before the waiting period ends, you can use CancelKeyDeletion to cancel the deletion of the KMS key. After the waiting period ends, KMS deletes the KMS key,
+ *
Schedules the deletion of a KMS key. By default, KMS applies a waiting period of 30
+ * days, but you can specify a waiting period of 7-30 days. When this operation is successful,
+ * the key state of the KMS key changes to PendingDeletion
and the key can't be used
+ * in any cryptographic operations. It remains in this state for the duration of the waiting
+ * period. Before the waiting period ends, you can use CancelKeyDeletion to
+ * cancel the deletion of the KMS key. After the waiting period ends, KMS deletes the KMS key,
* its key material, and all KMS data associated with it, including all aliases that refer to
* it.
Deleting a KMS key is a destructive and potentially dangerous operation. When a KMS key is - * deleted, all data that was encrypted under the KMS key is unrecoverable. (The only exception is - * a multi-Region replica key.) To prevent the use of a KMS key without deleting it, use DisableKey.
+ *Deleting a KMS key is a destructive and potentially dangerous operation. When a KMS key + * is deleted, all data that was encrypted under the KMS key is unrecoverable. (The only + * exception is a multi-Region replica key.) To prevent the use of a KMS key without deleting + * it, use DisableKey.
*If you schedule deletion of a KMS key from a custom key store, when the waiting period
- * expires, ScheduleKeyDeletion
deletes the KMS key from KMS. Then KMS makes a best
- * effort to delete the key material from the associated CloudHSM cluster. However, you might need
- * to manually delete the orphaned key
+ * expires, ScheduleKeyDeletion
deletes the KMS key from KMS. Then KMS makes a
+ * best effort to delete the key material from the associated CloudHSM cluster. However, you might
+ * need to manually delete the orphaned key
* material from the cluster and its backups.
You can schedule the deletion of a multi-Region primary key and its replica keys at any
* time. However, KMS will not delete a multi-Region primary key with existing replica keys. If
@@ -46,18 +48,20 @@ export interface ScheduleKeyDeletionCommandOutput extends ScheduleKeyDeletionRes
* operations. This status can continue indefinitely. When the last of its replicas keys is
* deleted (not just scheduled), the key state of the primary key changes to
* PendingDeletion
and its waiting period (PendingWindowInDays
)
- * begins. For details, see Deleting multi-Region keys in the Key Management Service Developer Guide.
For more information about scheduling a KMS key for deletion, see Deleting KMS keys in the * Key Management Service Developer Guide.
*The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
- * *- * Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
+ * Cross-account + * use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. * * *- * Required permissions: kms:ScheduleKeyDeletion (key policy)
+ * Required permissions: kms:ScheduleKeyDeletion (key + * policy) ** Related operations *
diff --git a/clients/client-kms/src/commands/SignCommand.ts b/clients/client-kms/src/commands/SignCommand.ts index 3a7d9d97c14c..3e7c706b2a2d 100644 --- a/clients/client-kms/src/commands/SignCommand.ts +++ b/clients/client-kms/src/commands/SignCommand.ts @@ -20,20 +20,21 @@ export interface SignCommandOutput extends SignResponse, __MetadataBearer {} /** *Creates a digital - * signature for a message or message digest by using the private key in an asymmetric KMS key. To verify the signature, use the Verify operation, or use the public - * key in the same asymmetric KMS key outside of KMS. For information about symmetric and asymmetric KMS keys, see Using Symmetric and Asymmetric KMS keys in the Key Management Service Developer Guide.
+ * signature for a message or message digest by using the private key in an asymmetric + * KMS key. To verify the signature, use the Verify operation, or use the + * public key in the same asymmetric KMS key outside of KMS. For information about symmetric and asymmetric KMS keys, see Using Symmetric and Asymmetric KMS keys in the Key Management Service Developer Guide. *Digital signatures are generated and verified by using asymmetric key pair, such as an RSA - * or ECC pair that is represented by an asymmetric KMS key. The key owner (or - * an authorized user) uses their private key to sign a message. Anyone with the public key can - * verify that the message was signed with that particular private key and that the message - * hasn't changed since it was signed.
+ * or ECC pair that is represented by an asymmetric KMS key. The key owner (or an authorized + * user) uses their private key to sign a message. Anyone with the public key can verify that the + * message was signed with that particular private key and that the message hasn't changed since + * it was signed. *To use the Sign
operation, provide the following information:
Use the KeyId
parameter to identify an asymmetric KMS key with a
* KeyUsage
value of SIGN_VERIFY
. To get the
- * KeyUsage
value of a KMS key, use the DescribeKey operation.
- * The caller must have kms:Sign
permission on the KMS key.
KeyUsage
value of a KMS key, use the DescribeKey
+ * operation. The caller must have kms:Sign
permission on the KMS key.
* Use the Message
parameter to specify the message or message digest to
@@ -55,7 +56,7 @@ export interface SignCommandOutput extends SignResponse, __MetadataBearer {}
* then use the public key to verify the signature outside of KMS.
The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
- *+ *
* Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
* the key ARN or alias ARN in the value of the KeyId
parameter.
You can use this operation to tag a customer managed key, but you cannot - * tag an Amazon Web Services managed key, an Amazon Web Services owned key, a custom key store, or - * an alias.
- *You can also add tags to a KMS key while creating it (CreateKey) or replicating it (ReplicateKey).
+ * tag an Amazon Web Services + * managed key, an Amazon Web Services owned key, a custom key + * store, or an alias. + *You can also add tags to a KMS key while creating it (CreateKey) or + * replicating it (ReplicateKey).
*For information about using tags in KMS, see Tagging keys. For general information about * tags, including the format and syntax, see Tagging Amazon Web Services resources in the Amazon * Web Services General Reference.
*The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
*- * Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
+ * Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. * ** Required permissions: kms:TagResource (key policy)
diff --git a/clients/client-kms/src/commands/UntagResourceCommand.ts b/clients/client-kms/src/commands/UntagResourceCommand.ts index d409da96ca60..031ae4fffd9b 100644 --- a/clients/client-kms/src/commands/UntagResourceCommand.ts +++ b/clients/client-kms/src/commands/UntagResourceCommand.ts @@ -28,8 +28,8 @@ export interface UntagResourceCommandOutput extends __MetadataBearer {} *Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see Using ABAC in KMS in the Key Management Service Developer Guide.
*When it succeeds, the UntagResource
operation doesn't return any output.
- * Also, if the specified tag key isn't found on the KMS key, it doesn't throw an exception or return
- * a response. To confirm that the operation worked, use the ListResourceTags operation.
For information about using tags in KMS, see Tagging keys. For general information about * tags, including the format and syntax, see Tagging Amazon Web Services resources in the Amazon @@ -37,7 +37,7 @@ export interface UntagResourceCommandOutput extends __MetadataBearer {} *
The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
*- * Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
+ * Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. * ** Required permissions: kms:UntagResource (key policy)
diff --git a/clients/client-kms/src/commands/UpdateAliasCommand.ts b/clients/client-kms/src/commands/UpdateAliasCommand.ts index 0dc28922bd3e..d2d49adeb234 100644 --- a/clients/client-kms/src/commands/UpdateAliasCommand.ts +++ b/clients/client-kms/src/commands/UpdateAliasCommand.ts @@ -22,9 +22,9 @@ export interface UpdateAliasCommandInput extends UpdateAliasRequest {} export interface UpdateAliasCommandOutput extends __MetadataBearer {} /** - *Associates an existing KMS alias with a different KMS key. Each alias - * is associated with only one KMS key at a time, although a KMS key can have multiple aliases. The alias - * and the KMS key must be in the same Amazon Web Services account and Region.
+ *Associates an existing KMS alias with a different KMS key. Each alias is associated with + * only one KMS key at a time, although a KMS key can have multiple aliases. The alias and the + * KMS key must be in the same Amazon Web Services account and Region.
*Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see Using ABAC in KMS in the Key Management Service Developer Guide.
*Because an alias is not a property of a KMS key, you can create, update, and delete the - * aliases of a KMS key without affecting the KMS key. Also, aliases do not appear in the response from - * the DescribeKey operation. To get the aliases of all KMS keys in the account, - * use the ListAliases operation.
+ * aliases of a KMS key without affecting the KMS key. Also, aliases do not appear in the + * response from the DescribeKey operation. To get the aliases of all KMS keys + * in the account, use the ListAliases operation. *The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
- *+ *
* Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
** Required permissions @@ -49,18 +49,22 @@ export interface UpdateAliasCommandOutput extends __MetadataBearer {} *
- * kms:UpdateAlias on the alias (IAM policy).
+ * kms:UpdateAlias on + * the alias (IAM policy). *- * kms:UpdateAlias on the current KMS key (key policy).
+ * kms:UpdateAlias on + * the current KMS key (key policy). *- * kms:UpdateAlias on the new KMS key (key policy).
+ * kms:UpdateAlias on + * the new KMS key (key policy). *For details, see Controlling access to aliases in the Key Management Service Developer Guide.
+ *For details, see Controlling access to aliases in the + * Key Management Service Developer Guide.
** Related operations: *
diff --git a/clients/client-kms/src/commands/UpdateCustomKeyStoreCommand.ts b/clients/client-kms/src/commands/UpdateCustomKeyStoreCommand.ts index abf7fb14cd31..0b7c6321ac87 100644 --- a/clients/client-kms/src/commands/UpdateCustomKeyStoreCommand.ts +++ b/clients/client-kms/src/commands/UpdateCustomKeyStoreCommand.ts @@ -30,29 +30,29 @@ export interface UpdateCustomKeyStoreCommandOutput extends UpdateCustomKeyStoreR * the update completes, use ConnectCustomKeyStore. To find the connection * state of a custom key store, use the DescribeCustomKeyStores * operation. - *Use the parameters of UpdateCustomKeyStore
to edit your keystore
- * settings.
The CustomKeyStoreId
parameter is required in all commands. Use the other
+ * parameters of UpdateCustomKeyStore
to edit your key store settings.
Use the NewCustomKeyStoreName parameter to change the - * friendly name of the custom key store to the value that you specify.
+ *Use the NewCustomKeyStoreName
parameter to change the friendly name of
+ * the custom key store to the value that you specify.
*
Use the KeyStorePassword parameter tell KMS the
- * current password of the
- * kmsuser
crypto
- * user (CU) in the associated CloudHSM cluster. You can use this parameter to fix
- * connection failures that occur when KMS cannot log into the associated cluster
- * because the kmsuser
password has changed. This value does not change the
- * password in the CloudHSM cluster.
Use the KeyStorePassword
parameter tell KMS the current password of the
+ *
+ * kmsuser
crypto user (CU) in the associated CloudHSM cluster. You
+ * can use this parameter to fix connection
+ * failures that occur when KMS cannot log into the associated cluster because
+ * the kmsuser
password has changed. This value does not change the password in
+ * the CloudHSM cluster.
*
Use the CloudHsmClusterId parameter to associate the - * custom key store with a different, but related, CloudHSM cluster. You can use this parameter - * to repair a custom key store if its CloudHSM cluster becomes corrupted or is deleted, or when - * you need to create or restore a cluster from a backup.
+ *Use the CloudHsmClusterId
parameter to associate the custom key store
+ * with a different, but related, CloudHSM cluster. You can use this parameter to repair a
+ * custom key store if its CloudHSM cluster becomes corrupted or is deleted, or when you need to
+ * create or restore a cluster from a backup.
If the operation succeeds, it returns a JSON object with no @@ -60,9 +60,9 @@ export interface UpdateCustomKeyStoreCommandOutput extends UpdateCustomKeyStoreR *
This operation is part of the Custom Key Store feature feature in KMS, which * combines the convenience and extensive integration of KMS with the isolation and control of a * single-tenant key store.
- * *- * Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.
+ * Cross-account + * use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account. ** Required permissions: kms:UpdateCustomKeyStore (IAM policy)
*diff --git a/clients/client-kms/src/commands/UpdateKeyDescriptionCommand.ts b/clients/client-kms/src/commands/UpdateKeyDescriptionCommand.ts index dd1f873c6717..432565426fcc 100644 --- a/clients/client-kms/src/commands/UpdateKeyDescriptionCommand.ts +++ b/clients/client-kms/src/commands/UpdateKeyDescriptionCommand.ts @@ -22,12 +22,12 @@ export interface UpdateKeyDescriptionCommandInput extends UpdateKeyDescriptionRe export interface UpdateKeyDescriptionCommandOutput extends __MetadataBearer {} /** - *
Updates the description of a KMS key. To see the description of a KMS key, - * use DescribeKey.
+ *Updates the description of a KMS key. To see the description of a KMS key, use DescribeKey.
*The KMS key that you use for this operation must be in a compatible key state. For * details, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.
*- * Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
+ * Cross-account + * use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. * ** Required permissions: kms:UpdateKeyDescription (key policy)
diff --git a/clients/client-kms/src/commands/UpdatePrimaryRegionCommand.ts b/clients/client-kms/src/commands/UpdatePrimaryRegionCommand.ts index 6056d274a502..98ec26b02a1b 100644 --- a/clients/client-kms/src/commands/UpdatePrimaryRegionCommand.ts +++ b/clients/client-kms/src/commands/UpdatePrimaryRegionCommand.ts @@ -37,7 +37,7 @@ export interface UpdatePrimaryRegionCommandOutput extends __MetadataBearer {} * that are always shared by primary and replica keys, including the key material, key ID, key spec, key usage, key material * origin, and automatic * key rotation. It's the only key that can be replicated. You cannot delete the primary - * key until all replica keys are deleted. + * key until all replica keys are deleted. *The key ID and primary Region that you specify uniquely identify the replica key that will * become the primary key. The primary Region must already have a replica key. This operation * does not create a KMS key in the specified Region. To find the replica keys, use the DescribeKey operation on the primary key or any replica key. To create a replica diff --git a/clients/client-kms/src/commands/VerifyCommand.ts b/clients/client-kms/src/commands/VerifyCommand.ts index 9a551190152d..8458dd4bfda4 100644 --- a/clients/client-kms/src/commands/VerifyCommand.ts +++ b/clients/client-kms/src/commands/VerifyCommand.ts @@ -21,9 +21,9 @@ export interface VerifyCommandOutput extends VerifyResponse, __MetadataBearer {} /** *
Verifies a digital signature that was generated by the Sign operation.
* - *Verification confirms that an authorized user signed the message with the specified KMS key
- * and signing algorithm, and the message hasn't changed since it was signed. If the signature is
- * verified, the value of the SignatureValid
field in the response is
+ *
Verification confirms that an authorized user signed the message with the specified KMS
+ * key and signing algorithm, and the message hasn't changed since it was signed. If the
+ * signature is verified, the value of the SignatureValid
field in the response is
* True
. If the signature verification fails, the Verify
operation
* fails with an KMSInvalidSignatureException
exception.
A digital signature is generated by using the private key in an asymmetric KMS key. The @@ -32,8 +32,8 @@ export interface VerifyCommandOutput extends VerifyResponse, __MetadataBearer {} *
To verify a digital signature, you can use the Verify
operation. Specify the
* same asymmetric KMS key, message, and signing algorithm that were used to produce the
* signature.
You can also verify the digital signature by using the public key of the KMS key outside of - * KMS. Use the GetPublicKey operation to download the public key in the + *
You can also verify the digital signature by using the public key of the KMS key outside
+ * of KMS. Use the GetPublicKey operation to download the public key in the
* asymmetric KMS key and then use the public key to verify the signature outside of KMS. The
* advantage of using the Verify
operation is that it is performed within KMS. As
* a result, it's easy to call, the operation is performed within the FIPS boundary, it is logged
diff --git a/clients/client-kms/src/models/models_0.ts b/clients/client-kms/src/models/models_0.ts
index a8b12c139927..2874e6fdeb4f 100644
--- a/clients/client-kms/src/models/models_0.ts
+++ b/clients/client-kms/src/models/models_0.ts
@@ -27,12 +27,14 @@ export interface AliasListEntry {
TargetKeyId?: string;
/**
- *
Date and time that the alias was most recently created in the account and Region. Formatted as Unix time.
+ *Date and time that the alias was most recently created in the account and Region. + * Formatted as Unix time.
*/ CreationDate?: Date; /** - *Date and time that the alias was most recently associated with a KMS key in the account and Region. Formatted as Unix time.
+ *Date and time that the alias was most recently associated with a KMS key in the account + * and Region. Formatted as Unix time.
*/ LastUpdatedDate?: Date; } @@ -68,6 +70,7 @@ export namespace AlreadyExistsException { export interface CancelKeyDeletionRequest { /** *Identifies the KMS key whose deletion is being canceled.
+ * *Specify the key ID or key ARN of the KMS key.
*For example:
*The request was rejected because the state of the specified resource is not valid for this * request.
- *For more information about how key state affects the use of a KMS key, see Key state: Effect on your KMS key in the + *
For more information about how key state affects the use of a KMS key, see Key state: Effect on your KMS + * key in the * Key Management Service Developer Guide * .
*/ @@ -453,22 +457,23 @@ export interface CreateAliasRequest { /** *Specifies the alias name. This value must begin with alias/
followed by a
* name, such as alias/ExampleAlias
.
The AliasName
value must be string of 1-256 characters. It can contain only alphanumeric characters,
- * forward slashes (/), underscores (_), and dashes (-). The alias name cannot begin with alias/aws/
. The alias/aws/
prefix is reserved
- * for Amazon Web Services managed keys.
The AliasName
value must be string of 1-256 characters. It can contain only
+ * alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). The alias name
+ * cannot begin with alias/aws/
. The alias/aws/
prefix is reserved for
+ * Amazon Web Services managed
+ * keys.
Associates the alias with the specified customer managed key. The KMS key must be - * in the same Amazon Web Services Region.
+ *Associates the alias with the specified customer managed key. The KMS key must + * be in the same Amazon Web Services Region.
*A valid key ID is required. If you supply a null or empty string value, this operation * returns an error.
*For help finding the key ID and ARN, see Finding the Key ID and * ARN in the * Key Management Service Developer Guide * .
- * *Specify the key ID or key ARN of the KMS key.
*For example:
*Specifies a friendly name for the custom key store. The name must be unique in your Amazon Web Services account.
+ *Specifies a friendly name for the custom key store. The name must be unique in your + * Amazon Web Services account.
*/ CustomKeyStoreName: string | undefined; @@ -696,8 +702,8 @@ export enum GrantOperation { export interface CreateGrantRequest { /** - *Identifies the KMS key for the grant. The grant gives principals permission to use this KMS key.
- * + *Identifies the KMS key for the grant. The grant gives principals permission to use this + * KMS key.
*Specify the key ID or key ARN of the KMS key. To specify a KMS key in a * different Amazon Web Services account, you must use the key ARN.
*For example:
@@ -717,45 +723,50 @@ export interface CreateGrantRequest { /** *The identity that gets the permissions specified in the grant.
- *To specify the principal, use the Amazon Resource Name (ARN) of an Amazon Web Services principal. Valid Amazon Web Services principals include Amazon Web Services accounts (root), IAM users, IAM roles, federated
- * users, and assumed role users. For examples of the ARN syntax to use for specifying a
- * principal, see Amazon Web Services Identity and Access
+ * To specify the principal, use the Amazon Resource Name (ARN) of an
+ * Amazon Web Services principal. Valid Amazon Web Services principals include Amazon Web Services accounts (root), IAM users, IAM roles,
+ * federated users, and assumed role users. For examples of the ARN syntax to use for specifying
+ * a principal, see Amazon Web Services Identity and Access
* Management (IAM) in the Example ARNs section of the Amazon Web Services General
- * Reference.
The principal that has permission to use the RetireGrant operation to * retire the grant.
- *To specify the principal, use the Amazon Resource Name (ARN) of an Amazon Web Services principal. Valid Amazon Web Services principals include Amazon Web Services accounts (root), IAM users, federated users, and - * assumed role users. For examples of the ARN syntax to use for specifying a principal, see - * Amazon Web Services Identity and Access Management (IAM) in the Example ARNs section of the - * Amazon Web Services General Reference.
+ *To specify the principal, use the Amazon Resource Name (ARN) of an + * Amazon Web Services principal. Valid Amazon Web Services principals include Amazon Web Services accounts (root), IAM users, federated + * users, and assumed role users. For examples of the ARN syntax to use for specifying a + * principal, see Amazon Web Services Identity and Access + * Management (IAM) in the Example ARNs section of the Amazon Web Services General + * Reference.
*The grant determines the retiring principal. Other principals might have permission to * retire the grant or revoke the grant. For details, see RevokeGrant and - * Retiring and revoking grants in the Key Management Service Developer Guide.
+ * Retiring and + * revoking grants in the Key Management Service Developer Guide. */ RetiringPrincipal?: string; /** *A list of operations that the grant permits.
- *The operation must be supported on the KMS key. For example, you cannot create a grant for a
- * symmetric KMS key that allows the Sign operation, or a grant for an asymmetric KMS key that allows the GenerateDataKey operation. If you try, KMS returns a
- * ValidationError
exception. For details, see Grant operations in the
- * Key Management Service Developer Guide.
The operation must be supported on the KMS key. For example, you cannot create a grant for
+ * a symmetric KMS key that allows the Sign operation, or a grant for an
+ * asymmetric KMS key that allows the GenerateDataKey operation. If you try,
+ * KMS returns a ValidationError
exception. For details, see Grant
+ * operations in the Key Management Service Developer Guide.
Specifies a grant constraint.
*KMS supports the EncryptionContextEquals
and
- * EncryptionContextSubset
grant constraints. Each constraint value can include up
+ * EncryptionContextSubset
grant constraints. Each constraint value can include up
* to 8 encryption context pairs. The encryption context value in each constraint cannot exceed
* 384 characters.
These grant constraints allow the permissions in the grant only when the encryption
* context in the request matches ( A friendly name for the grant. Use this value to prevent the unintended
- * creation of duplicate grants when retrying this request. A friendly name for the grant. Use this value to prevent the unintended creation of
+ * duplicate grants when retrying this request. When this value is absent, all When this value is present, you can retry a A key-value pair. A tag consists of a tag key and a tag value. Tag keys and tag values are
* both required, but tag values can be empty (null) strings. For information about the rules that apply to tag keys and tag values, see User-Defined Tag Restrictions in the Amazon Web Services Billing and Cost Management User
- * Guide. For information about the rules that apply to tag keys and tag values, see User-Defined Tag Restrictions in the Amazon Web Services Billing and Cost Management
+ * User Guide. If you don't set Each statement in the key policy must contain one or more principals. The principals
- * in the key policy must exist and be visible to KMS. When you create a new Amazon Web Services principal
- * (for example, an IAM user or role), you might need to enforce a delay before including the
- * new principal in a key policy because the new principal might not be immediately visible
- * to KMS. For more information, see Changes that I make are not always immediately visible in the Amazon Web Services Identity and Access Management User Guide.EncryptionContextEquals
) or includes
- * (EncryptionContextSubset
) the encryption context specified in this structure.
+ * (EncryptionContextSubset
) the encryption context specified in this structure.
* For information about grant constraints, see Using grant
* constraints in the Key Management Service Developer Guide. For more information about encryption context,
* see Encryption
@@ -776,15 +787,15 @@ export interface CreateGrantRequest {
GrantTokens?: string[];
/**
- * CreateGrant
requests result in a new grant
* with a unique GrantId
even if all the supplied parameters are identical. This can
* result in unintended duplicates when you retry the CreateGrant
request.CreateGrant
request with
* identical parameters; if the grant already exists, the original GrantId
is
* returned without creating a new grant. Note that the returned grant token is unique with every
- * CreateGrant
request, even when a duplicate GrantId
is returned.
+ * CreateGrant
request, even when a duplicate GrantId
is returned.
* All grant tokens for the same grant ID can be used interchangeably.BypassPolicyLockoutSafetyCheck
to true, the key policy
* must allow the principal that is making the CreateKey
request to make a
- * subsequent PutKeyPolicy request on the KMS key. This reduces the risk that
- * the KMS key becomes unmanageable. For more information, refer to the scenario in the Default Key Policy section of the
+ * subsequent PutKeyPolicy request on the KMS key. This reduces the risk
+ * that the KMS key becomes unmanageable. For more information, refer to the scenario in the
+ * Default Key Policy section of the
* Key Management Service Developer Guide
* .
If you do not provide a key policy, KMS attaches a default key policy to the KMS key. For - * more information, see Default Key Policy in the + *
If you do not provide a key policy, KMS attaches a default key policy to the KMS key. + * For more information, see Default Key Policy in the * Key Management Service Developer Guide.
*The key policy size quota is 32 kilobytes (32768 bytes).
*For help writing and formatting a JSON policy document, see the IAM JSON Policy Reference in the @@ -952,27 +965,29 @@ export interface CreateKeyRequest { /** *
A description of the KMS key.
- *Use a description that helps you decide whether the KMS key is - * appropriate for a task. The default value is an empty string (no description).
+ *Use a description that helps you decide whether the KMS key is appropriate for a task. The + * default value is an empty string (no description).
*To set or change the description after the key is created, use UpdateKeyDescription.
*/ Description?: string; /** *Determines the cryptographic operations for which you can use the KMS key. The default value is
- * ENCRYPT_DECRYPT
. This parameter is required only for asymmetric KMS keys. You can't
- * change the KeyUsage
value after the KMS key is created.
ENCRYPT_DECRYPT
. This parameter is required only for asymmetric KMS keys. You
+ * can't change the KeyUsage
value after the KMS key is created.
* Select only one valid value.
*For symmetric KMS keys, omit the parameter or specify ENCRYPT_DECRYPT
.
For symmetric KMS keys, omit the parameter or specify
+ * ENCRYPT_DECRYPT
.
For asymmetric KMS keys with RSA key material, specify ENCRYPT_DECRYPT
or
* SIGN_VERIFY
.
For asymmetric KMS keys with ECC key material, specify SIGN_VERIFY
.
For asymmetric KMS keys with ECC key material, specify
+ * SIGN_VERIFY
.
Instead, use the KeySpec
parameter.
The KeySpec
and CustomerMasterKeySpec
parameters work the same way. Only the names differ. We recommend that you use KeySpec
parameter in your code. However, to avoid breaking changes, KMS will support both parameters.
The KeySpec
and CustomerMasterKeySpec
parameters work the same
+ * way. Only the names differ. We recommend that you use KeySpec
parameter in your
+ * code. However, to avoid breaking changes, KMS will support both parameters.
Specifies the type of KMS key to create. The default value, Specifies the type of KMS key to create. The default value,
+ *
* Amazon Web Services services that
- * are integrated with KMS use symmetric KMS keys to protect your data. These
- * services do not support asymmetric KMS keys. For help determining whether a KMS key is symmetric or
- * asymmetric, see Identifying Symmetric and Asymmetric KMS keys in the Key Management Service Developer
- * Guide.SYMMETRIC_DEFAULT
,
- * creates a KMS key with a 256-bit symmetric key for encryption and decryption. For help choosing a
- * key spec for your KMS key, see How to Choose Your KMS key
+ * SYMMETRIC_DEFAULT
, creates a KMS key with a 256-bit symmetric key for encryption
+ * and decryption. For help choosing a key spec for your KMS key, see How to Choose Your KMS key
* Configuration in the
* Key Management Service Developer Guide
* .
KMS supports the following key specs for KMS keys:
*The source of the key material for the KMS key. You cannot change the origin after you create
- * the KMS key. The default is AWS_KMS
, which means that KMS creates the key
- * material.
The source of the key material for the KMS key. You cannot change the origin after you
+ * create the KMS key. The default is AWS_KMS
, which means that KMS creates the
+ * key material.
To create a KMS key with no key material (for imported key material), set the value to
* EXTERNAL
. For more information about importing key material into KMS, see
* Importing Key
- * Material in the Key Management Service Developer Guide. This value is valid only for symmetric KMS keys.
To create a KMS key in an KMS custom key store and create its key material in the associated
- * CloudHSM cluster, set this value to AWS_CLOUDHSM
. You must also use the
+ * Material in the Key Management Service Developer Guide. This value is valid only for symmetric KMS
+ * keys.
To create a KMS key in an KMS custom key store and create its key material in the
+ * associated CloudHSM cluster, set this value to AWS_CLOUDHSM
. You must also use the
* CustomKeyStoreId
parameter to identify the custom key store. This value is
* valid only for symmetric KMS keys.
Creates the KMS key in the specified custom key store and the key material in its associated - * CloudHSM cluster. To create a KMS key in a custom key store, you must also specify the + *
Creates the KMS key in the specified custom key store and the key material in its
+ * associated CloudHSM cluster. To create a KMS key in a custom key store, you must also specify the
* Origin
parameter with a value of AWS_CLOUDHSM
. The CloudHSM cluster
* that is associated with the custom key store must have at least two active HSMs, each in a
* different Availability Zone in the Region.
This parameter is valid only for symmetric KMS keys and regional KMS keys. You cannot create an - * asymmetric KMS key or a multi-Region key in a custom key store.
+ *This parameter is valid only for symmetric KMS keys and regional KMS keys. You cannot + * create an asymmetric KMS key or a multi-Region key in a custom key store.
*To find the ID of a custom key store, use the DescribeCustomKeyStores operation.
*The response includes the custom key store ID and the ID of the CloudHSM cluster.
*This operation is part of the Custom Key Store feature feature in KMS, which @@ -1104,8 +1122,8 @@ export interface CreateKeyRequest { /** *
A flag to indicate whether to bypass the key policy lockout safety check.
*Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not - * set this value to true indiscriminately.
+ *Setting this value to true increases the risk that the KMS key becomes unmanageable. Do + * not set this value to true indiscriminately.
*For more information, refer to the scenario in the Default Key Policy section in the * Key Management Service Developer Guide * .
@@ -1117,16 +1135,16 @@ export interface CreateKeyRequest { BypassPolicyLockoutSafetyCheck?: boolean; /** - *Assigns one or more tags to the KMS key. Use this parameter to tag the KMS key when it is created. - * To tag an existing KMS key, use the TagResource operation.
+ *Assigns one or more tags to the KMS key. Use this parameter to tag the KMS key when it is + * created. To tag an existing KMS key, use the TagResource operation.
*Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see Using ABAC in KMS in the Key Management Service Developer Guide.
*To use this parameter, you must have kms:TagResource permission in an IAM policy.
*Each tag consists of a tag key and a tag value. Both the tag key and the tag value are * required, but the tag value can be an empty (null) string. You cannot have more than one tag - * on a KMS key with the same tag key. If you specify an existing tag key with a different tag value, - * KMS replaces the current tag value with the specified one.
+ * on a KMS key with the same tag key. If you specify an existing tag key with a different tag + * value, KMS replaces the current tag value with the specified one. *When you add tags to an Amazon Web Services resource, Amazon Web Services generates a cost allocation * report with usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For details, * see Tagging Keys.
@@ -1136,9 +1154,9 @@ export interface CreateKeyRequest { /** *Creates a multi-Region primary key that you can replicate into other Amazon Web Services Regions. You * cannot change this value after you create the KMS key.
- *For a multi-Region key, set this parameter to True
. For a single-Region KMS key,
- * omit this parameter or set it to False
. The default value is
- * False
.
For a multi-Region key, set this parameter to True
. For a single-Region KMS
+ * key, omit this parameter or set it to False
. The default value is
+ * False
.
This operation supports multi-Region keys, an KMS feature that lets you create multiple * interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key * material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt @@ -1218,26 +1236,27 @@ export namespace MultiRegionKey { } /** - *
Describes the configuration of this multi-Region key. This field appears only when the KMS key - * is a primary or replica of a multi-Region key.
+ *Describes the configuration of this multi-Region key. This field appears only when the KMS + * key is a primary or replica of a multi-Region key.
*For more information about any listed KMS key, use the DescribeKey * operation.
*/ export interface MultiRegionConfiguration { /** - *Indicates whether the KMS key is a PRIMARY
or REPLICA
key.
Indicates whether the KMS key is a PRIMARY
or REPLICA
+ * key.
Displays the key ARN and Region of the primary key. This field includes the current KMS key if - * it is the primary key.
+ *Displays the key ARN and Region of the primary key. This field includes the current KMS + * key if it is the primary key.
*/ PrimaryKey?: MultiRegionKey; /** - *displays the key ARNs and Regions of all replica keys. This field includes the current KMS key - * if it is a replica key.
+ *displays the key ARNs and Regions of all replica keys. This field includes the current KMS + * key if it is a replica key.
*/ ReplicaKeys?: MultiRegionKey[]; } @@ -1279,8 +1298,7 @@ export interface KeyMetadata { KeyId: string | undefined; /** - *The Amazon Resource Name (ARN) of the KMS key. For examples, see Key Management Service - * (KMS) in the Example ARNs section of the Amazon Web Services General + *
The Amazon Resource Name (ARN) of the KMS key. For examples, see Key Management Service (KMS) in the Example ARNs section of the Amazon Web Services General * Reference.
*/ Arn?: string; @@ -1291,8 +1309,8 @@ export interface KeyMetadata { CreationDate?: Date; /** - *Specifies whether the KMS key is enabled. When KeyState
is Enabled
- * this value is true, otherwise it is false.
Specifies whether the KMS key is enabled. When KeyState
is
+ * Enabled
this value is true, otherwise it is false.
The current status of the KMS key.
- *For more information about how key state affects the use of a KMS key, see Key state: Effect on your KMS key - * in the Key Management Service Developer Guide.
+ *For more information about how key state affects the use of a KMS key, see Key state: Effect on your KMS + * key in the Key Management Service Developer Guide.
*/ KeyState?: KeyState | string; /** - *The date and time after which KMS deletes this KMS key. This value is present only when the KMS key is scheduled for deletion, that is, when its KeyState
is
+ *
The date and time after which KMS deletes this KMS key. This value is present only when
+ * the KMS key is scheduled for deletion, that is, when its KeyState
is
* PendingDeletion
.
When the primary key in a multi-Region key is scheduled for deletion but still has replica
* keys, its key state is PendingReplicaDeletion
and the length of its waiting
@@ -1324,32 +1343,32 @@ export interface KeyMetadata {
/**
*
The time at which the imported key material expires. When the key material expires, KMS
- * deletes the key material and the KMS key becomes unusable. This value is present only for KMS keys
- * whose Origin
is EXTERNAL
and whose ExpirationModel
is
- * KEY_MATERIAL_EXPIRES
, otherwise this value is omitted.
Origin
is EXTERNAL
and whose ExpirationModel
+ * is KEY_MATERIAL_EXPIRES
, otherwise this value is omitted.
*/
ValidTo?: Date;
/**
- * The source of the key material for the KMS key. When this value is AWS_KMS
, KMS
- * created the key material. When this value is EXTERNAL
, the key material was
- * imported or the KMS key doesn't have any key material. When
- * this value is AWS_CLOUDHSM
, the key material was created in the CloudHSM cluster
- * associated with a custom key store.
The source of the key material for the KMS key. When this value is AWS_KMS
,
+ * KMS created the key material. When this value is EXTERNAL
, the key material was
+ * imported or the KMS key doesn't have any key material. When this value is
+ * AWS_CLOUDHSM
, the key material was created in the CloudHSM cluster associated with
+ * a custom key store.
A unique identifier for the custom key store that contains the KMS key. This value is present - * only when the KMS key is created in a custom key store.
+ *A unique identifier for the custom key store that contains the KMS key. This value is + * present only when the KMS key is created in a custom key store.
*/ CustomKeyStoreId?: string; /** - *The cluster ID of the CloudHSM cluster that contains the key material for the KMS key. When you - * create a KMS key in a custom key store, KMS creates the key material for the KMS key in the - * associated CloudHSM cluster. This value is present only when the KMS key is created in a custom key - * store.
+ *The cluster ID of the CloudHSM cluster that contains the key material for the KMS key. When + * you create a KMS key in a custom key store, KMS creates the key material for the KMS key in + * the associated CloudHSM cluster. This value is present only when the KMS key is created in a + * custom key store.
*/ CloudHsmClusterId?: string; @@ -1360,8 +1379,8 @@ export interface KeyMetadata { ExpirationModel?: ExpirationModelType | string; /** - *The manager of the KMS key. KMS keys in your Amazon Web Services account are either customer managed or Amazon Web Services managed. For more information about the difference, see KMS keys in the - * Key Management Service Developer Guide.
+ *The manager of the KMS key. KMS keys in your Amazon Web Services account are either customer managed or + * Amazon Web Services managed. For more information about the difference, see KMS keys in the Key Management Service Developer Guide.
*/ KeyManager?: KeyManagerType | string; @@ -1369,7 +1388,9 @@ export interface KeyMetadata { * @deprecated * *Instead, use the KeySpec
field.
The KeySpec
and CustomerMasterKeySpec
fields have the same value. We recommend that you use the KeySpec
field in your code. However, to avoid breaking changes, KMS will support both fields.
The KeySpec
and CustomerMasterKeySpec
fields have the same
+ * value. We recommend that you use the KeySpec
field in your code. However, to
+ * avoid breaking changes, KMS will support both fields.
The signing algorithms that the KMS key supports. You cannot use the KMS key with other signing - * algorithms within KMS.
+ *The signing algorithms that the KMS key supports. You cannot use the KMS key with other + * signing algorithms within KMS.
*This field appears only when the KeyUsage
of the KMS key is
* SIGN_VERIFY
.
- * MultiRegionKeyType
indicates whether the KMS key is a PRIMARY
or
- * REPLICA
key.
MultiRegionKeyType
indicates whether the KMS key is a
+ * PRIMARY
or REPLICA
key.
* @@ -1430,9 +1451,9 @@ export interface KeyMetadata { /** *
The waiting period before the primary key in a multi-Region key is deleted. This waiting
* period begins when the last of its replica keys is deleted. This value is present only when
- * the KeyState
of the KMS key is PendingReplicaDeletion
. That indicates
- * that the KMS key is the primary key in a multi-Region key, it is scheduled for deletion, and it
- * still has existing replica keys.
KeyState
of the KMS key is PendingReplicaDeletion
. That
+ * indicates that the KMS key is the primary key in a multi-Region key, it is scheduled for
+ * deletion, and it still has existing replica keys.
* When a single-Region KMS key or a multi-Region replica key is scheduled for deletion, its
* deletion date is displayed in the DeletionDate
field. However, when the primary
* key in a multi-Region key is scheduled for deletion, its waiting period doesn't begin until
@@ -1526,8 +1547,10 @@ export namespace UnsupportedOperationException {
}
/**
- *
The request was rejected because the custom key store contains KMS keys. After verifying that you do not need to use the KMS keys, use the ScheduleKeyDeletion operation to delete the KMS keys. After they are deleted, you - * can delete the custom key store.
+ *The request was rejected because the custom key store contains KMS keys. After verifying + * that you do not need to use the KMS keys, use the ScheduleKeyDeletion + * operation to delete the KMS keys. After they are deleted, you can delete the custom key + * store.
*/ export interface CustomKeyStoreHasCMKsException extends __SmithyException, $MetadataBearer { name: "CustomKeyStoreHasCMKsException"; @@ -1573,8 +1596,8 @@ export interface CustomKeyStoresListEntry { /** *Indicates whether the custom key store is connected to its CloudHSM cluster.
- *You can create and use KMS keys in your custom key stores only when its connection state is
- * CONNECTED
.
You can create and use KMS keys in your custom key stores only when its connection state
+ * is CONNECTED
.
The value is DISCONNECTED
if the key store has never been connected or you
* use the DisconnectCustomKeyStore operation to disconnect it. If the value is
* CONNECTED
but you are having trouble using the custom key store, make sure that
@@ -1715,13 +1738,13 @@ export interface DecryptRequest {
GrantTokens?: string[];
/**
- *
Specifies the KMS key that KMS uses to decrypt the ciphertext. Enter a - * key ID of the KMS key that was used to encrypt the ciphertext.
+ *Specifies the KMS key that KMS uses to decrypt the ciphertext. Enter a key ID of the KMS + * key that was used to encrypt the ciphertext.
* - *This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. - * If you used a symmetric KMS key, KMS can get the KMS key from metadata that it adds to the - * symmetric ciphertext blob. However, it is always recommended as a best practice. This practice - * ensures that you use the KMS key that you intend.
+ *This parameter is required only when the ciphertext was encrypted under an asymmetric KMS + * key. If you used a symmetric KMS key, KMS can get the KMS key from metadata that it adds to + * the symmetric ciphertext blob. However, it is always recommended as a best practice. This + * practice ensures that you use the KMS key that you intend.
* *To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with "alias/"
. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.
For example:
@@ -1751,9 +1774,9 @@ export interface DecryptRequest { *Specifies the encryption algorithm that will be used to decrypt the ciphertext. Specify
* the same algorithm that was used to encrypt the data. If you specify a different algorithm,
* the Decrypt
operation fails.
This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key.
- * The default value, SYMMETRIC_DEFAULT
, represents the only supported algorithm
- * that is valid for symmetric KMS keys.
This parameter is required only when the ciphertext was encrypted under an asymmetric KMS
+ * key. The default value, SYMMETRIC_DEFAULT
, represents the only supported
+ * algorithm that is valid for symmetric KMS keys.
The request was rejected because the specified KMS key cannot decrypt the data. The
* KeyId
in a Decrypt request and the SourceKeyId
- * in a ReEncrypt request must identify the same KMS key that was used to encrypt
- * the ciphertext.
The encryption algorithm or signing algorithm specified for the operation is
- * incompatible with the type of key material in the KMS key
- * (KeySpec
).
(KeySpec
).
* For encrypting, decrypting, re-encrypting, and generating data keys, the
* KeyUsage
must be ENCRYPT_DECRYPT
. For signing and verifying, the
* KeyUsage
must be SIGN_VERIFY
. To find the KeyUsage
of
* a KMS key, use the DescribeKey operation.
To find the encryption or signing algorithms supported for a particular KMS key, use the DescribeKey operation.
+ *To find the encryption or signing algorithms supported for a particular KMS key, use the + * DescribeKey operation.
*/ export interface InvalidKeyUsageException extends __SmithyException, $MetadataBearer { name: "InvalidKeyUsageException"; @@ -1873,8 +1896,8 @@ export namespace InvalidKeyUsageException { } /** - *The request was rejected because the specified KMS key was not available. You can retry the - * request.
+ *The request was rejected because the specified KMS key was not available. You can retry + * the request.
*/ export interface KeyUnavailableException extends __SmithyException, $MetadataBearer { name: "KeyUnavailableException"; @@ -1939,6 +1962,7 @@ export interface DeleteImportedKeyMaterialRequest { /** *Identifies the KMS key from which you are deleting imported key material. The
* Origin
of the KMS key must be EXTERNAL
.
Specify the key ID or key ARN of the KMS key.
*For example:
*Describes the specified KMS key.
- *If you specify a predefined Amazon Web Services alias (an Amazon Web Services alias with no key ID), KMS associates the
- * alias with an Amazon Web Services managed key and returns its KeyId
and Arn
in the
- * response.
If you specify a predefined Amazon Web Services alias (an Amazon Web Services alias with no key ID), KMS associates
+ * the alias with an Amazon Web Services managed key and returns its
+ * KeyId
and Arn
in the response.
To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with "alias/"
. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.
For example:
*Identifies a symmetric KMS key. You cannot enable or disable automatic - * rotation of asymmetric KMS keys, KMS keys - * with imported key - * material, or KMS keys in a custom key store.
+ *Identifies a symmetric KMS key. You cannot enable or disable automatic rotation of asymmetric + * KMS keys, KMS keys with imported key material, or KMS keys in a + * custom key store.
*Specify the key ID or key ARN of the KMS key.
*For example:
*Identifies a symmetric KMS key. You cannot enable automatic rotation of asymmetric KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key.
- * *Specify the key ID or key ARN of the KMS key.
*For example:
*Identifies the KMS key to use in the encryption operation.
+ * *To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with "alias/"
. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.
For example:
*Specifies the encryption algorithm that KMS will use to encrypt the plaintext message. * The algorithm must be compatible with the KMS key that you specify.
*This parameter is required only for asymmetric KMS keys. The default value,
- * SYMMETRIC_DEFAULT
, is the algorithm used for symmetric KMS keys. If you are using
- * an asymmetric KMS key, we recommend RSAES_OAEP_SHA_256.
SYMMETRIC_DEFAULT
, is the algorithm used for symmetric KMS keys. If you are
+ * using an asymmetric KMS key, we recommend RSAES_OAEP_SHA_256.
*/
EncryptionAlgorithm?: EncryptionAlgorithmSpec | string;
}
@@ -2493,8 +2517,9 @@ export interface GenerateDataKeyPairRequest {
EncryptionContext?: { [key: string]: string };
/**
- * Specifies the symmetric KMS key that encrypts the private key in the data key pair. You cannot - * specify an asymmetric KMS key or a KMS key in a custom key store. To get the type and origin of your KMS key, use the DescribeKey operation.
+ *Specifies the symmetric KMS key that encrypts the private key in the data key pair. You + * cannot specify an asymmetric KMS key or a KMS key in a custom key store. To get the type and + * origin of your KMS key, use the DescribeKey operation.
* *To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with "alias/"
. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.
For example:
@@ -2592,9 +2617,10 @@ export interface GenerateDataKeyPairWithoutPlaintextRequest { EncryptionContext?: { [key: string]: string }; /** - *Specifies the KMS key that encrypts the private key in the data key pair. You must specify a - * symmetric KMS key. You cannot use an asymmetric KMS key or a KMS key in a custom key store. To get the - * type and origin of your KMS key, use the DescribeKey operation.
+ *Specifies the KMS key that encrypts the private key in the data key pair. You must specify + * a symmetric KMS key. You cannot use an asymmetric KMS key or a KMS key in a custom key store. + * To get the type and origin of your KMS key, use the DescribeKey operation. + *
*To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with "alias/"
. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.
For example:
*The identifier of the symmetric KMS key that encrypts the data - * key.
+ *The identifier of the symmetric KMS key that encrypts the data key.
+ * *To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with "alias/"
. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.
For example:
*Gets the rotation status for the specified KMS key.
+ * *Specify the key ID or key ARN of the KMS key. To specify a KMS key in a * different Amazon Web Services account, you must use the key ARN.
*For example:
@@ -2905,6 +2932,7 @@ export interface GetParametersForImportRequest { /** *The identifier of the symmetric KMS key into which you will import key material. The
* Origin
of the KMS key must be EXTERNAL
.
Specify the key ID or key ARN of the KMS key.
*For example:
*The Amazon Resource Name (key ARN) of the KMS key to use in a subsequent ImportKeyMaterial
- * request. This is the same KMS key specified in the GetParametersForImport
+ *
The Amazon Resource Name (key ARN) of the KMS key to use in a subsequent ImportKeyMaterial request. This is the same KMS key specified in the GetParametersForImport
* request.
The Amazon Resource Name (key ARN) of the asymmetric KMS key from which the public key was downloaded.
+ *The Amazon Resource Name (key ARN) of the asymmetric KMS key from which the public key was + * downloaded.
*/ KeyId?: string; @@ -3042,8 +3070,11 @@ export interface GetPublicKeyResponse { /** * @deprecated * - *Instead, use the KeySpec
field in the GetPublicKey
response.
The KeySpec
and CustomerMasterKeySpec
fields have the same value. We recommend that you use the KeySpec
field in your code. However, to avoid breaking changes, KMS will support both fields.
Instead, use the KeySpec
field in the GetPublicKey
+ * response.
The KeySpec
and CustomerMasterKeySpec
fields have the same
+ * value. We recommend that you use the KeySpec
field in your code. However, to
+ * avoid breaking changes, KMS will support both fields.
The identifier of the symmetric KMS key that receives the imported key material. The KMS key's
- * Origin
must be EXTERNAL
. This must be the same KMS key specified in
- * the KeyID
parameter of the corresponding GetParametersForImport
- * request.
The identifier of the symmetric KMS key that receives the imported key material. The KMS
+ * key's Origin
must be EXTERNAL
. This must be the same KMS key
+ * specified in the KeyID
parameter of the corresponding GetParametersForImport request.
Specify the key ID or key ARN of the KMS key.
*For example:
*The time at which the imported key material expires. When the key material expires, KMS
- * deletes the key material and the KMS key becomes unusable. You must omit this parameter when the
- * ExpirationModel
parameter is set to KEY_MATERIAL_DOES_NOT_EXPIRE
.
- * Otherwise it is required.
ExpirationModel
parameter is set to
+ * KEY_MATERIAL_DOES_NOT_EXPIRE
. Otherwise it is required.
*/
ValidTo?: Date;
@@ -3325,10 +3355,10 @@ export namespace KMSInvalidSignatureException {
export interface ListAliasesRequest {
/**
- * Lists only aliases that are associated with the specified KMS key. Enter a KMS key in your Amazon Web Services account.
+ *Lists only aliases that are associated with the specified KMS key. Enter a KMS key in your + * Amazon Web Services account.
*This parameter is optional. If you omit it, ListAliases
returns all aliases
* in the account and Region.
Specify the key ID or key ARN of the KMS key.
*For example:
*Returns only grants for the specified KMS key. This parameter is - * required.
+ *Returns only grants for the specified KMS key. This parameter is required.
+ * *Specify the key ID or key ARN of the KMS key. To specify a KMS key in a * different Amazon Web Services account, you must use the key ARN.
*For example:
@@ -3722,10 +3752,13 @@ export interface ListRetirableGrantsRequest { Marker?: string; /** - *The retiring principal for which to list grants. Enter a principal in your Amazon Web Services account.
- *To specify the retiring principal, use the Amazon Resource Name (ARN) of an Amazon Web Services principal. Valid Amazon Web Services principals include Amazon Web Services accounts (root), IAM users, federated users, and - * assumed role users. For examples of the ARN syntax for specifying a principal, see Amazon Web Services Identity and Access Management (IAM) in the Example ARNs section of the - * Amazon Web Services General Reference.
+ *The retiring principal for which to list grants. Enter a principal in your + * Amazon Web Services account.
+ *To specify the retiring principal, use the Amazon Resource Name (ARN) of an + * Amazon Web Services principal. Valid Amazon Web Services principals include Amazon Web Services accounts (root), IAM users, federated + * users, and assumed role users. For examples of the ARN syntax for specifying a principal, see + * Amazon Web Services Identity and Access Management (IAM) in the Example ARNs section of the + * Amazon Web Services General Reference.
*/ RetiringPrincipal: string | undefined; } @@ -3775,14 +3808,17 @@ export interface PutKeyPolicyRequest { *If you don't set BypassPolicyLockoutSafetyCheck
to true, the key policy
* must allow the principal that is making the PutKeyPolicy
request to make a
- * subsequent PutKeyPolicy
request on the KMS key. This reduces the risk that the KMS key becomes unmanageable. For more information, refer to the scenario in the Default Key Policy section of the Key Management Service Developer Guide.
PutKeyPolicy
request on the KMS key. This reduces the risk that
+ * the KMS key becomes unmanageable. For more information, refer to the scenario in the
+ * Default Key Policy section of the Key Management Service Developer Guide.
* Each statement in the key policy must contain one or more principals. The principals - * in the key policy must exist and be visible to KMS. When you create a new Amazon Web Services principal - * (for example, an IAM user or role), you might need to enforce a delay before including the - * new principal in a key policy because the new principal might not be immediately visible - * to KMS. For more information, see Changes that I make are not always immediately visible in the Amazon Web Services Identity and Access Management User Guide.
+ * in the key policy must exist and be visible to KMS. When you create a new Amazon Web Services + * principal (for example, an IAM user or role), you might need to enforce a delay before + * including the new principal in a key policy because the new principal might not be + * immediately visible to KMS. For more information, see Changes that I make are not always immediately visible in the Amazon Web Services + * Identity and Access Management User Guide. *The key policy cannot exceed 32 kilobytes (32768 bytes). For more information, see Resource Quotas in the @@ -3793,8 +3829,8 @@ export interface PutKeyPolicyRequest { /** *
A flag to indicate whether to bypass the key policy lockout safety check.
*Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not - * set this value to true indiscriminately.
+ *Setting this value to true increases the risk that the KMS key becomes unmanageable. Do + * not set this value to true indiscriminately.
*For more information, refer to the scenario in the Default Key Policy section in the Key Management Service Developer Guide.
*Use this parameter only when you intend to prevent the principal that is making the @@ -3830,13 +3866,12 @@ export interface ReEncryptRequest { SourceEncryptionContext?: { [key: string]: string }; /** - *
Specifies the KMS key that - * KMS will use to decrypt the ciphertext before it is re-encrypted. Enter a key ID of the KMS key - * that was used to encrypt the ciphertext.
- *This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. - * If you used a symmetric KMS key, KMS can get the KMS key from metadata that it adds to the - * symmetric ciphertext blob. However, it is always recommended as a best practice. This practice - * ensures that you use the KMS key that you intend.
+ *Specifies the KMS key that KMS will use to decrypt the ciphertext before it is + * re-encrypted. Enter a key ID of the KMS key that was used to encrypt the ciphertext.
+ *This parameter is required only when the ciphertext was encrypted under an asymmetric KMS + * key. If you used a symmetric KMS key, KMS can get the KMS key from metadata that it adds to + * the symmetric ciphertext blob. However, it is always recommended as a best practice. This + * practice ensures that you use the KMS key that you intend.
* *To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with "alias/"
. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.
For example:
@@ -3863,10 +3898,10 @@ export interface ReEncryptRequest { SourceKeyId?: string; /** - *A unique identifier for the KMS key that is used to reencrypt the data. Specify a symmetric or
- * asymmetric KMS key with a KeyUsage
value of ENCRYPT_DECRYPT
. To find the
- * KeyUsage
value of a KMS key, use the DescribeKey
- * operation.
A unique identifier for the KMS key that is used to reencrypt the data. Specify a
+ * symmetric or asymmetric KMS key with a KeyUsage
value of
+ * ENCRYPT_DECRYPT
. To find the KeyUsage
value of a KMS key, use the
+ * DescribeKey operation.
To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with "alias/"
. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.
For example:
*Specifies that encryption context to use when the reencrypting the data.
- *A destination encryption context is valid only when the destination KMS key is a symmetric KMS key. The standard ciphertext format for asymmetric KMS keys does not include fields for + *
A destination encryption context is valid only when the destination KMS key is a symmetric + * KMS key. The standard ciphertext format for asymmetric KMS keys does not include fields for * metadata.
*An encryption context is a collection of non-secret key-value pairs that represents additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is optional when encrypting with a symmetric KMS key, but it is highly recommended.
*For more information, see @@ -3908,7 +3944,8 @@ export interface ReEncryptRequest { * used for symmetric KMS keys.
*Specify the same algorithm that was used to encrypt the ciphertext. If you specify a * different algorithm, the decrypt attempt fails.
- *This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key.
+ *This parameter is required only when the ciphertext was encrypted under an asymmetric KMS + * key.
*/ SourceEncryptionAlgorithm?: EncryptionAlgorithmSpec | string; @@ -3916,7 +3953,8 @@ export interface ReEncryptRequest { *Specifies the encryption algorithm that KMS will use to reecrypt the data after it has
* decrypted it. The default value, SYMMETRIC_DEFAULT
, represents the encryption
* algorithm used for symmetric KMS keys.
This parameter is required only when the destination KMS key is an asymmetric KMS key.
+ *This parameter is required only when the destination KMS key is an asymmetric KMS + * key.
*/ DestinationEncryptionAlgorithm?: EncryptionAlgorithmSpec | string; @@ -3976,8 +4014,9 @@ export namespace ReEncryptResponse { export interface ReplicateKeyRequest { /** - *Identifies the multi-Region primary key that is being replicated. To determine whether a KMS key is a multi-Region primary key, use the DescribeKey operation to check
- * the value of the MultiRegionKeyType
property.
Identifies the multi-Region primary key that is being replicated. To determine whether a
+ * KMS key is a multi-Region primary key, use the DescribeKey operation to
+ * check the value of the MultiRegionKeyType
property.
Specify the key ID or key ARN of a multi-Region primary key.
*For example:
@@ -4012,7 +4051,9 @@ export interface ReplicateKeyRequest { ReplicaRegion: string | undefined; /** - *The key policy to attach to the KMS key. This parameter is optional. If you do not provide a key policy, KMS attaches the default key policy to the KMS key.
+ *The key policy to attach to the KMS key. This parameter is optional. If you do not provide + * a key policy, KMS attaches the default key policy to the + * KMS key.
*The key policy is not a shared property of multi-Region keys. You can specify the same key * policy or a different key policy for each key in a set of related multi-Region keys. KMS * does not synchronize this property.
@@ -4020,18 +4061,19 @@ export interface ReplicateKeyRequest { *If you don't set BypassPolicyLockoutSafetyCheck
to true, the key policy
- * must give the caller kms:PutKeyPolicy
permission on the replica key. This reduces the
- * risk that the KMS key becomes unmanageable. For more information, refer to the scenario in the
- * Default Key Policy section of the
+ * must give the caller kms:PutKeyPolicy
permission on the replica key. This
+ * reduces the risk that the KMS key becomes unmanageable. For more information, refer to the
+ * scenario in the Default Key Policy section of the
* Key Management Service Developer Guide
* .
Each statement in the key policy must contain one or more principals. The principals - * in the key policy must exist and be visible to KMS. When you create a new Amazon Web Services principal - * (for example, an IAM user or role), you might need to enforce a delay before including the - * new principal in a key policy because the new principal might not be immediately visible - * to KMS. For more information, see Changes that I make are not always immediately visible in the + * in the key policy must exist and be visible to KMS. When you create a new Amazon Web Services + * principal (for example, an IAM user or role), you might need to enforce a delay before + * including the new principal in a key policy because the new principal might not be + * immediately visible to KMS. For more information, see Changes that I make are not always immediately visible in the + * * Identity and Access Management User Guide * .
*A flag to indicate whether to bypass the key policy lockout safety check.
*Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not - * set this value to true indiscriminately.
+ *Setting this value to true increases the risk that the KMS key becomes unmanageable. Do + * not set this value to true indiscriminately.
*For more information, refer to the scenario in the Default Key Policy section in the Key Management Service Developer Guide.
*Use this parameter only when you intend to prevent the principal that is making the @@ -4056,27 +4098,30 @@ export interface ReplicateKeyRequest { BypassPolicyLockoutSafetyCheck?: boolean; /** - *
A description of the KMS key. The default value is an empty string (no description).
+ *A description of the KMS key. The default value is an empty string (no + * description).
*The description is not a shared property of multi-Region keys. You can specify the same - * description or a different description for each key in a set of related multi-Region keys. KMS does not synchronize this property.
+ * description or a different description for each key in a set of related multi-Region keys. + * KMS does not synchronize this property. */ Description?: string; /** - *Assigns one or more tags to the replica key. Use this parameter to tag the KMS key when it is created. - * To tag an existing KMS key, use the TagResource operation.
- *Assigns one or more tags to the replica key. Use this parameter to tag the KMS key when it + * is created. To tag an existing KMS key, use the TagResource + * operation.
+ *Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see Using ABAC in KMS in the Key Management Service Developer Guide.
*To use this parameter, you must have kms:TagResource permission in an IAM policy.
+ *To use this parameter, you must have kms:TagResource permission in an IAM policy.
*Tags are not a shared property of multi-Region keys. You can specify the same tags or - * different tags for each key in a set of related multi-Region keys. KMS does not - * synchronize this property.
- *Each tag consists of a tag key and a tag value. Both the tag key and the tag value are - * required, but the tag value can be an empty (null) string. You cannot have more than one tag - * on a KMS key with the same tag key. If you specify an existing tag key with a different tag value, - * KMS replaces the current tag value with the specified one.
- *When you add tags to an Amazon Web Services resource, Amazon Web Services generates a cost allocation + * different tags for each key in a set of related multi-Region keys. KMS does not synchronize + * this property.
+ *Each tag consists of a tag key and a tag value. Both the tag key and the tag value are + * required, but the tag value can be an empty (null) string. You cannot have more than one tag + * on a KMS key with the same tag key. If you specify an existing tag key with a different tag + * value, KMS replaces the current tag value with the specified one.
+ *When you add tags to an Amazon Web Services resource, Amazon Web Services generates a cost allocation * report with usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For details, * see Tagging Keys.
*/ @@ -4094,9 +4139,9 @@ export namespace ReplicateKeyRequest { export interface ReplicateKeyResponse { /** - *Displays details about the new replica key, including its Amazon Resource Name (key - * ARN) and key state. It also includes the ARN and Amazon Web Services Region of its primary key and other - * replica keys.
+ *Displays details about the new replica key, including its Amazon Resource Name (key ARN) and + * key state. It also + * includes the ARN and Amazon Web Services Region of its primary key and other replica keys.
*/ ReplicaKeyMetadata?: KeyMetadata; @@ -4127,7 +4172,7 @@ export interface RetireGrantRequest { *Identifies the grant to be retired. You can use a grant token to identify a new grant even * before it has achieved eventual consistency.
*Only the CreateGrant operation returns a grant token. For details, see - * Grant token + * Grant token * and Eventual consistency in the Key Management Service Developer Guide.
*/ GrantToken?: string; @@ -4141,7 +4186,7 @@ export interface RetireGrantRequest { /** *Identifies the grant to retire. To get the grant ID, use CreateGrant, - * ListGrants, or ListRetirableGrants.
+ * ListGrants, or ListRetirableGrants. *Grant ID Example - @@ -4163,8 +4208,8 @@ export namespace RetireGrantRequest { export interface RevokeGrantRequest { /** - *
A unique identifier for the KMS key associated with the grant. To get - * the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
+ *A unique identifier for the KMS key associated with the grant. To get the key ID and key + * ARN for a KMS key, use ListKeys or DescribeKey.
* *Specify the key ID or key ARN of the KMS key. To specify a KMS key in a * different Amazon Web Services account, you must use the key ARN.
@@ -4185,7 +4230,7 @@ export interface RevokeGrantRequest { /** *Identifies the grant to revoke. To get the grant ID, use CreateGrant, - * ListGrants, or ListRetirableGrants.
+ * ListGrants, or ListRetirableGrants. */ GrantId: string | undefined; } @@ -4202,7 +4247,6 @@ export namespace RevokeGrantRequest { export interface ScheduleKeyDeletionRequest { /** *The unique identifier of the KMS key to delete.
- * *Specify the key ID or key ARN of the KMS key.
*For example:
*The waiting period, specified in number of days. After the waiting period ends, KMS * deletes the KMS key.
- *If the KMS key is a multi-Region primary key with replicas, the waiting period begins when the - * last of its replica keys is deleted. Otherwise, the waiting period begins immediately.
+ *If the KMS key is a multi-Region primary key with replicas, the waiting period begins when + * the last of its replica keys is deleted. Otherwise, the waiting period begins + * immediately.
*This value is optional. If you include a value, it must be between 7 and 30, inclusive. If * you do not include a value, it defaults to 30.
*/ @@ -4247,23 +4292,24 @@ export interface ScheduleKeyDeletionResponse { /** *The date and time after which KMS deletes the KMS key.
- *If the KMS key is a multi-Region primary key with replica keys, this field does not appear. - * The deletion date for the primary key isn't known until its last replica key is + *
If the KMS key is a multi-Region primary key with replica keys, this field does not + * appear. The deletion date for the primary key isn't known until its last replica key is * deleted.
*/ DeletionDate?: Date; /** *The current status of the KMS key.
- *For more information about how key state affects the use of a KMS key, see Key state: Effect on your KMS key - * in the Key Management Service Developer Guide.
+ *For more information about how key state affects the use of a KMS key, see Key state: Effect on your KMS + * key in the Key Management Service Developer Guide.
*/ KeyState?: KeyState | string; /** *The waiting period before the KMS key is deleted.
- *If the KMS key is a multi-Region primary key with replicas, the waiting period begins when the - * last of its replica keys is deleted. Otherwise, the waiting period begins immediately.
+ *If the KMS key is a multi-Region primary key with replicas, the waiting period begins when + * the last of its replica keys is deleted. Otherwise, the waiting period begins + * immediately.
*/ PendingWindowInDays?: number; } @@ -4279,10 +4325,9 @@ export namespace ScheduleKeyDeletionResponse { export interface SignRequest { /** - *Identifies an asymmetric KMS key. KMS uses the private key in the asymmetric KMS key to sign the
- * message. The KeyUsage
type of the KMS key must be SIGN_VERIFY
. To find
- * the KeyUsage
of a KMS key, use the DescribeKey operation.
Identifies an asymmetric KMS key. KMS uses the private key in the asymmetric KMS key to
+ * sign the message. The KeyUsage
type of the KMS key must be
+ * SIGN_VERIFY
. To find the KeyUsage
of a KMS key, use the DescribeKey operation.
To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with "alias/"
. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.
For example:
*Specifies the signing algorithm to use when signing the message.
- *Choose an algorithm that is compatible with the type and size of the specified asymmetric KMS key.
+ *Choose an algorithm that is compatible with the type and size of the specified asymmetric + * KMS key.
*/ SigningAlgorithm: SigningAlgorithmSpec | string | undefined; } @@ -4471,11 +4517,11 @@ export interface UpdateAliasRequest { AliasName: string | undefined; /** - *Identifies the customer managed key to associate with the alias. You don't have permission - * to associate an alias with an Amazon Web Services managed key.
- *The KMS key must be in the same Amazon Web Services account and Region as the alias. Also, the new target KMS key - * must be the same type as the current target KMS key (both symmetric or both asymmetric) and they - * must have the same key usage.
+ *Identifies the customer managed key to associate with the alias. You don't have permission to + * associate an alias with an Amazon Web Services managed key.
+ *The KMS key must be in the same Amazon Web Services account and Region as the alias. Also, the new + * target KMS key must be the same type as the current target KMS key (both symmetric or both + * asymmetric) and they must have the same key usage.
*Specify the key ID or key ARN of the KMS key.
*For example:
*To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
- *To verify that the alias - * is mapped to the correct KMS key, use ListAliases.
+ *To + * verify that the alias is mapped to the correct KMS key, use ListAliases.
*/ TargetKeyId: string | undefined; } @@ -4561,6 +4607,7 @@ export namespace UpdateCustomKeyStoreResponse { export interface UpdateKeyDescriptionRequest { /** *Updates the description of the specified KMS key.
+ * *Specify the key ID or key ARN of the KMS key.
*For example:
*Identifies the current primary key. When the operation completes, this KMS key will be a * replica key.
- * *Specify the key ID or key ARN of a multi-Region primary key.
*For example:
*The Amazon Web Services Region of the new primary key. Enter the Region ID, such as us-east-1
- * or ap-southeast-2
. There must be an existing replica key in this Region.
The Amazon Web Services Region of the new primary key. Enter the Region ID, such as
+ * us-east-1
or ap-southeast-2
. There must be an existing replica key
+ * in this Region.
When the operation completes, the multi-Region key in this Region will be the primary * key.
*/ @@ -4633,9 +4680,9 @@ export namespace UpdatePrimaryRegionRequest { export interface VerifyRequest { /** - *Identifies the asymmetric KMS key that will be used to verify the signature. This must be the - * same KMS key that was used to generate the signature. If you specify a different KMS key, the - * signature verification fails.
+ *Identifies the asymmetric KMS key that will be used to verify the signature. This must be + * the same KMS key that was used to generate the signature. If you specify a different KMS key, + * the signature verification fails.
*To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with "alias/"
. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.
For example:
*Uploads position update data for one or more devices to a tracker resource. Amazon Location - * uses the data when reporting the last known device position and position history.
+ * uses the data when it reports the last known device position and position history. Amazon Location retains location data for 30 + * days. *Only one position update is stored per sample time. Location data is sampled at a - * fixed rate of one position per 30-second interval and retained for 30 days before - * it's deleted.
+ *Position updates are handled based on the PositionFiltering
property of the tracker.
+ * When PositionFiltering
is set to TimeBased
, updates are evaluated against linked geofence collections,
+ * and location data is stored at a maximum of one position per 30 second interval. If your update frequency is more often than
+ * every 30 seconds, only one update per 30 seconds is stored for each unique device ID.
+ * When PositionFiltering
is set to DistanceBased
filtering, location data is stored and evaluated against linked geofence
+ * collections only if the device has moved more than 30 m (98.4 ft).
Uploads position update data for one or more devices to a tracker resource. Amazon Location - * uses the data when reporting the last known device position and position history.
+ * uses the data when it reports the last known device position and position history. Amazon Location retains location data for 30 + * days. *Only one position update is stored per sample time. Location data is sampled at a - * fixed rate of one position per 30-second interval and retained for 30 days before - * it's deleted.
+ *Position updates are handled based on the PositionFiltering
property of the tracker.
+ * When PositionFiltering
is set to TimeBased
, updates are evaluated against linked geofence collections,
+ * and location data is stored at a maximum of one position per 30 second interval. If your update frequency is more often than
+ * every 30 seconds, only one update per 30 seconds is stored for each unique device ID.
+ * When PositionFiltering
is set to DistanceBased
filtering, location data is stored and evaluated against linked geofence
+ * collections only if the device has moved more than 30 m (98.4 ft).
If you specify a departure that's not located on a road, Amazon Location moves the - * position to the nearest road.
+ * position to the nearest road. If Esri is the provider for your route calculator, + * specifying a route that is longer than 400 km returns a400 RoutesValidationException
error.
* Valid Values: [-180 to 180,-90 to 90]
*
If you specify a waypoint position that's not located on a road, Amazon Location moves the position to the nearest road.
*Specifying more than 23 waypoints returns a 400 ValidationException
* error.
If Esri is the provider for your route calculator, specifying a
+ * route that is longer than 400 km returns a 400 RoutesValidationException
error.
Valid Values: [-180 to 180,-90 to 90]
*
The fourth bbox
position is the Y coordinate, or longitude of the
+ *
The fourth bbox
position is the Y coordinate, or latitude of the
* upper northeast corner.
The total distance covered by the route. The sum of the distance travelled between * every stop on the route.
*The route distance
can't be greater than 250 km. If the route exceeds
- * 250 km, the response returns a 400 RoutesValidationException
- * error.
If Esri is the data source for the route calculator, the route distance can’t
+ * be greater than 400 km. If the route exceeds 400 km, the response is a
+ * 400 RoutesValidationException
error.
Specifies the map style selected from an available data provider. For additional - * information on each map style and to preview each map style, see Esri map - * styles and HERE map - * styles.
- *Valid Esri styles:
+ *Specifies the map style selected from an available data provider.
+ *Valid Esri map styles:
*@@ -1655,7 +1655,7 @@ export interface MapConfiguration { *
Valid HERE - * Technologies styles:
+ * Technologies map styles: *@@ -1707,8 +1707,7 @@ export interface CreateMapRequest { /** *
Specifies the pricing plan for your map resource.
- *For additional details and restrictions on each pricing plan option, see the Amazon Location Service pricing - * page.
+ *For additional details and restrictions on each pricing plan option, see Amazon Location Service pricing.
*/ PricingPlan: PricingPlan | string | undefined; @@ -1874,7 +1873,7 @@ export interface CreatePlaceIndexRequest { *
- * Here
– For additional information about HERE Technologies's
+ * Here
– For additional information about HERE Technologies'
* coverage in your region of interest, see HERE details on goecoding coverage.
Place index resources using HERE Technologies as a data provider can't store results for locations in Japan. For more information, see the @@ -1890,8 +1889,7 @@ export interface CreatePlaceIndexRequest { /** *
Specifies the pricing plan for your place index resource.
- *For additional details and restrictions on each pricing plan option, see the Amazon Location Service pricing - * page.
+ *For additional details and restrictions on each pricing plan option, see Amazon Location Service pricing.
*/ PricingPlan: PricingPlan | string | undefined; @@ -2000,7 +1998,8 @@ export interface CreateRouteCalculatorRequest { *Specifies the data provider of traffic and road network data.
*This field is case-sensitive. Enter the valid values as shown. For example,
- * entering HERE
returns an error.
HERE
returns an error. Route calculators that use Esri as a data source
+ * only calculate routes that are shorter than 400 km.
* Valid values include:
*
* Here
– For additional information about HERE
- * Technologies's coverage in your region of interest, see HERE car routing coverage and HERE truck routing coverage.
For additional information , see Data
@@ -2119,6 +2118,8 @@ export namespace CreateRouteCalculatorResponse {
});
}
+export type PositionFiltering = "DistanceBased" | "TimeBased";
+
export interface CreateTrackerRequest {
/**
* The name for the tracker resource. Specifies the pricing plan for the tracker resource. For additional details and restrictions on each pricing plan option, see the Amazon Location Service pricing
- * page. For additional details and restrictions on each pricing plan option, see Amazon Location Service pricing. Amazon Location Service only uses Valid Values: Valid values: PricingPlanDataSource
to calculate billing for your tracker resource. Your data will not be shared with the data provider, and will remain in your AWS account or Region unless you move it.Esri
| Here
+ * Esri
| Here
*
Specifies the position filtering for the tracker resource.
+ *Valid values:
+ *
+ * TimeBased
- Location updates are evaluated against linked geofence collections,
+ * but not every location update is stored. If your update frequency is more often than 30 seconds,
+ * only one update per 30 seconds is stored for each unique device ID.
+ *
+ * DistanceBased
- If the device has moved less than 30 m (98.4 ft), location updates are
+ * ignored. Location updates within this distance are neither evaluated against linked geofence collections, nor stored.
+ * This helps control costs by reducing the number of geofence evaluations and device positions to retrieve.
+ * Distance-based filtering can also reduce the jitter effect when displaying device trajectory on a map.
+ *
This field is optional. If not specified, the default value is TimeBased
.
The pricing plan selected for the specified map resource.
* - *For additional details and restrictions on each pricing plan option, see the Amazon Location Service pricing - * page.
+ *For additional details and restrictions on each pricing plan option, see Amazon Location Service pricing.
*/ PricingPlan: PricingPlan | string | undefined; @@ -2588,8 +2611,7 @@ export interface DescribePlaceIndexResponse { /** *The pricing plan selected for the specified place index resource.
- *For additional details and restrictions on each pricing plan option, see the Amazon Location Service pricing - * page.
+ *For additional details and restrictions on each pricing plan option, see Amazon Location Service pricing.
*/ PricingPlan: PricingPlan | string | undefined; @@ -2624,8 +2646,7 @@ export interface DescribePlaceIndexResponse { * * *For additional details on data providers, see the Amazon Location Service data providers - * page.
+ *For additional details on data providers, see Amazon Location Service data providers.
*/ DataSource: string | undefined; @@ -2795,8 +2816,7 @@ export interface DescribeTrackerResponse { /** *The pricing plan selected for the specified tracker resource.
- *For additional details and restrictions on each pricing plan option, see the Amazon Location Service pricing - * page.
+ *For additional details and restrictions on each pricing plan option, see Amazon Location Service pricing.
*/ PricingPlan: PricingPlan | string | undefined; @@ -2826,6 +2846,11 @@ export interface DescribeTrackerResponse { *A key identifier for an AWS KMS customer managed key assigned to the Amazon Location resource.
*/ KmsKeyId?: string; + + /** + *The position filtering method of the tracker resource.
+ */ + PositionFiltering?: PositionFiltering | string; } export namespace DescribeTrackerResponse { @@ -3592,7 +3617,7 @@ export interface GetMapGlyphsRequest { /** *A comma-separated list of fonts to load glyphs from in order of preference. For
* example, Noto Sans Regular, Arial Unicode
.
Valid fonts for Esri styles:
+ *Valid fonts stacks for Esri styles:
*VectorEsriDarkGrayCanvas – Ubuntu Medium Italic
| Ubuntu
@@ -3622,11 +3647,10 @@ export interface GetMapGlyphsRequest {
*
Valid fonts for HERE Technologies styles:
+ *Valid font stacks for HERE Technologies styles:
*
- * VectorHereBerlin – VectorHereBerlin
– Fira GO Regular
| Fira GO
+ *
Fira GO Regular
| Fira GO
* Bold
*
The pricing plan for the specified map resource.
- *For additional details and restrictions on each pricing plan option, see the Amazon Location Service pricing - * page.
+ *For additional details and restrictions on each pricing plan option, see Amazon Location Service pricing.
*/ PricingPlan: PricingPlan | string | undefined; @@ -4067,14 +4090,13 @@ export interface ListPlaceIndexesResponseEntry { * * *For additional details on data providers, see the Amazon Location Service data providers page.
+ *For additional details on data providers, see Amazon Location Service data providers.
*/ DataSource: string | undefined; /** *The pricing plan for the specified place index resource.
- *For additional details and restrictions on each pricing plan option, see the Amazon Location Service pricing - * page.
+ *For additional details and restrictions on each pricing plan option, see Amazon Location Service pricing.
*/ PricingPlan: PricingPlan | string | undefined; @@ -4338,8 +4360,7 @@ export interface ListTrackersResponseEntry { /** *The pricing plan for the specified tracker resource.
- *For additional details and restrictions on each pricing plan option, see the Amazon Location Service pricing - * page.
+ *For additional details and restrictions on each pricing plan option, see Amazon Location Service pricing.
*/ PricingPlan: PricingPlan | string | undefined; @@ -4643,7 +4664,7 @@ export interface SearchPlaceIndexForPositionSummary { *HERE
* *For additional details on data providers, see the Amazon Location Service data providers page.
+ *For additional details on data providers, see Amazon Location Service data providers.
*/ DataSource: string | undefined; } @@ -4843,7 +4864,7 @@ export interface SearchPlaceIndexForTextSummary { *HERE
* *For additional details on data providers, see the Amazon Location Service data providers page.
+ *For additional details on data providers, see Amazon Location Service data providers.
*/ DataSource: string | undefined; } @@ -5050,6 +5071,29 @@ export interface UpdateTrackerRequest { *Updates the description for the tracker resource.
*/ Description?: string; + + /** + *Updates the position filtering for the tracker resource.
+ *Valid values:
+ *
+ * TimeBased
- Location updates are evaluated against linked geofence collections,
+ * but not every location update is stored. If your update frequency is more often than 30 seconds,
+ * only one update per 30 seconds is stored for each unique device ID.
+ *
+ * DistanceBased
- If the device has moved less than 30 m (98.4 ft), location updates are
+ * ignored. Location updates within this distance are neither evaluated against linked geofence collections, nor stored.
+ * This helps control costs by reducing the number of geofence evaluations and device positions to retrieve.
+ * Distance-based filtering can also reduce the jitter effect when displaying device trajectory on a map.
+ *
For more information, see * Connect - * SageMaker Studio Notebooks to Resources in a VPC.
+ * SageMaker Studio Notebooks to Resources in a VPC. */ public createDomain( args: CreateDomainCommandInput, @@ -1811,7 +1811,7 @@ export class SageMaker extends SageMakerClient { * the role. *Option 1: For a full Amazon SageMaker access, search and attach the + *
Option 1: For a full SageMaker access, search and attach the
* AmazonSageMakerFullAccess
policy.
* ]
*
For more information, see Amazon SageMaker API
+ * For more information, see SageMaker API
* Permissions: Actions, Permissions, and Resources
* Reference.
You can restrict access to this API and to the * URL that it returns to a list of IP addresses, Amazon VPCs or Amazon VPC Endpoints that you specify. For more - * information, see Connect to SageMaker Studio Through an Interface VPC Endpoint + * information, see Connect to SageMaker Studio Through an Interface VPC Endpoint * .
*The URL that you get from a call to CreatePresignedDomainUrl
has a default timeout of 5 minutes. You can configure this value using ExpiresInSeconds
. If you try to use the URL after the timeout limit expires, you
diff --git a/clients/client-sagemaker/src/commands/CreateDomainCommand.ts b/clients/client-sagemaker/src/commands/CreateDomainCommand.ts
index aafa97c00d43..4e5404d893c4 100644
--- a/clients/client-sagemaker/src/commands/CreateDomainCommand.ts
+++ b/clients/client-sagemaker/src/commands/CreateDomainCommand.ts
@@ -68,7 +68,7 @@ export interface CreateDomainCommandOutput extends CreateDomainResponse, __Metad
*
*
For more information, see * Connect - * SageMaker Studio Notebooks to Resources in a VPC.
+ * SageMaker Studio Notebooks to Resources in a VPC. * @example * Use a bare-bones client and the command you need to make an API call. * ```javascript diff --git a/clients/client-sagemaker/src/commands/CreateEndpointCommand.ts b/clients/client-sagemaker/src/commands/CreateEndpointCommand.ts index 451dc563a0a3..d4ca3cfff195 100644 --- a/clients/client-sagemaker/src/commands/CreateEndpointCommand.ts +++ b/clients/client-sagemaker/src/commands/CreateEndpointCommand.ts @@ -70,7 +70,7 @@ export interface CreateEndpointCommandOutput extends CreateEndpointOutput, __Met * the role. *Option 1: For a full Amazon SageMaker access, search and attach the + *
Option 1: For a full SageMaker access, search and attach the
* AmazonSageMakerFullAccess
policy.
* ]
*
For more information, see Amazon SageMaker API
+ * For more information, see SageMaker API
* Permissions: Actions, Permissions, and Resources
* Reference.
You can restrict access to this API and to the * URL that it returns to a list of IP addresses, Amazon VPCs or Amazon VPC Endpoints that you specify. For more - * information, see Connect to SageMaker Studio Through an Interface VPC Endpoint + * information, see Connect to SageMaker Studio Through an Interface VPC Endpoint * .
*The URL that you get from a call to CreatePresignedDomainUrl
has a default timeout of 5 minutes. You can configure this value using ExpiresInSeconds
. If you try to use the URL after the timeout limit expires, you
diff --git a/clients/client-sagemaker/src/models/models_0.ts b/clients/client-sagemaker/src/models/models_0.ts
index 81713b705ae1..5e3bec919fc1 100644
--- a/clients/client-sagemaker/src/models/models_0.ts
+++ b/clients/client-sagemaker/src/models/models_0.ts
@@ -203,10 +203,10 @@ export namespace ResourceNotFound {
/**
*
A tag object that consists of a key and an optional value, used to manage metadata - * for Amazon SageMaker Amazon Web Services resources.
+ * for SageMaker Amazon Web Services resources. *You can add tags to notebook instances, training jobs, hyperparameter tuning jobs, * batch transform jobs, models, labeling jobs, work teams, endpoint configurations, and - * endpoints. For more information on adding tags to Amazon SageMaker resources, see AddTags.
+ * endpoints. For more information on adding tags to SageMaker resources, see AddTags. *For more information on adding metadata to your Amazon Web Services resources with tagging, see * Tagging Amazon Web Services * resources. For advice on best practices for managing Amazon Web Services resources with @@ -358,6 +358,7 @@ export namespace MetricDefinition { } export enum TrainingInputMode { + FASTFILE = "FastFile", FILE = "File", PIPE = "Pipe", } @@ -389,21 +390,43 @@ export interface AlgorithmSpecification { AlgorithmName?: string; /** - *
The input mode that the algorithm supports. For the input modes that Amazon SageMaker
- * algorithms support, see Algorithms. If an algorithm supports the File
input mode, Amazon SageMaker
- * downloads the training data from S3 to the provisioned ML storage Volume, and mounts the
- * directory to docker volume for training container. If an algorithm supports the
- * Pipe
input mode, Amazon SageMaker streams data directly from S3 to the container.
In File mode, make sure you provision ML storage volume with sufficient capacity - * to accommodate the data download from S3. In addition to the training data, the ML - * storage volume also stores the output model. The algorithm container use ML storage - * volume to also store intermediate information, if any.
- *For distributed algorithms using File mode, training data is distributed - * uniformly, and your training duration is predictable if the input data objects size is - * approximately same. Amazon SageMaker does not split the files any further for model training. If the - * object sizes are skewed, training won't be optimal as the data distribution is also - * skewed where one host in a training cluster is overloaded, thus becoming bottleneck in - * training.
+ *The training input mode that the algorithm supports. For more information about input modes, see + * Algorithms.
+ * + *+ * Pipe mode + *
+ *If an algorithm supports Pipe
mode, Amazon SageMaker streams data directly
+ * from Amazon S3 to the container.
+ * File mode + *
+ *If an algorithm supports File
mode, SageMaker
+ * downloads the training data from S3 to the provisioned ML storage volume, and mounts the
+ * directory to the Docker volume for the training container.
You must provision the ML storage volume with sufficient capacity + * to accommodate the data downloaded from S3. In addition to the training data, the ML + * storage volume also stores the output model. The algorithm container uses the ML storage + * volume to also store intermediate information, if any.
+ *For distributed algorithms, training data is distributed uniformly. + * Your training duration is predictable if the input data objects sizes are + * approximately the same. SageMaker does not split the files any further for model training. + * If the object sizes are skewed, training won't be optimal as the data distribution is also + * skewed when one host in a training cluster is overloaded, thus becoming a bottleneck in + * training.
+ * + *+ * FastFile mode + *
+ *If an algorithm supports FastFile
mode, SageMaker streams data directly
+ * from S3 to the container with no code changes, and provides file system access to
+ * the data. Users can author their training script to interact with these files as if
+ * they were stored on disk.
+ * FastFile
mode works best when the data is read sequentially.
+ * Augmented manifest files aren't supported.
+ * The startup time is lower when there are fewer files in the S3 bucket provided.
Specifies a limit to how long a model training job, model compilation job, or - * hyperparameter tuning job can run. It also specifies how long a managed Spot training + *
Specifies a limit to how long a model training job or model compilation job + * can run. It also specifies how long a managed spot training * job has to complete. When the job reaches the time limit, Amazon SageMaker ends the training or * compilation job. Use this API to cap model training costs.
*To stop a training job, Amazon SageMaker sends the algorithm the SIGTERM
signal, which delays
@@ -1127,12 +1150,43 @@ export namespace StoppingCondition {
*/
export interface TrainingJobDefinition {
/**
- *
The input mode used by the algorithm for the training job. For the input modes that - * Amazon SageMaker algorithms support, see Algorithms.
- *If an algorithm supports the File
input mode, Amazon SageMaker downloads the training
- * data from S3 to the provisioned ML storage Volume, and mounts the directory to docker
- * volume for training container. If an algorithm supports the Pipe
input
- * mode, Amazon SageMaker streams data directly from S3 to the container.
The training input mode that the algorithm supports. For more information about input modes, see + * Algorithms.
+ * + *+ * Pipe mode + *
+ *If an algorithm supports Pipe
mode, Amazon SageMaker streams data directly
+ * from Amazon S3 to the container.
+ * File mode + *
+ *If an algorithm supports File
mode, SageMaker
+ * downloads the training data from S3 to the provisioned ML storage volume, and mounts the
+ * directory to the Docker volume for the training container.
You must provision the ML storage volume with sufficient capacity + * to accommodate the data downloaded from S3. In addition to the training data, the ML + * storage volume also stores the output model. The algorithm container uses the ML storage + * volume to also store intermediate information, if any.
+ *For distributed algorithms, training data is distributed uniformly. + * Your training duration is predictable if the input data objects sizes are + * approximately the same. SageMaker does not split the files any further for model training. + * If the object sizes are skewed, training won't be optimal as the data distribution is also + * skewed when one host in a training cluster is overloaded, thus becoming a bottleneck in + * training.
+ * + *+ * FastFile mode + *
+ *If an algorithm supports FastFile
mode, SageMaker streams data directly
+ * from S3 to the container with no code changes, and provides file system access to
+ * the data. Users can author their training script to interact with these files as if
+ * they were stored on disk.
+ * FastFile
mode works best when the data is read sequentially.
+ * Augmented manifest files aren't supported.
+ * The startup time is lower when there are fewer files in the S3 bucket provided.
The maximum time, in seconds, a training job is allowed to run as part of an AutoML - * job.
+ *The maximum time, in seconds, that each training job is allowed to run as part of a + * hyperparameter tuning job. For more information, see the used by the action.
*/ MaxRuntimePerTrainingJobInSeconds?: number; /** *The maximum runtime, in seconds, an AutoML job has to complete.
+ *If an AutoML job exceeds the maximum runtime, the job is stopped automatically and its + * processing is ended gracefully. The AutoML job identifies the best model whose training was + * completed and marks it as the best-performing model. Any unfinished steps of the job, such + * as automatic one-click Autopilot model deployment, will not be completed.
*/ MaxAutoMLJobRuntimeInSeconds?: number; } @@ -7834,7 +7892,7 @@ export interface EndpointInput { /** *Whether the Pipe
or File
is used as the input mode for
- * transfering data for the monitoring job. Pipe
mode is recommended for large
+ * transferring data for the monitoring job. Pipe
mode is recommended for large
* datasets. File
mode is useful for small files that fit in memory. Defaults to
* File
.
OfflineStore
.
*
* A configuration for an Amazon Web Services Glue or Amazon Web Services Hive data cataolgue.
+ *A configuration for an Amazon Web Services Glue or Amazon Web Services Hive data catalog.
*An KMS encryption key to encrypt the Amazon S3 location used for
- * OfflineStore
.
OfflineStore
. If KMS encryption key is not specified, by default we encrypt all data at rest using
+ * Amazon Web Services KMS key. By defining your bucket-level key for SSE,
+ * you can reduce Amazon Web Services KMS requests costs by up to 99 percent.
* To learn more about this parameter, see OfflineStoreConfig.
@@ -10689,22 +10749,43 @@ export interface HyperParameterAlgorithmSpecification { TrainingImage?: string; /** - *The input mode that the algorithm supports: - * File - * or Pipe. In File input mode, Amazon SageMaker downloads the training data from - * Amazon S3 to the - * storage - * volume that is attached to the training instance and mounts the directory to the Docker - * volume for the training container. In Pipe input mode, Amazon SageMaker streams - * data directly from Amazon S3 to the container.
- *If you specify File mode, make sure that - * you - * provision the storage volume that is attached to the training instance with enough - * capacity to accommodate the training data downloaded from Amazon S3, the model artifacts, and - * intermediate - * information.
- * - *For more information about input modes, see Algorithms.
+ *The training input mode that the algorithm supports. For more information about input modes, see + * Algorithms.
+ * + *+ * Pipe mode + *
+ *If an algorithm supports Pipe
mode, Amazon SageMaker streams data directly
+ * from Amazon S3 to the container.
+ * File mode + *
+ *If an algorithm supports File
mode, SageMaker
+ * downloads the training data from S3 to the provisioned ML storage volume, and mounts the
+ * directory to the Docker volume for the training container.
You must provision the ML storage volume with sufficient capacity + * to accommodate the data downloaded from S3. In addition to the training data, the ML + * storage volume also stores the output model. The algorithm container uses the ML storage + * volume to also store intermediate information, if any.
+ *For distributed algorithms, training data is distributed uniformly. + * Your training duration is predictable if the input data objects sizes are + * approximately the same. SageMaker does not split the files any further for model training. + * If the object sizes are skewed, training won't be optimal as the data distribution is also + * skewed when one host in a training cluster is overloaded, thus becoming a bottleneck in + * training.
+ * + *+ * FastFile mode + *
+ *If an algorithm supports FastFile
mode, SageMaker streams data directly
+ * from S3 to the container with no code changes, and provides file system access to
+ * the data. Users can author their training script to interact with these files as if
+ * they were stored on disk.
+ * FastFile
mode works best when the data is read sequentially.
+ * Augmented manifest files aren't supported.
+ * The startup time is lower when there are fewer files in the S3 bucket provided.
JoinSource
to Input
. You can specify
* OutputFilter
as an additional filter to select a portion of the joined
* dataset and store it in the output file.
- * For JSON or JSONLines objects, such as a JSON array, Amazon SageMaker adds the transformed data to + *
For JSON or JSONLines objects, such as a JSON array, SageMaker adds the transformed data to
* the input JSON object in an attribute called SageMakerOutput
. The joined
* result for JSON must be a key-value pair object. If the input is not a key-value pair
- * object, Amazon SageMaker creates a new JSON file. In the new JSON file, and the input data is stored
+ * object, SageMaker creates a new JSON file. In the new JSON file, and the input data is stored
* under the SageMakerInput
key and the results are stored in
* SageMakerOutput
.
For CSV data, Amazon SageMaker takes each row as a JSON array and joins the transformed data with + *
For CSV data, SageMaker takes each row as a JSON array and joins the transformed data with * the input by appending each transformed row to the end of the input. The joined data has * the original input data followed by the transformed data and the output is a CSV * file.
@@ -5154,7 +5154,7 @@ export interface DescribeAppResponse { LastHealthCheckTimestamp?: Date; /** - *The timestamp of the last user's activity.
+ *The timestamp of the last user's activity. LastUserActivityTimestamp
is also updated when SageMaker performs health checks without user activity. As a result, this value is set to the same value as LastHealthCheckTimestamp
.
Multiply BillableTimeInSeconds
by the number of instances
* (InstanceCount
) in your training cluster to get the total compute time
- * Amazon SageMaker will bill you if you run distributed training. The formula is as follows:
+ * SageMaker will bill you if you run distributed training. The formula is as follows:
* BillableTimeInSeconds * InstanceCount
.
You can calculate the savings from using managed spot training using the formula
* (1 - BillableTimeInSeconds / TrainingTimeInSeconds) * 100
. For example,
diff --git a/clients/client-sso-oidc/src/endpoints.ts b/clients/client-sso-oidc/src/endpoints.ts
index 5771eabea5ec..7b5d339f91a0 100644
--- a/clients/client-sso-oidc/src/endpoints.ts
+++ b/clients/client-sso-oidc/src/endpoints.ts
@@ -46,6 +46,10 @@ const regionHash: RegionHash = {
hostname: "oidc.eu-west-3.amazonaws.com",
signingRegion: "eu-west-3",
},
+ "sa-east-1": {
+ hostname: "oidc.sa-east-1.amazonaws.com",
+ signingRegion: "sa-east-1",
+ },
"us-east-1": {
hostname: "oidc.us-east-1.amazonaws.com",
signingRegion: "us-east-1",
diff --git a/clients/client-workmail/src/WorkMail.ts b/clients/client-workmail/src/WorkMail.ts
index 4171256bb2e9..899bc24584c2 100644
--- a/clients/client-workmail/src/WorkMail.ts
+++ b/clients/client-workmail/src/WorkMail.ts
@@ -81,6 +81,11 @@ import {
DescribeGroupCommandInput,
DescribeGroupCommandOutput,
} from "./commands/DescribeGroupCommand";
+import {
+ DescribeInboundDmarcSettingsCommand,
+ DescribeInboundDmarcSettingsCommandInput,
+ DescribeInboundDmarcSettingsCommandOutput,
+} from "./commands/DescribeInboundDmarcSettingsCommand";
import {
DescribeMailboxExportJobCommand,
DescribeMailboxExportJobCommandInput,
@@ -194,6 +199,11 @@ import {
PutAccessControlRuleCommandInput,
PutAccessControlRuleCommandOutput,
} from "./commands/PutAccessControlRuleCommand";
+import {
+ PutInboundDmarcSettingsCommand,
+ PutInboundDmarcSettingsCommandInput,
+ PutInboundDmarcSettingsCommandOutput,
+} from "./commands/PutInboundDmarcSettingsCommand";
import {
PutMailboxPermissionsCommand,
PutMailboxPermissionsCommandInput,
@@ -943,6 +953,38 @@ export class WorkMail extends WorkMailClient {
}
}
+ /**
+ *
Lists the settings in a DMARC policy for a specified organization.
+ */ + public describeInboundDmarcSettings( + args: DescribeInboundDmarcSettingsCommandInput, + options?: __HttpHandlerOptions + ): PromiseDescribes the current status of a mailbox export job.
*/ @@ -1733,6 +1775,38 @@ export class WorkMail extends WorkMailClient { } } + /** + *Enables or disables a DMARC policy for a given organization.
+ */ + public putInboundDmarcSettings( + args: PutInboundDmarcSettingsCommandInput, + options?: __HttpHandlerOptions + ): PromiseSets permissions for a user, group, or resource. This replaces any pre-existing * permissions.
diff --git a/clients/client-workmail/src/WorkMailClient.ts b/clients/client-workmail/src/WorkMailClient.ts index b25f105f1764..2c1017cbb369 100644 --- a/clients/client-workmail/src/WorkMailClient.ts +++ b/clients/client-workmail/src/WorkMailClient.ts @@ -100,6 +100,10 @@ import { DeregisterFromWorkMailCommandOutput, } from "./commands/DeregisterFromWorkMailCommand"; import { DescribeGroupCommandInput, DescribeGroupCommandOutput } from "./commands/DescribeGroupCommand"; +import { + DescribeInboundDmarcSettingsCommandInput, + DescribeInboundDmarcSettingsCommandOutput, +} from "./commands/DescribeInboundDmarcSettingsCommand"; import { DescribeMailboxExportJobCommandInput, DescribeMailboxExportJobCommandOutput, @@ -173,6 +177,10 @@ import { PutAccessControlRuleCommandInput, PutAccessControlRuleCommandOutput, } from "./commands/PutAccessControlRuleCommand"; +import { + PutInboundDmarcSettingsCommandInput, + PutInboundDmarcSettingsCommandOutput, +} from "./commands/PutInboundDmarcSettingsCommand"; import { PutMailboxPermissionsCommandInput, PutMailboxPermissionsCommandOutput, @@ -224,6 +232,7 @@ export type ServiceInputTypes = | DeleteUserCommandInput | DeregisterFromWorkMailCommandInput | DescribeGroupCommandInput + | DescribeInboundDmarcSettingsCommandInput | DescribeMailboxExportJobCommandInput | DescribeOrganizationCommandInput | DescribeResourceCommandInput @@ -249,6 +258,7 @@ export type ServiceInputTypes = | ListTagsForResourceCommandInput | ListUsersCommandInput | PutAccessControlRuleCommandInput + | PutInboundDmarcSettingsCommandInput | PutMailboxPermissionsCommandInput | PutMobileDeviceAccessOverrideCommandInput | PutRetentionPolicyCommandInput @@ -284,6 +294,7 @@ export type ServiceOutputTypes = | DeleteUserCommandOutput | DeregisterFromWorkMailCommandOutput | DescribeGroupCommandOutput + | DescribeInboundDmarcSettingsCommandOutput | DescribeMailboxExportJobCommandOutput | DescribeOrganizationCommandOutput | DescribeResourceCommandOutput @@ -309,6 +320,7 @@ export type ServiceOutputTypes = | ListTagsForResourceCommandOutput | ListUsersCommandOutput | PutAccessControlRuleCommandOutput + | PutInboundDmarcSettingsCommandOutput | PutMailboxPermissionsCommandOutput | PutMobileDeviceAccessOverrideCommandOutput | PutRetentionPolicyCommandOutput diff --git a/clients/client-workmail/src/commands/DescribeInboundDmarcSettingsCommand.ts b/clients/client-workmail/src/commands/DescribeInboundDmarcSettingsCommand.ts new file mode 100644 index 000000000000..7fd3fc8734c9 --- /dev/null +++ b/clients/client-workmail/src/commands/DescribeInboundDmarcSettingsCommand.ts @@ -0,0 +1,100 @@ +import { getSerdePlugin } from "@aws-sdk/middleware-serde"; +import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@aws-sdk/protocol-http"; +import { Command as $Command } from "@aws-sdk/smithy-client"; +import { + FinalizeHandlerArguments, + Handler, + HandlerExecutionContext, + HttpHandlerOptions as __HttpHandlerOptions, + MetadataBearer as __MetadataBearer, + MiddlewareStack, + SerdeContext as __SerdeContext, +} from "@aws-sdk/types"; + +import { DescribeInboundDmarcSettingsRequest, DescribeInboundDmarcSettingsResponse } from "../models/models_0"; +import { + deserializeAws_json1_1DescribeInboundDmarcSettingsCommand, + serializeAws_json1_1DescribeInboundDmarcSettingsCommand, +} from "../protocols/Aws_json1_1"; +import { ServiceInputTypes, ServiceOutputTypes, WorkMailClientResolvedConfig } from "../WorkMailClient"; + +export interface DescribeInboundDmarcSettingsCommandInput extends DescribeInboundDmarcSettingsRequest {} +export interface DescribeInboundDmarcSettingsCommandOutput + extends DescribeInboundDmarcSettingsResponse, + __MetadataBearer {} + +/** + *Lists the settings in a DMARC policy for a specified organization.
+ * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { WorkMailClient, DescribeInboundDmarcSettingsCommand } from "@aws-sdk/client-workmail"; // ES Modules import + * // const { WorkMailClient, DescribeInboundDmarcSettingsCommand } = require("@aws-sdk/client-workmail"); // CommonJS import + * const client = new WorkMailClient(config); + * const command = new DescribeInboundDmarcSettingsCommand(input); + * const response = await client.send(command); + * ``` + * + * @see {@link DescribeInboundDmarcSettingsCommandInput} for command's `input` shape. + * @see {@link DescribeInboundDmarcSettingsCommandOutput} for command's `response` shape. + * @see {@link WorkMailClientResolvedConfig | config} for command's `input` shape. + * + */ +export class DescribeInboundDmarcSettingsCommand extends $Command< + DescribeInboundDmarcSettingsCommandInput, + DescribeInboundDmarcSettingsCommandOutput, + WorkMailClientResolvedConfig +> { + // Start section: command_properties + // End section: command_properties + + constructor(readonly input: DescribeInboundDmarcSettingsCommandInput) { + // Start section: command_constructor + super(); + // End section: command_constructor + } + + /** + * @internal + */ + resolveMiddleware( + clientStack: MiddlewareStackEnables or disables a DMARC policy for a given organization.
+ * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { WorkMailClient, PutInboundDmarcSettingsCommand } from "@aws-sdk/client-workmail"; // ES Modules import + * // const { WorkMailClient, PutInboundDmarcSettingsCommand } = require("@aws-sdk/client-workmail"); // CommonJS import + * const client = new WorkMailClient(config); + * const command = new PutInboundDmarcSettingsCommand(input); + * const response = await client.send(command); + * ``` + * + * @see {@link PutInboundDmarcSettingsCommandInput} for command's `input` shape. + * @see {@link PutInboundDmarcSettingsCommandOutput} for command's `response` shape. + * @see {@link WorkMailClientResolvedConfig | config} for command's `input` shape. + * + */ +export class PutInboundDmarcSettingsCommand extends $Command< + PutInboundDmarcSettingsCommandInput, + PutInboundDmarcSettingsCommandOutput, + WorkMailClientResolvedConfig +> { + // Start section: command_properties + // End section: command_properties + + constructor(readonly input: PutInboundDmarcSettingsCommandInput) { + // Start section: command_constructor + super(); + // End section: command_constructor + } + + /** + * @internal + */ + resolveMiddleware( + clientStack: MiddlewareStackLists the ID of the given organization.
+ */ + OrganizationId: string | undefined; +} + +export namespace DescribeInboundDmarcSettingsRequest { + /** + * @internal + */ + export const filterSensitiveLog = (obj: DescribeInboundDmarcSettingsRequest): any => ({ + ...obj, + }); +} + +export interface DescribeInboundDmarcSettingsResponse { + /** + *Lists the enforcement setting of the applied policy.
+ */ + Enforced?: boolean; +} + +export namespace DescribeInboundDmarcSettingsResponse { + /** + * @internal + */ + export const filterSensitiveLog = (obj: DescribeInboundDmarcSettingsResponse): any => ({ + ...obj, + }); +} + export interface DescribeMailboxExportJobRequest { /** *The mailbox export job ID.
@@ -3382,6 +3414,38 @@ export namespace PutAccessControlRuleResponse { }); } +export interface PutInboundDmarcSettingsRequest { + /** + *The ID of the organization that you are applying the DMARC policy to.
+ */ + OrganizationId: string | undefined; + + /** + *Enforces or suspends a policy after it's applied.
+ */ + Enforced: boolean | undefined; +} + +export namespace PutInboundDmarcSettingsRequest { + /** + * @internal + */ + export const filterSensitiveLog = (obj: PutInboundDmarcSettingsRequest): any => ({ + ...obj, + }); +} + +export interface PutInboundDmarcSettingsResponse {} + +export namespace PutInboundDmarcSettingsResponse { + /** + * @internal + */ + export const filterSensitiveLog = (obj: PutInboundDmarcSettingsResponse): any => ({ + ...obj, + }); +} + export interface PutMailboxPermissionsRequest { /** *The identifier of the organization under which the user, group, or resource
diff --git a/clients/client-workmail/src/protocols/Aws_json1_1.ts b/clients/client-workmail/src/protocols/Aws_json1_1.ts
index a5757bc387fa..0a5bdc79aeb7 100644
--- a/clients/client-workmail/src/protocols/Aws_json1_1.ts
+++ b/clients/client-workmail/src/protocols/Aws_json1_1.ts
@@ -69,6 +69,10 @@ import {
DeregisterFromWorkMailCommandOutput,
} from "../commands/DeregisterFromWorkMailCommand";
import { DescribeGroupCommandInput, DescribeGroupCommandOutput } from "../commands/DescribeGroupCommand";
+import {
+ DescribeInboundDmarcSettingsCommandInput,
+ DescribeInboundDmarcSettingsCommandOutput,
+} from "../commands/DescribeInboundDmarcSettingsCommand";
import {
DescribeMailboxExportJobCommandInput,
DescribeMailboxExportJobCommandOutput,
@@ -142,6 +146,10 @@ import {
PutAccessControlRuleCommandInput,
PutAccessControlRuleCommandOutput,
} from "../commands/PutAccessControlRuleCommand";
+import {
+ PutInboundDmarcSettingsCommandInput,
+ PutInboundDmarcSettingsCommandOutput,
+} from "../commands/PutInboundDmarcSettingsCommand";
import {
PutMailboxPermissionsCommandInput,
PutMailboxPermissionsCommandOutput,
@@ -215,6 +223,8 @@ import {
DeregisterFromWorkMailResponse,
DescribeGroupRequest,
DescribeGroupResponse,
+ DescribeInboundDmarcSettingsRequest,
+ DescribeInboundDmarcSettingsResponse,
DescribeMailboxExportJobRequest,
DescribeMailboxExportJobResponse,
DescribeOrganizationRequest,
@@ -292,6 +302,8 @@ import {
PermissionType,
PutAccessControlRuleRequest,
PutAccessControlRuleResponse,
+ PutInboundDmarcSettingsRequest,
+ PutInboundDmarcSettingsResponse,
PutMailboxPermissionsRequest,
PutMailboxPermissionsResponse,
PutMobileDeviceAccessOverrideRequest,
@@ -598,6 +610,19 @@ export const serializeAws_json1_1DescribeGroupCommand = async (
return buildHttpRpcRequest(context, headers, "/", undefined, body);
};
+export const serializeAws_json1_1DescribeInboundDmarcSettingsCommand = async (
+ input: DescribeInboundDmarcSettingsCommandInput,
+ context: __SerdeContext
+): Promise<__HttpRequest> => {
+ const headers: __HeaderBag = {
+ "content-type": "application/x-amz-json-1.1",
+ "x-amz-target": "WorkMailService.DescribeInboundDmarcSettings",
+ };
+ let body: any;
+ body = JSON.stringify(serializeAws_json1_1DescribeInboundDmarcSettingsRequest(input, context));
+ return buildHttpRpcRequest(context, headers, "/", undefined, body);
+};
+
export const serializeAws_json1_1DescribeMailboxExportJobCommand = async (
input: DescribeMailboxExportJobCommandInput,
context: __SerdeContext
@@ -923,6 +948,19 @@ export const serializeAws_json1_1PutAccessControlRuleCommand = async (
return buildHttpRpcRequest(context, headers, "/", undefined, body);
};
+export const serializeAws_json1_1PutInboundDmarcSettingsCommand = async (
+ input: PutInboundDmarcSettingsCommandInput,
+ context: __SerdeContext
+): Promise<__HttpRequest> => {
+ const headers: __HeaderBag = {
+ "content-type": "application/x-amz-json-1.1",
+ "x-amz-target": "WorkMailService.PutInboundDmarcSettings",
+ };
+ let body: any;
+ body = JSON.stringify(serializeAws_json1_1PutInboundDmarcSettingsRequest(input, context));
+ return buildHttpRpcRequest(context, headers, "/", undefined, body);
+};
+
export const serializeAws_json1_1PutMailboxPermissionsCommand = async (
input: PutMailboxPermissionsCommandInput,
context: __SerdeContext
@@ -2933,6 +2971,68 @@ const deserializeAws_json1_1DescribeGroupCommandError = async (
return Promise.reject(Object.assign(new Error(message), response));
};
+export const deserializeAws_json1_1DescribeInboundDmarcSettingsCommand = async (
+ output: __HttpResponse,
+ context: __SerdeContext
+): Promise A stringified version of the cli.json file for your Amplify project. With Application Auto Scaling, you can configure automatic scaling for the following\n resources: Amazon AppStream 2.0 fleets Amazon Aurora Replicas Amazon Comprehend document classification and entity recognizer endpoints Amazon DynamoDB tables and global secondary indexes throughput capacity Amazon ECS services Amazon ElastiCache for Redis clusters (replication groups) Amazon EMR clusters Amazon Keyspaces (for Apache Cassandra) tables Lambda function provisioned concurrency Amazon Managed Streaming for Apache Kafka broker storage Amazon SageMaker endpoint variants Spot Fleet (Amazon EC2) requests Custom resources provided by your own applications or services \n API Summary\n The Application Auto Scaling service API includes three key sets of actions: Register and manage scalable targets - Register Amazon Web Services or custom resources as scalable\n targets (a resource that Application Auto Scaling can scale), set minimum and maximum capacity limits, and\n retrieve information on existing scalable targets. Configure and manage automatic scaling - Define scaling policies to dynamically scale\n your resources in response to CloudWatch alarms, schedule one-time or recurring scaling actions,\n and retrieve your recent scaling activity history. Suspend and resume scaling - Temporarily suspend and later resume automatic scaling by\n calling the RegisterScalableTarget API action for any Application Auto Scaling scalable target. You can\n suspend and resume (individually or in combination) scale-out activities that are\n triggered by a scaling policy, scale-in activities that are triggered by a scaling policy,\n and scheduled scaling. To learn more about Application Auto Scaling, including information about granting IAM users required\n permissions for Application Auto Scaling actions, see the Application Auto Scaling User\n Guide. With Application Auto Scaling, you can configure automatic scaling for the following\n resources: Amazon AppStream 2.0 fleets Amazon Aurora Replicas Amazon Comprehend document classification and entity recognizer endpoints Amazon DynamoDB tables and global secondary indexes throughput capacity Amazon ECS services Amazon ElastiCache for Redis clusters (replication groups) Amazon EMR clusters Amazon Keyspaces (for Apache Cassandra) tables Lambda function provisioned concurrency Amazon Managed Streaming for Apache Kafka broker storage Amazon Neptune clusters Amazon SageMaker endpoint variants Spot Fleets (Amazon EC2) Custom resources provided by your own applications or services \n API Summary\n The Application Auto Scaling service API includes three key sets of actions: Register and manage scalable targets - Register Amazon Web Services or custom resources as scalable\n targets (a resource that Application Auto Scaling can scale), set minimum and maximum capacity limits, and\n retrieve information on existing scalable targets. Configure and manage automatic scaling - Define scaling policies to dynamically scale\n your resources in response to CloudWatch alarms, schedule one-time or recurring scaling actions,\n and retrieve your recent scaling activity history. Suspend and resume scaling - Temporarily suspend and later resume automatic scaling by\n calling the RegisterScalableTarget API action for any Application Auto Scaling scalable target. You can\n suspend and resume (individually or in combination) scale-out activities that are\n triggered by a scaling policy, scale-in activities that are triggered by a scaling policy,\n and scheduled scaling. To learn more about Application Auto Scaling, including information about granting IAM users required\n permissions for Application Auto Scaling actions, see the Application Auto Scaling User\n Guide. The identifier of the resource associated with the scalable target.\n This string consists of the resource type and unique identifier. ECS service - The resource type is Spot Fleet request - The resource type is EMR cluster - The resource type is AppStream 2.0 fleet - The resource type is DynamoDB table - The resource type is DynamoDB global secondary index - The resource type is Aurora DB cluster - The resource type is Amazon SageMaker endpoint variant - The resource type is Custom resources are not supported with a resource type. This parameter must specify the Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Lambda provisioned concurrency - The resource type is Amazon Keyspaces table - The resource type is Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. \n Example: Amazon ElastiCache replication group - The resource type is The identifier of the resource associated with the scalable target.\n This string consists of the resource type and unique identifier. ECS service - The resource type is Spot Fleet - The resource type is EMR cluster - The resource type is AppStream 2.0 fleet - The resource type is DynamoDB table - The resource type is DynamoDB global secondary index - The resource type is Aurora DB cluster - The resource type is SageMaker endpoint variant - The resource type is Custom resources are not supported with a resource type. This parameter must specify the Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Lambda provisioned concurrency - The resource type is Amazon Keyspaces table - The resource type is Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. \n Example: Amazon ElastiCache replication group - The resource type is Neptune cluster - The resource type is The scalable dimension. This string consists of the service namespace, resource type, and scaling property. \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n The scalable dimension. This string consists of the service namespace, resource type, and scaling property. \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n The identifier of the resource associated with the scheduled action.\n This string consists of the resource type and unique identifier. ECS service - The resource type is Spot Fleet request - The resource type is EMR cluster - The resource type is AppStream 2.0 fleet - The resource type is DynamoDB table - The resource type is DynamoDB global secondary index - The resource type is Aurora DB cluster - The resource type is Amazon SageMaker endpoint variant - The resource type is Custom resources are not supported with a resource type. This parameter must specify the Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Lambda provisioned concurrency - The resource type is Amazon Keyspaces table - The resource type is Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. \n Example: Amazon ElastiCache replication group - The resource type is The identifier of the resource associated with the scheduled action.\n This string consists of the resource type and unique identifier. ECS service - The resource type is Spot Fleet - The resource type is EMR cluster - The resource type is AppStream 2.0 fleet - The resource type is DynamoDB table - The resource type is DynamoDB global secondary index - The resource type is Aurora DB cluster - The resource type is SageMaker endpoint variant - The resource type is Custom resources are not supported with a resource type. This parameter must specify the Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Lambda provisioned concurrency - The resource type is Amazon Keyspaces table - The resource type is Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. \n Example: Amazon ElastiCache replication group - The resource type is Neptune cluster - The resource type is The scalable dimension. This string consists of the service namespace, resource type, and scaling property. \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n The scalable dimension. This string consists of the service namespace, resource type, and scaling property. \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n The identifier of the resource associated with the scalable target.\n This string consists of the resource type and unique identifier. ECS service - The resource type is Spot Fleet request - The resource type is EMR cluster - The resource type is AppStream 2.0 fleet - The resource type is DynamoDB table - The resource type is DynamoDB global secondary index - The resource type is Aurora DB cluster - The resource type is Amazon SageMaker endpoint variant - The resource type is Custom resources are not supported with a resource type. This parameter must specify the Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Lambda provisioned concurrency - The resource type is Amazon Keyspaces table - The resource type is Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. \n Example: Amazon ElastiCache replication group - The resource type is The identifier of the resource associated with the scalable target.\n This string consists of the resource type and unique identifier. ECS service - The resource type is Spot Fleet - The resource type is EMR cluster - The resource type is AppStream 2.0 fleet - The resource type is DynamoDB table - The resource type is DynamoDB global secondary index - The resource type is Aurora DB cluster - The resource type is SageMaker endpoint variant - The resource type is Custom resources are not supported with a resource type. This parameter must specify the Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Lambda provisioned concurrency - The resource type is Amazon Keyspaces table - The resource type is Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. \n Example: Amazon ElastiCache replication group - The resource type is Neptune cluster - The resource type is The scalable dimension associated with the scalable target.\n This string consists of the service namespace, resource type, and scaling property. \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n The scalable dimension associated with the scalable target.\n This string consists of the service namespace, resource type, and scaling property. \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n The identifier of the resource associated with the scalable target.\n This string consists of the resource type and unique identifier. ECS service - The resource type is Spot Fleet request - The resource type is EMR cluster - The resource type is AppStream 2.0 fleet - The resource type is DynamoDB table - The resource type is DynamoDB global secondary index - The resource type is Aurora DB cluster - The resource type is Amazon SageMaker endpoint variant - The resource type is Custom resources are not supported with a resource type. This parameter must specify the Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Lambda provisioned concurrency - The resource type is Amazon Keyspaces table - The resource type is Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. \n Example: Amazon ElastiCache replication group - The resource type is The identifier of the resource associated with the scalable target.\n This string consists of the resource type and unique identifier. ECS service - The resource type is Spot Fleet - The resource type is EMR cluster - The resource type is AppStream 2.0 fleet - The resource type is DynamoDB table - The resource type is DynamoDB global secondary index - The resource type is Aurora DB cluster - The resource type is SageMaker endpoint variant - The resource type is Custom resources are not supported with a resource type. This parameter must specify the Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Lambda provisioned concurrency - The resource type is Amazon Keyspaces table - The resource type is Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. \n Example: Amazon ElastiCache replication group - The resource type is Neptune cluster - The resource type is The scalable dimension associated with the scalable target.\n This string consists of the service namespace, resource type, and scaling property. If you specify a scalable dimension, you must also specify a resource ID. \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n The scalable dimension associated with the scalable target.\n This string consists of the service namespace, resource type, and scaling property. If you specify a scalable dimension, you must also specify a resource ID. \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n The identifier of the resource associated with the scaling activity.\n This string consists of the resource type and unique identifier. ECS service - The resource type is Spot Fleet request - The resource type is EMR cluster - The resource type is AppStream 2.0 fleet - The resource type is DynamoDB table - The resource type is DynamoDB global secondary index - The resource type is Aurora DB cluster - The resource type is Amazon SageMaker endpoint variant - The resource type is Custom resources are not supported with a resource type. This parameter must specify the Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Lambda provisioned concurrency - The resource type is Amazon Keyspaces table - The resource type is Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. \n Example: Amazon ElastiCache replication group - The resource type is The identifier of the resource associated with the scaling activity.\n This string consists of the resource type and unique identifier. ECS service - The resource type is Spot Fleet - The resource type is EMR cluster - The resource type is AppStream 2.0 fleet - The resource type is DynamoDB table - The resource type is DynamoDB global secondary index - The resource type is Aurora DB cluster - The resource type is SageMaker endpoint variant - The resource type is Custom resources are not supported with a resource type. This parameter must specify the Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Lambda provisioned concurrency - The resource type is Amazon Keyspaces table - The resource type is Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. \n Example: Amazon ElastiCache replication group - The resource type is Neptune cluster - The resource type is The scalable dimension. This string consists of the service namespace, resource type, and scaling property.\n If you specify a scalable dimension, you must also specify a resource ID. \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n The scalable dimension. This string consists of the service namespace, resource type, and scaling property.\n If you specify a scalable dimension, you must also specify a resource ID. \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n The identifier of the resource associated with the scaling policy.\n This string consists of the resource type and unique identifier. ECS service - The resource type is Spot Fleet request - The resource type is EMR cluster - The resource type is AppStream 2.0 fleet - The resource type is DynamoDB table - The resource type is DynamoDB global secondary index - The resource type is Aurora DB cluster - The resource type is Amazon SageMaker endpoint variant - The resource type is Custom resources are not supported with a resource type. This parameter must specify the Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Lambda provisioned concurrency - The resource type is Amazon Keyspaces table - The resource type is Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. \n Example: Amazon ElastiCache replication group - The resource type is The identifier of the resource associated with the scaling policy.\n This string consists of the resource type and unique identifier. ECS service - The resource type is Spot Fleet - The resource type is EMR cluster - The resource type is AppStream 2.0 fleet - The resource type is DynamoDB table - The resource type is DynamoDB global secondary index - The resource type is Aurora DB cluster - The resource type is SageMaker endpoint variant - The resource type is Custom resources are not supported with a resource type. This parameter must specify the Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Lambda provisioned concurrency - The resource type is Amazon Keyspaces table - The resource type is Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. \n Example: Amazon ElastiCache replication group - The resource type is Neptune cluster - The resource type is The scalable dimension. This string consists of the service namespace, resource type, and scaling property.\n If you specify a scalable dimension, you must also specify a resource ID. \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n The scalable dimension. This string consists of the service namespace, resource type, and scaling property.\n If you specify a scalable dimension, you must also specify a resource ID. \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n The maximum number of scalable targets. This value can be between 1 and\n 50. The default value is 50. If this parameter is used, the operation returns up to The maximum number of scalable targets. This value can be between 1 and 10. The default\n value is 10. If this parameter is used, the operation returns up to The identifier of the resource associated with the scheduled action.\n This string consists of the resource type and unique identifier. ECS service - The resource type is Spot Fleet request - The resource type is EMR cluster - The resource type is AppStream 2.0 fleet - The resource type is DynamoDB table - The resource type is DynamoDB global secondary index - The resource type is Aurora DB cluster - The resource type is Amazon SageMaker endpoint variant - The resource type is Custom resources are not supported with a resource type. This parameter must specify the Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Lambda provisioned concurrency - The resource type is Amazon Keyspaces table - The resource type is Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. \n Example: Amazon ElastiCache replication group - The resource type is The identifier of the resource associated with the scheduled action.\n This string consists of the resource type and unique identifier. ECS service - The resource type is Spot Fleet - The resource type is EMR cluster - The resource type is AppStream 2.0 fleet - The resource type is DynamoDB table - The resource type is DynamoDB global secondary index - The resource type is Aurora DB cluster - The resource type is SageMaker endpoint variant - The resource type is Custom resources are not supported with a resource type. This parameter must specify the Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Lambda provisioned concurrency - The resource type is Amazon Keyspaces table - The resource type is Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. \n Example: Amazon ElastiCache replication group - The resource type is Neptune cluster - The resource type is The scalable dimension. This string consists of the service namespace, resource type, and scaling property.\n If you specify a scalable dimension, you must also specify a resource ID. \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n The scalable dimension. This string consists of the service namespace, resource type, and scaling property.\n If you specify a scalable dimension, you must also specify a resource ID. \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n Identifies the resource associated with the metric type. You can't specify a resource\n label unless the metric type is You create the resource label by appending the final portion of the load balancer ARN\n and the final portion of the target group ARN into a single value, separated by a forward\n slash (/). The format of the resource label is: \n Where: app/ targetgroup/ To find the ARN for an Application Load Balancer, use the DescribeLoadBalancers API operation. To find the ARN for the target group, use\n the DescribeTargetGroups API operation. Identifies the resource associated with the metric type. You can't specify a resource\n label unless the metric type is You create the resource label by appending the final portion of the load balancer ARN\n and the final portion of the target group ARN into a single value, separated by a forward\n slash (/). The format of the resource label is: \n Where: app/ targetgroup/ To find the ARN for an Application Load Balancer, use the DescribeLoadBalancers API operation. To find the ARN for the target group, use\n the DescribeTargetGroups API operation. The identifier of the resource associated with the scaling policy.\n This string consists of the resource type and unique identifier. ECS service - The resource type is Spot Fleet request - The resource type is EMR cluster - The resource type is AppStream 2.0 fleet - The resource type is DynamoDB table - The resource type is DynamoDB global secondary index - The resource type is Aurora DB cluster - The resource type is Amazon SageMaker endpoint variant - The resource type is Custom resources are not supported with a resource type. This parameter must specify the Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Lambda provisioned concurrency - The resource type is Amazon Keyspaces table - The resource type is Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. \n Example: Amazon ElastiCache replication group - The resource type is The identifier of the resource associated with the scaling policy.\n This string consists of the resource type and unique identifier. ECS service - The resource type is Spot Fleet - The resource type is EMR cluster - The resource type is AppStream 2.0 fleet - The resource type is DynamoDB table - The resource type is DynamoDB global secondary index - The resource type is Aurora DB cluster - The resource type is SageMaker endpoint variant - The resource type is Custom resources are not supported with a resource type. This parameter must specify the Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Lambda provisioned concurrency - The resource type is Amazon Keyspaces table - The resource type is Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. \n Example: Amazon ElastiCache replication group - The resource type is Neptune cluster - The resource type is The scalable dimension. This string consists of the service namespace, resource type, and scaling property. \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n The scalable dimension. This string consists of the service namespace, resource type, and scaling property. \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n The policy type. This parameter is required if you are creating a scaling policy. The following policy types are supported: \n \n For more information, see Target\n tracking scaling policies and Step scaling policies in the Application Auto Scaling User Guide. The policy type. This parameter is required if you are creating a scaling policy. The following policy types are supported: \n \n For more information, see Target\n tracking scaling policies and Step scaling policies in the Application Auto Scaling User Guide. The identifier of the resource associated with the scheduled action.\n This string consists of the resource type and unique identifier. ECS service - The resource type is Spot Fleet request - The resource type is EMR cluster - The resource type is AppStream 2.0 fleet - The resource type is DynamoDB table - The resource type is DynamoDB global secondary index - The resource type is Aurora DB cluster - The resource type is Amazon SageMaker endpoint variant - The resource type is Custom resources are not supported with a resource type. This parameter must specify the Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Lambda provisioned concurrency - The resource type is Amazon Keyspaces table - The resource type is Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. \n Example: Amazon ElastiCache replication group - The resource type is The identifier of the resource associated with the scheduled action.\n This string consists of the resource type and unique identifier. ECS service - The resource type is Spot Fleet - The resource type is EMR cluster - The resource type is AppStream 2.0 fleet - The resource type is DynamoDB table - The resource type is DynamoDB global secondary index - The resource type is Aurora DB cluster - The resource type is SageMaker endpoint variant - The resource type is Custom resources are not supported with a resource type. This parameter must specify the Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Lambda provisioned concurrency - The resource type is Amazon Keyspaces table - The resource type is Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. \n Example: Amazon ElastiCache replication group - The resource type is Neptune cluster - The resource type is The scalable dimension. This string consists of the service namespace, resource type, and scaling property. \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n The scalable dimension. This string consists of the service namespace, resource type, and scaling property. \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n Registers or updates a scalable target. A scalable target is a resource that Application Auto Scaling can scale out and scale in. Scalable\n targets are uniquely identified by the combination of resource ID, scalable dimension, and\n namespace. When you register a new scalable target, you must specify values for minimum and maximum\n capacity. Current capacity will be adjusted within the specified range when scaling starts.\n Application Auto Scaling scaling policies will not scale capacity to values that are outside of this\n range. After you register a scalable target, you do not need to register it again to use other\n Application Auto Scaling operations. To see which resources have been registered, use DescribeScalableTargets. You can also view the scaling policies for a service\n namespace by using DescribeScalableTargets. If you no longer need a scalable target, you can\n deregister it by using DeregisterScalableTarget. To update a scalable target, specify the parameters that you want to change. Include the\n parameters that identify the scalable target: resource ID, scalable dimension, and\n namespace. Any parameters that you don't specify are not changed by this update request. Registers or updates a scalable target. A scalable target is a resource that Application Auto Scaling can scale out and scale in. Scalable\n targets are uniquely identified by the combination of resource ID, scalable dimension, and\n namespace. When you register a new scalable target, you must specify values for minimum and maximum\n capacity. Current capacity will be adjusted within the specified range when scaling starts.\n Application Auto Scaling scaling policies will not scale capacity to values that are outside of this\n range. After you register a scalable target, you do not need to register it again to use other\n Application Auto Scaling operations. To see which resources have been registered, use DescribeScalableTargets. You can also view the scaling policies for a service\n namespace by using DescribeScalableTargets. If you no longer need a scalable target, you can\n deregister it by using DeregisterScalableTarget. To update a scalable target, specify the parameters that you want to change. Include the\n parameters that identify the scalable target: resource ID, scalable dimension, and\n namespace. Any parameters that you don't specify are not changed by this update request. If you call the The identifier of the resource that is associated with the scalable target.\n This string consists of the resource type and unique identifier. ECS service - The resource type is Spot Fleet request - The resource type is EMR cluster - The resource type is AppStream 2.0 fleet - The resource type is DynamoDB table - The resource type is DynamoDB global secondary index - The resource type is Aurora DB cluster - The resource type is Amazon SageMaker endpoint variant - The resource type is Custom resources are not supported with a resource type. This parameter must specify the Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Lambda provisioned concurrency - The resource type is Amazon Keyspaces table - The resource type is Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. \n Example: Amazon ElastiCache replication group - The resource type is The identifier of the resource that is associated with the scalable target.\n This string consists of the resource type and unique identifier. ECS service - The resource type is Spot Fleet - The resource type is EMR cluster - The resource type is AppStream 2.0 fleet - The resource type is DynamoDB table - The resource type is DynamoDB global secondary index - The resource type is Aurora DB cluster - The resource type is SageMaker endpoint variant - The resource type is Custom resources are not supported with a resource type. This parameter must specify the Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Lambda provisioned concurrency - The resource type is Amazon Keyspaces table - The resource type is Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. \n Example: Amazon ElastiCache replication group - The resource type is Neptune cluster - The resource type is The scalable dimension associated with the scalable target.\n This string consists of the service namespace, resource type, and scaling property. \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n The scalable dimension associated with the scalable target.\n This string consists of the service namespace, resource type, and scaling property. \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n The identifier of the resource associated with the scalable target.\n This string consists of the resource type and unique identifier. ECS service - The resource type is Spot Fleet request - The resource type is EMR cluster - The resource type is AppStream 2.0 fleet - The resource type is DynamoDB table - The resource type is DynamoDB global secondary index - The resource type is Aurora DB cluster - The resource type is Amazon SageMaker endpoint variant - The resource type is Custom resources are not supported with a resource type. This parameter must specify the Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Lambda provisioned concurrency - The resource type is Amazon Keyspaces table - The resource type is Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. \n Example: Amazon ElastiCache replication group - The resource type is The identifier of the resource associated with the scalable target.\n This string consists of the resource type and unique identifier. ECS service - The resource type is Spot Fleet - The resource type is EMR cluster - The resource type is AppStream 2.0 fleet - The resource type is DynamoDB table - The resource type is DynamoDB global secondary index - The resource type is Aurora DB cluster - The resource type is SageMaker endpoint variant - The resource type is Custom resources are not supported with a resource type. This parameter must specify the Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Lambda provisioned concurrency - The resource type is Amazon Keyspaces table - The resource type is Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. \n Example: Amazon ElastiCache replication group - The resource type is Neptune cluster - The resource type is The scalable dimension associated with the scalable target.\n This string consists of the service namespace, resource type, and scaling property. \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n The scalable dimension associated with the scalable target.\n This string consists of the service namespace, resource type, and scaling property. \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n The identifier of the resource associated with the scaling activity.\n This string consists of the resource type and unique identifier. ECS service - The resource type is Spot Fleet request - The resource type is EMR cluster - The resource type is AppStream 2.0 fleet - The resource type is DynamoDB table - The resource type is DynamoDB global secondary index - The resource type is Aurora DB cluster - The resource type is Amazon SageMaker endpoint variant - The resource type is Custom resources are not supported with a resource type. This parameter must specify the Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Lambda provisioned concurrency - The resource type is Amazon Keyspaces table - The resource type is Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. \n Example: Amazon ElastiCache replication group - The resource type is The identifier of the resource associated with the scaling activity.\n This string consists of the resource type and unique identifier. ECS service - The resource type is Spot Fleet - The resource type is EMR cluster - The resource type is AppStream 2.0 fleet - The resource type is DynamoDB table - The resource type is DynamoDB global secondary index - The resource type is Aurora DB cluster - The resource type is SageMaker endpoint variant - The resource type is Custom resources are not supported with a resource type. This parameter must specify the Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Lambda provisioned concurrency - The resource type is Amazon Keyspaces table - The resource type is Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. \n Example: Amazon ElastiCache replication group - The resource type is Neptune cluster - The resource type is The scalable dimension. This string consists of the service namespace, resource type, and scaling property. \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n The scalable dimension. This string consists of the service namespace, resource type, and scaling property. \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n The identifier of the resource associated with the scaling policy.\n This string consists of the resource type and unique identifier. ECS service - The resource type is Spot Fleet request - The resource type is EMR cluster - The resource type is AppStream 2.0 fleet - The resource type is DynamoDB table - The resource type is DynamoDB global secondary index - The resource type is Aurora DB cluster - The resource type is Amazon SageMaker endpoint variant - The resource type is Custom resources are not supported with a resource type. This parameter must specify the Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Lambda provisioned concurrency - The resource type is Amazon Keyspaces table - The resource type is Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. \n Example: Amazon ElastiCache replication group - The resource type is The identifier of the resource associated with the scaling policy.\n This string consists of the resource type and unique identifier. ECS service - The resource type is Spot Fleet - The resource type is EMR cluster - The resource type is AppStream 2.0 fleet - The resource type is DynamoDB table - The resource type is DynamoDB global secondary index - The resource type is Aurora DB cluster - The resource type is SageMaker endpoint variant - The resource type is Custom resources are not supported with a resource type. This parameter must specify the Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Lambda provisioned concurrency - The resource type is Amazon Keyspaces table - The resource type is Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. \n Example: Amazon ElastiCache replication group - The resource type is Neptune cluster - The resource type is The scalable dimension. This string consists of the service namespace, resource type, and scaling property. \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n The scalable dimension. This string consists of the service namespace, resource type, and scaling property. \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n The identifier of the resource associated with the scaling policy.\n This string consists of the resource type and unique identifier. ECS service - The resource type is Spot Fleet request - The resource type is EMR cluster - The resource type is AppStream 2.0 fleet - The resource type is DynamoDB table - The resource type is DynamoDB global secondary index - The resource type is Aurora DB cluster - The resource type is Amazon SageMaker endpoint variant - The resource type is Custom resources are not supported with a resource type. This parameter must specify the Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Lambda provisioned concurrency - The resource type is Amazon Keyspaces table - The resource type is Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. \n Example: Amazon ElastiCache replication group - The resource type is The identifier of the resource associated with the scaling policy.\n This string consists of the resource type and unique identifier. ECS service - The resource type is Spot Fleet - The resource type is EMR cluster - The resource type is AppStream 2.0 fleet - The resource type is DynamoDB table - The resource type is DynamoDB global secondary index - The resource type is Aurora DB cluster - The resource type is SageMaker endpoint variant - The resource type is Custom resources are not supported with a resource type. This parameter must specify the Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: Lambda provisioned concurrency - The resource type is Amazon Keyspaces table - The resource type is Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. \n Example: Amazon ElastiCache replication group - The resource type is Neptune cluster - The resource type is The scalable dimension. This string consists of the service namespace, resource type, and scaling property. \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n The scalable dimension. This string consists of the service namespace, resource type, and scaling property. \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n The amount of time, in seconds, to wait for a previous scaling activity to take effect. With scale-out policies, the intention is to continuously (but not excessively) scale out.\n After Application Auto Scaling successfully scales out using a step scaling policy, it starts to calculate the\n cooldown time. The scaling policy won't increase the desired capacity again unless either a\n larger scale out is triggered or the cooldown period ends. While the cooldown period is in\n effect, capacity added by the initiating scale-out activity is calculated as part of the\n desired capacity for the next scale-out activity. For example, when an alarm triggers a step\n scaling policy to increase the capacity by 2, the scaling activity completes successfully, and\n a cooldown period starts. If the alarm triggers again during the cooldown period but at a more\n aggressive step adjustment of 3, the previous increase of 2 is considered part of the current\n capacity. Therefore, only 1 is added to the capacity. With scale-in policies, the intention is to scale in conservatively to protect your\n application’s availability, so scale-in activities are blocked until the cooldown period has\n expired. However, if another alarm triggers a scale-out activity during the cooldown period\n after a scale-in activity, Application Auto Scaling scales out the target immediately. In this case, the\n cooldown period for the scale-in activity stops and doesn't complete. Application Auto Scaling provides a default value of 600 for Amazon ElastiCache replication groups\n and a default value of 300 for the following scalable targets: ECS services Spot Fleet requests EMR clusters AppStream 2.0 fleets Aurora DB clusters Amazon SageMaker endpoint variants Custom resources For all other scalable targets, the default value is 0: DynamoDB tables DynamoDB global secondary indexes Amazon Comprehend document classification and entity recognizer endpoints Lambda provisioned concurrency Amazon Keyspaces tables Amazon MSK broker storage The amount of time, in seconds, to wait for a previous scaling activity to take effect. With scale-out policies, the intention is to continuously (but not excessively) scale out.\n After Application Auto Scaling successfully scales out using a step scaling policy, it starts to calculate the\n cooldown time. The scaling policy won't increase the desired capacity again unless either a\n larger scale out is triggered or the cooldown period ends. While the cooldown period is in\n effect, capacity added by the initiating scale-out activity is calculated as part of the\n desired capacity for the next scale-out activity. For example, when an alarm triggers a step\n scaling policy to increase the capacity by 2, the scaling activity completes successfully, and\n a cooldown period starts. If the alarm triggers again during the cooldown period but at a more\n aggressive step adjustment of 3, the previous increase of 2 is considered part of the current\n capacity. Therefore, only 1 is added to the capacity. With scale-in policies, the intention is to scale in conservatively to protect your\n application’s availability, so scale-in activities are blocked until the cooldown period has\n expired. However, if another alarm triggers a scale-out activity during the cooldown period\n after a scale-in activity, Application Auto Scaling scales out the target immediately. In this case, the\n cooldown period for the scale-in activity stops and doesn't complete. Application Auto Scaling provides a default value of 600 for Amazon ElastiCache replication groups\n and a default value of 300 for the following scalable targets: AppStream 2.0 fleets Aurora DB clusters ECS services EMR clusters Neptune clusters SageMaker endpoint variants Spot Fleets Custom resources For all other scalable targets, the default value is 0: Amazon Comprehend document classification and entity recognizer endpoints DynamoDB tables and global secondary indexes Amazon Keyspaces tables Lambda provisioned concurrency Amazon MSK broker storage The amount of time, in seconds, to wait for a previous scale-out activity to take\n effect. With the scale-out cooldown period, the intention is to continuously\n (but not excessively) scale out. After Application Auto Scaling successfully scales out using a target\n tracking scaling policy, it starts to calculate the cooldown time. The scaling policy won't\n increase the desired capacity again unless either a larger scale out is triggered or the\n cooldown period ends. While the cooldown period is in effect, the capacity added by the\n initiating scale-out activity is calculated as part of the desired capacity for the next\n scale-out activity. Application Auto Scaling provides a default value of 600 for Amazon ElastiCache replication groups\n and a default value of 300 for the following scalable targets: ECS services Spot Fleet requests EMR clusters AppStream 2.0 fleets Aurora DB clusters Amazon SageMaker endpoint variants Custom resources For all other scalable targets, the default value is 0: DynamoDB tables DynamoDB global secondary indexes Amazon Comprehend document classification and entity recognizer endpoints Lambda provisioned concurrency Amazon Keyspaces tables Amazon MSK broker storage The amount of time, in seconds, to wait for a previous scale-out activity to take\n effect. With the scale-out cooldown period, the intention is to continuously\n (but not excessively) scale out. After Application Auto Scaling successfully scales out using a target\n tracking scaling policy, it starts to calculate the cooldown time. The scaling policy won't\n increase the desired capacity again unless either a larger scale out is triggered or the\n cooldown period ends. While the cooldown period is in effect, the capacity added by the\n initiating scale-out activity is calculated as part of the desired capacity for the next\n scale-out activity. Application Auto Scaling provides a default value of 600 for Amazon ElastiCache replication groups\n and a default value of 300 for the following scalable targets: AppStream 2.0 fleets Aurora DB clusters ECS services EMR clusters Neptune clusters SageMaker endpoint variants Spot Fleets Custom resources For all other scalable targets, the default value is 0: Amazon Comprehend document classification and entity recognizer endpoints DynamoDB tables and global secondary indexes Amazon Keyspaces tables Lambda provisioned concurrency Amazon MSK broker storage The amount of time, in seconds, after a scale-in activity completes before another\n scale-in activity can start. With the scale-in cooldown period, the intention is to scale in\n conservatively to protect your application’s availability, so scale-in activities are blocked\n until the cooldown period has expired. However, if another alarm triggers a scale-out activity\n during the scale-in cooldown period, Application Auto Scaling scales out the target immediately. In this case,\n the scale-in cooldown period stops and doesn't complete. Application Auto Scaling provides a default value of 600 for Amazon ElastiCache replication groups\n and a default value of 300 for the following scalable targets: ECS services Spot Fleet requests EMR clusters AppStream 2.0 fleets Aurora DB clusters Amazon SageMaker endpoint variants Custom resources For all other scalable targets, the default value is 0: DynamoDB tables DynamoDB global secondary indexes Amazon Comprehend document classification and entity recognizer endpoints Lambda provisioned concurrency Amazon Keyspaces tables Amazon MSK broker storage The amount of time, in seconds, after a scale-in activity completes before another\n scale-in activity can start. With the scale-in cooldown period, the intention is to scale in\n conservatively to protect your application’s availability, so scale-in activities are blocked\n until the cooldown period has expired. However, if another alarm triggers a scale-out activity\n during the scale-in cooldown period, Application Auto Scaling scales out the target immediately. In this case,\n the scale-in cooldown period stops and doesn't complete. Application Auto Scaling provides a default value of 600 for Amazon ElastiCache replication groups\n and a default value of 300 for the following scalable targets: AppStream 2.0 fleets Aurora DB clusters ECS services EMR clusters Neptune clusters SageMaker endpoint variants Spot Fleets Custom resources For all other scalable targets, the default value is 0: Amazon Comprehend document classification and entity recognizer endpoints DynamoDB tables and global secondary indexes Amazon Keyspaces tables Lambda provisioned concurrency Amazon MSK broker storage Contains an optional backup plan display name and an array of Contains an optional backup plan display name and an array of The number of recovery points that are stored in a backup vault. A Boolean value that indicates whether Backup Vault Lock applies to the\n selected backup vault. If The Backup Vault Lock setting that specifies the minimum retention period\n that the vault retains its recovery points. If this parameter is not specified, Vault Lock\n does not enforce a minimum retention period. If specified, any backup or copy job to the vault must have a lifecycle policy with a\n retention period equal to or longer than the minimum retention period. If the job's\n retention period is shorter than that minimum retention period, then the vault fails the\n backup or copy job, and you should either modify your lifecycle settings or use a different\n vault. Recovery points already stored in the vault prior to Vault Lock are not\n affected. The Backup Vault Lock setting that specifies the maximum retention period\n that the vault retains its recovery points. If this parameter is not specified, Vault Lock\n does not enforce a maximum retention period on the recovery points in the vault (allowing\n indefinite storage). If specified, any backup or copy job to the vault must have a lifecycle policy with a\n retention period equal to or shorter than the maximum retention period. If the job's\n retention period is longer than that maximum retention period, then the vault fails the\n backup or copy job, and you should either modify your lifecycle settings or use a different\n vault. Recovery points already stored in the vault prior to Vault Lock are not\n affected. The date and time when Backup Vault Lock configuration becomes immutable,\n meaning it cannot be changed or deleted. If you applied Vault Lock to your vault without specifying a lock date, you can change\n your Vault Lock settings, or delete Vault Lock from the vault entirely, at any time. This value is in Unix format, Coordinated Universal Time (UTC), and accurate to\n milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018\n 12:11:30.087 AM. Describes whether the control scope includes a specific resource identified by its\n unique Amazon Resource Name (ARN). The ID of the only Amazon Web Services resource that you want your control scope to\n contain. Creates a framework with one or more controls. A framework is a collection of controls\n that you can use to evaluate your backup practices. By using pre-built customizable\n controls to define your policies, you can evaluate whether your backup practices comply\n with your policies. To get insights into the compliance status of your frameworks, you can\n set up automatic daily reports. Creates a framework with one or more controls. A framework is a collection of controls\n that you can use to evaluate your backup practices. By using pre-built customizable\n controls to define your policies, you can evaluate whether your backup practices comply\n with your policies and which resources are not yet in compliance. Identifies the report template for the report. Reports are built using a report\n template. The report templates are: \n Identifies the report template for the report. Reports are built using a report\n template. The report templates are: \n If the report template is Metadata that you can assign to help organize the frameworks that you create. Each tag\n is a key-value pair. Metadata that you can assign to help organize the report plans that you create. Each tag\n is a key-value pair. An Amazon Resource Name (ARN) that uniquely identifies a resource. The format of the ARN\n depends on the resource type. The date and time a backup vault is created, in Unix format and Coordinated Universal\n Time (UTC). The value of Deletes Backup Vault Lock from a backup vault specified by a backup vault\n name. If the Vault Lock configuration is immutable, then you cannot delete Vault Lock using\n API operations, and you will receive an The name of the backup vault from which to delete Backup Vault Lock. The number of recovery points that are stored in a backup vault. A Boolean that indicates whether Backup Vault Lock is currently protecting\n the backup vault. The Backup Vault Lock setting that specifies the minimum retention period\n that the vault retains its recovery points. If this parameter is not specified, Vault Lock\n does not enforce a minimum retention period. If specified, any backup or copy job to the vault must have a lifecycle policy with a\n retention period equal to or longer than the minimum retention period. If the job's\n retention period is shorter than that minimum retention period, then the vault fails the\n backup or copy job, and you should either modify your lifecycle settings or use a different\n vault. Recovery points already stored in the vault prior to Vault Lock are not\n affected. The Backup Vault Lock setting that specifies the maximum retention period\n that the vault retains its recovery points. If this parameter is not specified, Vault Lock\n does not enforce a maximum retention period on the recovery points in the vault (allowing\n indefinite storage). If specified, any backup or copy job to the vault must have a lifecycle policy with a\n retention period equal to or shorter than the maximum retention period. If the job's\n retention period is longer than that maximum retention period, then the vault fails the\n backup or copy job, and you should either modify your lifecycle settings or use a different\n vault. Recovery points already stored in the vault prior to Vault Lock are not\n affected. The date and time when Backup Vault Lock configuration cannot be changed or\n deleted. If you applied Vault Lock to your vault without specifying a lock date, you can change\n any of your Vault Lock settings, or delete Vault Lock from the vault entirely, at any\n time. This value is in Unix format, Coordinated Universal Time (UTC), and accurate to\n milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018\n 12:11:30.087 AM. Contains a string with the supported Amazon Web Services resource types: \n \n \n \n \n \n \n Contains a string with the supported Amazon Web Services resource types: \n \n \n \n \n \n \n \n Applies Backup Vault Lock to a backup vault, preventing attempts to delete\n any recovery point stored in or created in a backup vault. Vault Lock also prevents\n attempts to update the lifecycle policy that controls the retention period of any recovery\n point currently stored in a backup vault. If specified, Vault Lock enforces a minimum and\n maximum retention period for future backup and copy jobs that target a backup vault. The Backup Vault Lock configuration that specifies the name of the backup\n vault it protects. The Backup Vault Lock configuration that specifies the minimum retention\n period that the vault retains its recovery points. This setting can be useful if, for\n example, your organization's policies require you to retain certain data for at least seven\n years (2555 days). If this parameter is not specified, Vault Lock will not enforce a minimum retention\n period. If this parameter is specified, any backup or copy job to the vault must have a\n lifecycle policy with a retention period equal to or longer than the minimum retention\n period. If the job's retention period is shorter than that minimum retention period, then\n the vault fails that backup or copy job, and you should either modify your lifecycle\n settings or use a different vault. Recovery points already saved in the vault prior to\n Vault Lock are not affected. The Backup Vault Lock configuration that specifies the maximum retention\n period that the vault retains its recovery points. This setting can be useful if, for\n example, your organization's policies require you to destroy certain data after retaining\n it for four years (1460 days). If this parameter is not included, Vault Lock does not enforce a maximum retention\n period on the recovery points in the vault. If this parameter is included without a value,\n Vault Lock will not enforce a maximum retention period. If this parameter is specified, any backup or copy job to the vault must have a\n lifecycle policy with a retention period equal to or shorter than the maximum retention\n period. If the job's retention period is longer than that maximum retention period, then\n the vault fails the backup or copy job, and you should either modify your lifecycle\n settings or use a different vault. Recovery points already saved in the vault prior to\n Vault Lock are not affected. The Backup Vault Lock configuration that specifies the number of days before\n the lock date. For example, setting Backup enforces a 72-hour cooling-off period before Vault Lock takes effect\n and becomes immutable. Therefore, you must set Before the lock date, you can delete Vault Lock from the vault using\n If this parameter is not specified, you can delete Vault Lock from the vault using\n Identifies the report template for the report. Reports are built using a report\n template. The report templates are: \n Identifies the report template for the report. Reports are built using a report\n template. The report templates are: \n Identifies the report template for the report. Reports are built using a report\n template. The report templates are: \n Identifies the report template for the report. Reports are built using a report\n template. The report templates are: \n If the report template is Identifies the report template for the report. Reports are built using a report\n template. The report templates are: \n Identifies the report template for the report. Reports are built using a report\n template. The report templates are: \n The Amazon Resource Names (ARNs) of the frameworks a report covers. The number of frameworks a report covers. Identifies the report template for the report. Reports are built using a report\n template. The report templates are: \n Identifies the report template for the report. Reports are built using a report\n template. The report templates are: \n If the report template is The configuration for the audio artifacts. The configuration for the video artifacts. The configuration for the content artifacts. The configuration for the artifacts. \nAn Amazon Chime SDK meeting attendee. Includes a unique \n We recommend securely transferring each The MUX type of the audio artifact configuration object. The audio artifact configuration object. The source configuration for a specified media capture pipline. The configuration for the artifacts in an Amazon Chime SDK meeting. The configuration object of the Amazon Chime SDK meeting for a specified media capture pipeline. Indicates whether the content artifact is enabled or disabled. The MUX type of the artifact configuration. The content artifact object. The token assigned to the client making the pipeline request. The configuration for a specified media capture pipeline. The time at which the capture pipeline was updated, in ISO 8601 format. The configuration for a specified media capture pipeline. A media capture pipeline object. A string consisting of an ID, source type, a source ARN, a sink type, and a sink ARN. A media capture pipeline object consisting of an ID, source type, source ARN, a sink type, a sink ARN, and a configuration object. The URL of the S3 bucket used to store the captured media. The event ingestion URL. The attendee IDs of the streams selected for a media capture pipeline. The external user IDs of the streams selected for a media capture pipeline. The video streams to capture for a specified media capture pipeline. The total number of video streams can't exceed 25. The selected video streams to capture for a specified media capture pipeline. The number of video streams can't exceed 25. Source configuration for a specified media capture pipeline. The Amazon Chime Business Calling settings. The Amazon Chime Business Calling settings. The Amazon Chime Voice Connector settings. The Amazon Chime Voice Connector settings. Indicates whether the video artifact is enabled or disabled. The MUX type of the video artifact configuration object. The video artifact configuration object. The order to list results in. The results are sorted by build number, not the build\n identifier. Valid values include: \n \n If the project has more than 100 builds, setting the sort order will result in an\n error. The order to sort the results in. The results are sorted by build number, not the build\n identifier. If this is not specified, the results are sorted in descending order. Valid values include: \n \n If the project has more than 100 builds, setting the sort order will result in an\n error. A list of build IDs for the specified build project, with each build ID representing a\n single build. A list of build identifiers for the specified build project, with each build ID representing a\n single build. Specifies the maximum amount of time, in minutes, that the batch build must be completed in. Specifies how build status reports are sent to the source provider for the batch build. This property is only used\n when the source provider for your project is Bitbucket, GitHub, or GitHub Enterprise,\n and your project is configured to report build statuses to the source provider. (Default) Aggregate all of the build statuses into a single status report. Send a separate status report for each individual build. An array of An array of Cancels the specified Capacity Reservation, releases the reserved capacity, and changes the Capacity Reservation's state to\n\t\t\t Instances running in the reserved capacity continue running until you stop them. Stopped\n\t\t\tinstances that target the Capacity Reservation can no longer launch. Modify these instances to either\n\t\t\ttarget a different Capacity Reservation, launch On-Demand Instance capacity, or run in any open Capacity Reservation\n\t\t\tthat has matching attributes and sufficient capacity. The error code. The error message. Describes a Capacity Reservation Fleet cancellation error. Cancels one or more Capacity Reservation Fleets. When you cancel a Capacity Reservation \n\t\t\tFleet, the following happens: The Capacity Reservation Fleet's status changes to The individual Capacity Reservations in the Fleet are cancelled. Instances running \n\t\t\t\t\tin the Capacity Reservations at the time of cancelling the Fleet continue to run in \n\t\t\t\t\tshared capacity. The Fleet stops creating new Capacity Reservations. Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is The IDs of the Capacity Reservation Fleets to cancel. Information about the Capacity Reservation Fleets that were successfully cancelled. Information about the Capacity Reservation Fleets that could not be cancelled. The Amazon Resource Name (ARN) of the Outpost on which the Capacity \n\t \t\tReservation was created. The ID of the Capacity Reservation Fleet to which the Capacity Reservation belongs. \n\t\t\tOnly valid for Capacity Reservations that were created by a Capacity Reservation Fleet. Describes a Capacity Reservation. The ID of the Capacity Reservation Fleet. The ARN of the Capacity Reservation Fleet. The state of the Capacity Reservation Fleet. Possible states include: \n \n \n \n \n \n \n \n \n The total number of capacity units for which the Capacity Reservation Fleet reserves capacity. \n\t\t\tFor more information, see Total target capacity \n\t\t\tin the Amazon EC2 User Guide. The capacity units that have been fulfilled. The tenancy of the Capacity Reservation Fleet. Tenancies include: \n \n The date and time at which the Capacity Reservation Fleet expires. The date and time at which the Capacity Reservation Fleet was created. Indicates the type of instance launches that the Capacity Reservation Fleet accepts. All \n\t\t\tCapacity Reservations in the Fleet inherit this instance matching criteria. Currently, Capacity Reservation Fleets support The strategy used by the Capacity Reservation Fleet to determine which of the specified \n\t\t\tinstance types to use. For more information, see For more information, see \n\t\t\t\n\t\t\t\tAllocation strategy in the Amazon EC2 User Guide. Information about the instance types for which to reserve the capacity. The tags assigned to the Capacity Reservation Fleet. Information about a Capacity Reservation Fleet. The current state of the Capacity Reservation Fleet. The previous state of the Capacity Reservation Fleet. The ID of the Capacity Reservation Fleet that was successfully cancelled. Describes a Capacity Reservation Fleet that was successfully cancelled. Creates a new Capacity Reservation with the specified attributes. Capacity Reservations enable you to reserve capacity for your Amazon EC2 instances in a specific Availability Zone for any duration. This \n\t\t\tgives you the flexibility to selectively add capacity reservations and still get the Regional RI discounts for that usage. \n\t\t\tBy creating Capacity Reservations, you ensure that you always have access to Amazon EC2 capacity when you need it, for as long as you need it. \n\t\t\tFor more information, see Capacity Reservations in the Amazon EC2 User Guide. Your request to create a Capacity Reservation could fail if Amazon EC2 does not have sufficient capacity to\n\t\t\tfulfill the request. If your request fails due to Amazon EC2 capacity constraints, either try\n\t\t\tagain at a later time, try in a different Availability Zone, or request a smaller\n\t\t\tcapacity reservation. If your application is flexible across instance types and sizes,\n\t\t\ttry to create a Capacity Reservation with different instance attributes. Your request could also fail if the requested quantity exceeds your On-Demand Instance\n\t\t\tlimit for the selected instance type. If your request fails due to limit constraints,\n\t\t\tincrease your On-Demand Instance limit for the required instance type and try again. For\n\t\t\tmore information about increasing your instance limits, see Amazon EC2 Service\n\t\t\t\tQuotas in the Amazon EC2 User Guide. Creates a Capacity Reservation Fleet. For more information, see Create a Capacity \n\t\t\tReservation Fleet in the Amazon EC2 User Guide. The strategy used by the Capacity Reservation Fleet to determine which of the \n\t\t\tspecified instance types to use. Currently, only the Valid values: Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensure Idempotency. Information about the instance types for which to reserve the capacity. Indicates the tenancy of the Capacity Reservation Fleet. All Capacity Reservations \n\t\t\tin the Fleet inherit this tenancy. The Capacity Reservation Fleet can have one of \n\t\t\tthe following tenancy settings: \n\t\t\t\t\t \n\t\t\t\t\t The total number of capacity units to be reserved by the Capacity Reservation Fleet. This \n\t\t\tvalue, together with the instance type weights that you assign to each instance type used by \n\t\t\tthe Fleet determine the number of instances for which the Fleet reserves capacity. Both values \n\t\t\tare based on units that make sense for your workload. For more information, see \n\t\t\t\tTotal target capacity in the Amazon EC2 User Guide. The date and time at which the Capacity Reservation Fleet expires. When the Capacity \n\t\t\tReservation Fleet expires, its state changes to The Capacity Reservation Fleet expires within an hour after the specified time. For example, \n\t\t\tif you specify Indicates the type of instance launches that the Capacity Reservation Fleet accepts. All \n\t\t\tCapacity Reservations in the Fleet inherit this instance matching criteria. Currently, Capacity Reservation Fleets support The tags to assign to the Capacity Reservation Fleet. The tags are automatically assigned \n\t\t\tto the Capacity Reservations in the Fleet. Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is The ID of the Capacity Reservation Fleet. The status of the Capacity Reservation Fleet. The total number of capacity units for which the Capacity Reservation Fleet reserves capacity. The requested capacity units that have been successfully reserved. The instance matching criteria for the Capacity Reservation Fleet. The allocation strategy used by the Capacity Reservation Fleet. The date and time at which the Capacity Reservation Fleet was created. The date and time at which the Capacity Reservation Fleet expires. Indicates the tenancy of Capacity Reservation Fleet. Information about the individual Capacity Reservations in the Capacity Reservation Fleet. The tags assigned to the Capacity Reservation Fleet. Describes one or more Capacity Reservation Fleets. The IDs of the Capacity Reservation Fleets to describe. The token to use to retrieve the next page of results. The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the returned One or more filters. \n \n \n \n Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is Information about the Capacity Reservation Fleets. The token to use to retrieve the next page of results. This value is The ID of the Capacity Reservation Fleet that could not be cancelled. Information about the Capacity Reservation Fleet cancellation error. Describes a Capacity Reservation Fleet that could not be cancelled. The ID of the Capacity Reservation. The ID of the Availability Zone in which the Capacity Reservation reserves capacity. The instance type for which the Capacity Reservation reserves capacity. The type of operating system for which the Capacity Reservation reserves capacity. The Availability Zone in which the Capacity Reservation reserves capacity. The total number of instances for which the Capacity Reservation reserves capacity. The number of capacity units fulfilled by the Capacity Reservation. For more information, see \n\t\t\t\n\t\t\t\tTotal target capacity in the Amazon EC2 User Guide. Indicates whether the Capacity Reservation reserves capacity for EBS-optimized instance types. The date and time at which the Capacity Reservation was created. The weight of the instance type in the Capacity Reservation Fleet. For more information, \n\t\t\tsee \n\t\t\t\tInstance type weight in the Amazon EC2 User Guide. The priority of the instance type in the Capacity Reservation Fleet. For more information, \n\t\t\tsee \n\t\t\t\tInstance type priority in the Amazon EC2 User Guide. Information about a Capacity Reservation in a Capacity Reservation Fleet. The ID of the network interface. If you are creating a Spot Fleet, omit this parameter because you can’t specify a network interface ID in a launch specification. The ID of the subnet in which to launch the instances. Modifies a Capacity Reservation's capacity and the conditions under which it is to be released. You\n\t\t\tcannot change a Capacity Reservation's instance type, EBS optimization, instance store settings,\n\t\t\tplatform, Availability Zone, or instance eligibility. If you need to modify any of these\n\t\t\tattributes, we recommend that you cancel the Capacity Reservation, and then create a new one with\n\t\t\tthe required attributes. Modifies a Capacity Reservation Fleet. When you modify the total target capacity of a Capacity Reservation Fleet, the Fleet automatically \n\t\t\tcreates new Capacity Reservations, or modifies or cancels existing Capacity Reservations in the Fleet \n\t\t\tto meet the new total target capacity. When you modify the end date for the Fleet, the end dates for \n\t\t\tall of the individual Capacity Reservations in the Fleet are updated accordingly. The ID of the Capacity Reservation Fleet to modify. The total number of capacity units to be reserved by the Capacity Reservation Fleet. This value, \n\t\t\ttogether with the instance type weights that you assign to each instance type used by the Fleet \n\t\t\tdetermine the number of instances for which the Fleet reserves capacity. Both values are based on \n\t\t\tunits that make sense for your workload. For more information, see Total target capacity \n\t\t\tin the Amazon EC2 User Guide. The date and time at which the Capacity Reservation Fleet expires. When the Capacity Reservation \n\t\t\tFleet expires, its state changes to The Capacity Reservation Fleet expires within an hour after the specified time. For example, if you \n\t\t\tspecify You can't specify EndDate and \n\t\t\tRemoveEndDate in the same request. Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is Indicates whether to remove the end date from the Capacity Reservation Fleet. If you remove the \n\t\t\tend date, the Capacity Reservation Fleet does not expire and it remains active until you explicitly \n\t\t\tcancel it using the CancelCapacityReservationFleet action. You can't specify RemoveEndDate and \n\t\t\tEndDate in the same request. Returns Describes a launch request for one or more instances, and includes \n owner, requester, and security group information that applies to all \n instances in the launch request. The instance type for which the Capacity Reservation Fleet reserves capacity. The type of operating system for which the Capacity Reservation Fleet reserves capacity. The number of capacity units provided by the specified instance type. This value, together with the \n\t\t\ttotal target capacity that you specify for the Fleet determine the number of instances for which the \n\t\t\tFleet reserves capacity. Both values are based on units that make sense for your workload. For more \n\t\t\tinformation, see Total target capacity \n\t\t\tin the Amazon EC2 User Guide. The Availability Zone in which the Capacity Reservation Fleet reserves the capacity. A Capacity \n\t\t\tReservation Fleet can't span Availability Zones. All instance type specifications that you specify \n\t\t\tfor the Fleet must use the same Availability Zone. The ID of the Availability Zone in which the Capacity Reservation Fleet reserves the capacity. A \n\t\t\tCapacity Reservation Fleet can't span Availability Zones. All instance type specifications that you \n\t\t\tspecify for the Fleet must use the same Availability Zone. Indicates whether the Capacity Reservation Fleet supports EBS-optimized instances types. This \n\t\t\toptimization provides dedicated throughput to Amazon EBS and an optimized configuration stack \n\t\t\tto provide optimal I/O performance. This optimization isn't available with all instance types. Additional \n\t\t\tusage charges apply when using EBS-optimized instance types. The priority to assign to the instance type. This value is used to determine which of the instance types \n\t\t\tspecified for the Fleet should be prioritized for use. A lower value indicates a high priority. For more \n\t\t\tinformation, see Instance type priority \n\t\t\tin the Amazon EC2 User Guide. Information about an instance type to use in a Capacity Reservation Fleet. The destination in Amazon ES. You can specify only one destination. The destination in Amazon ES. Describes an update for a destination in Amazon ES. Sets the version for the Amazon FSx for Lustre file system you're creating from a backup.\n Valid values are You don't need to specify Sets the version of the Amazon FSx for Lustre file system you're creating.\n Valid values are Set the value to Set the value to Default value is The configuration for this FSx for NetApp ONTAP file system. The version of your Amazon FSx for Lustre file system, either\n A list of up to two IP addresses of DNS servers or domain controllers in the\n self-managed AD directory. A list of up to three IP addresses of DNS servers or domain controllers in the\n self-managed AD directory. A list of up to two IP addresses of DNS servers or domain controllers in the\n self-managed AD directory. A list of up to three IP addresses of DNS servers or domain controllers in the\n self-managed AD directory. The configuration that Amazon FSx uses to join a Amazon FSx for Windows File Server file system or an ONTAP storage virtual machine (SVM) to\n a self-managed (including on-premises) Microsoft Active Directory (AD)\n directory. For more information, see \n \n Using Amazon FSx with your self-managed Microsoft Active Directory or \n Managing SVMs. The configuration that Amazon FSx uses to join a FSx for Windows File Server file system or an ONTAP storage virtual machine (SVM) to\n a self-managed (including on-premises) Microsoft Active Directory (AD)\n directory. For more information, see \n \n Using Amazon FSx with your self-managed Microsoft Active Directory or \n Managing SVMs. A list of up to two IP addresses of DNS servers or domain controllers in the\n self-managed AD directory. A list of up to three IP addresses of DNS servers or domain controllers in the\n self-managed AD directory. A The tags you assign to the connection. When true, specifies not returning the partition column schema. Useful when you are interested only in other partition attributes such as partition values or location. This approach avoids the problem of a large response by not returning duplicate data. Amazon Managed Grafana is a fully managed and secure data visualization service that you can use to \n instantly query, correlate, and visualize operational metrics, logs, and traces from multiple sources. \n Amazon Managed Grafana makes it easy to deploy, operate, and scale Grafana, a widely deployed data visualization tool \n that is popular for its extensible data support. With Amazon Managed Grafana, you create logically isolated Grafana servers called workspaces. In\n a workspace, you can create Grafana dashboards and visualizations to analyze your metrics, logs, and traces without having to\n build, package, or deploy any hardware to run Grafana servers. You do not have sufficient permissions to perform this action. The name of the attribute within the SAML assertion to use as the user full \"friendly\" names for SAML users. The name of the attribute within the SAML assertion to use as the login names for SAML users. The name of the attribute within the SAML assertion to use as the email names for SAML users. The name of the attribute within the SAML assertion to use as the user full \"friendly\" names for user groups. The name of the attribute within the SAML assertion to use as the user roles. The name of the attribute within the SAML assertion to use as the user full \"friendly\" names for the users' organizations. A structure that defines which attributes in the IdP assertion are to be used to define\n information about the users authenticated by the IdP to use the workspace. Assigns a Grafana Enterprise license to a workspace. Upgrading to Grafana Enterprise\n incurs additional fees. For more information, see Upgrade a workspace to\n Grafana Enterprise. The ID of the workspace to associate the license with. The type of license to associate with the workspace. A structure containing data about the workspace. Specifies whether this workspace uses Amazon Web Services SSO, SAML, or both methods to authenticate\n users to use the Grafana console in the Amazon Managed Grafana workspace. A structure containing information about how this workspace works with \n SAML, including what attributes within the assertion are to be mapped to user information in the workspace. A structure containing information about how this workspace works with \n Amazon Web Services SSO. A structure containing information about the user authentication methods used by the workspace. Specifies whether the workspace uses SAML, Amazon Web Services SSO, or both methods for user\n authentication. Specifies whether the workplace's user authentication method is fully configured. A structure that describes whether the workspace uses SAML, Amazon Web Services SSO, or both methods\n for user authentication, and whether that authentication is fully configured. The ID of the Amazon Web Services SSO-managed application that is created by Amazon Managed Grafana. A structure containing information about how this workspace works with \n Amazon Web Services SSO. A description of the error. The ID of the resource that is associated with the error. The type of the resource that is associated with the error. A resource was in an inconsistent state during an update or a deletion. Creates a workspace. In a workspace, you can create Grafana\n dashboards and visualizations to analyze your metrics, logs, and traces. You don't have to\n build, package, or deploy any hardware to run the Grafana server. Don't use Specifies whether the workspace can access Amazon Web Services resources in this Amazon Web Services account only, or whether it can also access Amazon Web Services resources in\n other accounts in the same organization. If you specify A unique, case-sensitive, user-provided identifier to ensure the idempotency of the request. The name of an IAM role that already exists to use with Organizations to access Amazon Web Services\n data sources and notification channels in other accounts in an organization. If you specify If you specify For more information, see Amazon Managed Grafana permissions and policies for\n Amazon Web Services data sources and notification channels\n The name of the CloudFormation stack set to use to generate IAM roles\n to be used for this workspace. Specify the Amazon Web Services data sources that you want to be queried in this\n workspace. Specifying these data sources here enables Amazon Managed Grafana to create IAM roles and permissions that allow Amazon Managed Grafana to read data from these\n sources. You must still add them as data sources in the Grafana console in the\n workspace. If you don't specify a data source here, you can still add it as a data source in the\n workspace console later. However, you will then have to manually configure permissions for\n it. A description for the workspace. This is used only to help you identify this workspace. The name for the workspace. It does not have to be unique. Specify the Amazon Web Services notification channels that you plan to use in this workspace. Specifying these \n data sources here enables Amazon Managed Grafana to create IAM roles and permissions that allow \n Amazon Managed Grafana to use these channels. Specifies the organizational units that this workspace is allowed to use data sources\n from, if this workspace is in an account that is part of an organization. The workspace needs an IAM role that grants permissions to the Amazon Web Services resources that the \n workspace will view data from. If you already have a role that you want to use, specify it here. If you omit\n this field and you specify some Amazon Web Services resources in Specifies whether this workspace uses SAML 2.0, Amazon Web Services Single Sign On, or both to authenticate \n users for using the Grafana console within a workspace. For more information, \n see User authentication in \n Amazon Managed Grafana. A structure containing data about the workspace that was created. Deletes an Amazon Managed Grafana workspace. The ID of the workspace to delete. A structure containing information about the workspace that was deleted. Displays information about one Amazon Managed Grafana workspace. Displays information about the authentication methods used in one Amazon Managed Grafana workspace. The ID of the workspace to return authentication information about. A structure containing information about the authentication methods used in \n the workspace. The ID of the workspace to display information about. A structure containing information about the workspace. Removes the Grafana Enterprise license from a workspace. The ID of the workspace to remove the Grafana Enterprise license from. The type of license to remove from the workspace. A structure containing information about the workspace. The URL of the location containing the metadata. The actual full metadata file, in XML format. A structure containing the identity provider (IdP) metadata used to integrate the\n identity provider with this workspace. You can specify the metadata either by providing a\n URL to its location in the A description of the error. How long to wait before you retry this operation. Unexpected error while processing the request. Retry the request. Lists the users and groups who have the Grafana The maximum number of results to include in the response. The token to use when requesting the next set of results. You received this token from a previous \n (Optional) If you specify (Optional) Limits the results to only the user that matches this ID. (Optional) Limits the results to only the group that matches this ID. The ID of the workspace to list permissions for. This parameter is required. The token to use in a subsequent The permissions returned by the operation. Returns a list of Amazon Managed Grafana workspaces in the account, with some information\n about each workspace. For more complete information about one workspace, use DescribeWorkspace. The maximum number of workspaces to include in the results. The token for the next set of workspaces to return. (You receive this token from a\n previous An array of structures that contain some information about the workspaces in the account. The token to use when requesting the next set of workspaces. A structure with the ID of the user or group with this role. Specifies whether the user or group has the A structure containing the identity of one user or group and the The value of a parameter in the request caused an error. The ID of the resource that is associated with the error. The type of the resource that is associated with the error. The request references a resource that does not exist. A list of groups from the SAML assertion attribute to grant the Grafana\n A list of groups from the SAML assertion attribute to grant the Grafana\n This structure defines which groups defined in the SAML assertion attribute are to be mapped \n to the Grafana Specifies whether the workspace's SAML configuration is complete. A structure containing details about how this workspace works with \n SAML. A structure containing information about how this workspace works with \n SAML. A structure containing the identity provider (IdP) metadata used to integrate the\n identity provider with this workspace. A structure that defines which attributes in the SAML assertion are to be used to define information about\n the users authenticated by that IdP to use the workspace. A structure containing arrays that map group names in the SAML assertion to the \n Grafana Lists which organizations defined in the SAML assertion are allowed to use the Amazon Managed Grafana workspace.\n If this is empty, all organizations in the assertion attribute have access. How long a sign-on session by a SAML user is valid, before the user has to sign on\n again. A structure containing information about how this workspace works with \n SAML. A description of the error. The ID of the resource that is associated with the error. The type of the resource that is associated with the error. The value of a parameter in the request caused an error. The ID of the service quota that was exceeded. The request would cause a service quota to be exceeded. A description of the error. The ID of the service that is associated with the error. The ID of the service quota that was exceeded. The value of a parameter in the request caused an error. The request was denied because of request throttling. Retry the request. The error code. The message for this error. Specifies which permission update caused the error. A structure containing information about one error encountered while performing an\n UpdatePermissions operation. Specifies whether this update is to add or revoke role permissions. The role to add or revoke for the user or the group specified in A structure that specifies the user or group to add or revoke the role for. Contains the instructions for one Grafana role permission update in a\n UpdatePermissions operation. Updates which users in a workspace have the Grafana An array of structures that contain the permission updates to make. The ID of the workspace to update. An array of structures that contain the errors from the operation, if any. Modifies an existing Amazon Managed Grafana workspace. If you use this operation and omit any \n optional parameters, the existing values of those parameters are not changed. To modify the user authentication methods that the workspace uses, such as SAML or Amazon Web Services SSO, \n use UpdateWorkspaceAuthentication. To modify which users in the workspace have the Use this operation to define the identity provider (IdP) that this workspace\n authenticates users from, using SAML. You can also map SAML assertion attributes to\n workspace user information and define which groups in the assertion attribute are to have\n the The ID of the workspace to update the authentication for. Specifies whether this workspace uses SAML 2.0, Amazon Web Services Single Sign On, or both to authenticate \n users for using the Grafana console within a workspace. For more information, \n see User authentication in \n Amazon Managed Grafana. If the workspace uses SAML, use this structure to\n map SAML assertion attributes to workspace user information and \n define which groups in the assertion attribute are to have the A structure that describes the user authentication for this workspace after the update is made. Specifies whether the workspace can access Amazon Web Services resources in this Amazon Web Services account only, or whether it can also access Amazon Web Services resources in\n other accounts in the same organization. If you specify The name of an IAM role that already exists to use to access resources through Organizations. If you specify If you specify For more information, see Amazon Managed Grafana permissions and policies for\n Amazon Web Services data sources and notification channels\n The name of the CloudFormation stack set to use to generate IAM roles\n to be used for this workspace. Specify the Amazon Web Services data sources that you want to be queried in this\n workspace. Specifying these data sources here enables Amazon Managed Grafana to create IAM roles and permissions that allow Amazon Managed Grafana to read data from these\n sources. You must still add them as data sources in the Grafana console in the\n workspace. If you don't specify a data source here, you can still add it as a data source later in\n the workspace console. However, you will then have to manually configure permissions for\n it. A description for the workspace. This is used only to help you identify this workspace. The ID of the workspace to update. A new name for the workspace to update. Specify the Amazon Web Services notification channels that you plan to use in this workspace. Specifying these \n data sources here enables Amazon Managed Grafana to create IAM roles and permissions that allow \n Amazon Managed Grafana to use these channels. Specifies the organizational units that this workspace is allowed to use data sources\n from, if this workspace is in an account that is part of an organization. The workspace needs an IAM role that grants permissions to the Amazon Web Services resources that the \n workspace will view data from. If you already have a role that you want to use, specify it here. If you omit\n this field and you specify some Amazon Web Services resources in A structure containing data about the workspace that was created. The ID of the user or group. Specifies whether this is a single user or a group. A structure that specifies one user or group in the workspace. A description of the error. The reason that the operation failed. A list of fields that might be associated with the error. The value of a parameter in the request caused an error. The name of the field that caused the validation error. A message describing why this field couldn't be validated. A structure that contains information about a request parameter that caused an error. Specifies whether the workspace can access Amazon Web Services resources in this Amazon Web Services account only, or whether it can also access Amazon Web Services resources in\n other accounts in the same organization. If this is The date that the workspace was created. Specifies the Amazon Web Services data sources that have been configured to have IAM \n roles and permissions created to allow \n Amazon Managed Grafana to read data from these sources. The user-defined description of the workspace. The URL that users can use to access the Grafana console in the workspace. The version of Grafana supported in this workspace. The unique ID of this workspace. The most recent date that the workspace was modified. The name of the workspace. The name of the IAM role that is used to access resources through Organizations. The Amazon Web Services notification channels that Amazon Managed Grafana can automatically create IAM \n roles and permissions for, to allow \n Amazon Managed Grafana to use these channels. Specifies the organizational units that this workspace is allowed to use data sources\n from, if this workspace is in an account that is part of an organization. If this is If this is For more information, see Amazon Managed Grafana permissions and policies for\n Amazon Web Services data sources and notification channels\n The name of the CloudFormation stack set that is used to generate IAM roles\n to be used for this workspace. The current status of the workspace. The IAM role that grants permissions to the Amazon Web Services resources that the \n workspace will view data from. This role must already exist. Specifies whether this workspace has a full Grafana Enterprise license or a free trial license. Specifies whether this workspace has already fully used its free trial for Grafana Enterprise. If this workspace has a full Grafana Enterprise license, this specifies when the license ends and\n will need to be renewed. If this workspace is currently in the free trial period for Grafana Enterprise, this value specifies\n when that free trial ends. A structure that describes whether the workspace uses SAML, Amazon Web Services SSO, or both methods\n for user authentication. A structure containing information about an Amazon Managed Grafana workspace in your account. The date that the workspace was created. The customer-entered description of the workspace. The URL endpoint to use to access the Grafana console in the workspace. The Grafana version that the workspace is running. The unique ID of the workspace. The most recent date that the workspace was modified. The name of the workspace. The Amazon Web Services notification channels that Amazon Managed Grafana can automatically\n create IAM roles and permissions for, which allows Amazon Managed Grafana to use\n these channels. The current status of the workspace. A structure containing information about the authentication methods used in \n the workspace. A structure that contains some information about one workspace in the account. Performs a greater than operation on two document attributes. Use\n with a document attribute of type Performs a greater than operation on two document attributes. Use\n with a document attribute of type Performs a greater or equals than operation on two document\n attributes. Use with a document attribute of type Performs a greater or equals than operation on two document\n attributes. Use with a document attribute of type Performs a less than operation on two document attributes. Use with\n a document attribute of type Performs a less than operation on two document attributes. Use with\n a document attribute of type Performs a less than or equals operation on two document attributes.\n Use with a document attribute of type Performs a less than or equals operation on two document attributes.\n Use with a document attribute of type Provides filtering the query results based on document\n attributes. When you use the \n \n \n If you use more than 2 layers, you receive a\n If you use more than 10 attribute filters, you receive a \n Provides filtering the query results based on document\n attributes. When you use the \n \n \n If you use more than 2 layers, you receive a\n If you use more than 10 attribute filters in a given list for \n Creates a data source that you use to with an Amazon Kendra index. You specify a name, data source connector type and description for\n your data source. You also specify configuration information such as\n document metadata (author, source URI, and so on) and user context\n information. \n Creates a data source that you want to use with an Amazon Kendra index. You specify a name, data source connector type and description for\n your data source. You also specify configuration information for the \n data source connector. \n A token that you provide to identify the request to create a data\n source. Multiple calls to the The code for a language. This allows you to support a language for all \n documents when creating the data source. English is supported \n by default. For more information on supported languages, including their codes, \n see Adding \n documents in languages other than English. A token that you provide to identify the request to create a FAQ. Multiple calls to\n the The code for a language. This allows you to support a language \n for the FAQ document. English is supported by default. \n For more information on supported languages, including their codes, \n see Adding \n documents in languages other than English. The user context policy. All indexed content is searchable and displayable\n for all users. If there is an access control list, it\n is ignored. You can filter on user and group attributes.\n Enables SSO and token-based user access control.\n All documents with no access control and all documents\n accessible to the user will be searchable and\n displayable.\n The user context policy. All indexed content is searchable and displayable\n for all users. If you want to filter search results on \n user context, you can use the attribute filters of\n Enables token-based user access control to filter \n search results on user context. All documents with no \n access control and all documents accessible to the user \n will be searchable and displayable.\n Enables fetching access levels of groups and users from an AWS Single Sign-On \n identity source. To configure this, see \n UserGroupResolutionConfiguration. A token that you provide to identify the request to create a \n thesaurus. Multiple calls to the A token that you provide to identify the request to create a \n thesaurus. Multiple calls to the The status of the data source. When the status is\n The code for a language. This shows a supported language for all documents \n in the data source. English is supported by default. \n For more information on supported languages, including their codes, \n see Adding \n documents in languages other than English. When the The code for a language. This shows a supported language for all \n documents in the data source. English is supported by \n default. For more information on supported languages, including their codes, \n see Adding \n documents in languages other than English. The file format used by the input files for the FAQ. The code for a language. This shows a supported language \n for the FAQ document. English is supported by default. \n For more information on supported languages, including their codes, \n see Adding \n documents in languages other than English. The user context policy for the Amazon Kendra index. Shows whether you have enabled the configuration for fetching access \n levels of groups and users from an AWS Single Sign-On identity source. Shows the date-time a block list for query suggestions was last created. Shows the date-time a block list for query suggestions was created. The file type used to create the FAQ. The code for a language. This shows a supported language for the FAQ document \n as part of the summary information for FAQs. English is supported by default. \n For more information on supported languages, including their codes, \n see Adding \n documents in languages other than English. If you have more than 1000 users and/or sub groups for a single group, \n you need to provide the path to the S3 file that lists your users and sub \n groups for a group. Your sub groups can contain more than 1000 users, but \n the list of sub groups that belong to a group (and/or users) must be no \n more than 1000. If you have more than 1000 users and/or sub groups for a single group, \n you need to provide the path to the S3 file that lists your users and sub \n groups for a group. Your sub groups can contain more than 1000 users, but \n the list of sub groups that belong to a group (and/or users) must be no \n more than 1000. You can download this \n example \n S3 file that uses the correct format for listing group members. Note, \n The code for a language. The default language is English. \n For more information on supported languages, including their codes, \n see Adding \n documents in languages other than English. If the result of the previous request to\n If the previous response was incomplete (because there is more data to retrieve), \n Amazon Kendra returns a pagination token in the response. You can use this pagination token \n to retrieve the next set of jobs. The If the response is truncated, Amazon Kendra returns this token that you \n can use in the subsequent request to retrieve the next set of jobs. If the result of the previous request to If the previous response was incomplete (because there is more data to retrieve), \n Amazon Kendra returns a pagination token in the response. You can use this pagination token \n to retrieve the next set of FAQs. The If the response is truncated, Amazon Kendra returns this token that you can use \n in the subsequent request to retrieve the next set of FAQs. \n The next items in the list of groups that go beyond the maximum.\n \n If the previous response was incomplete (because there is more data to retrieve), \n Amazon Kendra returns a pagination token in the response. You can use this pagination \n token to retrieve the next set of groups that are mapped to users before a \n given ordering or timestamp identifier.\n \n The maximum results shown for a list of groups that are mapped to users before a \n given ordering or timestamp identifier. \n \n The maximum number of returned groups that are mapped to users before a \n given ordering or timestamp identifier. \n \n The next items in the list of groups that go beyond the maximum.\n \n If the response is truncated, Amazon Kendra returns this token that you can use \n in the subsequent request to retrieve the next set of groups that are \n mapped to users before a given ordering or timestamp identifier.\n An array of summary information for one or more thesauruses. An array of summary information for a thesaurus or multiple thesauri. Maps users to their groups. You can also map sub groups to groups. \n For example, the group \"Company Intellectual Property Teams\" includes \n sub groups \"Research\" and \"Engineering\". These sub groups include their\n own list of users or people who work in these teams. Only users who work \n in research and engineering, and therefore belong in the intellectual \n property group, can see top-secret company documents in their search \n results. You map users to their groups when you want to filter search results \n for different users based on their group’s access to documents. For more \n information on filtering search results for different users, see \n Filtering \n on user context. If more than five Maps users to their groups so that you only need to provide \n the user ID when you issue the query. You can also map sub groups to groups. \n For example, the group \"Company Intellectual Property Teams\" includes \n sub groups \"Research\" and \"Engineering\". These sub groups include their\n own list of users or people who work in these teams. Only users who work \n in research and engineering, and therefore belong in the intellectual \n property group, can see top-secret company documents in their search \n results. You map users to their groups when you want to filter search results \n for different users based on their group’s access to documents. For more \n information on filtering search results for different users, see \n Filtering \n on user context. If more than five The user context token. The user context token or user and group information. An array of summary information for one or more thesauruses. An array of summary information for a thesaurus or multiple thesauri. The Amazon Resource Name (ARN) of the new role to use when the data\n source is accessing resources on your behalf. The code for a language. This allows you to support a language for all \n documents when updating the data source. English is supported \n by default. For more information on supported languages, including their codes, \n see Adding \n documents in languages other than English. The user user token context policy. The user context policy. Enables fetching access levels of groups and users from an AWS Single Sign-On \n identity source. To configure this, see \n UserGroupResolutionConfiguration. Provides the configuration information of the URLs to crawl. \n When selecting websites to index, you must adhere to \n the Amazon Acceptable Use Policy \n and all other Amazon terms. Remember that you must only use the Amazon Kendra web \n crawler to index your own webpages, or webpages that you have authorization to \n index.\n Provides the configuration information of the URLs to crawl. You can only crawl websites that use the secure communication protocol, \n Hypertext Transfer Protocol Secure (HTTPS). If you receive an error when \n crawling a website, it could be that the website is blocked from crawling. \n When selecting websites to index, you must adhere to \n the Amazon Acceptable Use Policy \n and all other Amazon terms. Remember that you must only use the Amazon Kendra web \n crawler to index your own webpages, or webpages that you have authorization to \n index.\n Provides information about the user context for a Amazon Kendra index. This is used for filtering search results for different users based on their access \n to documents. You provide one of the following: User token User ID, the groups the user belongs to, and the data sources \n the groups can access If you provide both, an exception is thrown. Provides information about the user context for\n an\n Amazon Kendra index. This is used for filtering search results for different users based on their access \n to documents. You provide one of the following: User token User ID, the groups the user belongs to, and any data sources the groups can\n access. If you provide both, an exception is thrown. The identity store provider (mode) you want to use to fetch access levels of groups and\n users. AWS Single Sign-On is currently the only available mode. Your users and groups\n must\n exist in an AWS SSO identity source in order to use this mode. Provides the configuration information to fetch access levels \n of groups and users from an AWS Single Sign-On identity \n source. This is useful for setting up user context filtering, where \n Amazon Kendra filters search results for different users based on their \n group's access to documents. You can also map your users to their \n groups for user context filtering using the \n PutPrincipalMapping \n operation. To set up an AWS SSO identity source in the console to use with \n Amazon Kendra, see Getting started \n with an AWS SSO identity source. You must also grant the required \n permissions to use AWS SSO with Amazon Kendra. For more information, see \n IAM roles for \n AWS Single Sign-On. Specifies the seed or starting point URLs of the \n websites or the sitemap URLs of the websites you want to crawl. You can include website subdomains. You can list up to 100 seed \n URLs and up to three sitemap URLs. \n When selecting websites to index, you must adhere to \n the Amazon Acceptable Use Policy \n and all other Amazon terms. Remember that you must only use the Amazon Kendra \n web crawler to index your own webpages, or webpages that you have \n authorization to index.\n Specifies the seed or starting point URLs of the \n websites or the sitemap URLs of the websites you want to crawl. You can include website subdomains. You can list up to 100 seed \n URLs and up to three sitemap URLs. You can only crawl websites that use the secure communication protocol, \n Hypertext Transfer Protocol Secure (HTTPS). If you receive an error when \n crawling a website, it could be that the website is blocked from crawling. \n When selecting websites to index, you must adhere to \n the Amazon Acceptable Use Policy \n and all other Amazon terms. Remember that you must only use the Amazon Kendra \n web crawler to index your own webpages, or webpages that you have \n authorization to index.\n Date and time that the alias was most recently created in the account and Region. Formatted as Unix time. Date and time that the alias was most recently created in the account and Region.\n Formatted as Unix time. Date and time that the alias was most recently associated with a KMS key in the account and Region. Formatted as Unix time. Date and time that the alias was most recently associated with a KMS key in the account\n and Region. Formatted as Unix time. Cancels the deletion of a KMS key. When this operation succeeds, the key\n state of the KMS key is For more information about scheduling and canceling deletion of a KMS key, see Deleting KMS keys in the Key Management Service Developer Guide. The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. \n Required permissions: kms:CancelKeyDeletion (key policy) \n Related operations: ScheduleKeyDeletion\n Cancels the deletion of a KMS key. When this operation succeeds, the key state of the KMS\n key is For more information about scheduling and canceling deletion of a KMS key, see Deleting KMS keys in the\n Key Management Service Developer Guide. The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account\n use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. \n Required permissions: kms:CancelKeyDeletion (key policy) \n Related operations: ScheduleKeyDeletion\n Identifies the KMS key whose deletion is being canceled. Specify the key ID or key ARN of the KMS key. For example: Key ID: Key ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. Identifies the KMS key whose deletion is being canceled. Specify the key ID or key ARN of the KMS key. For example: Key ID: Key ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. Connects or reconnects a custom key store to its associated CloudHSM cluster. The custom key store must be connected before you can create KMS keys\n in the key store or use the KMS keys it contains. You can disconnect and reconnect a custom key\n store at any time. To connect a custom key store, its associated CloudHSM cluster must have at least one active\n HSM. To get the number of active HSMs in a cluster, use the DescribeClusters operation. To add HSMs\n to the cluster, use the CreateHsm operation. Also, the \n The connection process can take an extended amount of time to complete; up to 20 minutes.\n This operation starts the connection process, but it does not wait for it to complete. When it\n succeeds, this operation quickly returns an HTTP 200 response and a JSON object with no\n properties. However, this response does not indicate that the custom key store is connected.\n To get the connection state of the custom key store, use the DescribeCustomKeyStores operation. During the connection process, KMS finds the CloudHSM cluster that is associated with the\n custom key store, creates the connection infrastructure, connects to the cluster, logs into\n the CloudHSM client as the The To fix the failure, use the DisconnectCustomKeyStore operation to\n disconnect the custom key store, correct the error, use the UpdateCustomKeyStore operation if necessary, and then use\n If you are having trouble connecting or disconnecting a custom key store, see Troubleshooting a Custom Key\n Store in the Key Management Service Developer Guide. \n Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account. \n Required permissions: kms:ConnectCustomKeyStore (IAM policy) \n Related operations\n \n CreateCustomKeyStore\n \n DeleteCustomKeyStore\n \n UpdateCustomKeyStore\n Connects or reconnects a custom key store to its associated CloudHSM cluster. The custom key store must be connected before you can create KMS keys in the key store or\n use the KMS keys it contains. You can disconnect and reconnect a custom key store at any\n time. To connect a custom key store, its associated CloudHSM cluster must have at least one active\n HSM. To get the number of active HSMs in a cluster, use the DescribeClusters operation. To add HSMs\n to the cluster, use the CreateHsm operation. Also, the \n The connection process can take an extended amount of time to complete; up to 20 minutes.\n This operation starts the connection process, but it does not wait for it to complete. When it\n succeeds, this operation quickly returns an HTTP 200 response and a JSON object with no\n properties. However, this response does not indicate that the custom key store is connected.\n To get the connection state of the custom key store, use the DescribeCustomKeyStores operation. During the connection process, KMS finds the CloudHSM cluster that is associated with the\n custom key store, creates the connection infrastructure, connects to the cluster, logs into\n the CloudHSM client as the The To fix the failure, use the DisconnectCustomKeyStore operation to\n disconnect the custom key store, correct the error, use the UpdateCustomKeyStore operation if necessary, and then use\n If you are having trouble connecting or disconnecting a custom key store, see Troubleshooting a Custom Key\n Store in the Key Management Service Developer Guide. \n Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account. \n Required permissions: kms:ConnectCustomKeyStore (IAM policy) \n Related operations\n \n CreateCustomKeyStore\n \n DeleteCustomKeyStore\n \n UpdateCustomKeyStore\n Creates a friendly name for a KMS key. Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see Using ABAC in KMS in the Key Management Service Developer Guide. You can use an alias to identify a KMS key in the KMS console, in the DescribeKey operation and in cryptographic operations, such as Encrypt and\n GenerateDataKey. You can also change the KMS key that's associated with the\n alias (UpdateAlias) or delete the alias (DeleteAlias) at\n any time. These operations don't affect the underlying KMS key. You can associate the alias with any customer managed key in the same Amazon Web Services Region. Each\n alias is associated with only one KMS key at a time, but a KMS key can have multiple aliases. A valid KMS key is required. You can't create an alias without a KMS key. The alias must be unique in the account and Region, but you can have aliases with the same\n name in different Regions. For detailed information about aliases, see Using aliases in the\n Key Management Service Developer Guide. This operation does not return a response. To get the alias that you created, use the\n ListAliases operation. The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use: No. You cannot perform this operation on an alias in a different Amazon Web Services account. \n Required permissions\n \n kms:CreateAlias on the alias (IAM policy). \n kms:CreateAlias on the KMS key (key policy). For details, see Controlling access to aliases in the Key Management Service Developer Guide. \n Related operations:\n \n DeleteAlias\n \n ListAliases\n \n UpdateAlias\n Creates a friendly name for a KMS key. Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see Using ABAC in KMS in the Key Management Service Developer Guide. You can use an alias to identify a KMS key in the KMS console, in the DescribeKey operation and in cryptographic operations, such as Encrypt and\n GenerateDataKey. You can also change the KMS key that's associated with\n the alias (UpdateAlias) or delete the alias (DeleteAlias)\n at any time. These operations don't affect the underlying KMS key. You can associate the alias with any customer managed key in the same Amazon Web Services Region. Each\n alias is associated with only one KMS key at a time, but a KMS key can have multiple aliases.\n A valid KMS key is required. You can't create an alias without a KMS key. The alias must be unique in the account and Region, but you can have aliases with the same\n name in different Regions. For detailed information about aliases, see Using aliases in the\n Key Management Service Developer Guide. This operation does not return a response. To get the alias that you created, use the\n ListAliases operation. The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use: No. You cannot perform this operation on an alias in a different Amazon Web Services account. \n Required permissions\n \n kms:CreateAlias on\n the alias (IAM policy). \n kms:CreateAlias on\n the KMS key (key policy). For details, see Controlling access to aliases in the\n Key Management Service Developer Guide. \n Related operations:\n \n DeleteAlias\n \n ListAliases\n \n UpdateAlias\n Specifies the alias name. This value must begin with The Specifies the alias name. This value must begin with The Associates the alias with the specified customer managed key. The KMS key must be\n in the same Amazon Web Services Region. A valid key ID is required. If you supply a null or empty string value, this operation\n returns an error. For help finding the key ID and ARN, see Finding the Key ID and\n ARN in the \n Key Management Service Developer Guide\n . Specify the key ID or key ARN of the KMS key. For example: Key ID: Key ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. Associates the alias with the specified customer managed key. The KMS key must\n be in the same Amazon Web Services Region. A valid key ID is required. If you supply a null or empty string value, this operation\n returns an error. For help finding the key ID and ARN, see Finding the Key ID and\n ARN in the \n Key Management Service Developer Guide\n . Specify the key ID or key ARN of the KMS key. For example: Key ID: Key ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. Specifies a friendly name for the custom key store. The name must be unique in your Amazon Web Services account. Specifies a friendly name for the custom key store. The name must be unique in your\n Amazon Web Services account. Adds a grant to a KMS key. A grant is a policy instrument that allows Amazon Web Services principals to use KMS keys in cryptographic operations. It also can allow them to view a KMS key (DescribeKey) and create and manage grants. When authorizing access to a KMS key, grants are considered along with key policies and IAM policies. Grants are often used for\n temporary permissions because you can create one, use its permissions, and delete it without\n changing your key policies or IAM policies. For detailed information about grants, including grant terminology, see Using grants in the\n \n Key Management Service Developer Guide\n . For examples of working with grants in several\n programming languages, see Programming grants. The When you create, retire, or revoke a grant, there might be a brief delay, usually less than five minutes, until the grant is available throughout KMS. This state is known as eventual consistency. Once the grant has achieved eventual consistency, the grantee principal\n can use the permissions in the grant without identifying the grant. However, to use the permissions in the grant immediately, use the\n The The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key\n ARN in the value of the \n Required permissions: kms:CreateGrant (key policy) \n Related operations:\n \n ListGrants\n \n ListRetirableGrants\n \n RetireGrant\n \n RevokeGrant\n Adds a grant to a KMS key. A grant is a policy instrument that allows Amazon Web Services principals to use\n KMS keys in cryptographic operations. It also can allow them to view a KMS key (DescribeKey) and create and manage grants. When authorizing access to a KMS key,\n grants are considered along with key policies and IAM policies. Grants are often used for\n temporary permissions because you can create one, use its permissions, and delete it without\n changing your key policies or IAM policies. For detailed information about grants, including grant terminology, see Using grants in the\n \n Key Management Service Developer Guide\n . For examples of working with grants in several\n programming languages, see Programming grants. The When you create, retire, or revoke a grant, there might be a brief delay, usually less than five minutes, until the grant is available throughout KMS. This state is known as eventual consistency. Once the grant has achieved eventual consistency, the grantee\n principal can use the permissions in the grant without identifying the grant. However, to use the permissions in the grant immediately, use the\n The The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use: Yes.\n To perform this operation on a KMS key in a different Amazon Web Services account, specify the key\n ARN in the value of the \n Required permissions: kms:CreateGrant (key policy) \n Related operations:\n \n ListGrants\n \n ListRetirableGrants\n \n RetireGrant\n \n RevokeGrant\n Identifies the KMS key for the grant. The grant gives principals permission to use this KMS key. Specify the key ID or key ARN of the KMS key. To specify a KMS key in a\ndifferent Amazon Web Services account, you must use the key ARN. For example: Key ID: Key ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. Identifies the KMS key for the grant. The grant gives principals permission to use this\n KMS key. Specify the key ID or key ARN of the KMS key. To specify a KMS key in a\ndifferent Amazon Web Services account, you must use the key ARN. For example: Key ID: Key ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. The identity that gets the permissions specified in the grant. To specify the principal, use the Amazon Resource Name (ARN) of an Amazon Web Services principal. Valid Amazon Web Services principals include Amazon Web Services accounts (root), IAM users, IAM roles, federated\n users, and assumed role users. For examples of the ARN syntax to use for specifying a\n principal, see Amazon Web Services Identity and Access\n Management (IAM) in the Example ARNs section of the Amazon Web Services General\n Reference. The identity that gets the permissions specified in the grant. To specify the principal, use the Amazon Resource Name (ARN) of an\n Amazon Web Services principal. Valid Amazon Web Services principals include Amazon Web Services accounts (root), IAM users, IAM roles,\n federated users, and assumed role users. For examples of the ARN syntax to use for specifying\n a principal, see Amazon Web Services Identity and Access\n Management (IAM) in the Example ARNs section of the Amazon Web Services General\n Reference. The principal that has permission to use the RetireGrant operation to\n retire the grant. To specify the principal, use the Amazon Resource Name (ARN) of an Amazon Web Services principal. Valid Amazon Web Services principals include Amazon Web Services accounts (root), IAM users, federated users, and\n assumed role users. For examples of the ARN syntax to use for specifying a principal, see\n Amazon Web Services Identity and Access Management (IAM) in the Example ARNs section of the\n Amazon Web Services General Reference. The grant determines the retiring principal. Other principals might have permission to\n retire the grant or revoke the grant. For details, see RevokeGrant and\n Retiring and revoking grants in the Key Management Service Developer Guide. The principal that has permission to use the RetireGrant operation to\n retire the grant. To specify the principal, use the Amazon Resource Name (ARN) of an\n Amazon Web Services principal. Valid Amazon Web Services principals include Amazon Web Services accounts (root), IAM users, federated\n users, and assumed role users. For examples of the ARN syntax to use for specifying a\n principal, see Amazon Web Services Identity and Access\n Management (IAM) in the Example ARNs section of the Amazon Web Services General\n Reference. The grant determines the retiring principal. Other principals might have permission to\n retire the grant or revoke the grant. For details, see RevokeGrant and\n Retiring and\n revoking grants in the Key Management Service Developer Guide. A list of operations that the grant permits. The operation must be supported on the KMS key. For example, you cannot create a grant for a\n symmetric KMS key that allows the Sign operation, or a grant for an asymmetric KMS key that allows the GenerateDataKey operation. If you try, KMS returns a\n A list of operations that the grant permits. The operation must be supported on the KMS key. For example, you cannot create a grant for\n a symmetric KMS key that allows the Sign operation, or a grant for an\n asymmetric KMS key that allows the GenerateDataKey operation. If you try,\n KMS returns a Specifies a grant constraint. KMS supports the These grant constraints allow the permissions in the grant only when the encryption\n context in the request matches ( The encryption context grant constraints are supported only on operations that include an\n encryption context. You cannot use an encryption context grant constraint for cryptographic\n operations with asymmetric KMS keys or for management operations, such as DescribeKey or RetireGrant. Specifies a grant constraint. KMS supports the These grant constraints allow the permissions in the grant only when the encryption\n context in the request matches ( The encryption context grant constraints are supported only on operations that include an\n encryption context. You cannot use an encryption context grant constraint for cryptographic\n operations with asymmetric KMS keys or for management operations, such as DescribeKey or RetireGrant. A friendly name for the grant. Use this value to prevent the unintended\n creation of duplicate grants when retrying this request. When this value is absent, all When this value is present, you can retry a A friendly name for the grant. Use this value to prevent the unintended creation of\n duplicate grants when retrying this request. When this value is absent, all When this value is present, you can retry a Creates a unique customer managed KMS key in your Amazon Web Services account and Region. KMS is replacing the term customer master key (CMK) with KMS key and KMS key. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term. You can use the \n Symmetric KMS keys contain a 256-bit symmetric key that\n never leaves KMS unencrypted. To use the KMS key, you must call KMS. You can use a\n symmetric KMS key to encrypt and decrypt small amounts of data, but they are typically used to\n generate data\n keys and data keys pairs. For details,\n see GenerateDataKey and GenerateDataKeyPair. \n Asymmetric KMS keys can contain an RSA key pair or an\n Elliptic Curve (ECC) key pair. The private key in an asymmetric KMS key never leaves KMS\n unencrypted. However, you can use the GetPublicKey operation to download\n the public key so it can be used outside of KMS. KMS keys with RSA key pairs can be used to\n encrypt or decrypt data or sign and verify messages (but not both). KMS keys with ECC key\n pairs can be used only to sign and verify messages. For information about symmetric and asymmetric KMS keys, see Using Symmetric and Asymmetric KMS keys in the Key Management Service Developer Guide. To create different types of KMS keys, use the following guidance: To create an asymmetric KMS key, use the When creating a symmetric KMS key, you don't need to specify the\n To create a multi-Region primary key in the local Amazon Web Services Region,\n use the This operation supports multi-Region keys, an KMS feature that lets you create multiple\n interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key\n material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt\n it in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more information about multi-Region keys, see Using multi-Region keys in the Key Management Service Developer Guide. You can create symmetric and asymmetric multi-Region keys and multi-Region keys with\n imported key material. You cannot create multi-Region keys in a custom key store. To import your own key material, begin by creating a symmetric KMS key with no key\n material. To do this, use the To create a multi-Region primary key with imported key material, use the\n To create a symmetric KMS key in a custom key store, use the\n You cannot create an asymmetric KMS key in a custom key store. For information about\n custom key stores in KMS see Using Custom Key Stores in\n the \n Key Management Service Developer Guide\n . \n Cross-account use: No. You cannot use this operation to\n create a KMS key in a different Amazon Web Services account. \n Required permissions: kms:CreateKey (IAM policy). To use the\n \n Related operations:\n \n DescribeKey\n \n ListKeys\n \n ScheduleKeyDeletion\n Creates a unique customer managed KMS key in your Amazon Web Services account and\n Region. KMS is replacing the term customer master key (CMK) with KMS key and KMS key. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term. You can use the \n Symmetric KMS keys contain a 256-bit symmetric key\n that never leaves KMS unencrypted. To use the KMS key, you must call KMS. You can use\n a symmetric KMS key to encrypt and decrypt small amounts of data, but they are typically\n used to generate data keys and data keys pairs. For details,\n see GenerateDataKey and GenerateDataKeyPair. \n Asymmetric KMS keys can contain an RSA key pair or an\n Elliptic Curve (ECC) key pair. The private key in an asymmetric KMS key never leaves KMS\n unencrypted. However, you can use the GetPublicKey operation to download\n the public key so it can be used outside of KMS. KMS keys with RSA key pairs can be used\n to encrypt or decrypt data or sign and verify messages (but not both). KMS keys with ECC\n key pairs can be used only to sign and verify messages. For information about symmetric and asymmetric KMS keys, see Using Symmetric and Asymmetric KMS keys in the Key Management Service Developer Guide. To create different types of KMS keys, use the following guidance: To create an asymmetric KMS key, use the When creating a symmetric KMS key, you don't need to specify the\n To create a multi-Region primary key in the local Amazon Web Services Region,\n use the This operation supports multi-Region keys, an KMS feature that lets you create multiple\n interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key\n material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt\n it in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more information about multi-Region keys, see Using multi-Region keys in the Key Management Service Developer Guide. You can create symmetric and asymmetric multi-Region keys and multi-Region keys with\n imported key material. You cannot create multi-Region keys in a custom key store. To import your own key material, begin by creating a symmetric KMS key with no key\n material. To do this, use the To create a multi-Region primary key with imported key material, use the\n To create a symmetric KMS key in a custom key store, use the\n You cannot create an asymmetric KMS key in a custom key store. For information about\n custom key stores in KMS see Using Custom Key Stores in\n the \n Key Management Service Developer Guide\n . \n Cross-account use: No. You cannot use this operation to\n create a KMS key in a different Amazon Web Services account. \n Required permissions: kms:CreateKey (IAM policy). To use the\n \n Related operations:\n \n DescribeKey\n \n ListKeys\n \n ScheduleKeyDeletion\n The key policy to attach to the KMS key. If you provide a key policy, it must meet the following criteria: If you don't set Each statement in the key policy must contain one or more principals. The principals\n in the key policy must exist and be visible to KMS. When you create a new Amazon Web Services principal\n (for example, an IAM user or role), you might need to enforce a delay before including the\n new principal in a key policy because the new principal might not be immediately visible\n to KMS. For more information, see Changes that I make are not always immediately visible in the Amazon Web Services Identity and Access Management User Guide. If you do not provide a key policy, KMS attaches a default key policy to the KMS key. For\n more information, see Default Key Policy in the\n Key Management Service Developer Guide. The key policy size quota is 32 kilobytes (32768 bytes). For help writing and formatting a JSON policy document, see the IAM JSON Policy Reference in the \n Identity and Access Management User Guide\n . The key policy to attach to the KMS key. If you provide a key policy, it must meet the following criteria: If you don't set Each statement in the key policy must contain one or more principals. The principals\n in the key policy must exist and be visible to KMS. When you create a new Amazon Web Services\n principal (for example, an IAM user or role), you might need to enforce a delay before\n including the new principal in a key policy because the new principal might not be\n immediately visible to KMS. For more information, see Changes that I make are not always immediately visible in the Amazon Web Services\n Identity and Access Management User Guide. If you do not provide a key policy, KMS attaches a default key policy to the KMS key.\n For more information, see Default Key Policy in the\n Key Management Service Developer Guide. The key policy size quota is 32 kilobytes (32768 bytes). For help writing and formatting a JSON policy document, see the IAM JSON Policy Reference in the \n Identity and Access Management User Guide\n . A description of the KMS key. Use a description that helps you decide whether the KMS key is\n appropriate for a task. The default value is an empty string (no description). To set or change the description after the key is created, use UpdateKeyDescription. A description of the KMS key. Use a description that helps you decide whether the KMS key is appropriate for a task. The\n default value is an empty string (no description). To set or change the description after the key is created, use UpdateKeyDescription. Determines the cryptographic operations for which you can use the KMS key. The default value is\n Select only one valid value. For symmetric KMS keys, omit the parameter or specify For asymmetric KMS keys with RSA key material, specify For asymmetric KMS keys with ECC key material, specify Determines the cryptographic operations for which you can use the KMS key. The default value is\n Select only one valid value. For symmetric KMS keys, omit the parameter or specify\n For asymmetric KMS keys with RSA key material, specify For asymmetric KMS keys with ECC key material, specify\n Instead, use the The Instead, use the The Specifies the type of KMS key to create. The default value, The \n Amazon Web Services services that\n are integrated with KMS use symmetric KMS keys to protect your data. These\n services do not support asymmetric KMS keys. For help determining whether a KMS key is symmetric or\n asymmetric, see Identifying Symmetric and Asymmetric KMS keys in the Key Management Service Developer\n Guide. KMS supports the following key specs for KMS keys: Symmetric key (default) \n Asymmetric RSA key pairs \n \n \n Asymmetric NIST-recommended elliptic curve key pairs \n \n \n Other asymmetric elliptic curve key pairs \n Specifies the type of KMS key to create. The default value,\n The \n Amazon Web Services services that\n are integrated with KMS use symmetric KMS keys to protect your data. These\n services do not support asymmetric KMS keys. For help determining whether a KMS key is\n symmetric or asymmetric, see Identifying Symmetric and Asymmetric\n KMS keys in the Key Management Service Developer Guide. KMS supports the following key specs for KMS keys: Symmetric key (default) \n Asymmetric RSA key pairs \n \n \n Asymmetric NIST-recommended elliptic curve key pairs \n \n \n Other asymmetric elliptic curve key pairs \n The source of the key material for the KMS key. You cannot change the origin after you create\n the KMS key. The default is To create a KMS key with no key material (for imported key material), set the value to\n To create a KMS key in an KMS custom key store and create its key material in the associated\n CloudHSM cluster, set this value to The source of the key material for the KMS key. You cannot change the origin after you\n create the KMS key. The default is To create a KMS key with no key material (for imported key material), set the value to\n To create a KMS key in an KMS custom key store and create its key material in the\n associated CloudHSM cluster, set this value to Creates the KMS key in the specified custom key store and the key material in its associated\n CloudHSM cluster. To create a KMS key in a custom key store, you must also specify the\n This parameter is valid only for symmetric KMS keys and regional KMS keys. You cannot create an\n asymmetric KMS key or a multi-Region key in a custom key store. To find the ID of a custom key store, use the DescribeCustomKeyStores operation. The response includes the custom key store ID and the ID of the CloudHSM cluster. This operation is part of the Custom Key Store feature feature in KMS, which\ncombines the convenience and extensive integration of KMS with the isolation and control of a\nsingle-tenant key store. Creates the KMS key in the specified custom key store and the key material in its\n associated CloudHSM cluster. To create a KMS key in a custom key store, you must also specify the\n This parameter is valid only for symmetric KMS keys and regional KMS keys. You cannot\n create an asymmetric KMS key or a multi-Region key in a custom key store. To find the ID of a custom key store, use the DescribeCustomKeyStores operation. The response includes the custom key store ID and the ID of the CloudHSM cluster. This operation is part of the Custom Key Store feature feature in KMS, which\ncombines the convenience and extensive integration of KMS with the isolation and control of a\nsingle-tenant key store. A flag to indicate whether to bypass the key policy lockout safety check. Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not\n set this value to true indiscriminately. For more information, refer to the scenario in the Default Key Policy section in the \n Key Management Service Developer Guide\n . Use this parameter only when you include a policy in the request and you intend to prevent\n the principal that is making the request from making a subsequent PutKeyPolicy request on the KMS key. The default value is false. A flag to indicate whether to bypass the key policy lockout safety check. Setting this value to true increases the risk that the KMS key becomes unmanageable. Do\n not set this value to true indiscriminately. For more information, refer to the scenario in the Default Key Policy section in the \n Key Management Service Developer Guide\n . Use this parameter only when you include a policy in the request and you intend to prevent\n the principal that is making the request from making a subsequent PutKeyPolicy request on the KMS key. The default value is false. Assigns one or more tags to the KMS key. Use this parameter to tag the KMS key when it is created.\n To tag an existing KMS key, use the TagResource operation. Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see Using ABAC in KMS in the Key Management Service Developer Guide. To use this parameter, you must have kms:TagResource permission in an IAM policy. Each tag consists of a tag key and a tag value. Both the tag key and the tag value are\n required, but the tag value can be an empty (null) string. You cannot have more than one tag\n on a KMS key with the same tag key. If you specify an existing tag key with a different tag value,\n KMS replaces the current tag value with the specified one. When you add tags to an Amazon Web Services resource, Amazon Web Services generates a cost allocation\n report with usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For details,\n see Tagging Keys. Assigns one or more tags to the KMS key. Use this parameter to tag the KMS key when it is\n created. To tag an existing KMS key, use the TagResource operation. Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see Using ABAC in KMS in the Key Management Service Developer Guide. To use this parameter, you must have kms:TagResource permission in an IAM policy. Each tag consists of a tag key and a tag value. Both the tag key and the tag value are\n required, but the tag value can be an empty (null) string. You cannot have more than one tag\n on a KMS key with the same tag key. If you specify an existing tag key with a different tag\n value, KMS replaces the current tag value with the specified one. When you add tags to an Amazon Web Services resource, Amazon Web Services generates a cost allocation\n report with usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For details,\n see Tagging Keys. Creates a multi-Region primary key that you can replicate into other Amazon Web Services Regions. You\n cannot change this value after you create the KMS key. For a multi-Region key, set this parameter to This operation supports multi-Region keys, an KMS feature that lets you create multiple\n interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key\n material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt\n it in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more information about multi-Region keys, see Using multi-Region keys in the Key Management Service Developer Guide. This value creates a primary key, not a replica. To create a\n replica key, use the ReplicateKey operation. You can create a symmetric or asymmetric multi-Region key, and you can create a\n multi-Region key with imported key material. However, you cannot create a multi-Region key in\n a custom key store. Creates a multi-Region primary key that you can replicate into other Amazon Web Services Regions. You\n cannot change this value after you create the KMS key. For a multi-Region key, set this parameter to This operation supports multi-Region keys, an KMS feature that lets you create multiple\n interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key\n material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt\n it in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more information about multi-Region keys, see Using multi-Region keys in the Key Management Service Developer Guide. This value creates a primary key, not a replica. To create a\n replica key, use the ReplicateKey operation. You can create a symmetric or asymmetric multi-Region key, and you can create a\n multi-Region key with imported key material. However, you cannot create a multi-Region key in\n a custom key store. The request was rejected because the custom key store contains KMS keys. After verifying that you do not need to use the KMS keys, use the ScheduleKeyDeletion operation to delete the KMS keys. After they are deleted, you\n can delete the custom key store. The request was rejected because the custom key store contains KMS keys. After verifying\n that you do not need to use the KMS keys, use the ScheduleKeyDeletion\n operation to delete the KMS keys. After they are deleted, you can delete the custom key\n store. Indicates whether the custom key store is connected to its CloudHSM cluster. You can create and use KMS keys in your custom key stores only when its connection state is\n The value is A value of Indicates whether the custom key store is connected to its CloudHSM cluster. You can create and use KMS keys in your custom key stores only when its connection state\n is The value is A value of Decrypts ciphertext that was encrypted by a KMS key using any of\n the following operations: \n Encrypt\n \n GenerateDataKey\n \n GenerateDataKeyPair\n You can use this operation to decrypt ciphertext that was encrypted under a symmetric or\n asymmetric KMS key. When the KMS key is asymmetric, you must specify the KMS key and the encryption\n algorithm that was used to encrypt the ciphertext. For information about symmetric and asymmetric KMS keys, see Using Symmetric and Asymmetric KMS keys in the Key Management Service Developer Guide. The Decrypt operation also decrypts ciphertext that was encrypted outside of KMS by the\n public key in an KMS asymmetric KMS key. However, it cannot decrypt ciphertext produced by other\n libraries, such as the Amazon Web Services Encryption\n SDK or Amazon S3 client-side encryption. These libraries return a ciphertext format that\n is incompatible with KMS. If the ciphertext was encrypted under a symmetric KMS key, the Whenever possible, use key policies to give users permission to call the\n Applications in Amazon Web Services Nitro Enclaves can call this operation by using the Amazon Web Services Nitro Enclaves Development Kit. For information about the supporting parameters, see How Amazon Web Services Nitro Enclaves use KMS in the Key Management Service Developer Guide. The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the \n Required permissions: kms:Decrypt (key policy) \n Related operations:\n \n Encrypt\n \n GenerateDataKey\n \n GenerateDataKeyPair\n \n ReEncrypt\n Decrypts ciphertext that was encrypted by a KMS key using any of the following\n operations: \n Encrypt\n \n GenerateDataKey\n \n GenerateDataKeyPair\n You can use this operation to decrypt ciphertext that was encrypted under a symmetric or\n asymmetric KMS key. When the KMS key is asymmetric, you must specify the KMS key and the\n encryption algorithm that was used to encrypt the ciphertext. For information about symmetric and asymmetric KMS keys, see Using Symmetric and Asymmetric KMS keys in the Key Management Service Developer Guide. The Decrypt operation also decrypts ciphertext that was encrypted outside of KMS by the\n public key in an KMS asymmetric KMS key. However, it cannot decrypt ciphertext produced by\n other libraries, such as the Amazon Web Services\n Encryption SDK or Amazon S3 client-side encryption.\n These libraries return a ciphertext format that is incompatible with KMS. If the ciphertext was encrypted under a symmetric KMS key, the Whenever possible, use key policies to give users permission to call the\n Applications in Amazon Web Services Nitro Enclaves can call this operation by using the Amazon Web Services Nitro Enclaves Development Kit. For information about the supporting parameters, see How Amazon Web Services Nitro Enclaves use KMS in the Key Management Service Developer Guide. The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account\n use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the \n Required permissions: kms:Decrypt (key policy) \n Related operations:\n \n Encrypt\n \n GenerateDataKey\n \n GenerateDataKeyPair\n \n ReEncrypt\n Specifies the KMS key that KMS uses to decrypt the ciphertext. Enter a\n key ID of the KMS key that was used to encrypt the ciphertext. This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key.\n If you used a symmetric KMS key, KMS can get the KMS key from metadata that it adds to the\n symmetric ciphertext blob. However, it is always recommended as a best practice. This practice\n ensures that you use the KMS key that you intend. To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with For example: Key ID: Key ARN: Alias name: Alias ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases. Specifies the KMS key that KMS uses to decrypt the ciphertext. Enter a key ID of the KMS\n key that was used to encrypt the ciphertext. This parameter is required only when the ciphertext was encrypted under an asymmetric KMS\n key. If you used a symmetric KMS key, KMS can get the KMS key from metadata that it adds to\n the symmetric ciphertext blob. However, it is always recommended as a best practice. This\n practice ensures that you use the KMS key that you intend. To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with For example: Key ID: Key ARN: Alias name: Alias ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases. Specifies the encryption algorithm that will be used to decrypt the ciphertext. Specify\n the same algorithm that was used to encrypt the data. If you specify a different algorithm,\n the This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key.\n The default value, Specifies the encryption algorithm that will be used to decrypt the ciphertext. Specify\n the same algorithm that was used to encrypt the data. If you specify a different algorithm,\n the This parameter is required only when the ciphertext was encrypted under an asymmetric KMS\n key. The default value, Deletes the specified alias. Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see Using ABAC in KMS in the Key Management Service Developer Guide. Because an alias is not a property of a KMS key, you can delete and change the aliases of a KMS key without affecting the KMS key. Also, aliases do not appear in the response from the DescribeKey operation. To get the aliases of all KMS keys, use the ListAliases operation. Each KMS key can have multiple aliases. To change the alias of a KMS key, use DeleteAlias to delete the current alias and CreateAlias to\n create a new alias. To associate an existing alias with a different KMS key,\n call UpdateAlias. \n Cross-account use: No. You cannot perform this operation on an alias in a different Amazon Web Services account. \n Required permissions\n \n kms:DeleteAlias on the alias (IAM policy). \n kms:DeleteAlias on the KMS key (key policy). For details, see Controlling access to aliases in the Key Management Service Developer Guide. \n Related operations:\n \n CreateAlias\n \n ListAliases\n \n UpdateAlias\n Deletes the specified alias. Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see Using ABAC in KMS in the Key Management Service Developer Guide. Because an alias is not a property of a KMS key, you can delete and change the aliases of\n a KMS key without affecting the KMS key. Also, aliases do not appear in the response from the\n DescribeKey operation. To get the aliases of all KMS keys, use the ListAliases operation. Each KMS key can have multiple aliases. To change the alias of a KMS key, use DeleteAlias to delete the current alias and CreateAlias to\n create a new alias. To associate an existing alias with a different KMS key, call UpdateAlias. \n Cross-account use: No. You cannot perform this operation on an alias in a different Amazon Web Services account. \n Required permissions\n \n kms:DeleteAlias on\n the alias (IAM policy). \n kms:DeleteAlias on\n the KMS key (key policy). For details, see Controlling access to aliases in the\n Key Management Service Developer Guide. \n Related operations:\n \n CreateAlias\n \n ListAliases\n \n UpdateAlias\n Deletes a custom key store. This operation does not delete the CloudHSM cluster that is\n associated with the custom key store, or affect any users or keys in the cluster. The custom key store that you delete cannot contain any KMS KMS keys. Before\n deleting the key store, verify that you will never need to use any of the KMS keys in the key\n store for any cryptographic operations. Then, use ScheduleKeyDeletion to delete the\n KMS keys from the key store. When the scheduled waiting period\n expires, the After all KMS keys are deleted from KMS, use DisconnectCustomKeyStore to\n disconnect the key store from KMS. Then, you can delete the custom key store. Instead of deleting the custom key store, consider using DisconnectCustomKeyStore to disconnect it from KMS. While the key store is\n disconnected, you cannot create or use the KMS keys in the key store. But, you do not need to\n delete KMS keys and you can reconnect a disconnected custom key store at any time. If the operation succeeds, it returns a JSON object with no\nproperties. This operation is part of the Custom Key Store feature feature in KMS, which\ncombines the convenience and extensive integration of KMS with the isolation and control of a\nsingle-tenant key store. \n Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account. \n Required permissions: kms:DeleteCustomKeyStore (IAM policy) \n Related operations:\n \n CreateCustomKeyStore\n \n UpdateCustomKeyStore\n Deletes a custom key store. This operation does not delete the CloudHSM cluster that is\n associated with the custom key store, or affect any users or keys in the cluster. The custom key store that you delete cannot contain any KMS KMS keys. Before deleting the key store,\n verify that you will never need to use any of the KMS keys in the key store for any\n cryptographic operations. Then, use ScheduleKeyDeletion to delete the KMS keys from the\n key store. When the scheduled waiting period expires, the After all KMS keys are deleted from KMS, use DisconnectCustomKeyStore\n to disconnect the key store from KMS. Then, you can delete the custom key store. Instead of deleting the custom key store, consider using DisconnectCustomKeyStore to disconnect it from KMS. While the key store is\n disconnected, you cannot create or use the KMS keys in the key store. But, you do not need to\n delete KMS keys and you can reconnect a disconnected custom key store at any time. If the operation succeeds, it returns a JSON object with no\nproperties. This operation is part of the Custom Key Store feature feature in KMS, which\ncombines the convenience and extensive integration of KMS with the isolation and control of a\nsingle-tenant key store. \n Cross-account use: No.\n You cannot perform this operation on a custom key store in a different Amazon Web Services account. \n Required permissions: kms:DeleteCustomKeyStore (IAM policy) \n Related operations:\n \n CreateCustomKeyStore\n \n UpdateCustomKeyStore\n Deletes key material that you previously imported. This operation makes the specified\n KMS key unusable. For more information about importing key material into\n KMS, see Importing Key\n Material in the Key Management Service Developer Guide. When the specified KMS key is in the After you delete key material, you can use ImportKeyMaterial to reimport\n the same key material into the KMS key. The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. \n Required permissions: kms:DeleteImportedKeyMaterial (key policy) \n Related operations:\n \n ImportKeyMaterial\n Deletes key material that you previously imported. This operation makes the specified KMS\n key unusable. For more information about importing key material into KMS, see Importing Key Material\n in the Key Management Service Developer Guide. When the specified KMS key is in the After you delete key material, you can use ImportKeyMaterial to reimport\n the same key material into the KMS key. The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. \n Required permissions: kms:DeleteImportedKeyMaterial (key policy) \n Related operations:\n \n ImportKeyMaterial\n Identifies the KMS key from which you are deleting imported key material. The\n Specify the key ID or key ARN of the KMS key. For example: Key ID: Key ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. Identifies the KMS key from which you are deleting imported key material. The\n Specify the key ID or key ARN of the KMS key. For example: Key ID: Key ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. Gets information about custom key stores in the account and Region. This operation is part of the Custom Key Store feature feature in KMS, which\ncombines the convenience and extensive integration of KMS with the isolation and control of a\nsingle-tenant key store. By default, this operation returns information about all custom key stores in the account and\n Region. To get only information about a particular custom key store, use either the\n To determine whether the custom key store is connected to its CloudHSM cluster, use the\n Custom key stores have a For help repairing your custom key store, see the Troubleshooting Custom Key Stores topic in the\n Key Management Service Developer Guide. \n Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account. \n Required permissions: kms:DescribeCustomKeyStores (IAM policy) \n Related operations:\n \n CreateCustomKeyStore\n \n DeleteCustomKeyStore\n \n UpdateCustomKeyStore\n Gets information about custom key stores in the account and Region. This operation is part of the Custom Key Store feature feature in KMS, which\ncombines the convenience and extensive integration of KMS with the isolation and control of a\nsingle-tenant key store. By default, this operation returns information about all custom key\n stores in the account and Region. To get only information about a particular custom key store,\n use either the To determine whether the custom key store is connected to its CloudHSM cluster, use the\n Custom key stores have a For help repairing your custom key store, see the Troubleshooting Custom Key Stores topic in the\n Key Management Service Developer Guide. \n Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account. \n Required permissions: kms:DescribeCustomKeyStores (IAM policy) \n Related operations:\n \n CreateCustomKeyStore\n \n DeleteCustomKeyStore\n \n UpdateCustomKeyStore\n Provides detailed information about a KMS key. You can run\n This detailed information includes the key ARN, creation date (and deletion date, if\n applicable), the key state, and the origin and expiration date (if any) of the key material.\n It includes fields, like \n Aliases associated with the KMS key. To get this information, use ListAliases. Whether automatic key rotation is enabled on the KMS key. To get this information, use\n GetKeyRotationStatus. Also, some key states prevent a KMS key from being\n automatically rotated. For details, see How Automatic Key Rotation\n Works in Key Management Service Developer Guide. Tags on the KMS key. To get this information, use ListResourceTags. Key policies and grants on the KMS key. To get this information, use GetKeyPolicy and ListGrants. If you call the \n Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the \n Required permissions: kms:DescribeKey (key policy) \n Related operations:\n \n GetKeyPolicy\n \n GetKeyRotationStatus\n \n ListAliases\n \n ListGrants\n \n ListKeys\n \n ListResourceTags\n \n ListRetirableGrants\n Provides detailed information about a KMS key. You can run This detailed information includes the key ARN, creation date (and deletion date, if\n applicable), the key state, and the origin and expiration date (if any) of the key material.\n It includes fields, like \n Aliases associated with the KMS key. To get this information, use ListAliases. Whether automatic key rotation is enabled on the KMS key. To get this information, use\n GetKeyRotationStatus. Also, some key states prevent a KMS key from\n being automatically rotated. For details, see How Automatic Key Rotation\n Works in Key Management Service Developer Guide. Tags on the KMS key. To get this information, use ListResourceTags. Key policies and grants on the KMS key. To get this information, use GetKeyPolicy and ListGrants. If you call the \n Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the \n Required permissions: kms:DescribeKey (key policy) \n Related operations:\n \n GetKeyPolicy\n \n GetKeyRotationStatus\n \n ListAliases\n \n ListGrants\n \n ListKeys\n \n ListResourceTags\n \n ListRetirableGrants\n Describes the specified KMS key. If you specify a predefined Amazon Web Services alias (an Amazon Web Services alias with no key ID), KMS associates the\n alias with an Amazon Web Services managed key and returns its To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with For example: Key ID: Key ARN: Alias name: Alias ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases. Describes the specified KMS key. If you specify a predefined Amazon Web Services alias (an Amazon Web Services alias with no key ID), KMS associates\n the alias with an Amazon Web Services managed key and returns its\n To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with For example: Key ID: Key ARN: Alias name: Alias ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases. Sets the state of a KMS key to disabled. This change temporarily\n prevents use of the KMS key for cryptographic operations. For more information about how key state affects the use of a KMS key, see Key state: Effect on your KMS key in the \n Key Management Service Developer Guide\n . The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. \n Required permissions: kms:DisableKey (key policy) \n Related operations: EnableKey\n Sets the state of a KMS key to disabled. This change temporarily prevents use of the KMS\n key for cryptographic operations. For more information about how key state affects the use of a KMS key, see Key state: Effect on your KMS\n key in the \n Key Management Service Developer Guide\n . The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. \n Required permissions: kms:DisableKey (key policy) \n Related operations: EnableKey\n Disables automatic\n rotation of the key material for the specified symmetric KMS key. You cannot enable automatic rotation of asymmetric KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key. The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. \n Required permissions: kms:DisableKeyRotation (key policy) \n Related operations:\n \n EnableKeyRotation\n \n GetKeyRotationStatus\n Disables automatic\n rotation of the key material for the specified symmetric KMS key. You cannot enable automatic rotation of asymmetric KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key. The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account\n use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. \n Required permissions: kms:DisableKeyRotation (key policy) \n Related operations:\n \n EnableKeyRotation\n \n GetKeyRotationStatus\n Identifies a symmetric KMS key. You cannot enable or disable automatic\n rotation of asymmetric KMS keys, KMS keys\n with imported key\n material, or KMS keys in a custom key store. Specify the key ID or key ARN of the KMS key. For example: Key ID: Key ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. Identifies a symmetric KMS key. You cannot enable or disable automatic rotation of asymmetric\n KMS keys, KMS keys with imported key material, or KMS keys in a\n custom key store. Specify the key ID or key ARN of the KMS key. For example: Key ID: Key ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. Disconnects the custom key store from its associated CloudHSM cluster. While a custom key\n store is disconnected, you can manage the custom key store and its KMS keys, but you cannot create or use KMS keys in the custom key store. You can reconnect the\n custom key store at any time. While a custom key store is disconnected, all attempts to create KMS keys in the custom key store or to use existing KMS keys in cryptographic operations will\n fail. This action can prevent users from storing and accessing sensitive data. To find the connection state of a custom key store, use the DescribeCustomKeyStores operation. To reconnect a custom key store, use the\n ConnectCustomKeyStore operation. If the operation succeeds, it returns a JSON object with no\nproperties. This operation is part of the Custom Key Store feature feature in KMS, which\ncombines the convenience and extensive integration of KMS with the isolation and control of a\nsingle-tenant key store. \n Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account. \n Required permissions: kms:DisconnectCustomKeyStore (IAM policy) \n Related operations:\n \n CreateCustomKeyStore\n \n DeleteCustomKeyStore\n \n UpdateCustomKeyStore\n Disconnects the custom key store from its associated CloudHSM cluster. While a custom key\n store is disconnected, you can manage the custom key store and its KMS keys, but you cannot\n create or use KMS keys in the custom key store. You can reconnect the custom key store at any\n time. While a custom key store is disconnected, all attempts to create KMS keys in the custom key store or to use existing KMS keys in cryptographic operations will\n fail. This action can prevent users from storing and accessing sensitive data. To find the connection state of a custom key store, use the DescribeCustomKeyStores operation. To reconnect a custom key store, use the\n ConnectCustomKeyStore operation. If the operation succeeds, it returns a JSON object with no\nproperties. This operation is part of the Custom Key Store feature feature in KMS, which\ncombines the convenience and extensive integration of KMS with the isolation and control of a\nsingle-tenant key store. \n Cross-account use: No.\n You cannot perform this operation on a custom key store in a different Amazon Web Services account. \n Required permissions: kms:DisconnectCustomKeyStore (IAM policy) \n Related operations:\n \n CreateCustomKeyStore\n \n DeleteCustomKeyStore\n \n UpdateCustomKeyStore\n Sets the key state of a KMS key to enabled. This allows you to use the KMS key for cryptographic operations. The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. \n Required permissions: kms:EnableKey (key policy) \n Related operations: DisableKey\n Sets the key state of a KMS key to enabled. This allows you to use the KMS key for\n cryptographic operations. The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account\n use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. \n Required permissions: kms:EnableKey (key policy) \n Related operations: DisableKey\n Enables automatic rotation\n of the key material for the specified symmetric KMS key. You cannot enable automatic rotation of asymmetric KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key. The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. \n Required permissions: kms:EnableKeyRotation (key policy) \n Related operations:\n \n DisableKeyRotation\n \n GetKeyRotationStatus\n Enables automatic rotation\n of the key material for the specified symmetric KMS key. You cannot enable automatic rotation of asymmetric KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key. The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account\n use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. \n Required permissions: kms:EnableKeyRotation (key policy) \n Related operations:\n \n DisableKeyRotation\n \n GetKeyRotationStatus\n Identifies a symmetric KMS key. You cannot enable automatic rotation of asymmetric KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key. Specify the key ID or key ARN of the KMS key. For example: Key ID: Key ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. Identifies a symmetric KMS key. You cannot enable automatic rotation of asymmetric KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key. Specify the key ID or key ARN of the KMS key. For example: Key ID: Key ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. Encrypts plaintext into ciphertext by using a KMS key. The\n You can encrypt small amounts of arbitrary data, such as a personal identifier or\n database password, or other sensitive information. You can use the You don't need to use the When you encrypt data, you must specify a symmetric or asymmetric KMS key to use in the\n encryption operation. The KMS key must have a If you use a symmetric KMS key, you can use an encryption context to add additional security\n to your encryption operation. If you specify an If you specify an asymmetric KMS key, you must also specify the encryption algorithm. The\n algorithm must be compatible with the KMS key type. When you use an asymmetric KMS key to encrypt or reencrypt data, be sure to record the KMS key and encryption algorithm that you choose. You will be required to provide the same KMS key and encryption algorithm when you decrypt the data. If the KMS key and algorithm do not match the values used to encrypt the data, the decrypt operation fails. You are not required to supply the key ID and encryption algorithm when you decrypt with symmetric KMS keys because KMS stores this information in the ciphertext blob. KMS cannot store metadata in ciphertext generated with asymmetric keys. The standard format for asymmetric key ciphertext does not include configurable fields. The maximum size of the data that you can encrypt varies with the type of KMS key and the\n encryption algorithm that you choose. Symmetric KMS keys \n \n \n \n \n \n \n \n \n \n The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the \n Required permissions: kms:Encrypt (key policy) \n Related operations:\n \n Decrypt\n \n GenerateDataKey\n \n GenerateDataKeyPair\n Encrypts plaintext into ciphertext by using a KMS key. The You can encrypt small amounts of arbitrary data, such as a personal identifier or\n database password, or other sensitive information. You can use the You don't need to use the When you encrypt data, you must specify a symmetric or asymmetric KMS key to use in the\n encryption operation. The KMS key must have a If you use a symmetric KMS key, you can use an encryption context to add additional\n security to your encryption operation. If you specify an If you specify an asymmetric KMS key, you must also specify the encryption algorithm. The\n algorithm must be compatible with the KMS key type. When you use an asymmetric KMS key to encrypt or reencrypt data, be sure to record the KMS key and encryption algorithm that you choose. You will be required to provide the same KMS key and encryption algorithm when you decrypt the data. If the KMS key and algorithm do not match the values used to encrypt the data, the decrypt operation fails. You are not required to supply the key ID and encryption algorithm when you decrypt with symmetric KMS keys because KMS stores this information in the ciphertext blob. KMS cannot store metadata in ciphertext generated with asymmetric keys. The standard format for asymmetric key ciphertext does not include configurable fields. The maximum size of the data that you can encrypt varies with the type of KMS key and the\n encryption algorithm that you choose. Symmetric KMS keys \n \n \n \n \n \n \n \n \n \n The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use: Yes.\n To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the \n Required permissions: kms:Encrypt (key policy) \n Related operations:\n \n Decrypt\n \n GenerateDataKey\n \n GenerateDataKeyPair\n Identifies the KMS key to use in the encryption operation. To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with For example: Key ID: Key ARN: Alias name: Alias ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases. Identifies the KMS key to use in the encryption operation. To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with For example: Key ID: Key ARN: Alias name: Alias ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases. Specifies the encryption algorithm that KMS will use to encrypt the plaintext message.\n The algorithm must be compatible with the KMS key that you specify. This parameter is required only for asymmetric KMS keys. The default value,\n Specifies the encryption algorithm that KMS will use to encrypt the plaintext message.\n The algorithm must be compatible with the KMS key that you specify. This parameter is required only for asymmetric KMS keys. The default value,\n Generates a unique symmetric data key for client-side encryption. This operation returns a\n plaintext copy of the data key and a copy that is encrypted under a KMS key\n that you specify. You can use the plaintext key to encrypt your data outside of KMS and\n store the encrypted data key with the encrypted data. \n To generate a data key, specify the symmetric KMS key that will be used to encrypt the data\n key. You cannot use an asymmetric KMS key to generate data keys. To get the type of your KMS key, use\n the DescribeKey operation. You must also specify the length of the data key.\n Use either the To get only an encrypted copy of the data key, use GenerateDataKeyWithoutPlaintext. To generate an asymmetric data key pair, use\n the GenerateDataKeyPair or GenerateDataKeyPairWithoutPlaintext operation. To get a cryptographically secure\n random byte string, use GenerateRandom. You can use the optional encryption context to add additional security to the encryption\n operation. If you specify an Applications in Amazon Web Services Nitro Enclaves can call this operation by using the Amazon Web Services Nitro Enclaves Development Kit. For information about the supporting parameters, see How Amazon Web Services Nitro Enclaves use KMS in the Key Management Service Developer Guide. The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n How to use your data key\n We recommend that you use the following pattern to encrypt data locally in your application.\n You can write your own code or use a client-side encryption library, such as the Amazon Web Services Encryption SDK, the Amazon DynamoDB Encryption Client, or\n Amazon S3\n client-side encryption to do these tasks for you. To encrypt data outside of KMS: Use the Use the plaintext data key (in the Store the encrypted data key (in the To decrypt data outside of KMS: Use the Decrypt operation to decrypt the encrypted data key. The\n operation returns a plaintext copy of the data key. Use the plaintext data key to decrypt data outside of KMS, then erase the plaintext\n data key from memory. \n Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the \n Required permissions: kms:GenerateDataKey (key policy) \n Related operations:\n \n Decrypt\n \n Encrypt\n \n GenerateDataKeyPair\n Generates a unique symmetric data key for client-side encryption. This operation returns a\n plaintext copy of the data key and a copy that is encrypted under a KMS key that you specify.\n You can use the plaintext key to encrypt your data outside of KMS and store the encrypted\n data key with the encrypted data. \n To generate a data key, specify the symmetric KMS key that will be used to encrypt the\n data key. You cannot use an asymmetric KMS key to generate data keys. To get the type of your\n KMS key, use the DescribeKey operation. You must also specify the length of\n the data key. Use either the To get only an encrypted copy of the data key, use GenerateDataKeyWithoutPlaintext. To generate an asymmetric data key pair, use\n the GenerateDataKeyPair or GenerateDataKeyPairWithoutPlaintext operation. To get a cryptographically secure\n random byte string, use GenerateRandom. You can use the optional encryption context to add additional security to the encryption\n operation. If you specify an Applications in Amazon Web Services Nitro Enclaves can call this operation by using the Amazon Web Services Nitro Enclaves Development Kit. For information about the supporting parameters, see How Amazon Web Services Nitro Enclaves use KMS in the Key Management Service Developer Guide. The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n How to use your data\n key\n We recommend that you use the following pattern to encrypt data locally in your\n application. You can write your own code or use a client-side encryption library, such as the\n Amazon Web Services Encryption SDK, the\n Amazon DynamoDB Encryption Client,\n or Amazon S3\n client-side encryption to do these tasks for you. To encrypt data outside of KMS: Use the Use the plaintext data key (in the Store the encrypted data key (in the To decrypt data outside of KMS: Use the Decrypt operation to decrypt the encrypted data key. The\n operation returns a plaintext copy of the data key. Use the plaintext data key to decrypt data outside of KMS, then erase the plaintext\n data key from memory. \n Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the \n Required permissions: kms:GenerateDataKey (key policy) \n Related operations:\n \n Decrypt\n \n Encrypt\n \n GenerateDataKeyPair\n Generates a unique asymmetric data key pair. The You can use the public key that To generate a data key pair, you must specify a symmetric KMS key to\n encrypt the private key in a data key pair. You cannot use an asymmetric KMS key or a KMS key in a\n custom key store. To get the type and origin of your KMS key, use the DescribeKey operation. Use the If you are using the data key pair to encrypt data, or for any operation where you don't\n immediately need a private key, consider using the GenerateDataKeyPairWithoutPlaintext operation.\n \n You can use the optional encryption context to add additional security to the encryption\n operation. If you specify an The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the \n Required permissions: kms:GenerateDataKeyPair (key policy) \n Related operations:\n \n Decrypt\n \n Encrypt\n \n GenerateDataKey\n Generates a unique asymmetric data key pair. The You can use the public key that To generate a data key pair, you must specify a symmetric KMS key to encrypt the private\n key in a data key pair. You cannot use an asymmetric KMS key or a KMS key in a custom key\n store. To get the type and origin of your KMS key, use the DescribeKey\n operation. Use the If you are using the data key pair to encrypt data, or for any operation where you don't\n immediately need a private key, consider using the GenerateDataKeyPairWithoutPlaintext operation.\n \n You can use the optional encryption context to add additional security to the encryption\n operation. If you specify an The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account\n use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the \n Required permissions: kms:GenerateDataKeyPair (key policy) \n Related operations:\n \n Decrypt\n \n Encrypt\n \n GenerateDataKey\n Specifies the symmetric KMS key that encrypts the private key in the data key pair. You cannot\n specify an asymmetric KMS key or a KMS key in a custom key store. To get the type and origin of your KMS key, use the DescribeKey operation. To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with For example: Key ID: Key ARN: Alias name: Alias ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases. Specifies the symmetric KMS key that encrypts the private key in the data key pair. You\n cannot specify an asymmetric KMS key or a KMS key in a custom key store. To get the type and\n origin of your KMS key, use the DescribeKey operation. To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with For example: Key ID: Key ARN: Alias name: Alias ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases. Generates a unique asymmetric data key pair. The\n You can use the public key that To generate a data key pair, you must specify a symmetric KMS key to\n encrypt the private key in a data key pair. You cannot use an asymmetric KMS key or a KMS key in a\n custom key store. To get the type and origin of your KMS key, use the DescribeKey operation. Use the \n You can use the optional encryption context to add additional security to the encryption\n operation. If you specify an The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the \n Required permissions: kms:GenerateDataKeyPairWithoutPlaintext (key policy) \n Related operations:\n \n Decrypt\n \n Encrypt\n \n GenerateDataKey\n \n GenerateDataKeyPair\n Generates a unique asymmetric data key pair. The\n You can use the public key that To generate a data key pair, you must specify a symmetric KMS key to encrypt the private\n key in a data key pair. You cannot use an asymmetric KMS key or a KMS key in a custom key\n store. To get the type and origin of your KMS key, use the DescribeKey\n operation. Use the \n You can use the optional encryption context to add additional security to the encryption\n operation. If you specify an The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account\n use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the \n Required permissions: kms:GenerateDataKeyPairWithoutPlaintext (key\n policy) \n Related operations:\n \n Decrypt\n \n Encrypt\n \n GenerateDataKey\n \n GenerateDataKeyPair\n Specifies the KMS key that encrypts the private key in the data key pair. You must specify a\n symmetric KMS key. You cannot use an asymmetric KMS key or a KMS key in a custom key store. To get the\n type and origin of your KMS key, use the DescribeKey operation. To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with For example: Key ID: Key ARN: Alias name: Alias ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases. Specifies the KMS key that encrypts the private key in the data key pair. You must specify\n a symmetric KMS key. You cannot use an asymmetric KMS key or a KMS key in a custom key store.\n To get the type and origin of your KMS key, use the DescribeKey operation.\n To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with For example: Key ID: Key ARN: Alias name: Alias ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases. Generates a unique symmetric data key. This operation returns a data key that is encrypted\n under a KMS key that you specify. To request an asymmetric data key pair,\n use the GenerateDataKeyPair or GenerateDataKeyPairWithoutPlaintext operations. \n It's also useful in distributed systems with different levels of trust. For example, you\n might store encrypted data in containers. One component of your system creates new containers\n and stores an encrypted data key with each container. Then, a different component puts the\n data into the containers. That component first decrypts the data key, uses the plaintext data\n key to encrypt data, puts the encrypted data into the container, and then destroys the\n plaintext data key. In this system, the component that creates the containers never sees the\n plaintext data key. \n To generate a data key, you must specify the symmetric KMS key that is\n used to encrypt the data key. You cannot use an asymmetric KMS key to generate a data key. To get\n the type of your KMS key, use the DescribeKey operation. If the operation succeeds, you will find the encrypted copy of the data key in the\n You can use the optional encryption context to add additional security to the encryption\n operation. If you specify an The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the \n Required permissions: kms:GenerateDataKeyWithoutPlaintext (key policy) \n Related operations:\n \n Decrypt\n \n Encrypt\n \n GenerateDataKey\n \n GenerateDataKeyPair\n Generates a unique symmetric data key. This operation returns a data key that is encrypted\n under a KMS key that you specify. To request an asymmetric data key pair, use the GenerateDataKeyPair or GenerateDataKeyPairWithoutPlaintext\n operations. \n It's also useful in distributed systems with different levels of trust. For example, you\n might store encrypted data in containers. One component of your system creates new containers\n and stores an encrypted data key with each container. Then, a different component puts the\n data into the containers. That component first decrypts the data key, uses the plaintext data\n key to encrypt data, puts the encrypted data into the container, and then destroys the\n plaintext data key. In this system, the component that creates the containers never sees the\n plaintext data key. \n To generate a data key, you must specify the symmetric KMS key that is used to encrypt the\n data key. You cannot use an asymmetric KMS key to generate a data key. To get the type of your\n KMS key, use the DescribeKey operation. If the operation succeeds, you will find the encrypted copy of the data key in the\n You can use the optional encryption context to add additional security to the encryption\n operation. If you specify an The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account\n use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the \n Required permissions: kms:GenerateDataKeyWithoutPlaintext (key\n policy) \n Related operations:\n \n Decrypt\n \n Encrypt\n \n GenerateDataKey\n \n GenerateDataKeyPair\n The identifier of the symmetric KMS key that encrypts the data\n key. To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with For example: Key ID: Key ARN: Alias name: Alias ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases. The identifier of the symmetric KMS key that encrypts the data key. To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with For example: Key ID: Key ARN: Alias name: Alias ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases. Returns a random byte string that is cryptographically secure. By default, the random byte string is generated in KMS. To generate the byte string in\n the CloudHSM cluster that is associated with a custom key store, specify the custom key store\n ID. Applications in Amazon Web Services Nitro Enclaves can call this operation by using the Amazon Web Services Nitro Enclaves Development Kit. For information about the supporting parameters, see How Amazon Web Services Nitro Enclaves use KMS in the Key Management Service Developer Guide. For more information about entropy and random number generation, see Key Management Service Cryptographic Details. \n Required permissions: kms:GenerateRandom (IAM policy) Returns a random byte string that is cryptographically secure. By default, the random byte string is generated in KMS. To generate the byte string in\n the CloudHSM cluster that is associated with a custom key store, specify the custom key store\n ID. Applications in Amazon Web Services Nitro Enclaves can call this operation by using the Amazon Web Services Nitro Enclaves Development Kit. For information about the supporting parameters, see How Amazon Web Services Nitro Enclaves use KMS in the Key Management Service Developer Guide. For more information about entropy and random number generation, see\n Key Management Service Cryptographic Details. \n Required permissions: kms:GenerateRandom (IAM policy) Gets a key policy attached to the specified KMS key. \n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. \n Required permissions: kms:GetKeyPolicy (key policy) \n Related operations: PutKeyPolicy\n Gets a key policy attached to the specified KMS key. \n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. \n Required permissions: kms:GetKeyPolicy (key policy) \n Related operations: PutKeyPolicy\n Gets a Boolean value that indicates whether automatic rotation of the key material is\n enabled for the specified KMS key. You cannot enable automatic rotation of asymmetric KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key. The key rotation status for these KMS keys is always The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. Disabled: The key rotation status does not change when you disable a KMS key. However,\n while the KMS key is disabled, KMS does not rotate the key material. Pending deletion: While a KMS key is pending deletion, its key rotation status is\n \n Cross-account use: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key\n ARN in the value of the \n Required permissions: kms:GetKeyRotationStatus (key policy) \n Related operations:\n \n DisableKeyRotation\n \n EnableKeyRotation\n Gets a Boolean value that indicates whether automatic rotation of the key material is\n enabled for the specified KMS key. You cannot enable automatic rotation of asymmetric KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key. The key rotation status for these KMS keys is always\n The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. Disabled: The key rotation status does not change when you disable a KMS key. However,\n while the KMS key is disabled, KMS does not rotate the key material. Pending deletion: While a KMS key is pending deletion, its key rotation status is\n \n Cross-account use: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key\n ARN in the value of the \n Required permissions: kms:GetKeyRotationStatus (key policy) \n Related operations:\n \n DisableKeyRotation\n \n EnableKeyRotation\n Gets the rotation status for the specified KMS key. Specify the key ID or key ARN of the KMS key. To specify a KMS key in a\ndifferent Amazon Web Services account, you must use the key ARN. For example: Key ID: Key ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. Gets the rotation status for the specified KMS key. Specify the key ID or key ARN of the KMS key. To specify a KMS key in a\ndifferent Amazon Web Services account, you must use the key ARN. For example: Key ID: Key ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. Returns the items you need to import key material into a symmetric, customer managed\n KMS key. For more information about importing key material into KMS, see\n Importing Key\n Material in the Key Management Service Developer Guide. This operation returns a public key and an import token. Use the public key to encrypt the\n symmetric key material. Store the import token to send with a subsequent ImportKeyMaterial request. You must specify the key ID of the symmetric KMS key into which you will import key material.\n This KMS key's To import key material, you must use the public key and import token from the same\n response. These items are valid for 24 hours. The expiration date and time appear in the\n The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. \n Required permissions: kms:GetParametersForImport (key policy) \n Related operations:\n \n ImportKeyMaterial\n Returns the items you need to import key material into a symmetric, customer managed KMS\n key. For more information about importing key material into KMS, see Importing Key Material\n in the Key Management Service Developer Guide. This operation returns a public key and an import token. Use the public key to encrypt the\n symmetric key material. Store the import token to send with a subsequent ImportKeyMaterial request. You must specify the key ID of the symmetric KMS key into which you will import key\n material. This KMS key's To import key material, you must use the public key and import token from the same\n response. These items are valid for 24 hours. The expiration date and time appear in the\n The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. \n Required permissions: kms:GetParametersForImport (key policy) \n Related operations:\n \n ImportKeyMaterial\n The identifier of the symmetric KMS key into which you will import key material. The\n Specify the key ID or key ARN of the KMS key. For example: Key ID: Key ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. The identifier of the symmetric KMS key into which you will import key material. The\n Specify the key ID or key ARN of the KMS key. For example: Key ID: Key ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. The Amazon Resource Name (key ARN) of the KMS key to use in a subsequent ImportKeyMaterial\n request. This is the same KMS key specified in the The Amazon Resource Name (key ARN) of the KMS key to use in a subsequent ImportKeyMaterial request. This is the same KMS key specified in the Returns the public key of an asymmetric KMS key. Unlike the private key of a asymmetric KMS key,\n which never leaves KMS unencrypted, callers with You do not need to download the public key. Instead, you can use the public key within\n KMS by calling the Encrypt, ReEncrypt, or Verify operations with the identifier of an asymmetric KMS key. When you use the\n public key within KMS, you benefit from the authentication, authorization, and logging that\n are part of every KMS operation. You also reduce of risk of encrypting data that cannot be\n decrypted. These features are not effective outside of KMS. For details, see Special\n Considerations for Downloading Public Keys. To help you use the public key safely outside of KMS, \n KeySpec: The type of key material in the public key, such as\n \n KeyUsage: Whether the key is used for encryption or signing. \n EncryptionAlgorithms or SigningAlgorithms: A list of the encryption algorithms or the signing\n algorithms for the key. Although KMS cannot enforce these restrictions on external operations, it is crucial\n that you use this information to prevent the public key from being used improperly. For\n example, you can prevent a public signing key from being used encrypt data, or prevent a\n public key from being used with an encryption algorithm that is not supported by KMS. You\n can also avoid errors, such as using the wrong signing algorithm in a verification\n operation. The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the \n Required permissions: kms:GetPublicKey (key policy) \n Related operations: CreateKey\n Returns the public key of an asymmetric KMS key. Unlike the private key of a asymmetric\n KMS key, which never leaves KMS unencrypted, callers with You do not need to download the public key. Instead, you can use the public key within\n KMS by calling the Encrypt, ReEncrypt, or Verify operations with the identifier of an asymmetric KMS key. When you use the\n public key within KMS, you benefit from the authentication, authorization, and logging that\n are part of every KMS operation. You also reduce of risk of encrypting data that cannot be\n decrypted. These features are not effective outside of KMS. For details, see Special\n Considerations for Downloading Public Keys. To help you use the public key safely outside of KMS, \n KeySpec: The type of key material in the public key, such as\n \n KeyUsage: Whether the key is used for encryption or signing. \n EncryptionAlgorithms or SigningAlgorithms: A list of the encryption algorithms or the signing\n algorithms for the key. Although KMS cannot enforce these restrictions on external operations, it is crucial\n that you use this information to prevent the public key from being used improperly. For\n example, you can prevent a public signing key from being used encrypt data, or prevent a\n public key from being used with an encryption algorithm that is not supported by KMS. You\n can also avoid errors, such as using the wrong signing algorithm in a verification\n operation. The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use:\n Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the \n Required permissions: kms:GetPublicKey (key policy) \n Related operations: CreateKey\n The Amazon Resource Name (key ARN) of the asymmetric KMS key from which the public key was downloaded. The Amazon Resource Name (key ARN) of the asymmetric KMS key from which the public key was\n downloaded. Instead, use the The Instead, use the The Imports key material into an existing symmetric KMS KMS key that was\n created without key material. After you successfully import key material into a KMS key, you can\n reimport the same key material into that KMS key, but you cannot import different key\n material. You cannot perform this operation on an asymmetric KMS key or on any KMS key in a different Amazon Web Services account. For more information about creating KMS keys with no key material and\n then importing key material, see Importing Key Material in the\n Key Management Service Developer Guide. Before using this operation, call GetParametersForImport. Its response\n includes a public key and an import token. Use the public key to encrypt the key material.\n Then, submit the import token from the same When calling this operation, you must specify the following values: The key ID or key ARN of a KMS key with no key material. Its To create a KMS key with no key material, call CreateKey and set the\n value of its The encrypted key material. To get the public key to encrypt the key material, call\n GetParametersForImport. The import token that GetParametersForImport returned. You must use\n a public key and token from the same Whether the key material expires and if so, when. If you set an expiration date, KMS\n deletes the key material from the KMS key on the specified date, and the KMS key becomes unusable.\n To use the KMS key again, you must reimport the same key material. The only way to change an\n expiration date is by reimporting the same key material and specifying a new expiration\n date. When this operation is successful, the key state of the KMS key changes from\n If this operation fails, use the exception to help determine the problem. If the error is\n related to the key material, the import token, or wrapping key, use GetParametersForImport to get a new public key and import token for the KMS key and\n repeat the import procedure. For help, see How To Import Key\n Material in the Key Management Service Developer Guide. The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. \n Required permissions: kms:ImportKeyMaterial (key policy) \n Related operations:\n Imports key material into an existing symmetric KMS KMS key that was created without key\n material. After you successfully import key material into a KMS key, you can reimport\n the same key material into that KMS key, but you cannot import different key\n material. You cannot perform this operation on an asymmetric KMS key or on any KMS key in a different Amazon Web Services account. For more information about creating KMS keys with no key material\n and then importing key material, see Importing Key Material in the\n Key Management Service Developer Guide. Before using this operation, call GetParametersForImport. Its response\n includes a public key and an import token. Use the public key to encrypt the key material.\n Then, submit the import token from the same When calling this operation, you must specify the following values: The key ID or key ARN of a KMS key with no key material. Its To create a KMS key with no key material, call CreateKey and set the\n value of its The encrypted key material. To get the public key to encrypt the key material, call\n GetParametersForImport. The import token that GetParametersForImport returned. You must use\n a public key and token from the same Whether the key material expires and if so, when. If you set an expiration date, KMS\n deletes the key material from the KMS key on the specified date, and the KMS key becomes\n unusable. To use the KMS key again, you must reimport the same key material. The only way\n to change an expiration date is by reimporting the same key material and specifying a new\n expiration date. When this operation is successful, the key state of the KMS key changes from\n If this operation fails, use the exception to help determine the problem. If the error is\n related to the key material, the import token, or wrapping key, use GetParametersForImport to get a new public key and import token for the KMS key\n and repeat the import procedure. For help, see How To Import Key\n Material in the Key Management Service Developer Guide. The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. \n Required permissions: kms:ImportKeyMaterial (key policy) \n Related operations:\n The identifier of the symmetric KMS key that receives the imported key material. The KMS key's\n Specify the key ID or key ARN of the KMS key. For example: Key ID: Key ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. The identifier of the symmetric KMS key that receives the imported key material. The KMS\n key's Specify the key ID or key ARN of the KMS key. For example: Key ID: Key ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. The time at which the imported key material expires. When the key material expires, KMS\n deletes the key material and the KMS key becomes unusable. You must omit this parameter when the\n The time at which the imported key material expires. When the key material expires, KMS\n deletes the key material and the KMS key becomes unusable. You must omit this parameter when\n the The request was rejected because the specified KMS key cannot decrypt the data. The\n The request was rejected because the specified KMS key cannot decrypt the data. The\n The request was rejected for one of the following reasons: The The encryption algorithm or signing algorithm specified for the operation is\n incompatible with the type of key material in the KMS key\n For encrypting, decrypting, re-encrypting, and generating data keys, the\n To find the encryption or signing algorithms supported for a particular KMS key, use the DescribeKey operation. The request was rejected for one of the following reasons: The The encryption algorithm or signing algorithm specified for the operation is\n incompatible with the type of key material in the KMS key For encrypting, decrypting, re-encrypting, and generating data keys, the\n To find the encryption or signing algorithms supported for a particular KMS key, use the\n DescribeKey operation. The request was rejected because the state of the specified resource is not valid for this\n request. For more information about how key state affects the use of a KMS key, see Key state: Effect on your KMS key in the \n Key Management Service Developer Guide\n . The request was rejected because the state of the specified resource is not valid for this\n request. For more information about how key state affects the use of a KMS key, see Key state: Effect on your KMS\n key in the \n Key Management Service Developer Guide\n . The Amazon Resource Name (ARN) of the KMS key. For examples, see Key Management Service\n (KMS) in the Example ARNs section of the Amazon Web Services General\n Reference. The Amazon Resource Name (ARN) of the KMS key. For examples, see Key Management Service (KMS) in the Example ARNs section of the Amazon Web Services General\n Reference. Specifies whether the KMS key is enabled. When Specifies whether the KMS key is enabled. When The current status of the KMS key. For more information about how key state affects the use of a KMS key, see Key state: Effect on your KMS key\n in the Key Management Service Developer Guide. The current status of the KMS key. For more information about how key state affects the use of a KMS key, see Key state: Effect on your KMS\n key in the Key Management Service Developer Guide. The date and time after which KMS deletes this KMS key. This value is present only when the KMS key is scheduled for deletion, that is, when its When the primary key in a multi-Region key is scheduled for deletion but still has replica\n keys, its key state is The date and time after which KMS deletes this KMS key. This value is present only when\n the KMS key is scheduled for deletion, that is, when its When the primary key in a multi-Region key is scheduled for deletion but still has replica\n keys, its key state is The time at which the imported key material expires. When the key material expires, KMS\n deletes the key material and the KMS key becomes unusable. This value is present only for KMS keys\n whose The time at which the imported key material expires. When the key material expires, KMS\n deletes the key material and the KMS key becomes unusable. This value is present only for KMS\n keys whose The source of the key material for the KMS key. When this value is The source of the key material for the KMS key. When this value is A unique identifier for the custom key store that contains the KMS key. This value is present\n only when the KMS key is created in a custom key store. A unique identifier for the custom key store that contains the KMS key. This value is\n present only when the KMS key is created in a custom key store. The cluster ID of the CloudHSM cluster that contains the key material for the KMS key. When you\n create a KMS key in a custom key store, KMS creates the key material for the KMS key in the\n associated CloudHSM cluster. This value is present only when the KMS key is created in a custom key\n store. The cluster ID of the CloudHSM cluster that contains the key material for the KMS key. When\n you create a KMS key in a custom key store, KMS creates the key material for the KMS key in\n the associated CloudHSM cluster. This value is present only when the KMS key is created in a\n custom key store. The manager of the KMS key. KMS keys in your Amazon Web Services account are either customer managed or Amazon Web Services managed. For more information about the difference, see KMS keys in the\n Key Management Service Developer Guide. The manager of the KMS key. KMS keys in your Amazon Web Services account are either customer managed or\n Amazon Web Services managed. For more information about the difference, see KMS keys in the Key Management Service Developer Guide. Instead, use the The Instead, use the The The signing algorithms that the KMS key supports. You cannot use the KMS key with other signing\n algorithms within KMS. This field appears only when the The signing algorithms that the KMS key supports. You cannot use the KMS key with other\n signing algorithms within KMS. This field appears only when the Lists the primary and replica keys in same multi-Region key. This field is present only\n when the value of the For more information about any listed KMS key, use the DescribeKey\n operation. \n \n \n Lists the primary and replica keys in same multi-Region key. This field is present only\n when the value of the For more information about any listed KMS key, use the DescribeKey\n operation. \n \n \n The waiting period before the primary key in a multi-Region key is deleted. This waiting\n period begins when the last of its replica keys is deleted. This value is present only when\n the When a single-Region KMS key or a multi-Region replica key is scheduled for deletion, its\n deletion date is displayed in the The waiting period before the primary key in a multi-Region key is deleted. This waiting\n period begins when the last of its replica keys is deleted. This value is present only when\n the When a single-Region KMS key or a multi-Region replica key is scheduled for deletion, its\n deletion date is displayed in the The request was rejected because the specified KMS key was not available. You can retry the\n request. The request was rejected because the specified KMS key was not available. You can retry\n the request. Gets a list of aliases in the caller's Amazon Web Services account and region. For more information about\n aliases, see CreateAlias. By default, the The The response might also include aliases that have no \n Cross-account use: No. \n Required permissions: kms:ListAliases (IAM policy) For details, see Controlling access to aliases in the Key Management Service Developer Guide. \n Related operations:\n \n CreateAlias\n \n DeleteAlias\n \n UpdateAlias\n Gets a list of aliases in the caller's Amazon Web Services account and region. For more information\n about aliases, see CreateAlias. By default, the The The response might also include aliases that have no \n Cross-account use: No. \n Required permissions: kms:ListAliases (IAM policy) For details, see Controlling access to aliases in the\n Key Management Service Developer Guide. \n Related operations:\n \n CreateAlias\n \n DeleteAlias\n \n UpdateAlias\n Lists only aliases that are associated with the specified KMS key. Enter a KMS key in your Amazon Web Services account. This parameter is optional. If you omit it, Specify the key ID or key ARN of the KMS key. For example: Key ID: Key ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. Lists only aliases that are associated with the specified KMS key. Enter a KMS key in your\n Amazon Web Services account. This parameter is optional. If you omit it, Specify the key ID or key ARN of the KMS key. For example: Key ID: Key ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. Gets a list of all grants for the specified KMS key. You must specify the KMS key in all requests. You can filter the grant list by grant ID\n or grantee principal. For detailed information about grants, including grant terminology, see Using grants in the\n \n Key Management Service Developer Guide\n . For examples of working with grants in several\n programming languages, see Programming grants. The \n Cross-account use: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key\n ARN in the value of the \n Required permissions: kms:ListGrants (key policy) \n Related operations:\n \n CreateGrant\n \n ListRetirableGrants\n \n RetireGrant\n \n RevokeGrant\n Gets a list of all grants for the specified KMS key. You must specify the KMS key in all requests. You can filter the grant list by grant ID or\n grantee principal. For detailed information about grants, including grant terminology, see Using grants in the\n \n Key Management Service Developer Guide\n . For examples of working with grants in several\n programming languages, see Programming grants. The \n Cross-account use: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key\n ARN in the value of the \n Required permissions: kms:ListGrants (key policy) \n Related operations:\n \n CreateGrant\n \n ListRetirableGrants\n \n RetireGrant\n \n RevokeGrant\n Returns only grants for the specified KMS key. This parameter is\n required. Specify the key ID or key ARN of the KMS key. To specify a KMS key in a\ndifferent Amazon Web Services account, you must use the key ARN. For example: Key ID: Key ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. Returns only grants for the specified KMS key. This parameter is required. Specify the key ID or key ARN of the KMS key. To specify a KMS key in a\ndifferent Amazon Web Services account, you must use the key ARN. For example: Key ID: Key ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. Gets the names of the key policies that are attached to a KMS key. This\n operation is designed to get policy names that you can use in a GetKeyPolicy\n operation. However, the only valid policy name is \n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. \n Required permissions: kms:ListKeyPolicies (key policy) \n Related operations:\n \n GetKeyPolicy\n \n PutKeyPolicy\n Gets the names of the key policies that are attached to a KMS key. This operation is\n designed to get policy names that you can use in a GetKeyPolicy operation.\n However, the only valid policy name is \n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. \n Required permissions: kms:ListKeyPolicies (key policy) \n Related operations:\n \n GetKeyPolicy\n \n PutKeyPolicy\n Gets a list of all KMS keys in the caller's Amazon Web Services account and\n Region. \n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. \n Required permissions: kms:ListKeys (IAM policy) \n Related operations:\n \n CreateKey\n \n DescribeKey\n \n ListAliases\n \n ListResourceTags\n Gets a list of all KMS keys in the caller's Amazon Web Services account and Region. \n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. \n Required permissions: kms:ListKeys (IAM policy) \n Related operations:\n \n CreateKey\n \n DescribeKey\n \n ListAliases\n \n ListResourceTags\n Returns all tags on the specified KMS key. For general information about tags, including the format and syntax, see Tagging Amazon Web Services resources in\n the Amazon Web Services General Reference. For information about using\n tags in KMS, see Tagging\n keys. \n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. \n Required permissions: kms:ListResourceTags (key policy) \n Related operations:\n \n CreateKey\n \n ReplicateKey\n \n TagResource\n \n UntagResource\n Returns all tags on the specified KMS key. For general information about tags, including the format and syntax, see Tagging Amazon Web Services resources in\n the Amazon Web Services General Reference. For information about using\n tags in KMS, see Tagging\n keys. \n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. \n Required permissions: kms:ListResourceTags (key policy) \n Related operations:\n \n CreateKey\n \n ReplicateKey\n \n TagResource\n \n UntagResource\n Returns information about all grants in the Amazon Web Services account and Region that have the specified\n retiring principal. You can specify any principal in your Amazon Web Services account. The grants that are returned include\n grants for KMS keys in your Amazon Web Services account and other Amazon Web Services accounts. You might use this operation to\n determine which grants you may retire. To retire a grant, use the RetireGrant operation. For detailed information about grants, including grant terminology, see Using grants in the\n \n Key Management Service Developer Guide\n . For examples of working with grants in several\n programming languages, see Programming grants. \n Cross-account use: You must specify a principal in your\n Amazon Web Services account. However, this operation can return grants in any Amazon Web Services account. You do not need\n \n Required permissions: kms:ListRetirableGrants (IAM policy) in your Amazon Web Services account. \n Related operations:\n \n CreateGrant\n \n ListGrants\n \n RetireGrant\n \n RevokeGrant\n Returns information about all grants in the Amazon Web Services account and Region that have the\n specified retiring principal. You can specify any principal in your Amazon Web Services account. The grants that are returned include\n grants for KMS keys in your Amazon Web Services account and other Amazon Web Services accounts. You might use this\n operation to determine which grants you may retire. To retire a grant, use the RetireGrant operation. For detailed information about grants, including grant terminology, see Using grants in the\n \n Key Management Service Developer Guide\n . For examples of working with grants in several\n programming languages, see Programming grants. \n Cross-account use: You must specify a principal in your\n Amazon Web Services account. However, this operation can return grants in any Amazon Web Services account. You do not need\n \n Required permissions: kms:ListRetirableGrants (IAM policy) in your\n Amazon Web Services account. \n Related operations:\n \n CreateGrant\n \n ListGrants\n \n RetireGrant\n \n RevokeGrant\n The retiring principal for which to list grants. Enter a principal in your Amazon Web Services account. To specify the retiring principal, use the Amazon Resource Name (ARN) of an Amazon Web Services principal. Valid Amazon Web Services principals include Amazon Web Services accounts (root), IAM users, federated users, and\n assumed role users. For examples of the ARN syntax for specifying a principal, see Amazon Web Services Identity and Access Management (IAM) in the Example ARNs section of the\n Amazon Web Services General Reference. The retiring principal for which to list grants. Enter a principal in your\n Amazon Web Services account. To specify the retiring principal, use the Amazon Resource Name (ARN) of an\n Amazon Web Services principal. Valid Amazon Web Services principals include Amazon Web Services accounts (root), IAM users, federated\n users, and assumed role users. For examples of the ARN syntax for specifying a principal, see\n Amazon Web Services Identity and Access Management (IAM) in the Example ARNs section of the\n Amazon Web Services General Reference. Indicates whether the KMS key is a Indicates whether the KMS key is a Displays the key ARN and Region of the primary key. This field includes the current KMS key if\n it is the primary key. Displays the key ARN and Region of the primary key. This field includes the current KMS\n key if it is the primary key. displays the key ARNs and Regions of all replica keys. This field includes the current KMS key\n if it is a replica key. displays the key ARNs and Regions of all replica keys. This field includes the current KMS\n key if it is a replica key. Describes the configuration of this multi-Region key. This field appears only when the KMS key\n is a primary or replica of a multi-Region key. For more information about any listed KMS key, use the DescribeKey\n operation. Describes the configuration of this multi-Region key. This field appears only when the KMS\n key is a primary or replica of a multi-Region key. For more information about any listed KMS key, use the DescribeKey\n operation. Attaches a key policy to the specified KMS key. For more information about key policies, see Key Policies in the Key Management Service Developer Guide.\n For help writing and formatting a JSON policy document, see the IAM JSON Policy Reference in the \n Identity and Access Management User Guide\n . For examples of adding a key policy in multiple programming languages,\n see Setting a key policy in the Key Management Service Developer Guide. \n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. \n Required permissions: kms:PutKeyPolicy (key policy) \n Related operations: GetKeyPolicy\n Attaches a key policy to the specified KMS key. For more information about key policies, see Key Policies in the Key Management Service Developer Guide.\n For help writing and formatting a JSON policy document, see the IAM JSON Policy Reference in the \n Identity and Access Management User Guide\n . For examples of adding a key policy in multiple programming languages,\n see Setting a key policy in the Key Management Service Developer Guide. \n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. \n Required permissions: kms:PutKeyPolicy (key policy) \n Related operations: GetKeyPolicy\n The key policy to attach to the KMS key. The key policy must meet the following criteria: If you don't set Each statement in the key policy must contain one or more principals. The principals\n in the key policy must exist and be visible to KMS. When you create a new Amazon Web Services principal\n (for example, an IAM user or role), you might need to enforce a delay before including the\n new principal in a key policy because the new principal might not be immediately visible\n to KMS. For more information, see Changes that I make are not always immediately visible in the Amazon Web Services Identity and Access Management User Guide. The key policy cannot exceed 32 kilobytes (32768 bytes). For more information, see Resource Quotas in the\n Key Management Service Developer Guide. The key policy to attach to the KMS key. The key policy must meet the following criteria: If you don't set Each statement in the key policy must contain one or more principals. The principals\n in the key policy must exist and be visible to KMS. When you create a new Amazon Web Services\n principal (for example, an IAM user or role), you might need to enforce a delay before\n including the new principal in a key policy because the new principal might not be\n immediately visible to KMS. For more information, see Changes that I make are not always immediately visible in the Amazon Web Services\n Identity and Access Management User Guide. The key policy cannot exceed 32 kilobytes (32768 bytes). For more information, see Resource Quotas in the\n Key Management Service Developer Guide. A flag to indicate whether to bypass the key policy lockout safety check. Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not\n set this value to true indiscriminately. For more information, refer to the scenario in the Default Key Policy section in the Key Management Service Developer Guide. Use this parameter only when you intend to prevent the principal that is making the\n request from making a subsequent The default value is false. A flag to indicate whether to bypass the key policy lockout safety check. Setting this value to true increases the risk that the KMS key becomes unmanageable. Do\n not set this value to true indiscriminately. For more information, refer to the scenario in the Default Key Policy section in the Key Management Service Developer Guide. Use this parameter only when you intend to prevent the principal that is making the\n request from making a subsequent The default value is false. Decrypts ciphertext and then reencrypts it entirely within KMS. You can use this\n operation to change the KMS key under which data is encrypted, such as when\n you manually rotate a KMS key or change the KMS key that protects a ciphertext. You can also\n use it to reencrypt ciphertext under the same KMS key, such as to change the encryption\n context of a ciphertext. The When you use the If your ciphertext was encrypted under an asymmetric KMS key, you must use the\n If your ciphertext was encrypted under a symmetric KMS key, the To reencrypt the data, you must use the When you use an asymmetric KMS key to encrypt or reencrypt data, be sure to record the KMS key and encryption algorithm that you choose. You will be required to provide the same KMS key and encryption algorithm when you decrypt the data. If the KMS key and algorithm do not match the values used to encrypt the data, the decrypt operation fails. You are not required to supply the key ID and encryption algorithm when you decrypt with symmetric KMS keys because KMS stores this information in the ciphertext blob. KMS cannot store metadata in ciphertext generated with asymmetric keys. The standard format for asymmetric key ciphertext does not include configurable fields. The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use: Yes. The source KMS key and destination KMS key can be in different Amazon Web Services accounts. Either or both KMS keys can be in a different account than\n the caller. To specify a KMS key in a different account, you must use its key ARN or alias\n ARN. \n Required permissions: \n kms:ReEncryptFrom permission on the source KMS key (key policy) \n kms:ReEncryptTo permission on the destination KMS key (key policy) To permit reencryption from or to a KMS key, include the \n Related operations:\n \n Decrypt\n \n Encrypt\n \n GenerateDataKey\n \n GenerateDataKeyPair\n Decrypts ciphertext and then reencrypts it entirely within KMS. You can use this\n operation to change the KMS key under which data is encrypted, such as when you manually\n rotate a KMS key or change the KMS key that protects a ciphertext. You can also use\n it to reencrypt ciphertext under the same KMS key, such as to change the encryption\n context of a ciphertext. The When you use the If your ciphertext was encrypted under an asymmetric KMS key, you must use the\n If your ciphertext was encrypted under a symmetric KMS key, the\n To reencrypt the data, you must use the When you use an asymmetric KMS key to encrypt or reencrypt data, be sure to record the KMS key and encryption algorithm that you choose. You will be required to provide the same KMS key and encryption algorithm when you decrypt the data. If the KMS key and algorithm do not match the values used to encrypt the data, the decrypt operation fails. You are not required to supply the key ID and encryption algorithm when you decrypt with symmetric KMS keys because KMS stores this information in the ciphertext blob. KMS cannot store metadata in ciphertext generated with asymmetric keys. The standard format for asymmetric key ciphertext does not include configurable fields. The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use: Yes.\n The source KMS key and destination KMS key can be in different Amazon Web Services accounts. Either or both\n KMS keys can be in a different account than the caller. To specify a KMS key in a different\n account, you must use its key ARN or alias ARN. \n Required permissions: \n kms:ReEncryptFrom\n permission on the source KMS key (key policy) \n kms:ReEncryptTo\n permission on the destination KMS key (key policy) To permit reencryption from or to a KMS key, include the \n Related operations:\n \n Decrypt\n \n Encrypt\n \n GenerateDataKey\n \n GenerateDataKeyPair\n Specifies the KMS key that\n KMS will use to decrypt the ciphertext before it is re-encrypted. Enter a key ID of the KMS key\n that was used to encrypt the ciphertext. This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key.\n If you used a symmetric KMS key, KMS can get the KMS key from metadata that it adds to the\n symmetric ciphertext blob. However, it is always recommended as a best practice. This practice\n ensures that you use the KMS key that you intend. To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with For example: Key ID: Key ARN: Alias name: Alias ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases. Specifies the KMS key that KMS will use to decrypt the ciphertext before it is\n re-encrypted. Enter a key ID of the KMS key that was used to encrypt the ciphertext. This parameter is required only when the ciphertext was encrypted under an asymmetric KMS\n key. If you used a symmetric KMS key, KMS can get the KMS key from metadata that it adds to\n the symmetric ciphertext blob. However, it is always recommended as a best practice. This\n practice ensures that you use the KMS key that you intend. To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with For example: Key ID: Key ARN: Alias name: Alias ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases. A unique identifier for the KMS key that is used to reencrypt the data. Specify a symmetric or\n asymmetric KMS key with a To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with For example: Key ID: Key ARN: Alias name: Alias ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases. A unique identifier for the KMS key that is used to reencrypt the data. Specify a\n symmetric or asymmetric KMS key with a To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with For example: Key ID: Key ARN: Alias name: Alias ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases. Specifies that encryption context to use when the reencrypting the data. A destination encryption context is valid only when the destination KMS key is a symmetric KMS key. The standard ciphertext format for asymmetric KMS keys does not include fields for\n metadata. An encryption context is a collection of non-secret key-value pairs that represents additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is optional when encrypting with a symmetric KMS key, but it is highly recommended. For more information, see\n Encryption\n Context in the Key Management Service Developer Guide. Specifies that encryption context to use when the reencrypting the data. A destination encryption context is valid only when the destination KMS key is a symmetric\n KMS key. The standard ciphertext format for asymmetric KMS keys does not include fields for\n metadata. An encryption context is a collection of non-secret key-value pairs that represents additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is optional when encrypting with a symmetric KMS key, but it is highly recommended. For more information, see\n Encryption\n Context in the Key Management Service Developer Guide. Specifies the encryption algorithm that KMS will use to decrypt the ciphertext before it\n is reencrypted. The default value, Specify the same algorithm that was used to encrypt the ciphertext. If you specify a\n different algorithm, the decrypt attempt fails. This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. Specifies the encryption algorithm that KMS will use to decrypt the ciphertext before it\n is reencrypted. The default value, Specify the same algorithm that was used to encrypt the ciphertext. If you specify a\n different algorithm, the decrypt attempt fails. This parameter is required only when the ciphertext was encrypted under an asymmetric KMS\n key. Specifies the encryption algorithm that KMS will use to reecrypt the data after it has\n decrypted it. The default value, This parameter is required only when the destination KMS key is an asymmetric KMS key. Specifies the encryption algorithm that KMS will use to reecrypt the data after it has\n decrypted it. The default value, This parameter is required only when the destination KMS key is an asymmetric KMS\n key. Replicates a multi-Region key into the specified Region. This operation creates a\n multi-Region replica key based on a multi-Region primary key in a different Region of the same\n Amazon Web Services partition. You can create multiple replicas of a primary key, but each must be in a\n different Region. To create a multi-Region primary key, use the CreateKey\n operation. This operation supports multi-Region keys, an KMS feature that lets you create multiple\n interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key\n material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt\n it in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more information about multi-Region keys, see Using multi-Region keys in the Key Management Service Developer Guide. A replica key is a fully-functional KMS key that can be used\n independently of its primary and peer replica keys. A primary key and its replica keys share\n properties that make them interoperable. They have the same key ID and key material. They also\n have the same key\n spec, key\n usage, key\n material origin, and automatic key rotation status. KMS automatically synchronizes these shared\n properties among related multi-Region keys. All other properties of a replica key can differ,\n including its key\n policy, tags, aliases, and key\n state. KMS pricing and quotas for KMS keys apply to each primary key and replica\n key. When this operation completes, the new replica key has a transient key state of\n The CloudTrail log of a If you replicate a multi-Region primary key with imported key material, the replica key is\n created with no key material. You must import the same key material that you imported into the\n primary key. For details, see Importing key material into multi-Region keys in the Key Management Service Developer Guide. To convert a replica key to a primary key, use the UpdatePrimaryRegion\n operation. \n \n Cross-account use: No. You cannot use this operation to\n create a replica key in a different Amazon Web Services account. \n Required permissions: \n \n To use the \n Related operations\n \n CreateKey\n \n UpdatePrimaryRegion\n Replicates a multi-Region key into the specified Region. This operation creates a\n multi-Region replica key based on a multi-Region primary key in a different Region of the same\n Amazon Web Services partition. You can create multiple replicas of a primary key, but each must be in a\n different Region. To create a multi-Region primary key, use the CreateKey\n operation. This operation supports multi-Region keys, an KMS feature that lets you create multiple\n interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key\n material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt\n it in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more information about multi-Region keys, see Using multi-Region keys in the Key Management Service Developer Guide. A replica key is a fully-functional KMS key that can be used\n independently of its primary and peer replica keys. A primary key and its replica keys share\n properties that make them interoperable. They have the same key ID and key material. They also\n have the same key\n spec, key\n usage, key\n material origin, and automatic key rotation status. KMS automatically synchronizes these shared\n properties among related multi-Region keys. All other properties of a replica key can differ,\n including its key\n policy, tags, aliases, and key\n state. KMS pricing and quotas for KMS keys apply to each primary key and replica\n key. When this operation completes, the new replica key has a transient key state of\n The CloudTrail log of a If you replicate a multi-Region primary key with imported key material, the replica key is\n created with no key material. You must import the same key material that you imported into the\n primary key. For details, see Importing key material into multi-Region keys in the Key Management Service Developer Guide. To convert a replica key to a primary key, use the UpdatePrimaryRegion\n operation. \n \n Cross-account use: No. You cannot use this operation to\n create a replica key in a different Amazon Web Services account. \n Required permissions: \n \n To use the \n Related operations\n \n CreateKey\n \n UpdatePrimaryRegion\n Identifies the multi-Region primary key that is being replicated. To determine whether a KMS key is a multi-Region primary key, use the DescribeKey operation to check\n the value of the Specify the key ID or key ARN of a multi-Region primary key. For example: Key ID: Key ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. Identifies the multi-Region primary key that is being replicated. To determine whether a\n KMS key is a multi-Region primary key, use the DescribeKey operation to\n check the value of the Specify the key ID or key ARN of a multi-Region primary key. For example: Key ID: Key ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. The key policy to attach to the KMS key. This parameter is optional. If you do not provide a key policy, KMS attaches the default key policy to the KMS key. The key policy is not a shared property of multi-Region keys. You can specify the same key\n policy or a different key policy for each key in a set of related multi-Region keys. KMS\n does not synchronize this property. If you provide a key policy, it must meet the following criteria: If you don't set Each statement in the key policy must contain one or more principals. The principals\n in the key policy must exist and be visible to KMS. When you create a new Amazon Web Services principal\n (for example, an IAM user or role), you might need to enforce a delay before including the\n new principal in a key policy because the new principal might not be immediately visible\n to KMS. For more information, see Changes that I make are not always immediately visible in the \n Identity and Access Management User Guide\n . The key policy size quota is 32 kilobytes (32768 bytes). The key policy to attach to the KMS key. This parameter is optional. If you do not provide\n a key policy, KMS attaches the default key policy to the\n KMS key. The key policy is not a shared property of multi-Region keys. You can specify the same key\n policy or a different key policy for each key in a set of related multi-Region keys. KMS\n does not synchronize this property. If you provide a key policy, it must meet the following criteria: If you don't set Each statement in the key policy must contain one or more principals. The principals\n in the key policy must exist and be visible to KMS. When you create a new Amazon Web Services\n principal (for example, an IAM user or role), you might need to enforce a delay before\n including the new principal in a key policy because the new principal might not be\n immediately visible to KMS. For more information, see Changes that I make are not always immediately visible in the\n \n Identity and Access Management User Guide\n . The key policy size quota is 32 kilobytes (32768 bytes). A flag to indicate whether to bypass the key policy lockout safety check. Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not\n set this value to true indiscriminately. For more information, refer to the scenario in the Default Key Policy section in the Key Management Service Developer Guide. Use this parameter only when you intend to prevent the principal that is making the\n request from making a subsequent The default value is false. A flag to indicate whether to bypass the key policy lockout safety check. Setting this value to true increases the risk that the KMS key becomes unmanageable. Do\n not set this value to true indiscriminately. For more information, refer to the scenario in the Default Key Policy section in the Key Management Service Developer Guide. Use this parameter only when you intend to prevent the principal that is making the\n request from making a subsequent The default value is false. A description of the KMS key. The default value is an empty string (no description). The description is not a shared property of multi-Region keys. You can specify the same\n description or a different description for each key in a set of related multi-Region keys. KMS does not synchronize this property. A description of the KMS key. The default value is an empty string (no\n description). The description is not a shared property of multi-Region keys. You can specify the same\n description or a different description for each key in a set of related multi-Region keys.\n KMS does not synchronize this property. Assigns one or more tags to the replica key. Use this parameter to tag the KMS key when it is created.\n To tag an existing KMS key, use the TagResource operation. Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see Using ABAC in KMS in the Key Management Service Developer Guide. To use this parameter, you must have kms:TagResource permission in an IAM policy. Tags are not a shared property of multi-Region keys. You can specify the same tags or\n different tags for each key in a set of related multi-Region keys. KMS does not\n synchronize this property. Each tag consists of a tag key and a tag value. Both the tag key and the tag value are\n required, but the tag value can be an empty (null) string. You cannot have more than one tag\n on a KMS key with the same tag key. If you specify an existing tag key with a different tag value,\n KMS replaces the current tag value with the specified one. When you add tags to an Amazon Web Services resource, Amazon Web Services generates a cost allocation\n report with usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For details,\n see Tagging Keys. Assigns one or more tags to the replica key. Use this parameter to tag the KMS key when it\n is created. To tag an existing KMS key, use the TagResource\n operation. Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see Using ABAC in KMS in the Key Management Service Developer Guide. To use this parameter, you must have kms:TagResource permission in an IAM policy. Tags are not a shared property of multi-Region keys. You can specify the same tags or\n different tags for each key in a set of related multi-Region keys. KMS does not synchronize\n this property. Each tag consists of a tag key and a tag value. Both the tag key and the tag value are\n required, but the tag value can be an empty (null) string. You cannot have more than one tag\n on a KMS key with the same tag key. If you specify an existing tag key with a different tag\n value, KMS replaces the current tag value with the specified one. When you add tags to an Amazon Web Services resource, Amazon Web Services generates a cost allocation\n report with usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For details,\n see Tagging Keys. Displays details about the new replica key, including its Amazon Resource Name (key\n ARN) and key state. It also includes the ARN and Amazon Web Services Region of its primary key and other\n replica keys. Displays details about the new replica key, including its Amazon Resource Name (key ARN) and\n key state. It also\n includes the ARN and Amazon Web Services Region of its primary key and other replica keys. Deletes a grant. Typically, you retire a grant when you no longer need its permissions. To\n identify the grant to retire, use a grant token, or both the grant ID and a\n key identifier (key ID or key ARN) of the KMS key. The CreateGrant operation returns both values. This operation can be called by the retiring principal for a grant,\n by the grantee principal if the grant allows the For detailed information about grants, including grant terminology, see Using grants in the\n \n Key Management Service Developer Guide\n . For examples of working with grants in several\n programming languages, see Programming grants. \n Cross-account use: Yes. You can retire a grant on a KMS key\n in a different Amazon Web Services account. \n Required permissions::Permission to retire a grant is\n determined primarily by the grant. For details, see Retiring and revoking grants in the Key Management Service Developer Guide. \n Related operations:\n \n CreateGrant\n \n ListGrants\n \n ListRetirableGrants\n \n RevokeGrant\n Deletes a grant. Typically, you retire a grant when you no longer need its permissions. To\n identify the grant to retire, use a grant token, or both the grant ID and a\n key identifier (key ID or key ARN) of the KMS key. The CreateGrant operation\n returns both values. This operation can be called by the retiring principal for a grant,\n by the grantee principal if the grant allows the For detailed information about grants, including grant terminology, see Using grants in the\n \n Key Management Service Developer Guide\n . For examples of working with grants in several\n programming languages, see Programming grants. \n Cross-account use: Yes. You can retire a grant on a KMS\n key in a different Amazon Web Services account. \n Required permissions::Permission to retire a grant is\n determined primarily by the grant. For details, see Retiring and revoking grants in\n the Key Management Service Developer Guide. \n Related operations:\n \n CreateGrant\n \n ListGrants\n \n ListRetirableGrants\n \n RevokeGrant\n Identifies the grant to be retired. You can use a grant token to identify a new grant even\n before it has achieved eventual consistency. Only the CreateGrant operation returns a grant token. For details, see\n Grant token\n and Eventual consistency in the Key Management Service Developer Guide. Identifies the grant to be retired. You can use a grant token to identify a new grant even\n before it has achieved eventual consistency. Only the CreateGrant operation returns a grant token. For details, see\n Grant token\n and Eventual consistency in the Key Management Service Developer Guide. Identifies the grant to retire. To get the grant ID, use CreateGrant,\n ListGrants, or ListRetirableGrants. Grant ID Example -\n 0123456789012345678901234567890123456789012345678901234567890123 Identifies the grant to retire. To get the grant ID, use CreateGrant,\n ListGrants, or ListRetirableGrants. Grant ID Example -\n 0123456789012345678901234567890123456789012345678901234567890123 Deletes the specified grant. You revoke a grant to terminate the permissions that the\n grant allows. For more\n information, see Retiring and revoking grants in\n the \n Key Management Service Developer Guide\n . When you create, retire, or revoke a grant, there might be a brief delay, usually less than five minutes, until the grant is available throughout KMS. This state is known as eventual consistency. For details, see Eventual consistency in\n the \n Key Management Service Developer Guide\n . For detailed information about grants, including grant terminology, see Using grants in the\n \n Key Management Service Developer Guide\n . For examples of working with grants in several\n programming languages, see Programming grants. \n Cross-account use: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key\n ARN in the value of the \n Required permissions: kms:RevokeGrant (key policy). \n Related operations:\n \n CreateGrant\n \n ListGrants\n \n ListRetirableGrants\n \n RetireGrant\n Deletes the specified grant. You revoke a grant to terminate the permissions that the\n grant allows. For more information, see Retiring and revoking grants in\n the \n Key Management Service Developer Guide\n . When you create, retire, or revoke a grant, there might be a brief delay, usually less than five minutes, until the grant is available throughout KMS. This state is known as eventual consistency. For details, see Eventual consistency in\n the \n Key Management Service Developer Guide\n . For detailed information about grants, including grant terminology, see Using grants in the\n \n Key Management Service Developer Guide\n . For examples of working with grants in several\n programming languages, see Programming grants. \n Cross-account use: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key\n ARN in the value of the \n Required permissions: kms:RevokeGrant (key policy). \n Related operations:\n \n CreateGrant\n \n ListGrants\n \n ListRetirableGrants\n \n RetireGrant\n A unique identifier for the KMS key associated with the grant. To get\n the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. Specify the key ID or key ARN of the KMS key. To specify a KMS key in a\ndifferent Amazon Web Services account, you must use the key ARN. For example: Key ID: Key ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. A unique identifier for the KMS key associated with the grant. To get the key ID and key\n ARN for a KMS key, use ListKeys or DescribeKey. Specify the key ID or key ARN of the KMS key. To specify a KMS key in a\ndifferent Amazon Web Services account, you must use the key ARN. For example: Key ID: Key ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. Identifies the grant to revoke. To get the grant ID, use CreateGrant,\n ListGrants, or ListRetirableGrants. Identifies the grant to revoke. To get the grant ID, use CreateGrant,\n ListGrants, or ListRetirableGrants. Schedules the deletion of a KMS key. By default, KMS applies a waiting\n period of 30 days, but you can specify a waiting period of 7-30 days. When this operation is\n successful, the key state of the KMS key changes to Deleting a KMS key is a destructive and potentially dangerous operation. When a KMS key is\n deleted, all data that was encrypted under the KMS key is unrecoverable. (The only exception is\n a multi-Region replica key.) To prevent the use of a KMS key without deleting it, use DisableKey. If you schedule deletion of a KMS key from a custom key store, when the waiting period\n expires, You can schedule the deletion of a multi-Region primary key and its replica keys at any\n time. However, KMS will not delete a multi-Region primary key with existing replica keys. If\n you schedule the deletion of a primary key with replicas, its key state changes to\n For more information about scheduling a KMS key for deletion, see Deleting KMS keys in the\n Key Management Service Developer Guide. The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. \n Required permissions: kms:ScheduleKeyDeletion (key policy) \n Related operations\n \n CancelKeyDeletion\n \n DisableKey\n Schedules the deletion of a KMS key. By default, KMS applies a waiting period of 30\n days, but you can specify a waiting period of 7-30 days. When this operation is successful,\n the key state of the KMS key changes to Deleting a KMS key is a destructive and potentially dangerous operation. When a KMS key\n is deleted, all data that was encrypted under the KMS key is unrecoverable. (The only\n exception is a multi-Region replica key.) To prevent the use of a KMS key without deleting\n it, use DisableKey. If you schedule deletion of a KMS key from a custom key store, when the waiting period\n expires, You can schedule the deletion of a multi-Region primary key and its replica keys at any\n time. However, KMS will not delete a multi-Region primary key with existing replica keys. If\n you schedule the deletion of a primary key with replicas, its key state changes to\n For more information about scheduling a KMS key for deletion, see Deleting KMS keys in the\n Key Management Service Developer Guide. The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account\n use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. \n Required permissions: kms:ScheduleKeyDeletion (key\n policy) \n Related operations\n \n CancelKeyDeletion\n \n DisableKey\n The unique identifier of the KMS key to delete. Specify the key ID or key ARN of the KMS key. For example: Key ID: Key ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. The unique identifier of the KMS key to delete. Specify the key ID or key ARN of the KMS key. For example: Key ID: Key ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. The waiting period, specified in number of days. After the waiting period ends, KMS\n deletes the KMS key. If the KMS key is a multi-Region primary key with replicas, the waiting period begins when the\n last of its replica keys is deleted. Otherwise, the waiting period begins immediately. This value is optional. If you include a value, it must be between 7 and 30, inclusive. If\n you do not include a value, it defaults to 30. The waiting period, specified in number of days. After the waiting period ends, KMS\n deletes the KMS key. If the KMS key is a multi-Region primary key with replicas, the waiting period begins when\n the last of its replica keys is deleted. Otherwise, the waiting period begins\n immediately. This value is optional. If you include a value, it must be between 7 and 30, inclusive. If\n you do not include a value, it defaults to 30. The date and time after which KMS deletes the KMS key. If the KMS key is a multi-Region primary key with replica keys, this field does not appear.\n The deletion date for the primary key isn't known until its last replica key is\n deleted. The date and time after which KMS deletes the KMS key. If the KMS key is a multi-Region primary key with replica keys, this field does not\n appear. The deletion date for the primary key isn't known until its last replica key is\n deleted. The current status of the KMS key. For more information about how key state affects the use of a KMS key, see Key state: Effect on your KMS key\n in the Key Management Service Developer Guide. The current status of the KMS key. For more information about how key state affects the use of a KMS key, see Key state: Effect on your KMS\n key in the Key Management Service Developer Guide. The waiting period before the KMS key is deleted. If the KMS key is a multi-Region primary key with replicas, the waiting period begins when the\n last of its replica keys is deleted. Otherwise, the waiting period begins immediately. The waiting period before the KMS key is deleted. If the KMS key is a multi-Region primary key with replicas, the waiting period begins when\n the last of its replica keys is deleted. Otherwise, the waiting period begins\n immediately. Creates a digital\n signature for a message or message digest by using the private key in an asymmetric KMS key. To verify the signature, use the Verify operation, or use the public\n key in the same asymmetric KMS key outside of KMS. For information about symmetric and asymmetric KMS keys, see Using Symmetric and Asymmetric KMS keys in the Key Management Service Developer Guide. Digital signatures are generated and verified by using asymmetric key pair, such as an RSA\n or ECC pair that is represented by an asymmetric KMS key. The key owner (or\n an authorized user) uses their private key to sign a message. Anyone with the public key can\n verify that the message was signed with that particular private key and that the message\n hasn't changed since it was signed. To use the Use the Use the Choose a signing algorithm that is compatible with the KMS key. When signing a message, be sure to record the KMS key and the signing algorithm. This\n information is required to verify the signature. To verify the signature that this operation generates, use the Verify\n operation. Or use the GetPublicKey operation to download the public key and\n then use the public key to verify the signature outside of KMS. The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the \n Required permissions: kms:Sign (key policy) \n Related operations: Verify\n Creates a digital\n signature for a message or message digest by using the private key in an asymmetric\n KMS key. To verify the signature, use the Verify operation, or use the\n public key in the same asymmetric KMS key outside of KMS. For information about symmetric and asymmetric KMS keys, see Using Symmetric and Asymmetric KMS keys in the Key Management Service Developer Guide. Digital signatures are generated and verified by using asymmetric key pair, such as an RSA\n or ECC pair that is represented by an asymmetric KMS key. The key owner (or an authorized\n user) uses their private key to sign a message. Anyone with the public key can verify that the\n message was signed with that particular private key and that the message hasn't changed since\n it was signed. To use the Use the Use the Choose a signing algorithm that is compatible with the KMS key. When signing a message, be sure to record the KMS key and the signing algorithm. This\n information is required to verify the signature. To verify the signature that this operation generates, use the Verify\n operation. Or use the GetPublicKey operation to download the public key and\n then use the public key to verify the signature outside of KMS. The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the \n Required permissions: kms:Sign (key policy) \n Related operations: Verify\n Identifies an asymmetric KMS key. KMS uses the private key in the asymmetric KMS key to sign the\n message. The To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with For example: Key ID: Key ARN: Alias name: Alias ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases. Identifies an asymmetric KMS key. KMS uses the private key in the asymmetric KMS key to\n sign the message. The To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with For example: Key ID: Key ARN: Alias name: Alias ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases. Specifies the signing algorithm to use when signing the message. Choose an algorithm that is compatible with the type and size of the specified asymmetric KMS key. Specifies the signing algorithm to use when signing the message. Choose an algorithm that is compatible with the type and size of the specified asymmetric\n KMS key. A key-value pair. A tag consists of a tag key and a tag value. Tag keys and tag values are\n both required, but tag values can be empty (null) strings. For information about the rules that apply to tag keys and tag values, see User-Defined Tag Restrictions in the Amazon Web Services Billing and Cost Management User\n Guide. A key-value pair. A tag consists of a tag key and a tag value. Tag keys and tag values are\n both required, but tag values can be empty (null) strings. For information about the rules that apply to tag keys and tag values, see User-Defined Tag Restrictions in the Amazon Web Services Billing and Cost Management\n User Guide. Adds or edits tags on a customer managed key. Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see Using ABAC in KMS in the Key Management Service Developer Guide. Each tag consists of a tag key and a tag value, both of which are case-sensitive strings.\n The tag value can be an empty (null) string. To add a tag, specify a new tag key and a tag\n value. To edit a tag, specify an existing tag key and a new tag value. You can use this operation to tag a customer managed key, but you cannot\n tag an Amazon Web Services managed key, an Amazon Web Services owned key, a custom key store, or\n an alias. You can also add tags to a KMS key while creating it (CreateKey) or replicating it (ReplicateKey). For information about using tags in KMS, see Tagging keys. For general information about\n tags, including the format and syntax, see Tagging Amazon Web Services resources in the Amazon\n Web Services General Reference. The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. \n Required permissions: kms:TagResource (key policy) \n Related operations\n \n CreateKey\n \n ListResourceTags\n \n ReplicateKey\n \n UntagResource\n Adds or edits tags on a customer managed key. Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see Using ABAC in KMS in the Key Management Service Developer Guide. Each tag consists of a tag key and a tag value, both of which are case-sensitive strings.\n The tag value can be an empty (null) string. To add a tag, specify a new tag key and a tag\n value. To edit a tag, specify an existing tag key and a new tag value. You can use this operation to tag a customer managed key, but you cannot\n tag an Amazon Web Services\n managed key, an Amazon Web Services owned key, a custom key\n store, or an alias. You can also add tags to a KMS key while creating it (CreateKey) or\n replicating it (ReplicateKey). For information about using tags in KMS, see Tagging keys. For general information about\n tags, including the format and syntax, see Tagging Amazon Web Services resources in the Amazon\n Web Services General Reference. The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. \n Required permissions: kms:TagResource (key policy) \n Related operations\n \n CreateKey\n \n ListResourceTags\n \n ReplicateKey\n \n UntagResource\n Key Management Service (KMS) is an encryption and key management web service. This guide describes\n the KMS operations that you can call programmatically. For general information about KMS,\n see the \n Key Management Service Developer Guide\n . KMS is replacing the term customer master key (CMK) with KMS key and KMS key. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term. Amazon Web Services provides SDKs that consist of libraries and sample code for various programming\n languages and platforms (Java, Ruby, .Net, macOS, Android, etc.). The SDKs provide a\n convenient way to create programmatic access to KMS and other Amazon Web Services services. For example,\n the SDKs take care of tasks such as signing requests (see below), managing errors, and\n retrying requests automatically. For more information about the Amazon Web Services SDKs, including how to\n download and install them, see Tools for Amazon Web\n Services. We recommend that you use the Amazon Web Services SDKs to make programmatic API calls to KMS. Clients must support TLS (Transport Layer Security) 1.0. We recommend TLS 1.2. Clients\n must also support cipher suites with Perfect Forward Secrecy (PFS) such as Ephemeral\n Diffie-Hellman (DHE) or Elliptic Curve Ephemeral Diffie-Hellman (ECDHE). Most modern systems\n such as Java 7 and later support these modes. \n Signing Requests\n Requests must be signed by using an access key ID and a secret access key. We strongly\n recommend that you do not use your Amazon Web Services account (root) access key ID and\n secret key for everyday work with KMS. Instead, use the access key ID and secret access key\n for an IAM user. You can also use the Amazon Web Services Security Token Service to generate temporary\n security credentials that you can use to sign requests. All KMS operations require Signature Version 4. \n Logging API Requests\n KMS supports CloudTrail, a service that logs Amazon Web Services API calls and related events for your Amazon Web Services account and delivers them to an Amazon S3 bucket that you specify. By using the information\n collected by CloudTrail, you can determine what requests were made to KMS, who made the request,\n when it was made, and so on. To learn more about CloudTrail, including how to turn it on and find\n your log files, see the CloudTrail User Guide. \n Additional Resources\n For more information about credentials and request signing, see the following: \n Amazon Web Services Security\n Credentials - This topic provides general information about the types of\n credentials used to access Amazon Web Services. \n Temporary\n Security Credentials - This section of the IAM User Guide\n describes how to create and use temporary security credentials. \n Signature Version\n 4 Signing Process - This set of topics walks you through the process of signing\n a request using an access key ID and a secret access key. \n Commonly Used API Operations\n Of the API operations discussed in this guide, the following will prove the most useful\n for most applications. You will likely perform operations other than these, such as creating\n keys and assigning policies, by using the console. \n Encrypt\n \n Decrypt\n \n GenerateDataKey\n Key Management Service (KMS) is an encryption and key management web service. This guide describes\n the KMS operations that you can call programmatically. For general information about KMS,\n see the \n Key Management Service Developer Guide\n . KMS is replacing the term customer master key (CMK) with KMS key and KMS key. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term. Amazon Web Services provides SDKs that consist of libraries and sample code for various programming\n languages and platforms (Java, Ruby, .Net, macOS, Android, etc.). The SDKs provide a\n convenient way to create programmatic access to KMS and other Amazon Web Services services. For example,\n the SDKs take care of tasks such as signing requests (see below), managing errors, and\n retrying requests automatically. For more information about the Amazon Web Services SDKs, including how to\n download and install them, see Tools for Amazon Web\n Services. We recommend that you use the Amazon Web Services SDKs to make programmatic API calls to KMS. Clients must support TLS (Transport Layer Security) 1.0. We recommend TLS 1.2. Clients\n must also support cipher suites with Perfect Forward Secrecy (PFS) such as Ephemeral\n Diffie-Hellman (DHE) or Elliptic Curve Ephemeral Diffie-Hellman (ECDHE). Most modern systems\n such as Java 7 and later support these modes. \n Signing Requests\n Requests must be signed by using an access key ID and a secret access key. We strongly\n recommend that you do not use your Amazon Web Services account (root) access key ID and\n secret key for everyday work with KMS. Instead, use the access key ID and secret access key\n for an IAM user. You can also use the Amazon Web Services Security Token Service to generate temporary\n security credentials that you can use to sign requests. All KMS operations require Signature Version 4. \n Logging API Requests\n KMS supports CloudTrail, a service that logs Amazon Web Services API calls and related events for your\n Amazon Web Services account and delivers them to an Amazon S3 bucket that you specify. By using the\n information collected by CloudTrail, you can determine what requests were made to KMS, who made\n the request, when it was made, and so on. To learn more about CloudTrail, including how to turn it\n on and find your log files, see the CloudTrail User Guide. \n Additional Resources\n For more information about credentials and request signing, see the following: \n Amazon Web Services\n Security Credentials - This topic provides general information about the types\n of credentials used to access Amazon Web Services. \n Temporary\n Security Credentials - This section of the IAM User Guide\n describes how to create and use temporary security credentials. \n Signature Version\n 4 Signing Process - This set of topics walks you through the process of signing\n a request using an access key ID and a secret access key. \n Commonly Used API Operations\n Of the API operations discussed in this guide, the following will prove the most useful\n for most applications. You will likely perform operations other than these, such as creating\n keys and assigning policies, by using the console. \n Encrypt\n \n Decrypt\n \n GenerateDataKey\n Deletes tags from a customer managed key. To delete a tag,\n specify the tag key and the KMS key. Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see Using ABAC in KMS in the Key Management Service Developer Guide. When it succeeds, the For information about using tags in KMS, see Tagging keys. For general information about\n tags, including the format and syntax, see Tagging Amazon Web Services resources in the Amazon\n Web Services General Reference. The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. \n Required permissions: kms:UntagResource (key policy) \n Related operations\n \n CreateKey\n \n ListResourceTags\n \n ReplicateKey\n \n TagResource\n Deletes tags from a customer managed key. To delete a tag,\n specify the tag key and the KMS key. Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see Using ABAC in KMS in the Key Management Service Developer Guide. When it succeeds, the For information about using tags in KMS, see Tagging keys. For general information about\n tags, including the format and syntax, see Tagging Amazon Web Services resources in the Amazon\n Web Services General Reference. The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. \n Required permissions: kms:UntagResource (key policy) \n Related operations\n \n CreateKey\n \n ListResourceTags\n \n ReplicateKey\n \n TagResource\n Associates an existing KMS alias with a different KMS key. Each alias\n is associated with only one KMS key at a time, although a KMS key can have multiple aliases. The alias\n and the KMS key must be in the same Amazon Web Services account and Region. Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see Using ABAC in KMS in the Key Management Service Developer Guide. The current and new KMS key must be the same type (both symmetric or both asymmetric), and\n they must have the same key usage ( You cannot use Because an alias is not a property of a KMS key, you can create, update, and delete the\n aliases of a KMS key without affecting the KMS key. Also, aliases do not appear in the response from\n the DescribeKey operation. To get the aliases of all KMS keys in the account,\n use the ListAliases operation. The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. \n Required permissions\n \n kms:UpdateAlias on the alias (IAM policy). \n kms:UpdateAlias on the current KMS key (key policy). \n kms:UpdateAlias on the new KMS key (key policy). For details, see Controlling access to aliases in the Key Management Service Developer Guide. \n Related operations:\n \n CreateAlias\n \n DeleteAlias\n \n ListAliases\n Associates an existing KMS alias with a different KMS key. Each alias is associated with\n only one KMS key at a time, although a KMS key can have multiple aliases. The alias and the\n KMS key must be in the same Amazon Web Services account and Region. Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see Using ABAC in KMS in the Key Management Service Developer Guide. The current and new KMS key must be the same type (both symmetric or both asymmetric), and\n they must have the same key usage ( You cannot use Because an alias is not a property of a KMS key, you can create, update, and delete the\n aliases of a KMS key without affecting the KMS key. Also, aliases do not appear in the\n response from the DescribeKey operation. To get the aliases of all KMS keys\n in the account, use the ListAliases operation. The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. \n Required permissions\n \n kms:UpdateAlias on\n the alias (IAM policy). \n kms:UpdateAlias on\n the current KMS key (key policy). \n kms:UpdateAlias on\n the new KMS key (key policy). For details, see Controlling access to aliases in the\n Key Management Service Developer Guide. \n Related operations:\n \n CreateAlias\n \n DeleteAlias\n \n ListAliases\n Identifies the customer managed key to associate with the alias. You don't have permission\n to associate an alias with an Amazon Web Services managed key. The KMS key must be in the same Amazon Web Services account and Region as the alias. Also, the new target KMS key\n must be the same type as the current target KMS key (both symmetric or both asymmetric) and they\n must have the same key usage. Specify the key ID or key ARN of the KMS key. For example: Key ID: Key ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To verify that the alias\n is mapped to the correct KMS key, use ListAliases. Identifies the customer managed key to associate with the alias. You don't have permission to\n associate an alias with an Amazon Web Services managed key. The KMS key must be in the same Amazon Web Services account and Region as the alias. Also, the new\n target KMS key must be the same type as the current target KMS key (both symmetric or both\n asymmetric) and they must have the same key usage. Specify the key ID or key ARN of the KMS key. For example: Key ID: Key ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To\n verify that the alias is mapped to the correct KMS key, use ListAliases. Changes the properties of a custom key store. Use the You can only update a custom key store that is disconnected. To disconnect the custom key\n store, use DisconnectCustomKeyStore. To reconnect the custom key store after\n the update completes, use ConnectCustomKeyStore. To find the connection\n state of a custom key store, use the DescribeCustomKeyStores\n operation. Use the parameters of Use the NewCustomKeyStoreName parameter to change the\n friendly name of the custom key store to the value that you specify. Use the KeyStorePassword parameter tell KMS the\n current password of the \n Use the CloudHsmClusterId parameter to associate the\n custom key store with a different, but related, CloudHSM cluster. You can use this parameter\n to repair a custom key store if its CloudHSM cluster becomes corrupted or is deleted, or when\n you need to create or restore a cluster from a backup. If the operation succeeds, it returns a JSON object with no\nproperties. This operation is part of the Custom Key Store feature feature in KMS, which\ncombines the convenience and extensive integration of KMS with the isolation and control of a\nsingle-tenant key store. \n Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account. \n Required permissions: kms:UpdateCustomKeyStore (IAM policy) \n Related operations:\n \n CreateCustomKeyStore\n \n DeleteCustomKeyStore\n Changes the properties of a custom key store. Use the You can only update a custom key store that is disconnected. To disconnect the custom key\n store, use DisconnectCustomKeyStore. To reconnect the custom key store after\n the update completes, use ConnectCustomKeyStore. To find the connection\n state of a custom key store, use the DescribeCustomKeyStores\n operation. The Use the Use the Use the If the operation succeeds, it returns a JSON object with no\nproperties. This operation is part of the Custom Key Store feature feature in KMS, which\ncombines the convenience and extensive integration of KMS with the isolation and control of a\nsingle-tenant key store. \n Cross-account\n use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account. \n Required permissions: kms:UpdateCustomKeyStore (IAM policy) \n Related operations:\n \n CreateCustomKeyStore\n \n DeleteCustomKeyStore\n Updates the description of a KMS key. To see the description of a KMS key,\n use DescribeKey. The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. \n Required permissions: kms:UpdateKeyDescription (key policy) \n Related operations\n \n CreateKey\n \n DescribeKey\n Updates the description of a KMS key. To see the description of a KMS key, use DescribeKey. The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account\n use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. \n Required permissions: kms:UpdateKeyDescription (key policy) \n Related operations\n \n CreateKey\n \n DescribeKey\n Updates the description of the specified KMS key. Specify the key ID or key ARN of the KMS key. For example: Key ID: Key ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. Updates the description of the specified KMS key. Specify the key ID or key ARN of the KMS key. For example: Key ID: Key ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. Changes the primary key of a multi-Region key. This operation changes the replica key in the specified Region to a primary key and\n changes the former primary key to a replica key. For example, suppose you have a primary key\n in This operation supports multi-Region keys, an KMS feature that lets you create multiple\n interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key\n material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt\n it in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more information about multi-Region keys, see Using multi-Region keys in the Key Management Service Developer Guide. The primary key of a multi-Region key is the source for properties\n that are always shared by primary and replica keys, including the key material, key ID, key spec, key usage, key material\n origin, and automatic\n key rotation. It's the only key that can be replicated. You cannot delete the primary\n key until all replica keys are deleted. The key ID and primary Region that you specify uniquely identify the replica key that will\n become the primary key. The primary Region must already have a replica key. This operation\n does not create a KMS key in the specified Region. To find the replica keys, use the DescribeKey operation on the primary key or any replica key. To create a replica\n key, use the ReplicateKey operation. You can run this operation while using the affected multi-Region keys in cryptographic\n operations. This operation should not delay, interrupt, or cause failures in cryptographic\n operations. Even after this operation completes, the process of updating the primary Region might\n still be in progress for a few more seconds. Operations such as This operation does not return any output. To verify that primary key is changed, use the\n DescribeKey operation. \n Cross-account use: No. You cannot use this operation in a\n different Amazon Web Services account. \n Required permissions: \n \n \n Related operations\n \n CreateKey\n \n ReplicateKey\n Changes the primary key of a multi-Region key. This operation changes the replica key in the specified Region to a primary key and\n changes the former primary key to a replica key. For example, suppose you have a primary key\n in This operation supports multi-Region keys, an KMS feature that lets you create multiple\n interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key\n material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt\n it in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more information about multi-Region keys, see Using multi-Region keys in the Key Management Service Developer Guide. The primary key of a multi-Region key is the source for properties\n that are always shared by primary and replica keys, including the key material, key ID, key spec, key usage, key material\n origin, and automatic\n key rotation. It's the only key that can be replicated. You cannot delete the primary\n key until all replica keys are deleted. The key ID and primary Region that you specify uniquely identify the replica key that will\n become the primary key. The primary Region must already have a replica key. This operation\n does not create a KMS key in the specified Region. To find the replica keys, use the DescribeKey operation on the primary key or any replica key. To create a replica\n key, use the ReplicateKey operation. You can run this operation while using the affected multi-Region keys in cryptographic\n operations. This operation should not delay, interrupt, or cause failures in cryptographic\n operations. Even after this operation completes, the process of updating the primary Region might\n still be in progress for a few more seconds. Operations such as This operation does not return any output. To verify that primary key is changed, use the\n DescribeKey operation. \n Cross-account use: No. You cannot use this operation in a\n different Amazon Web Services account. \n Required permissions: \n \n \n Related operations\n \n CreateKey\n \n ReplicateKey\n Identifies the current primary key. When the operation completes, this KMS key will be a\n replica key. Specify the key ID or key ARN of a multi-Region primary key. For example: Key ID: Key ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. Identifies the current primary key. When the operation completes, this KMS key will be a\n replica key. Specify the key ID or key ARN of a multi-Region primary key. For example: Key ID: Key ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. The Amazon Web Services Region of the new primary key. Enter the Region ID, such as When the operation completes, the multi-Region key in this Region will be the primary\n key. The Amazon Web Services Region of the new primary key. Enter the Region ID, such as\n When the operation completes, the multi-Region key in this Region will be the primary\n key. Verifies a digital signature that was generated by the Sign operation. Verification confirms that an authorized user signed the message with the specified KMS key\n and signing algorithm, and the message hasn't changed since it was signed. If the signature is\n verified, the value of the A digital signature is generated by using the private key in an asymmetric KMS key. The\n signature is verified by using the public key in the same asymmetric KMS key.\n For information about symmetric and asymmetric KMS keys, see Using Symmetric and Asymmetric KMS keys in the Key Management Service Developer Guide. To verify a digital signature, you can use the You can also verify the digital signature by using the public key of the KMS key outside of\n KMS. Use the GetPublicKey operation to download the public key in the\n asymmetric KMS key and then use the public key to verify the signature outside of KMS. The\n advantage of using the The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the \n Required permissions: kms:Verify (key policy) \n Related operations: Sign\n Verifies a digital signature that was generated by the Sign operation. Verification confirms that an authorized user signed the message with the specified KMS\n key and signing algorithm, and the message hasn't changed since it was signed. If the\n signature is verified, the value of the A digital signature is generated by using the private key in an asymmetric KMS key. The\n signature is verified by using the public key in the same asymmetric KMS key.\n For information about symmetric and asymmetric KMS keys, see Using Symmetric and Asymmetric KMS keys in the Key Management Service Developer Guide. To verify a digital signature, you can use the You can also verify the digital signature by using the public key of the KMS key outside\n of KMS. Use the GetPublicKey operation to download the public key in the\n asymmetric KMS key and then use the public key to verify the signature outside of KMS. The\n advantage of using the The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key state: Effect on your KMS key in the Key Management Service Developer Guide. \n Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the \n Required permissions: kms:Verify (key policy) \n Related operations: Sign\n Identifies the asymmetric KMS key that will be used to verify the signature. This must be the\n same KMS key that was used to generate the signature. If you specify a different KMS key, the\n signature verification fails. To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with For example: Key ID: Key ARN: Alias name: Alias ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases. Identifies the asymmetric KMS key that will be used to verify the signature. This must be\n the same KMS key that was used to generate the signature. If you specify a different KMS key,\n the signature verification fails. To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with For example: Key ID: Key ARN: Alias name: Alias ARN: To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases. Uploads position update data for one or more devices to a tracker resource. Amazon Location\n uses the data when reporting the last known device position and position history. Only one position update is stored per sample time. Location data is sampled at a\n fixed rate of one position per 30-second interval and retained for 30 days before\n it's deleted. Uploads position update data for one or more devices to a tracker resource. Amazon Location\n uses the data when it reports the last known device position and position history. Amazon Location retains location data for 30 \n days. Position updates are handled based on the The start position for the route. Defined in WGS 84 format:\n For example, If you specify a departure that's not located on a road, Amazon Location moves the\n position to the nearest road. Valid Values: The start position for the route. Defined in WGS 84 format:\n For example, If you specify a departure that's not located on a road, Amazon Location moves the\n position to the nearest road. If Esri is the provider for your route calculator, \n specifying a route that is longer than 400 km returns a Valid Values: Specifies an ordered list of up to 23 intermediate positions to include along a route\n between the departure position and destination position. For example, from the If you specify a waypoint position that's not located on a road, Amazon Location moves the position to the nearest road. Specifying more than 23 waypoints returns a Valid Values: Specifies an ordered list of up to 23 intermediate positions to include along a route\n between the departure position and destination position. For example, from the If you specify a waypoint position that's not located on a road, Amazon Location moves the position to the nearest road. Specifying more than 23 waypoints returns a If Esri is the provider for your route calculator, specifying a \n route that is longer than 400 km returns a Valid Values: Specifies a geographical box surrounding a route. Used to zoom into a route when\n displaying it in a map. For example, The first 2 The first The second The next 2 The third The fourth Specifies a geographical box surrounding a route. Used to zoom into a route when\n displaying it in a map. For example, The first 2 The first The second The next 2 The third The fourth The total distance covered by the route. The sum of the distance travelled between\n every stop on the route. The route The total distance covered by the route. The sum of the distance travelled between\n every stop on the route. If Esri is the data source for the route calculator, the route distance can’t \n be greater than 400 km. If the route exceeds 400 km, the response is a \n Specifies the pricing plan for your map resource. For additional details and restrictions on each pricing plan option, see the Amazon Location Service pricing\n page. Specifies the pricing plan for your map resource. For additional details and restrictions on each pricing plan option, see Amazon Location Service pricing. Specifies the data provider of geospatial data. This field is case-sensitive. Enter the valid values as shown. For example, entering\n Valid values include: \n \n Place index resources using HERE Technologies as a data provider can't store results for locations in Japan. For more information, see the\n AWS Service Terms\n for Amazon Location Service. For additional information , see Data providers\n on the Amazon Location Service Developer Guide. Specifies the data provider of geospatial data. This field is case-sensitive. Enter the valid values as shown. For example, entering\n Valid values include: \n \n Place index resources using HERE Technologies as a data provider can't store results for locations in Japan. For more information, see the\n AWS Service Terms\n for Amazon Location Service. For additional information , see Data providers\n on the Amazon Location Service Developer Guide. Specifies the pricing plan for your place index resource. For additional details and restrictions on each pricing plan option, see the Amazon Location Service pricing\n page. Specifies the pricing plan for your place index resource. For additional details and restrictions on each pricing plan option, see Amazon Location Service pricing. Specifies the data provider of traffic and road network data. This field is case-sensitive. Enter the valid values as shown. For example,\n entering Valid values include: \n \n For additional information , see Data\n providers on the Amazon Location Service Developer Guide. Specifies the data provider of traffic and road network data. This field is case-sensitive. Enter the valid values as shown. For example,\n entering Valid values include: \n \n For additional information , see Data\n providers on the Amazon Location Service Developer Guide. Specifies the pricing plan for the tracker resource. For additional details and restrictions on each pricing plan option, see the Amazon Location Service pricing\n page. Specifies the pricing plan for the tracker resource. For additional details and restrictions on each pricing plan option, see Amazon Location Service pricing. Specifies the data provider for the tracker resource. Required value for the following pricing plans: For more information about Data Providers, and Pricing plans, see the Amazon Location\n Service product page. Amazon Location Service only uses Valid Values: Specifies the data provider for the tracker resource. Required value for the following pricing plans: For more information about Data Providers, and Pricing plans, see the Amazon Location\n Service product page. Amazon Location Service only uses Valid values: Applies one or more tags to the tracker resource. A tag is a key-value pair helps\n manage, identify, search, and filter your resources by labelling them. Format: Restrictions: Maximum 50 tags per resource Each resource tag must be unique with a maximum of one value. Maximum key length: 128 Unicode characters in UTF-8 Maximum value length: 256 Unicode characters in UTF-8 Can use alphanumeric characters (A–Z, a–z, 0–9), and the following characters:\n + - = . _ : / @. Specifies the position filtering for the tracker resource. Valid values: \n \n This field is optional. If not specified, the default value is The pricing plan selected for the specified map resource. For additional details and restrictions on each pricing plan option, see the Amazon Location Service pricing\n page. The pricing plan selected for the specified map resource. For additional details and restrictions on each pricing plan option, see Amazon Location Service pricing. The pricing plan selected for the specified place index resource. For additional details and restrictions on each pricing plan option, see the Amazon Location Service pricing\n page. The pricing plan selected for the specified place index resource. For additional details and restrictions on each pricing plan option, see Amazon Location Service pricing. The data provider of geospatial data. Indicates one of the available providers: \n \n For additional details on data providers, see the Amazon Location Service data providers\n page. The data provider of geospatial data. Indicates one of the available providers: \n \n For additional details on data providers, see Amazon Location Service data providers. The pricing plan selected for the specified tracker resource. For additional details and restrictions on each pricing plan option, see the Amazon Location Service pricing\n page. The pricing plan selected for the specified tracker resource. For additional details and restrictions on each pricing plan option, see Amazon Location Service pricing. A key identifier for an AWS KMS customer managed key assigned to the Amazon Location resource. The position filtering method of the tracker resource. A comma-separated list of fonts to load glyphs from in order of preference. For\n example, Valid fonts for Esri styles: VectorEsriDarkGrayCanvas – VectorEsriLightGrayCanvas – VectorEsriTopographic – VectorEsriStreets – VectorEsriNavigation – Valid fonts for HERE Technologies styles: \n A comma-separated list of fonts to load glyphs from in order of preference. For\n example, Valid fonts stacks for Esri styles: VectorEsriDarkGrayCanvas – VectorEsriLightGrayCanvas – VectorEsriTopographic – VectorEsriStreets – VectorEsriNavigation – Valid font stacks for HERE Technologies styles: VectorHereBerlin – The pricing plan for the specified map resource. For additional details and restrictions on each pricing plan option, see the Amazon Location Service pricing\n page. The pricing plan for the specified map resource. For additional details and restrictions on each pricing plan option, see Amazon Location Service pricing. The data provider of geospatial data. Indicates one of the available providers: \n \n For additional details on data providers, see the Amazon Location Service data providers page. The data provider of geospatial data. Indicates one of the available providers: \n \n For additional details on data providers, see Amazon Location Service data providers. The pricing plan for the specified place index resource. For additional details and restrictions on each pricing plan option, see the Amazon Location Service pricing\n page. The pricing plan for the specified place index resource. For additional details and restrictions on each pricing plan option, see Amazon Location Service pricing. The pricing plan for the specified tracker resource. For additional details and restrictions on each pricing plan option, see the Amazon Location Service pricing\n page. The pricing plan for the specified tracker resource. For additional details and restrictions on each pricing plan option, see Amazon Location Service pricing. Specifies the map style selected from an available data provider. For additional\n information on each map style and to preview each map style, see Esri map\n styles and HERE map\n styles. Valid Esri styles: \n \n \n \n \n \n Valid HERE\n Technologies styles: \n When using HERE as your data provider, and selecting the Style\n Specifies the map style selected from an available data provider. Valid Esri map styles: \n \n \n \n \n \n Valid HERE\n Technologies map styles: \n When using HERE as your data provider, and selecting the Style\n The data provider of geospatial data. Indicates one of the available providers: Esri HERE For additional details on data providers, see the Amazon Location Service data providers page. The data provider of geospatial data. Indicates one of the available providers: Esri HERE For additional details on data providers, see Amazon Location Service data providers. The data provider of geospatial data. Indicates one of the available providers: Esri HERE For additional details on data providers, see the Amazon Location Service data providers page. The data provider of geospatial data. Indicates one of the available providers: Esri HERE For additional details on data providers, see Amazon Location Service data providers. Updates the description for the tracker resource. Updates the position filtering for the tracker resource. Valid values: \n \n The input mode that the algorithm supports. For the input modes that Amazon SageMaker\n algorithms support, see Algorithms. If an algorithm supports the In File mode, make sure you provision ML storage volume with sufficient capacity\n to accommodate the data download from S3. In addition to the training data, the ML\n storage volume also stores the output model. The algorithm container use ML storage\n volume to also store intermediate information, if any. For distributed algorithms using File mode, training data is distributed\n uniformly, and your training duration is predictable if the input data objects size is\n approximately same. Amazon SageMaker does not split the files any further for model training. If the\n object sizes are skewed, training won't be optimal as the data distribution is also\n skewed where one host in a training cluster is overloaded, thus becoming bottleneck in\n training. The maximum time, in seconds, a training job is allowed to run as part of an AutoML\n job. The maximum time, in seconds, that each training job is allowed to run as part of a\n hyperparameter tuning job. For more information, see the used by the action. The maximum runtime, in seconds, an AutoML job has to complete. The maximum runtime, in seconds, an AutoML job has to complete. If an AutoML job exceeds the maximum runtime, the job is stopped automatically and its\n processing is ended gracefully. The AutoML job identifies the best model whose training was\n completed and marks it as the best-performing model. Any unfinished steps of the job, such\n as automatic one-click Autopilot model deployment, will not be completed. Creates a \n EFS storage\n When a domain is created, an EFS volume is created for use by all of the users within the\n domain. Each user receives a private home directory within the EFS volume for notebooks,\n Git repositories, and data files. SageMaker uses the Amazon Web Services Key Management Service (Amazon Web Services KMS) to encrypt the EFS volume attached to the domain with\n an Amazon Web Services managed key by default. For more control, you can specify a\n customer managed key. For more information, see\n Protect Data at\n Rest Using Encryption. \n VPC configuration\n All SageMaker Studio traffic between the domain and the EFS volume is through the specified\n VPC and subnets. For other Studio traffic, you can specify the \n \n When internet access is disabled, you won't be able to run a Studio notebook or to\n train or host models unless your VPC has an interface endpoint to the SageMaker API and runtime\n or a NAT gateway and your security groups allow outbound connections. NFS traffic over TCP on port 2049 needs to be allowed in both inbound and outbound rules\n in order to launch a SageMaker Studio app successfully. For more information, see\n Connect\n SageMaker Studio Notebooks to Resources in a VPC. Creates a \n EFS storage\n When a domain is created, an EFS volume is created for use by all of the users within the\n domain. Each user receives a private home directory within the EFS volume for notebooks,\n Git repositories, and data files. SageMaker uses the Amazon Web Services Key Management Service (Amazon Web Services KMS) to encrypt the EFS volume attached to the domain with\n an Amazon Web Services managed key by default. For more control, you can specify a\n customer managed key. For more information, see\n Protect Data at\n Rest Using Encryption. \n VPC configuration\n All SageMaker Studio traffic between the domain and the EFS volume is through the specified\n VPC and subnets. For other Studio traffic, you can specify the \n \n When internet access is disabled, you won't be able to run a Studio notebook or to\n train or host models unless your VPC has an interface endpoint to the SageMaker API and runtime\n or a NAT gateway and your security groups allow outbound connections. NFS traffic over TCP on port 2049 needs to be allowed in both inbound and outbound rules\n in order to launch a SageMaker Studio app successfully. For more information, see\n Connect\n SageMaker Studio Notebooks to Resources in a VPC. Creates an endpoint using the endpoint configuration specified in the request. Amazon SageMaker\n uses the endpoint to provision resources and deploy models. You create the endpoint\n configuration with the CreateEndpointConfig API. Use this API to deploy models using Amazon SageMaker hosting services. For an example that calls this method when deploying a model to Amazon SageMaker hosting services,\n see the Create Endpoint example notebook.\n You must not delete an The endpoint name must be unique within an Amazon Web Services Region in your Amazon Web Services account. When it receives the request, Amazon SageMaker creates the endpoint, launches the resources (ML\n compute instances), and deploys the model(s) on them. When you call CreateEndpoint, a load call is made to DynamoDB to\n verify that your endpoint configuration exists. When you read data from a DynamoDB\n table supporting \n When Amazon SageMaker receives the request, it sets the endpoint status to\n If any of the models hosted at this endpoint get model data from an Amazon S3 location,\n Amazon SageMaker uses Amazon Web Services Security Token Service to download model artifacts from the S3 path you\n provided. Amazon Web Services STS is activated in your IAM user account by default. If you previously\n deactivated Amazon Web Services STS for a region, you need to reactivate Amazon Web Services STS for that region. For\n more information, see Activating and\n Deactivating Amazon Web Services STS in an Amazon Web Services Region in the Amazon Web Services Identity and Access Management User\n Guide. To add the IAM role policies for using this API operation, go to the IAM console, and choose\n Roles in the left navigation pane. Search the IAM role that you want to grant\n access to use the CreateEndpoint and CreateEndpointConfig API operations, add the following policies to\n the role. Option 1: For a full Amazon SageMaker access, search and attach the\n Option 2: For granting a limited access to an IAM role, paste the\n following Action elements manually into the JSON file of the IAM role: \n \n \n \n \n For more information, see Amazon SageMaker API\n Permissions: Actions, Permissions, and Resources\n Reference. Creates an endpoint using the endpoint configuration specified in the request. Amazon SageMaker\n uses the endpoint to provision resources and deploy models. You create the endpoint\n configuration with the CreateEndpointConfig API. Use this API to deploy models using Amazon SageMaker hosting services. For an example that calls this method when deploying a model to Amazon SageMaker hosting services,\n see the Create Endpoint example notebook.\n You must not delete an The endpoint name must be unique within an Amazon Web Services Region in your Amazon Web Services account. When it receives the request, Amazon SageMaker creates the endpoint, launches the resources (ML\n compute instances), and deploys the model(s) on them. When you call CreateEndpoint, a load call is made to DynamoDB to\n verify that your endpoint configuration exists. When you read data from a DynamoDB\n table supporting \n When Amazon SageMaker receives the request, it sets the endpoint status to\n If any of the models hosted at this endpoint get model data from an Amazon S3 location,\n Amazon SageMaker uses Amazon Web Services Security Token Service to download model artifacts from the S3 path you\n provided. Amazon Web Services STS is activated in your IAM user account by default. If you previously\n deactivated Amazon Web Services STS for a region, you need to reactivate Amazon Web Services STS for that region. For\n more information, see Activating and\n Deactivating Amazon Web Services STS in an Amazon Web Services Region in the Amazon Web Services Identity and Access Management User\n Guide. To add the IAM role policies for using this API operation, go to the IAM console, and choose\n Roles in the left navigation pane. Search the IAM role that you want to grant\n access to use the CreateEndpoint and CreateEndpointConfig API operations, add the following policies to\n the role. Option 1: For a full SageMaker access, search and attach the\n Option 2: For granting a limited access to an IAM role, paste the\n following Action elements manually into the JSON file of the IAM role: \n \n \n \n \n For more information, see SageMaker API\n Permissions: Actions, Permissions, and Resources\n Reference. Use this to configure an The Amazon Simple Storage Service (Amazon S3) location of an\n A configuration for an Amazon Web Services Glue or Amazon Web Services Hive data cataolgue. An KMS encryption key to encrypt the Amazon S3 location used for\n To learn more about this parameter, see OfflineStoreConfig. Use this to configure an The Amazon Simple Storage Service (Amazon S3) location of an\n A configuration for an Amazon Web Services Glue or Amazon Web Services Hive data catalog. An KMS encryption key to encrypt the Amazon S3 location used for\n To learn more about this parameter, see OfflineStoreConfig. Creates a URL for a specified UserProfile in a Domain. When accessed in a web browser,\n the user will be automatically signed in to Amazon SageMaker Studio, and granted access to all of\n the Apps and files associated with the Domain's Amazon Elastic File System (EFS) volume.\n This operation can only be called when the authentication mode equals IAM.\n The IAM role or user used to call this API defines the permissions to access the app. Once\n the presigned URL is created, no additional permission is required to access this URL. IAM\n authorization policies for this API are also enforced for every HTTP request and WebSocket\n frame that attempts to connect to the app. You can restrict access to this API and to the\n URL that it returns to a list of IP addresses, Amazon VPCs or Amazon VPC Endpoints that you specify. For more\n information, see Connect to SageMaker Studio Through an Interface VPC Endpoint\n . The URL that you get from a call to Creates a URL for a specified UserProfile in a Domain. When accessed in a web browser,\n the user will be automatically signed in to Amazon SageMaker Studio, and granted access to all of\n the Apps and files associated with the Domain's Amazon Elastic File System (EFS) volume.\n This operation can only be called when the authentication mode equals IAM.\n The IAM role or user used to call this API defines the permissions to access the app. Once\n the presigned URL is created, no additional permission is required to access this URL. IAM\n authorization policies for this API are also enforced for every HTTP request and WebSocket\n frame that attempts to connect to the app. You can restrict access to this API and to the\n URL that it returns to a list of IP addresses, Amazon VPCs or Amazon VPC Endpoints that you specify. For more\n information, see Connect to SageMaker Studio Through an Interface VPC Endpoint\n . The URL that you get from a call to Specifies the source of the data to join with the transformed data. The valid values\n are For JSON or JSONLines objects, such as a JSON array, Amazon SageMaker adds the transformed data to\n the input JSON object in an attribute called For CSV data, Amazon SageMaker takes each row as a JSON array and joins the transformed data with\n the input by appending each transformed row to the end of the input. The joined data has\n the original input data followed by the transformed data and the output is a CSV\n file. For information on how joining in applied, see Workflow for Associating Inferences with Input Records. Specifies the source of the data to join with the transformed data. The valid values\n are For JSON or JSONLines objects, such as a JSON array, SageMaker adds the transformed data to\n the input JSON object in an attribute called For CSV data, SageMaker takes each row as a JSON array and joins the transformed data with\n the input by appending each transformed row to the end of the input. The joined data has\n the original input data followed by the transformed data and the output is a CSV\n file. For information on how joining in applied, see Workflow for Associating Inferences with Input Records. The timestamp of the last user's activity. The timestamp of the last user's activity. The billable time in seconds. Billable time refers to the absolute wall-clock\n time. Multiply You can calculate the savings from using managed spot training using the formula\n The billable time in seconds. Billable time refers to the absolute wall-clock\n time. Multiply You can calculate the savings from using managed spot training using the formula\n Whether the Whether the The input mode that the algorithm supports:\n File\n or Pipe. In File input mode, Amazon SageMaker downloads the training data from\n Amazon S3 to the\n storage\n volume that is attached to the training instance and mounts the directory to the Docker\n volume for the training container. In Pipe input mode, Amazon SageMaker streams\n data directly from Amazon S3 to the container. If you specify File mode, make sure that\n you\n provision the storage volume that is attached to the training instance with enough\n capacity to accommodate the training data downloaded from Amazon S3, the model artifacts, and\n intermediate\n information. For more information about input modes, see Algorithms. Specifies a limit to how long a model training job, model compilation job, or\n hyperparameter tuning job can run. It also specifies how long a managed Spot training\n job has to complete. When the job reaches the time limit, Amazon SageMaker ends the training or\n compilation job. Use this API to cap model training costs. To stop a training job, Amazon SageMaker sends the algorithm the The training algorithms provided by Amazon SageMaker automatically save the intermediate results\n of a model training job when possible. This attempt to save artifacts is only a best\n effort case as model might not be in a state from which it can be saved. For example, if\n training has just started, the model might not be ready to save. When saved, this\n intermediate data is a valid model artifact. You can use it to create a model with\n The Neural Topic Model (NTM) currently does not support saving intermediate model\n artifacts. When training NTMs, make sure that the maximum runtime is sufficient for\n the training job to complete. Specifies a limit to how long a model training job or model compilation job \n can run. It also specifies how long a managed spot training\n job has to complete. When the job reaches the time limit, Amazon SageMaker ends the training or\n compilation job. Use this API to cap model training costs. To stop a training job, Amazon SageMaker sends the algorithm the The training algorithms provided by Amazon SageMaker automatically save the intermediate results\n of a model training job when possible. This attempt to save artifacts is only a best\n effort case as model might not be in a state from which it can be saved. For example, if\n training has just started, the model might not be ready to save. When saved, this\n intermediate data is a valid model artifact. You can use it to create a model with\n The Neural Topic Model (NTM) currently does not support saving intermediate model\n artifacts. When training NTMs, make sure that the maximum runtime is sufficient for\n the training job to complete. A tag object that consists of a key and an optional value, used to manage metadata\n for Amazon SageMaker Amazon Web Services resources. You can add tags to notebook instances, training jobs, hyperparameter tuning jobs,\n batch transform jobs, models, labeling jobs, work teams, endpoint configurations, and\n endpoints. For more information on adding tags to Amazon SageMaker resources, see AddTags. For more information on adding metadata to your Amazon Web Services resources with tagging, see\n Tagging Amazon Web Services\n resources. For advice on best practices for managing Amazon Web Services resources with\n tagging, see Tagging\n Best Practices: Implement an Effective Amazon Web Services Resource Tagging Strategy. A tag object that consists of a key and an optional value, used to manage metadata\n for SageMaker Amazon Web Services resources. You can add tags to notebook instances, training jobs, hyperparameter tuning jobs,\n batch transform jobs, models, labeling jobs, work teams, endpoint configurations, and\n endpoints. For more information on adding tags to SageMaker resources, see AddTags. For more information on adding metadata to your Amazon Web Services resources with tagging, see\n Tagging Amazon Web Services\n resources. For advice on best practices for managing Amazon Web Services resources with\n tagging, see Tagging\n Best Practices: Implement an Effective Amazon Web Services Resource Tagging Strategy. The training input mode that the algorithm supports. For more information about input modes, see\n Algorithms. \n Pipe mode\n If an algorithm supports \n File mode\n If an algorithm supports You must provision the ML storage volume with sufficient capacity\n to accommodate the data downloaded from S3. In addition to the training data, the ML\n storage volume also stores the output model. The algorithm container uses the ML storage\n volume to also store intermediate information, if any. For distributed algorithms, training data is distributed uniformly.\n Your training duration is predictable if the input data objects sizes are\n approximately the same. SageMaker does not split the files any further for model training.\n If the object sizes are skewed, training won't be optimal as the data distribution is also\n skewed when one host in a training cluster is overloaded, thus becoming a bottleneck in\n training. \n FastFile mode\n If an algorithm supports \n The input mode used by the algorithm for the training job. For the input modes that\n Amazon SageMaker algorithms support, see Algorithms. If an algorithm supports the Lists the settings in a DMARC policy for a specified organization. Lists the ID of the given organization. Lists the enforcement setting of the applied policy. Enables or disables a DMARC policy for a given organization. The ID of the organization that you are applying the DMARC policy to. Enforces or suspends a policy after it's applied.\n
\n \n
\n\n \n \n
\n \n
\n\n \n \n
",
+ "smithy.api#documentation": "service
and the unique identifier is the cluster name \n and service name. Example: service/default/sample-webapp
.spot-fleet-request
and the unique identifier is the \n Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.instancegroup
and the unique identifier is the cluster ID and instance group ID.\n Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0
.fleet
and the unique identifier is the fleet name.\n Example: fleet/sample-fleet
.table
and the unique identifier is the table name. \n Example: table/my-table
.index
and the unique identifier is the index name. \n Example: table/my-table/index/my-table-index
.cluster
and the unique identifier is the cluster name.\n Example: cluster:my-db-cluster
.variant
and the unique identifier is the resource ID.\n Example: endpoint/my-end-point/variant/KMeansClustering
.OutputValue
from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information\n is available in our GitHub\n repository.arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE
.arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE
.function
and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST
. \n Example: function:my-function:prod
or function:my-function:1
.table
and the unique identifier is the table name. \n Example: keyspace/mykeyspace/table/mytable
.arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5
.replication-group
and the unique identifier is the replication group name.\n Example: replication-group/mycluster
.\n
",
"smithy.api#required": {}
}
},
"ScalableDimension": {
"target": "com.amazonaws.applicationautoscaling#ScalableDimension",
"traits": {
- "smithy.api#documentation": "service
and the unique identifier is the cluster name \n and service name. Example: service/default/sample-webapp
.spot-fleet-request
and the unique identifier is the \n Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.instancegroup
and the unique identifier is the cluster ID and instance group ID.\n Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0
.fleet
and the unique identifier is the fleet name.\n Example: fleet/sample-fleet
.table
and the unique identifier is the table name. \n Example: table/my-table
.index
and the unique identifier is the index name. \n Example: table/my-table/index/my-table-index
.cluster
and the unique identifier is the cluster name.\n Example: cluster:my-db-cluster
.variant
and the unique identifier is the resource ID.\n Example: endpoint/my-end-point/variant/KMeansClustering
.OutputValue
from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information\n is available in our GitHub\n repository.arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE
.arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE
.function
and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST
. \n Example: function:my-function:prod
or function:my-function:1
.table
and the unique identifier is the table name. \n Example: keyspace/mykeyspace/table/mytable
.arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5
.replication-group
and the unique identifier is the replication group name.\n Example: replication-group/mycluster
.cluster
and the unique identifier is the cluster name. Example: cluster:mycluster
.\n
",
+ "smithy.api#documentation": "ecs:service:DesiredCount
- The desired task count of an ECS service.elasticmapreduce:instancegroup:InstanceCount
- The instance count of an EMR Instance Group.ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet request.appstream:fleet:DesiredCapacity
- The desired capacity of an AppStream 2.0 fleet.dynamodb:table:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB table.dynamodb:table:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB table.dynamodb:index:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB global secondary index.dynamodb:index:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB global secondary index.rds:cluster:ReadReplicaCount
- The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an Amazon SageMaker model endpoint variant.custom-resource:ResourceType:Property
- The scalable dimension for a custom resource provided by your own application or service.comprehend:document-classifier-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend document classification endpoint.comprehend:entity-recognizer-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend entity recognizer endpoint.lambda:function:ProvisionedConcurrency
- The provisioned concurrency for a Lambda function.cassandra:table:ReadCapacityUnits
- The provisioned read capacity for an Amazon Keyspaces table.cassandra:table:WriteCapacityUnits
- The provisioned write capacity for an Amazon Keyspaces table.kafka:broker-storage:VolumeSize
- The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.elasticache:replication-group:NodeGroups
- The number of node groups for an Amazon ElastiCache replication group.elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.\n
",
"smithy.api#required": {}
}
}
@@ -300,14 +300,14 @@
"ResourceId": {
"target": "com.amazonaws.applicationautoscaling#ResourceIdMaxLen1600",
"traits": {
- "smithy.api#documentation": "ecs:service:DesiredCount
- The desired task count of an ECS service.elasticmapreduce:instancegroup:InstanceCount
- The instance count of an EMR Instance Group.ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet.appstream:fleet:DesiredCapacity
- The desired capacity of an AppStream 2.0 fleet.dynamodb:table:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB table.dynamodb:table:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB table.dynamodb:index:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB global secondary index.dynamodb:index:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB global secondary index.rds:cluster:ReadReplicaCount
- The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an SageMaker model endpoint variant.custom-resource:ResourceType:Property
- The scalable dimension for a custom resource provided by your own application or service.comprehend:document-classifier-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend document classification endpoint.comprehend:entity-recognizer-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend entity recognizer endpoint.lambda:function:ProvisionedConcurrency
- The provisioned concurrency for a Lambda function.cassandra:table:ReadCapacityUnits
- The provisioned read capacity for an Amazon Keyspaces table.cassandra:table:WriteCapacityUnits
- The provisioned write capacity for an Amazon Keyspaces table.kafka:broker-storage:VolumeSize
- The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.elasticache:replication-group:NodeGroups
- The number of node groups for an Amazon ElastiCache replication group.elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.neptune:cluster:ReadReplicaCount
- The count of read replicas in an Amazon Neptune DB cluster.\n
",
+ "smithy.api#documentation": "service
and the unique identifier is the cluster name \n and service name. Example: service/default/sample-webapp
.spot-fleet-request
and the unique identifier is the \n Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.instancegroup
and the unique identifier is the cluster ID and instance group ID.\n Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0
.fleet
and the unique identifier is the fleet name.\n Example: fleet/sample-fleet
.table
and the unique identifier is the table name. \n Example: table/my-table
.index
and the unique identifier is the index name. \n Example: table/my-table/index/my-table-index
.cluster
and the unique identifier is the cluster name.\n Example: cluster:my-db-cluster
.variant
and the unique identifier is the resource ID.\n Example: endpoint/my-end-point/variant/KMeansClustering
.OutputValue
from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information\n is available in our GitHub\n repository.arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE
.arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE
.function
and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST
. \n Example: function:my-function:prod
or function:my-function:1
.table
and the unique identifier is the table name. \n Example: keyspace/mykeyspace/table/mytable
.arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5
.replication-group
and the unique identifier is the replication group name.\n Example: replication-group/mycluster
.\n
",
"smithy.api#required": {}
}
},
"ScalableDimension": {
"target": "com.amazonaws.applicationautoscaling#ScalableDimension",
"traits": {
- "smithy.api#documentation": "service
and the unique identifier is the cluster name \n and service name. Example: service/default/sample-webapp
.spot-fleet-request
and the unique identifier is the \n Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.instancegroup
and the unique identifier is the cluster ID and instance group ID.\n Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0
.fleet
and the unique identifier is the fleet name.\n Example: fleet/sample-fleet
.table
and the unique identifier is the table name. \n Example: table/my-table
.index
and the unique identifier is the index name. \n Example: table/my-table/index/my-table-index
.cluster
and the unique identifier is the cluster name.\n Example: cluster:my-db-cluster
.variant
and the unique identifier is the resource ID.\n Example: endpoint/my-end-point/variant/KMeansClustering
.OutputValue
from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information\n is available in our GitHub\n repository.arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE
.arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE
.function
and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST
. \n Example: function:my-function:prod
or function:my-function:1
.table
and the unique identifier is the table name. \n Example: keyspace/mykeyspace/table/mytable
.arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5
.replication-group
and the unique identifier is the replication group name.\n Example: replication-group/mycluster
.cluster
and the unique identifier is the cluster name. Example: cluster:mycluster
.\n
",
+ "smithy.api#documentation": "ecs:service:DesiredCount
- The desired task count of an ECS service.elasticmapreduce:instancegroup:InstanceCount
- The instance count of an EMR Instance Group.ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet request.appstream:fleet:DesiredCapacity
- The desired capacity of an AppStream 2.0 fleet.dynamodb:table:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB table.dynamodb:table:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB table.dynamodb:index:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB global secondary index.dynamodb:index:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB global secondary index.rds:cluster:ReadReplicaCount
- The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an Amazon SageMaker model endpoint variant.custom-resource:ResourceType:Property
- The scalable dimension for a custom resource provided by your own application or service.comprehend:document-classifier-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend document classification endpoint.comprehend:entity-recognizer-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend entity recognizer endpoint.lambda:function:ProvisionedConcurrency
- The provisioned concurrency for a Lambda function.cassandra:table:ReadCapacityUnits
- The provisioned read capacity for an Amazon Keyspaces table.cassandra:table:WriteCapacityUnits
- The provisioned write capacity for an Amazon Keyspaces table.kafka:broker-storage:VolumeSize
- The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.elasticache:replication-group:NodeGroups
- The number of node groups for an Amazon ElastiCache replication group.elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.\n
",
"smithy.api#required": {}
}
}
@@ -356,14 +356,14 @@
"ResourceId": {
"target": "com.amazonaws.applicationautoscaling#ResourceIdMaxLen1600",
"traits": {
- "smithy.api#documentation": "ecs:service:DesiredCount
- The desired task count of an ECS service.elasticmapreduce:instancegroup:InstanceCount
- The instance count of an EMR Instance Group.ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet.appstream:fleet:DesiredCapacity
- The desired capacity of an AppStream 2.0 fleet.dynamodb:table:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB table.dynamodb:table:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB table.dynamodb:index:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB global secondary index.dynamodb:index:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB global secondary index.rds:cluster:ReadReplicaCount
- The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an SageMaker model endpoint variant.custom-resource:ResourceType:Property
- The scalable dimension for a custom resource provided by your own application or service.comprehend:document-classifier-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend document classification endpoint.comprehend:entity-recognizer-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend entity recognizer endpoint.lambda:function:ProvisionedConcurrency
- The provisioned concurrency for a Lambda function.cassandra:table:ReadCapacityUnits
- The provisioned read capacity for an Amazon Keyspaces table.cassandra:table:WriteCapacityUnits
- The provisioned write capacity for an Amazon Keyspaces table.kafka:broker-storage:VolumeSize
- The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.elasticache:replication-group:NodeGroups
- The number of node groups for an Amazon ElastiCache replication group.elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.neptune:cluster:ReadReplicaCount
- The count of read replicas in an Amazon Neptune DB cluster.\n
",
+ "smithy.api#documentation": "service
and the unique identifier is the cluster name \n and service name. Example: service/default/sample-webapp
.spot-fleet-request
and the unique identifier is the \n Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.instancegroup
and the unique identifier is the cluster ID and instance group ID.\n Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0
.fleet
and the unique identifier is the fleet name.\n Example: fleet/sample-fleet
.table
and the unique identifier is the table name. \n Example: table/my-table
.index
and the unique identifier is the index name. \n Example: table/my-table/index/my-table-index
.cluster
and the unique identifier is the cluster name.\n Example: cluster:my-db-cluster
.variant
and the unique identifier is the resource ID.\n Example: endpoint/my-end-point/variant/KMeansClustering
.OutputValue
from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information\n is available in our GitHub\n repository.arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE
.arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE
.function
and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST
. \n Example: function:my-function:prod
or function:my-function:1
.table
and the unique identifier is the table name. \n Example: keyspace/mykeyspace/table/mytable
.arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5
.replication-group
and the unique identifier is the replication group name.\n Example: replication-group/mycluster
.\n
",
"smithy.api#required": {}
}
},
"ScalableDimension": {
"target": "com.amazonaws.applicationautoscaling#ScalableDimension",
"traits": {
- "smithy.api#documentation": "service
and the unique identifier is the cluster name \n and service name. Example: service/default/sample-webapp
.spot-fleet-request
and the unique identifier is the \n Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.instancegroup
and the unique identifier is the cluster ID and instance group ID.\n Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0
.fleet
and the unique identifier is the fleet name.\n Example: fleet/sample-fleet
.table
and the unique identifier is the table name. \n Example: table/my-table
.index
and the unique identifier is the index name. \n Example: table/my-table/index/my-table-index
.cluster
and the unique identifier is the cluster name.\n Example: cluster:my-db-cluster
.variant
and the unique identifier is the resource ID.\n Example: endpoint/my-end-point/variant/KMeansClustering
.OutputValue
from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information\n is available in our GitHub\n repository.arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE
.arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE
.function
and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST
. \n Example: function:my-function:prod
or function:my-function:1
.table
and the unique identifier is the table name. \n Example: keyspace/mykeyspace/table/mytable
.arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5
.replication-group
and the unique identifier is the replication group name.\n Example: replication-group/mycluster
.cluster
and the unique identifier is the cluster name. Example: cluster:mycluster
.\n
",
+ "smithy.api#documentation": "ecs:service:DesiredCount
- The desired task count of an ECS service.elasticmapreduce:instancegroup:InstanceCount
- The instance count of an EMR Instance Group.ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet request.appstream:fleet:DesiredCapacity
- The desired capacity of an AppStream 2.0 fleet.dynamodb:table:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB table.dynamodb:table:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB table.dynamodb:index:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB global secondary index.dynamodb:index:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB global secondary index.rds:cluster:ReadReplicaCount
- The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an Amazon SageMaker model endpoint variant.custom-resource:ResourceType:Property
- The scalable dimension for a custom resource provided by your own application or service.comprehend:document-classifier-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend document classification endpoint.comprehend:entity-recognizer-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend entity recognizer endpoint.lambda:function:ProvisionedConcurrency
- The provisioned concurrency for a Lambda function.cassandra:table:ReadCapacityUnits
- The provisioned read capacity for an Amazon Keyspaces table.cassandra:table:WriteCapacityUnits
- The provisioned write capacity for an Amazon Keyspaces table.kafka:broker-storage:VolumeSize
- The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.elasticache:replication-group:NodeGroups
- The number of node groups for an Amazon ElastiCache replication group.elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.\n
",
"smithy.api#required": {}
}
}
@@ -418,13 +418,13 @@
"ResourceIds": {
"target": "com.amazonaws.applicationautoscaling#ResourceIdsMaxLen1600",
"traits": {
- "smithy.api#documentation": "ecs:service:DesiredCount
- The desired task count of an ECS service.elasticmapreduce:instancegroup:InstanceCount
- The instance count of an EMR Instance Group.ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet.appstream:fleet:DesiredCapacity
- The desired capacity of an AppStream 2.0 fleet.dynamodb:table:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB table.dynamodb:table:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB table.dynamodb:index:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB global secondary index.dynamodb:index:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB global secondary index.rds:cluster:ReadReplicaCount
- The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an SageMaker model endpoint variant.custom-resource:ResourceType:Property
- The scalable dimension for a custom resource provided by your own application or service.comprehend:document-classifier-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend document classification endpoint.comprehend:entity-recognizer-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend entity recognizer endpoint.lambda:function:ProvisionedConcurrency
- The provisioned concurrency for a Lambda function.cassandra:table:ReadCapacityUnits
- The provisioned read capacity for an Amazon Keyspaces table.cassandra:table:WriteCapacityUnits
- The provisioned write capacity for an Amazon Keyspaces table.kafka:broker-storage:VolumeSize
- The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.elasticache:replication-group:NodeGroups
- The number of node groups for an Amazon ElastiCache replication group.elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.neptune:cluster:ReadReplicaCount
- The count of read replicas in an Amazon Neptune DB cluster.\n
"
+ "smithy.api#documentation": "service
and the unique identifier is the cluster name \n and service name. Example: service/default/sample-webapp
.spot-fleet-request
and the unique identifier is the \n Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.instancegroup
and the unique identifier is the cluster ID and instance group ID.\n Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0
.fleet
and the unique identifier is the fleet name.\n Example: fleet/sample-fleet
.table
and the unique identifier is the table name. \n Example: table/my-table
.index
and the unique identifier is the index name. \n Example: table/my-table/index/my-table-index
.cluster
and the unique identifier is the cluster name.\n Example: cluster:my-db-cluster
.variant
and the unique identifier is the resource ID.\n Example: endpoint/my-end-point/variant/KMeansClustering
.OutputValue
from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information\n is available in our GitHub\n repository.arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE
.arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE
.function
and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST
. \n Example: function:my-function:prod
or function:my-function:1
.table
and the unique identifier is the table name. \n Example: keyspace/mykeyspace/table/mytable
.arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5
.replication-group
and the unique identifier is the replication group name.\n Example: replication-group/mycluster
.\n
"
}
},
"ScalableDimension": {
"target": "com.amazonaws.applicationautoscaling#ScalableDimension",
"traits": {
- "smithy.api#documentation": "service
and the unique identifier is the cluster name \n and service name. Example: service/default/sample-webapp
.spot-fleet-request
and the unique identifier is the \n Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.instancegroup
and the unique identifier is the cluster ID and instance group ID.\n Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0
.fleet
and the unique identifier is the fleet name.\n Example: fleet/sample-fleet
.table
and the unique identifier is the table name. \n Example: table/my-table
.index
and the unique identifier is the index name. \n Example: table/my-table/index/my-table-index
.cluster
and the unique identifier is the cluster name.\n Example: cluster:my-db-cluster
.variant
and the unique identifier is the resource ID.\n Example: endpoint/my-end-point/variant/KMeansClustering
.OutputValue
from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information\n is available in our GitHub\n repository.arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE
.arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE
.function
and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST
. \n Example: function:my-function:prod
or function:my-function:1
.table
and the unique identifier is the table name. \n Example: keyspace/mykeyspace/table/mytable
.arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5
.replication-group
and the unique identifier is the replication group name.\n Example: replication-group/mycluster
.cluster
and the unique identifier is the cluster name. Example: cluster:mycluster
.\n
"
+ "smithy.api#documentation": "ecs:service:DesiredCount
- The desired task count of an ECS service.elasticmapreduce:instancegroup:InstanceCount
- The instance count of an EMR Instance Group.ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet request.appstream:fleet:DesiredCapacity
- The desired capacity of an AppStream 2.0 fleet.dynamodb:table:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB table.dynamodb:table:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB table.dynamodb:index:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB global secondary index.dynamodb:index:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB global secondary index.rds:cluster:ReadReplicaCount
- The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an Amazon SageMaker model endpoint variant.custom-resource:ResourceType:Property
- The scalable dimension for a custom resource provided by your own application or service.comprehend:document-classifier-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend document classification endpoint.comprehend:entity-recognizer-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend entity recognizer endpoint.lambda:function:ProvisionedConcurrency
- The provisioned concurrency for a Lambda function.cassandra:table:ReadCapacityUnits
- The provisioned read capacity for an Amazon Keyspaces table.cassandra:table:WriteCapacityUnits
- The provisioned write capacity for an Amazon Keyspaces table.kafka:broker-storage:VolumeSize
- The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.elasticache:replication-group:NodeGroups
- The number of node groups for an Amazon ElastiCache replication group.elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.\n
"
}
},
"MaxResults": {
@@ -503,13 +503,13 @@
"ResourceId": {
"target": "com.amazonaws.applicationautoscaling#ResourceIdMaxLen1600",
"traits": {
- "smithy.api#documentation": "ecs:service:DesiredCount
- The desired task count of an ECS service.elasticmapreduce:instancegroup:InstanceCount
- The instance count of an EMR Instance Group.ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet.appstream:fleet:DesiredCapacity
- The desired capacity of an AppStream 2.0 fleet.dynamodb:table:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB table.dynamodb:table:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB table.dynamodb:index:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB global secondary index.dynamodb:index:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB global secondary index.rds:cluster:ReadReplicaCount
- The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an SageMaker model endpoint variant.custom-resource:ResourceType:Property
- The scalable dimension for a custom resource provided by your own application or service.comprehend:document-classifier-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend document classification endpoint.comprehend:entity-recognizer-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend entity recognizer endpoint.lambda:function:ProvisionedConcurrency
- The provisioned concurrency for a Lambda function.cassandra:table:ReadCapacityUnits
- The provisioned read capacity for an Amazon Keyspaces table.cassandra:table:WriteCapacityUnits
- The provisioned write capacity for an Amazon Keyspaces table.kafka:broker-storage:VolumeSize
- The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.elasticache:replication-group:NodeGroups
- The number of node groups for an Amazon ElastiCache replication group.elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.neptune:cluster:ReadReplicaCount
- The count of read replicas in an Amazon Neptune DB cluster.\n
"
+ "smithy.api#documentation": "service
and the unique identifier is the cluster name \n and service name. Example: service/default/sample-webapp
.spot-fleet-request
and the unique identifier is the \n Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.instancegroup
and the unique identifier is the cluster ID and instance group ID.\n Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0
.fleet
and the unique identifier is the fleet name.\n Example: fleet/sample-fleet
.table
and the unique identifier is the table name. \n Example: table/my-table
.index
and the unique identifier is the index name. \n Example: table/my-table/index/my-table-index
.cluster
and the unique identifier is the cluster name.\n Example: cluster:my-db-cluster
.variant
and the unique identifier is the resource ID.\n Example: endpoint/my-end-point/variant/KMeansClustering
.OutputValue
from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information\n is available in our GitHub\n repository.arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE
.arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE
.function
and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST
. \n Example: function:my-function:prod
or function:my-function:1
.table
and the unique identifier is the table name. \n Example: keyspace/mykeyspace/table/mytable
.arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5
.replication-group
and the unique identifier is the replication group name.\n Example: replication-group/mycluster
.\n
"
}
},
"ScalableDimension": {
"target": "com.amazonaws.applicationautoscaling#ScalableDimension",
"traits": {
- "smithy.api#documentation": "service
and the unique identifier is the cluster name \n and service name. Example: service/default/sample-webapp
.spot-fleet-request
and the unique identifier is the \n Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.instancegroup
and the unique identifier is the cluster ID and instance group ID.\n Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0
.fleet
and the unique identifier is the fleet name.\n Example: fleet/sample-fleet
.table
and the unique identifier is the table name. \n Example: table/my-table
.index
and the unique identifier is the index name. \n Example: table/my-table/index/my-table-index
.cluster
and the unique identifier is the cluster name.\n Example: cluster:my-db-cluster
.variant
and the unique identifier is the resource ID.\n Example: endpoint/my-end-point/variant/KMeansClustering
.OutputValue
from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information\n is available in our GitHub\n repository.arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE
.arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE
.function
and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST
. \n Example: function:my-function:prod
or function:my-function:1
.table
and the unique identifier is the table name. \n Example: keyspace/mykeyspace/table/mytable
.arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5
.replication-group
and the unique identifier is the replication group name.\n Example: replication-group/mycluster
.cluster
and the unique identifier is the cluster name. Example: cluster:mycluster
.\n
"
+ "smithy.api#documentation": "ecs:service:DesiredCount
- The desired task count of an ECS service.elasticmapreduce:instancegroup:InstanceCount
- The instance count of an EMR Instance Group.ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet request.appstream:fleet:DesiredCapacity
- The desired capacity of an AppStream 2.0 fleet.dynamodb:table:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB table.dynamodb:table:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB table.dynamodb:index:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB global secondary index.dynamodb:index:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB global secondary index.rds:cluster:ReadReplicaCount
- The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an Amazon SageMaker model endpoint variant.custom-resource:ResourceType:Property
- The scalable dimension for a custom resource provided by your own application or service.comprehend:document-classifier-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend document classification endpoint.comprehend:entity-recognizer-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend entity recognizer endpoint.lambda:function:ProvisionedConcurrency
- The provisioned concurrency for a Lambda function.cassandra:table:ReadCapacityUnits
- The provisioned read capacity for an Amazon Keyspaces table.cassandra:table:WriteCapacityUnits
- The provisioned write capacity for an Amazon Keyspaces table.kafka:broker-storage:VolumeSize
- The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.elasticache:replication-group:NodeGroups
- The number of node groups for an Amazon ElastiCache replication group.elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.\n
"
}
},
"MaxResults": {
@@ -597,19 +597,19 @@
"ResourceId": {
"target": "com.amazonaws.applicationautoscaling#ResourceIdMaxLen1600",
"traits": {
- "smithy.api#documentation": "ecs:service:DesiredCount
- The desired task count of an ECS service.elasticmapreduce:instancegroup:InstanceCount
- The instance count of an EMR Instance Group.ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet.appstream:fleet:DesiredCapacity
- The desired capacity of an AppStream 2.0 fleet.dynamodb:table:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB table.dynamodb:table:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB table.dynamodb:index:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB global secondary index.dynamodb:index:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB global secondary index.rds:cluster:ReadReplicaCount
- The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an SageMaker model endpoint variant.custom-resource:ResourceType:Property
- The scalable dimension for a custom resource provided by your own application or service.comprehend:document-classifier-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend document classification endpoint.comprehend:entity-recognizer-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend entity recognizer endpoint.lambda:function:ProvisionedConcurrency
- The provisioned concurrency for a Lambda function.cassandra:table:ReadCapacityUnits
- The provisioned read capacity for an Amazon Keyspaces table.cassandra:table:WriteCapacityUnits
- The provisioned write capacity for an Amazon Keyspaces table.kafka:broker-storage:VolumeSize
- The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.elasticache:replication-group:NodeGroups
- The number of node groups for an Amazon ElastiCache replication group.elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.neptune:cluster:ReadReplicaCount
- The count of read replicas in an Amazon Neptune DB cluster.\n
"
+ "smithy.api#documentation": "service
and the unique identifier is the cluster name \n and service name. Example: service/default/sample-webapp
.spot-fleet-request
and the unique identifier is the \n Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.instancegroup
and the unique identifier is the cluster ID and instance group ID.\n Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0
.fleet
and the unique identifier is the fleet name.\n Example: fleet/sample-fleet
.table
and the unique identifier is the table name. \n Example: table/my-table
.index
and the unique identifier is the index name. \n Example: table/my-table/index/my-table-index
.cluster
and the unique identifier is the cluster name.\n Example: cluster:my-db-cluster
.variant
and the unique identifier is the resource ID.\n Example: endpoint/my-end-point/variant/KMeansClustering
.OutputValue
from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information\n is available in our GitHub\n repository.arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE
.arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE
.function
and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST
. \n Example: function:my-function:prod
or function:my-function:1
.table
and the unique identifier is the table name. \n Example: keyspace/mykeyspace/table/mytable
.arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5
.replication-group
and the unique identifier is the replication group name.\n Example: replication-group/mycluster
.\n
"
}
},
"ScalableDimension": {
"target": "com.amazonaws.applicationautoscaling#ScalableDimension",
"traits": {
- "smithy.api#documentation": "service
and the unique identifier is the cluster name \n and service name. Example: service/default/sample-webapp
.spot-fleet-request
and the unique identifier is the \n Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.instancegroup
and the unique identifier is the cluster ID and instance group ID.\n Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0
.fleet
and the unique identifier is the fleet name.\n Example: fleet/sample-fleet
.table
and the unique identifier is the table name. \n Example: table/my-table
.index
and the unique identifier is the index name. \n Example: table/my-table/index/my-table-index
.cluster
and the unique identifier is the cluster name.\n Example: cluster:my-db-cluster
.variant
and the unique identifier is the resource ID.\n Example: endpoint/my-end-point/variant/KMeansClustering
.OutputValue
from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information\n is available in our GitHub\n repository.arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE
.arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE
.function
and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST
. \n Example: function:my-function:prod
or function:my-function:1
.table
and the unique identifier is the table name. \n Example: keyspace/mykeyspace/table/mytable
.arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5
.replication-group
and the unique identifier is the replication group name.\n Example: replication-group/mycluster
.cluster
and the unique identifier is the cluster name. Example: cluster:mycluster
.\n
"
+ "smithy.api#documentation": "ecs:service:DesiredCount
- The desired task count of an ECS service.elasticmapreduce:instancegroup:InstanceCount
- The instance count of an EMR Instance Group.ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet request.appstream:fleet:DesiredCapacity
- The desired capacity of an AppStream 2.0 fleet.dynamodb:table:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB table.dynamodb:table:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB table.dynamodb:index:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB global secondary index.dynamodb:index:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB global secondary index.rds:cluster:ReadReplicaCount
- The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an Amazon SageMaker model endpoint variant.custom-resource:ResourceType:Property
- The scalable dimension for a custom resource provided by your own application or service.comprehend:document-classifier-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend document classification endpoint.comprehend:entity-recognizer-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend entity recognizer endpoint.lambda:function:ProvisionedConcurrency
- The provisioned concurrency for a Lambda function.cassandra:table:ReadCapacityUnits
- The provisioned read capacity for an Amazon Keyspaces table.cassandra:table:WriteCapacityUnits
- The provisioned write capacity for an Amazon Keyspaces table.kafka:broker-storage:VolumeSize
- The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.elasticache:replication-group:NodeGroups
- The number of node groups for an Amazon ElastiCache replication group.elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.\n
"
}
},
"MaxResults": {
"target": "com.amazonaws.applicationautoscaling#MaxResults",
"traits": {
- "smithy.api#documentation": "ecs:service:DesiredCount
- The desired task count of an ECS service.elasticmapreduce:instancegroup:InstanceCount
- The instance count of an EMR Instance Group.ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet.appstream:fleet:DesiredCapacity
- The desired capacity of an AppStream 2.0 fleet.dynamodb:table:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB table.dynamodb:table:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB table.dynamodb:index:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB global secondary index.dynamodb:index:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB global secondary index.rds:cluster:ReadReplicaCount
- The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an SageMaker model endpoint variant.custom-resource:ResourceType:Property
- The scalable dimension for a custom resource provided by your own application or service.comprehend:document-classifier-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend document classification endpoint.comprehend:entity-recognizer-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend entity recognizer endpoint.lambda:function:ProvisionedConcurrency
- The provisioned concurrency for a Lambda function.cassandra:table:ReadCapacityUnits
- The provisioned read capacity for an Amazon Keyspaces table.cassandra:table:WriteCapacityUnits
- The provisioned write capacity for an Amazon Keyspaces table.kafka:broker-storage:VolumeSize
- The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.elasticache:replication-group:NodeGroups
- The number of node groups for an Amazon ElastiCache replication group.elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.neptune:cluster:ReadReplicaCount
- The count of read replicas in an Amazon Neptune DB cluster.MaxResults
results\n at a time, along with a NextToken
value. To get the next set of results,\n include the NextToken
value in a subsequent call. If this parameter is not\n used, the operation returns up to 50 results and a\n NextToken
value, if applicable.MaxResults
results\n at a time, along with a NextToken
value. To get the next set of results,\n include the NextToken
value in a subsequent call. If this parameter is not\n used, the operation returns up to 10 results and a NextToken
value, if\n applicable.\n
"
+ "smithy.api#documentation": "service
and the unique identifier is the cluster name \n and service name. Example: service/default/sample-webapp
.spot-fleet-request
and the unique identifier is the \n Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.instancegroup
and the unique identifier is the cluster ID and instance group ID.\n Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0
.fleet
and the unique identifier is the fleet name.\n Example: fleet/sample-fleet
.table
and the unique identifier is the table name. \n Example: table/my-table
.index
and the unique identifier is the index name. \n Example: table/my-table/index/my-table-index
.cluster
and the unique identifier is the cluster name.\n Example: cluster:my-db-cluster
.variant
and the unique identifier is the resource ID.\n Example: endpoint/my-end-point/variant/KMeansClustering
.OutputValue
from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information\n is available in our GitHub\n repository.arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE
.arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE
.function
and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST
. \n Example: function:my-function:prod
or function:my-function:1
.table
and the unique identifier is the table name. \n Example: keyspace/mykeyspace/table/mytable
.arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5
.replication-group
and the unique identifier is the replication group name.\n Example: replication-group/mycluster
.\n
"
}
},
"ScalableDimension": {
"target": "com.amazonaws.applicationautoscaling#ScalableDimension",
"traits": {
- "smithy.api#documentation": "service
and the unique identifier is the cluster name \n and service name. Example: service/default/sample-webapp
.spot-fleet-request
and the unique identifier is the \n Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.instancegroup
and the unique identifier is the cluster ID and instance group ID.\n Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0
.fleet
and the unique identifier is the fleet name.\n Example: fleet/sample-fleet
.table
and the unique identifier is the table name. \n Example: table/my-table
.index
and the unique identifier is the index name. \n Example: table/my-table/index/my-table-index
.cluster
and the unique identifier is the cluster name.\n Example: cluster:my-db-cluster
.variant
and the unique identifier is the resource ID.\n Example: endpoint/my-end-point/variant/KMeansClustering
.OutputValue
from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information\n is available in our GitHub\n repository.arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE
.arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE
.function
and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST
. \n Example: function:my-function:prod
or function:my-function:1
.table
and the unique identifier is the table name. \n Example: keyspace/mykeyspace/table/mytable
.arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5
.replication-group
and the unique identifier is the replication group name.\n Example: replication-group/mycluster
.cluster
and the unique identifier is the cluster name. Example: cluster:mycluster
.\n
"
+ "smithy.api#documentation": "ecs:service:DesiredCount
- The desired task count of an ECS service.elasticmapreduce:instancegroup:InstanceCount
- The instance count of an EMR Instance Group.ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet request.appstream:fleet:DesiredCapacity
- The desired capacity of an AppStream 2.0 fleet.dynamodb:table:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB table.dynamodb:table:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB table.dynamodb:index:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB global secondary index.dynamodb:index:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB global secondary index.rds:cluster:ReadReplicaCount
- The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an Amazon SageMaker model endpoint variant.custom-resource:ResourceType:Property
- The scalable dimension for a custom resource provided by your own application or service.comprehend:document-classifier-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend document classification endpoint.comprehend:entity-recognizer-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend entity recognizer endpoint.lambda:function:ProvisionedConcurrency
- The provisioned concurrency for a Lambda function.cassandra:table:ReadCapacityUnits
- The provisioned read capacity for an Amazon Keyspaces table.cassandra:table:WriteCapacityUnits
- The provisioned write capacity for an Amazon Keyspaces table.kafka:broker-storage:VolumeSize
- The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.elasticache:replication-group:NodeGroups
- The number of node groups for an Amazon ElastiCache replication group.elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.\n
"
}
},
"MaxResults": {
@@ -986,6 +986,10 @@
{
"value": "ElastiCacheDatabaseMemoryUsageCountedForEvictPercentage",
"name": "ElastiCacheDatabaseMemoryUsageCountedForEvictPercentage"
+ },
+ {
+ "value": "NeptuneReaderAverageCPUUtilization",
+ "name": "NeptuneReaderAverageCPUUtilization"
}
]
}
@@ -1054,7 +1058,7 @@
"ResourceLabel": {
"target": "com.amazonaws.applicationautoscaling#ResourceLabel",
"traits": {
- "smithy.api#documentation": "ecs:service:DesiredCount
- The desired task count of an ECS service.elasticmapreduce:instancegroup:InstanceCount
- The instance count of an EMR Instance Group.ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet.appstream:fleet:DesiredCapacity
- The desired capacity of an AppStream 2.0 fleet.dynamodb:table:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB table.dynamodb:table:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB table.dynamodb:index:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB global secondary index.dynamodb:index:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB global secondary index.rds:cluster:ReadReplicaCount
- The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an SageMaker model endpoint variant.custom-resource:ResourceType:Property
- The scalable dimension for a custom resource provided by your own application or service.comprehend:document-classifier-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend document classification endpoint.comprehend:entity-recognizer-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend entity recognizer endpoint.lambda:function:ProvisionedConcurrency
- The provisioned concurrency for a Lambda function.cassandra:table:ReadCapacityUnits
- The provisioned read capacity for an Amazon Keyspaces table.cassandra:table:WriteCapacityUnits
- The provisioned write capacity for an Amazon Keyspaces table.kafka:broker-storage:VolumeSize
- The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.elasticache:replication-group:NodeGroups
- The number of node groups for an Amazon ElastiCache replication group.elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.neptune:cluster:ReadReplicaCount
- The count of read replicas in an Amazon Neptune DB cluster.ALBRequestCountPerTarget
and there is a target\n group attached to the Spot Fleet request or ECS service.app/my-alb/778d41231b141a0f/targetgroup/my-alb-target-group/943f017f100becff
.\n
\n ALBRequestCountPerTarget
and there is a target\n group attached to the Spot Fleet request or ECS service.app/my-alb/778d41231b141a0f/targetgroup/my-alb-target-group/943f017f100becff
.\n
\n \n
",
+ "smithy.api#documentation": "service
and the unique identifier is the cluster name \n and service name. Example: service/default/sample-webapp
.spot-fleet-request
and the unique identifier is the \n Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.instancegroup
and the unique identifier is the cluster ID and instance group ID.\n Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0
.fleet
and the unique identifier is the fleet name.\n Example: fleet/sample-fleet
.table
and the unique identifier is the table name. \n Example: table/my-table
.index
and the unique identifier is the index name. \n Example: table/my-table/index/my-table-index
.cluster
and the unique identifier is the cluster name.\n Example: cluster:my-db-cluster
.variant
and the unique identifier is the resource ID.\n Example: endpoint/my-end-point/variant/KMeansClustering
.OutputValue
from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information\n is available in our GitHub\n repository.arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE
.arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE
.function
and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST
. \n Example: function:my-function:prod
or function:my-function:1
.table
and the unique identifier is the table name. \n Example: keyspace/mykeyspace/table/mytable
.arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5
.replication-group
and the unique identifier is the replication group name.\n Example: replication-group/mycluster
.\n
",
"smithy.api#required": {}
}
},
"ScalableDimension": {
"target": "com.amazonaws.applicationautoscaling#ScalableDimension",
"traits": {
- "smithy.api#documentation": "service
and the unique identifier is the cluster name \n and service name. Example: service/default/sample-webapp
.spot-fleet-request
and the unique identifier is the \n Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.instancegroup
and the unique identifier is the cluster ID and instance group ID.\n Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0
.fleet
and the unique identifier is the fleet name.\n Example: fleet/sample-fleet
.table
and the unique identifier is the table name. \n Example: table/my-table
.index
and the unique identifier is the index name. \n Example: table/my-table/index/my-table-index
.cluster
and the unique identifier is the cluster name.\n Example: cluster:my-db-cluster
.variant
and the unique identifier is the resource ID.\n Example: endpoint/my-end-point/variant/KMeansClustering
.OutputValue
from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information\n is available in our GitHub\n repository.arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE
.arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE
.function
and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST
. \n Example: function:my-function:prod
or function:my-function:1
.table
and the unique identifier is the table name. \n Example: keyspace/mykeyspace/table/mytable
.arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5
.replication-group
and the unique identifier is the replication group name.\n Example: replication-group/mycluster
.cluster
and the unique identifier is the cluster name. Example: cluster:mycluster
.\n
",
+ "smithy.api#documentation": "ecs:service:DesiredCount
- The desired task count of an ECS service.elasticmapreduce:instancegroup:InstanceCount
- The instance count of an EMR Instance Group.ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet request.appstream:fleet:DesiredCapacity
- The desired capacity of an AppStream 2.0 fleet.dynamodb:table:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB table.dynamodb:table:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB table.dynamodb:index:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB global secondary index.dynamodb:index:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB global secondary index.rds:cluster:ReadReplicaCount
- The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an Amazon SageMaker model endpoint variant.custom-resource:ResourceType:Property
- The scalable dimension for a custom resource provided by your own application or service.comprehend:document-classifier-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend document classification endpoint.comprehend:entity-recognizer-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend entity recognizer endpoint.lambda:function:ProvisionedConcurrency
- The provisioned concurrency for a Lambda function.cassandra:table:ReadCapacityUnits
- The provisioned read capacity for an Amazon Keyspaces table.cassandra:table:WriteCapacityUnits
- The provisioned write capacity for an Amazon Keyspaces table.kafka:broker-storage:VolumeSize
- The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.elasticache:replication-group:NodeGroups
- The number of node groups for an Amazon ElastiCache replication group.elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.\n
",
"smithy.api#required": {}
}
},
"PolicyType": {
"target": "com.amazonaws.applicationautoscaling#PolicyType",
"traits": {
- "smithy.api#documentation": "ecs:service:DesiredCount
- The desired task count of an ECS service.elasticmapreduce:instancegroup:InstanceCount
- The instance count of an EMR Instance Group.ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet.appstream:fleet:DesiredCapacity
- The desired capacity of an AppStream 2.0 fleet.dynamodb:table:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB table.dynamodb:table:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB table.dynamodb:index:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB global secondary index.dynamodb:index:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB global secondary index.rds:cluster:ReadReplicaCount
- The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an SageMaker model endpoint variant.custom-resource:ResourceType:Property
- The scalable dimension for a custom resource provided by your own application or service.comprehend:document-classifier-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend document classification endpoint.comprehend:entity-recognizer-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend entity recognizer endpoint.lambda:function:ProvisionedConcurrency
- The provisioned concurrency for a Lambda function.cassandra:table:ReadCapacityUnits
- The provisioned read capacity for an Amazon Keyspaces table.cassandra:table:WriteCapacityUnits
- The provisioned write capacity for an Amazon Keyspaces table.kafka:broker-storage:VolumeSize
- The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.elasticache:replication-group:NodeGroups
- The number of node groups for an Amazon ElastiCache replication group.elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.neptune:cluster:ReadReplicaCount
- The count of read replicas in an Amazon Neptune DB cluster.TargetTrackingScaling
—Not supported for Amazon EMRStepScaling
—Not supported for DynamoDB, Amazon Comprehend, Lambda, Amazon Keyspaces (for Apache\n Cassandra), Amazon MSK, or Amazon ElastiCache for Redis.TargetTrackingScaling
—Not supported for Amazon EMRStepScaling
—Not supported for DynamoDB, Amazon Comprehend, Lambda, Amazon Keyspaces, Amazon MSK, Amazon ElastiCache, or\n Neptune.\n
",
+ "smithy.api#documentation": "service
and the unique identifier is the cluster name \n and service name. Example: service/default/sample-webapp
.spot-fleet-request
and the unique identifier is the \n Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.instancegroup
and the unique identifier is the cluster ID and instance group ID.\n Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0
.fleet
and the unique identifier is the fleet name.\n Example: fleet/sample-fleet
.table
and the unique identifier is the table name. \n Example: table/my-table
.index
and the unique identifier is the index name. \n Example: table/my-table/index/my-table-index
.cluster
and the unique identifier is the cluster name.\n Example: cluster:my-db-cluster
.variant
and the unique identifier is the resource ID.\n Example: endpoint/my-end-point/variant/KMeansClustering
.OutputValue
from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information\n is available in our GitHub\n repository.arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE
.arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE
.function
and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST
. \n Example: function:my-function:prod
or function:my-function:1
.table
and the unique identifier is the table name. \n Example: keyspace/mykeyspace/table/mytable
.arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5
.replication-group
and the unique identifier is the replication group name.\n Example: replication-group/mycluster
.\n
",
"smithy.api#required": {}
}
},
"ScalableDimension": {
"target": "com.amazonaws.applicationautoscaling#ScalableDimension",
"traits": {
- "smithy.api#documentation": "service
and the unique identifier is the cluster name \n and service name. Example: service/default/sample-webapp
.spot-fleet-request
and the unique identifier is the \n Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.instancegroup
and the unique identifier is the cluster ID and instance group ID.\n Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0
.fleet
and the unique identifier is the fleet name.\n Example: fleet/sample-fleet
.table
and the unique identifier is the table name. \n Example: table/my-table
.index
and the unique identifier is the index name. \n Example: table/my-table/index/my-table-index
.cluster
and the unique identifier is the cluster name.\n Example: cluster:my-db-cluster
.variant
and the unique identifier is the resource ID.\n Example: endpoint/my-end-point/variant/KMeansClustering
.OutputValue
from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information\n is available in our GitHub\n repository.arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE
.arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE
.function
and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST
. \n Example: function:my-function:prod
or function:my-function:1
.table
and the unique identifier is the table name. \n Example: keyspace/mykeyspace/table/mytable
.arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5
.replication-group
and the unique identifier is the replication group name.\n Example: replication-group/mycluster
.cluster
and the unique identifier is the cluster name. Example: cluster:mycluster
.\n
",
+ "smithy.api#documentation": "ecs:service:DesiredCount
- The desired task count of an ECS service.elasticmapreduce:instancegroup:InstanceCount
- The instance count of an EMR Instance Group.ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet request.appstream:fleet:DesiredCapacity
- The desired capacity of an AppStream 2.0 fleet.dynamodb:table:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB table.dynamodb:table:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB table.dynamodb:index:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB global secondary index.dynamodb:index:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB global secondary index.rds:cluster:ReadReplicaCount
- The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an Amazon SageMaker model endpoint variant.custom-resource:ResourceType:Property
- The scalable dimension for a custom resource provided by your own application or service.comprehend:document-classifier-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend document classification endpoint.comprehend:entity-recognizer-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend entity recognizer endpoint.lambda:function:ProvisionedConcurrency
- The provisioned concurrency for a Lambda function.cassandra:table:ReadCapacityUnits
- The provisioned read capacity for an Amazon Keyspaces table.cassandra:table:WriteCapacityUnits
- The provisioned write capacity for an Amazon Keyspaces table.kafka:broker-storage:VolumeSize
- The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.elasticache:replication-group:NodeGroups
- The number of node groups for an Amazon ElastiCache replication group.elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.\n
",
"smithy.api#required": {}
}
},
@@ -1282,7 +1286,7 @@
}
],
"traits": {
- "smithy.api#documentation": "ecs:service:DesiredCount
- The desired task count of an ECS service.elasticmapreduce:instancegroup:InstanceCount
- The instance count of an EMR Instance Group.ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet.appstream:fleet:DesiredCapacity
- The desired capacity of an AppStream 2.0 fleet.dynamodb:table:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB table.dynamodb:table:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB table.dynamodb:index:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB global secondary index.dynamodb:index:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB global secondary index.rds:cluster:ReadReplicaCount
- The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an SageMaker model endpoint variant.custom-resource:ResourceType:Property
- The scalable dimension for a custom resource provided by your own application or service.comprehend:document-classifier-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend document classification endpoint.comprehend:entity-recognizer-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend entity recognizer endpoint.lambda:function:ProvisionedConcurrency
- The provisioned concurrency for a Lambda function.cassandra:table:ReadCapacityUnits
- The provisioned read capacity for an Amazon Keyspaces table.cassandra:table:WriteCapacityUnits
- The provisioned write capacity for an Amazon Keyspaces table.kafka:broker-storage:VolumeSize
- The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.elasticache:replication-group:NodeGroups
- The number of node groups for an Amazon ElastiCache replication group.elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.neptune:cluster:ReadReplicaCount
- The count of read replicas in an Amazon Neptune DB cluster.RegisterScalableTarget
API to update an existing\n scalable target, Application Auto Scaling retrieves the current capacity of the resource. If it is below\n the minimum capacity or above the maximum capacity, Application Auto Scaling adjusts the capacity of the\n scalable target to place it within these bounds, even if you don't include the\n MinCapacity
or MaxCapacity
request parameters.\n
",
+ "smithy.api#documentation": "service
and the unique identifier is the cluster name \n and service name. Example: service/default/sample-webapp
.spot-fleet-request
and the unique identifier is the \n Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.instancegroup
and the unique identifier is the cluster ID and instance group ID.\n Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0
.fleet
and the unique identifier is the fleet name.\n Example: fleet/sample-fleet
.table
and the unique identifier is the table name. \n Example: table/my-table
.index
and the unique identifier is the index name. \n Example: table/my-table/index/my-table-index
.cluster
and the unique identifier is the cluster name.\n Example: cluster:my-db-cluster
.variant
and the unique identifier is the resource ID.\n Example: endpoint/my-end-point/variant/KMeansClustering
.OutputValue
from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information\n is available in our GitHub\n repository.arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE
.arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE
.function
and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST
. \n Example: function:my-function:prod
or function:my-function:1
.table
and the unique identifier is the table name. \n Example: keyspace/mykeyspace/table/mytable
.arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5
.replication-group
and the unique identifier is the replication group name.\n Example: replication-group/mycluster
.\n
",
"smithy.api#required": {}
}
},
"ScalableDimension": {
"target": "com.amazonaws.applicationautoscaling#ScalableDimension",
"traits": {
- "smithy.api#documentation": "service
and the unique identifier is the cluster name \n and service name. Example: service/default/sample-webapp
.spot-fleet-request
and the unique identifier is the \n Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.instancegroup
and the unique identifier is the cluster ID and instance group ID.\n Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0
.fleet
and the unique identifier is the fleet name.\n Example: fleet/sample-fleet
.table
and the unique identifier is the table name. \n Example: table/my-table
.index
and the unique identifier is the index name. \n Example: table/my-table/index/my-table-index
.cluster
and the unique identifier is the cluster name.\n Example: cluster:my-db-cluster
.variant
and the unique identifier is the resource ID.\n Example: endpoint/my-end-point/variant/KMeansClustering
.OutputValue
from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information\n is available in our GitHub\n repository.arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE
.arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE
.function
and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST
. \n Example: function:my-function:prod
or function:my-function:1
.table
and the unique identifier is the table name. \n Example: keyspace/mykeyspace/table/mytable
.arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5
.replication-group
and the unique identifier is the replication group name.\n Example: replication-group/mycluster
.cluster
and the unique identifier is the cluster name. Example: cluster:mycluster
.\n
",
+ "smithy.api#documentation": "ecs:service:DesiredCount
- The desired task count of an ECS service.elasticmapreduce:instancegroup:InstanceCount
- The instance count of an EMR Instance Group.ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet request.appstream:fleet:DesiredCapacity
- The desired capacity of an AppStream 2.0 fleet.dynamodb:table:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB table.dynamodb:table:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB table.dynamodb:index:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB global secondary index.dynamodb:index:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB global secondary index.rds:cluster:ReadReplicaCount
- The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an Amazon SageMaker model endpoint variant.custom-resource:ResourceType:Property
- The scalable dimension for a custom resource provided by your own application or service.comprehend:document-classifier-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend document classification endpoint.comprehend:entity-recognizer-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend entity recognizer endpoint.lambda:function:ProvisionedConcurrency
- The provisioned concurrency for a Lambda function.cassandra:table:ReadCapacityUnits
- The provisioned read capacity for an Amazon Keyspaces table.cassandra:table:WriteCapacityUnits
- The provisioned write capacity for an Amazon Keyspaces table.kafka:broker-storage:VolumeSize
- The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.elasticache:replication-group:NodeGroups
- The number of node groups for an Amazon ElastiCache replication group.elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.\n
",
"smithy.api#required": {}
}
},
@@ -1461,6 +1465,10 @@
{
"value": "elasticache:replication-group:Replicas",
"name": "ElastiCacheReplicationGroupReplicas"
+ },
+ {
+ "value": "neptune:cluster:ReadReplicaCount",
+ "name": "NeptuneClusterReadReplicaCount"
}
]
}
@@ -1478,14 +1486,14 @@
"ResourceId": {
"target": "com.amazonaws.applicationautoscaling#ResourceIdMaxLen1600",
"traits": {
- "smithy.api#documentation": "ecs:service:DesiredCount
- The desired task count of an ECS service.elasticmapreduce:instancegroup:InstanceCount
- The instance count of an EMR Instance Group.ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet.appstream:fleet:DesiredCapacity
- The desired capacity of an AppStream 2.0 fleet.dynamodb:table:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB table.dynamodb:table:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB table.dynamodb:index:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB global secondary index.dynamodb:index:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB global secondary index.rds:cluster:ReadReplicaCount
- The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an SageMaker model endpoint variant.custom-resource:ResourceType:Property
- The scalable dimension for a custom resource provided by your own application or service.comprehend:document-classifier-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend document classification endpoint.comprehend:entity-recognizer-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend entity recognizer endpoint.lambda:function:ProvisionedConcurrency
- The provisioned concurrency for a Lambda function.cassandra:table:ReadCapacityUnits
- The provisioned read capacity for an Amazon Keyspaces table.cassandra:table:WriteCapacityUnits
- The provisioned write capacity for an Amazon Keyspaces table.kafka:broker-storage:VolumeSize
- The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.elasticache:replication-group:NodeGroups
- The number of node groups for an Amazon ElastiCache replication group.elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.neptune:cluster:ReadReplicaCount
- The count of read replicas in an Amazon Neptune DB cluster.\n
",
+ "smithy.api#documentation": "service
and the unique identifier is the cluster name \n and service name. Example: service/default/sample-webapp
.spot-fleet-request
and the unique identifier is the \n Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.instancegroup
and the unique identifier is the cluster ID and instance group ID.\n Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0
.fleet
and the unique identifier is the fleet name.\n Example: fleet/sample-fleet
.table
and the unique identifier is the table name. \n Example: table/my-table
.index
and the unique identifier is the index name. \n Example: table/my-table/index/my-table-index
.cluster
and the unique identifier is the cluster name.\n Example: cluster:my-db-cluster
.variant
and the unique identifier is the resource ID.\n Example: endpoint/my-end-point/variant/KMeansClustering
.OutputValue
from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information\n is available in our GitHub\n repository.arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE
.arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE
.function
and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST
. \n Example: function:my-function:prod
or function:my-function:1
.table
and the unique identifier is the table name. \n Example: keyspace/mykeyspace/table/mytable
.arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5
.replication-group
and the unique identifier is the replication group name.\n Example: replication-group/mycluster
.\n
",
"smithy.api#required": {}
}
},
"ScalableDimension": {
"target": "com.amazonaws.applicationautoscaling#ScalableDimension",
"traits": {
- "smithy.api#documentation": "service
and the unique identifier is the cluster name \n and service name. Example: service/default/sample-webapp
.spot-fleet-request
and the unique identifier is the \n Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.instancegroup
and the unique identifier is the cluster ID and instance group ID.\n Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0
.fleet
and the unique identifier is the fleet name.\n Example: fleet/sample-fleet
.table
and the unique identifier is the table name. \n Example: table/my-table
.index
and the unique identifier is the index name. \n Example: table/my-table/index/my-table-index
.cluster
and the unique identifier is the cluster name.\n Example: cluster:my-db-cluster
.variant
and the unique identifier is the resource ID.\n Example: endpoint/my-end-point/variant/KMeansClustering
.OutputValue
from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information\n is available in our GitHub\n repository.arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE
.arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE
.function
and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST
. \n Example: function:my-function:prod
or function:my-function:1
.table
and the unique identifier is the table name. \n Example: keyspace/mykeyspace/table/mytable
.arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5
.replication-group
and the unique identifier is the replication group name.\n Example: replication-group/mycluster
.cluster
and the unique identifier is the cluster name. Example: cluster:mycluster
.\n
",
+ "smithy.api#documentation": "ecs:service:DesiredCount
- The desired task count of an ECS service.elasticmapreduce:instancegroup:InstanceCount
- The instance count of an EMR Instance Group.ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet request.appstream:fleet:DesiredCapacity
- The desired capacity of an AppStream 2.0 fleet.dynamodb:table:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB table.dynamodb:table:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB table.dynamodb:index:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB global secondary index.dynamodb:index:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB global secondary index.rds:cluster:ReadReplicaCount
- The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an Amazon SageMaker model endpoint variant.custom-resource:ResourceType:Property
- The scalable dimension for a custom resource provided by your own application or service.comprehend:document-classifier-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend document classification endpoint.comprehend:entity-recognizer-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend entity recognizer endpoint.lambda:function:ProvisionedConcurrency
- The provisioned concurrency for a Lambda function.cassandra:table:ReadCapacityUnits
- The provisioned read capacity for an Amazon Keyspaces table.cassandra:table:WriteCapacityUnits
- The provisioned write capacity for an Amazon Keyspaces table.kafka:broker-storage:VolumeSize
- The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.elasticache:replication-group:NodeGroups
- The number of node groups for an Amazon ElastiCache replication group.elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.\n
",
"smithy.api#required": {}
}
},
@@ -1577,14 +1585,14 @@
"ResourceId": {
"target": "com.amazonaws.applicationautoscaling#ResourceIdMaxLen1600",
"traits": {
- "smithy.api#documentation": "ecs:service:DesiredCount
- The desired task count of an ECS service.elasticmapreduce:instancegroup:InstanceCount
- The instance count of an EMR Instance Group.ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet.appstream:fleet:DesiredCapacity
- The desired capacity of an AppStream 2.0 fleet.dynamodb:table:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB table.dynamodb:table:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB table.dynamodb:index:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB global secondary index.dynamodb:index:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB global secondary index.rds:cluster:ReadReplicaCount
- The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an SageMaker model endpoint variant.custom-resource:ResourceType:Property
- The scalable dimension for a custom resource provided by your own application or service.comprehend:document-classifier-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend document classification endpoint.comprehend:entity-recognizer-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend entity recognizer endpoint.lambda:function:ProvisionedConcurrency
- The provisioned concurrency for a Lambda function.cassandra:table:ReadCapacityUnits
- The provisioned read capacity for an Amazon Keyspaces table.cassandra:table:WriteCapacityUnits
- The provisioned write capacity for an Amazon Keyspaces table.kafka:broker-storage:VolumeSize
- The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.elasticache:replication-group:NodeGroups
- The number of node groups for an Amazon ElastiCache replication group.elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.neptune:cluster:ReadReplicaCount
- The count of read replicas in an Amazon Neptune DB cluster.\n
",
+ "smithy.api#documentation": "service
and the unique identifier is the cluster name \n and service name. Example: service/default/sample-webapp
.spot-fleet-request
and the unique identifier is the \n Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.instancegroup
and the unique identifier is the cluster ID and instance group ID.\n Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0
.fleet
and the unique identifier is the fleet name.\n Example: fleet/sample-fleet
.table
and the unique identifier is the table name. \n Example: table/my-table
.index
and the unique identifier is the index name. \n Example: table/my-table/index/my-table-index
.cluster
and the unique identifier is the cluster name.\n Example: cluster:my-db-cluster
.variant
and the unique identifier is the resource ID.\n Example: endpoint/my-end-point/variant/KMeansClustering
.OutputValue
from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information\n is available in our GitHub\n repository.arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE
.arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE
.function
and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST
. \n Example: function:my-function:prod
or function:my-function:1
.table
and the unique identifier is the table name. \n Example: keyspace/mykeyspace/table/mytable
.arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5
.replication-group
and the unique identifier is the replication group name.\n Example: replication-group/mycluster
.\n
",
"smithy.api#required": {}
}
},
"ScalableDimension": {
"target": "com.amazonaws.applicationautoscaling#ScalableDimension",
"traits": {
- "smithy.api#documentation": "service
and the unique identifier is the cluster name \n and service name. Example: service/default/sample-webapp
.spot-fleet-request
and the unique identifier is the \n Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.instancegroup
and the unique identifier is the cluster ID and instance group ID.\n Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0
.fleet
and the unique identifier is the fleet name.\n Example: fleet/sample-fleet
.table
and the unique identifier is the table name. \n Example: table/my-table
.index
and the unique identifier is the index name. \n Example: table/my-table/index/my-table-index
.cluster
and the unique identifier is the cluster name.\n Example: cluster:my-db-cluster
.variant
and the unique identifier is the resource ID.\n Example: endpoint/my-end-point/variant/KMeansClustering
.OutputValue
from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information\n is available in our GitHub\n repository.arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE
.arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE
.function
and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST
. \n Example: function:my-function:prod
or function:my-function:1
.table
and the unique identifier is the table name. \n Example: keyspace/mykeyspace/table/mytable
.arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5
.replication-group
and the unique identifier is the replication group name.\n Example: replication-group/mycluster
.cluster
and the unique identifier is the cluster name. Example: cluster:mycluster
.\n
",
+ "smithy.api#documentation": "ecs:service:DesiredCount
- The desired task count of an ECS service.elasticmapreduce:instancegroup:InstanceCount
- The instance count of an EMR Instance Group.ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet request.appstream:fleet:DesiredCapacity
- The desired capacity of an AppStream 2.0 fleet.dynamodb:table:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB table.dynamodb:table:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB table.dynamodb:index:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB global secondary index.dynamodb:index:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB global secondary index.rds:cluster:ReadReplicaCount
- The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an Amazon SageMaker model endpoint variant.custom-resource:ResourceType:Property
- The scalable dimension for a custom resource provided by your own application or service.comprehend:document-classifier-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend document classification endpoint.comprehend:entity-recognizer-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend entity recognizer endpoint.lambda:function:ProvisionedConcurrency
- The provisioned concurrency for a Lambda function.cassandra:table:ReadCapacityUnits
- The provisioned read capacity for an Amazon Keyspaces table.cassandra:table:WriteCapacityUnits
- The provisioned write capacity for an Amazon Keyspaces table.kafka:broker-storage:VolumeSize
- The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.elasticache:replication-group:NodeGroups
- The number of node groups for an Amazon ElastiCache replication group.elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.\n
",
"smithy.api#required": {}
}
},
@@ -1709,14 +1717,14 @@
"ResourceId": {
"target": "com.amazonaws.applicationautoscaling#ResourceIdMaxLen1600",
"traits": {
- "smithy.api#documentation": "ecs:service:DesiredCount
- The desired task count of an ECS service.elasticmapreduce:instancegroup:InstanceCount
- The instance count of an EMR Instance Group.ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet.appstream:fleet:DesiredCapacity
- The desired capacity of an AppStream 2.0 fleet.dynamodb:table:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB table.dynamodb:table:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB table.dynamodb:index:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB global secondary index.dynamodb:index:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB global secondary index.rds:cluster:ReadReplicaCount
- The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an SageMaker model endpoint variant.custom-resource:ResourceType:Property
- The scalable dimension for a custom resource provided by your own application or service.comprehend:document-classifier-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend document classification endpoint.comprehend:entity-recognizer-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend entity recognizer endpoint.lambda:function:ProvisionedConcurrency
- The provisioned concurrency for a Lambda function.cassandra:table:ReadCapacityUnits
- The provisioned read capacity for an Amazon Keyspaces table.cassandra:table:WriteCapacityUnits
- The provisioned write capacity for an Amazon Keyspaces table.kafka:broker-storage:VolumeSize
- The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.elasticache:replication-group:NodeGroups
- The number of node groups for an Amazon ElastiCache replication group.elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.neptune:cluster:ReadReplicaCount
- The count of read replicas in an Amazon Neptune DB cluster.\n
",
+ "smithy.api#documentation": "service
and the unique identifier is the cluster name \n and service name. Example: service/default/sample-webapp
.spot-fleet-request
and the unique identifier is the \n Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.instancegroup
and the unique identifier is the cluster ID and instance group ID.\n Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0
.fleet
and the unique identifier is the fleet name.\n Example: fleet/sample-fleet
.table
and the unique identifier is the table name. \n Example: table/my-table
.index
and the unique identifier is the index name. \n Example: table/my-table/index/my-table-index
.cluster
and the unique identifier is the cluster name.\n Example: cluster:my-db-cluster
.variant
and the unique identifier is the resource ID.\n Example: endpoint/my-end-point/variant/KMeansClustering
.OutputValue
from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information\n is available in our GitHub\n repository.arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE
.arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE
.function
and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST
. \n Example: function:my-function:prod
or function:my-function:1
.table
and the unique identifier is the table name. \n Example: keyspace/mykeyspace/table/mytable
.arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5
.replication-group
and the unique identifier is the replication group name.\n Example: replication-group/mycluster
.\n
",
"smithy.api#required": {}
}
},
"ScalableDimension": {
"target": "com.amazonaws.applicationautoscaling#ScalableDimension",
"traits": {
- "smithy.api#documentation": "service
and the unique identifier is the cluster name \n and service name. Example: service/default/sample-webapp
.spot-fleet-request
and the unique identifier is the \n Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.instancegroup
and the unique identifier is the cluster ID and instance group ID.\n Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0
.fleet
and the unique identifier is the fleet name.\n Example: fleet/sample-fleet
.table
and the unique identifier is the table name. \n Example: table/my-table
.index
and the unique identifier is the index name. \n Example: table/my-table/index/my-table-index
.cluster
and the unique identifier is the cluster name.\n Example: cluster:my-db-cluster
.variant
and the unique identifier is the resource ID.\n Example: endpoint/my-end-point/variant/KMeansClustering
.OutputValue
from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information\n is available in our GitHub\n repository.arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE
.arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE
.function
and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST
. \n Example: function:my-function:prod
or function:my-function:1
.table
and the unique identifier is the table name. \n Example: keyspace/mykeyspace/table/mytable
.arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5
.replication-group
and the unique identifier is the replication group name.\n Example: replication-group/mycluster
.cluster
and the unique identifier is the cluster name. Example: cluster:mycluster
.\n
",
+ "smithy.api#documentation": "ecs:service:DesiredCount
- The desired task count of an ECS service.elasticmapreduce:instancegroup:InstanceCount
- The instance count of an EMR Instance Group.ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet request.appstream:fleet:DesiredCapacity
- The desired capacity of an AppStream 2.0 fleet.dynamodb:table:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB table.dynamodb:table:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB table.dynamodb:index:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB global secondary index.dynamodb:index:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB global secondary index.rds:cluster:ReadReplicaCount
- The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an Amazon SageMaker model endpoint variant.custom-resource:ResourceType:Property
- The scalable dimension for a custom resource provided by your own application or service.comprehend:document-classifier-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend document classification endpoint.comprehend:entity-recognizer-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend entity recognizer endpoint.lambda:function:ProvisionedConcurrency
- The provisioned concurrency for a Lambda function.cassandra:table:ReadCapacityUnits
- The provisioned read capacity for an Amazon Keyspaces table.cassandra:table:WriteCapacityUnits
- The provisioned write capacity for an Amazon Keyspaces table.kafka:broker-storage:VolumeSize
- The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.elasticache:replication-group:NodeGroups
- The number of node groups for an Amazon ElastiCache replication group.elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.\n
",
"smithy.api#required": {}
}
},
@@ -1803,14 +1811,14 @@
"ResourceId": {
"target": "com.amazonaws.applicationautoscaling#ResourceIdMaxLen1600",
"traits": {
- "smithy.api#documentation": "ecs:service:DesiredCount
- The desired task count of an ECS service.elasticmapreduce:instancegroup:InstanceCount
- The instance count of an EMR Instance Group.ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet.appstream:fleet:DesiredCapacity
- The desired capacity of an AppStream 2.0 fleet.dynamodb:table:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB table.dynamodb:table:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB table.dynamodb:index:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB global secondary index.dynamodb:index:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB global secondary index.rds:cluster:ReadReplicaCount
- The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an SageMaker model endpoint variant.custom-resource:ResourceType:Property
- The scalable dimension for a custom resource provided by your own application or service.comprehend:document-classifier-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend document classification endpoint.comprehend:entity-recognizer-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend entity recognizer endpoint.lambda:function:ProvisionedConcurrency
- The provisioned concurrency for a Lambda function.cassandra:table:ReadCapacityUnits
- The provisioned read capacity for an Amazon Keyspaces table.cassandra:table:WriteCapacityUnits
- The provisioned write capacity for an Amazon Keyspaces table.kafka:broker-storage:VolumeSize
- The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.elasticache:replication-group:NodeGroups
- The number of node groups for an Amazon ElastiCache replication group.elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.neptune:cluster:ReadReplicaCount
- The count of read replicas in an Amazon Neptune DB cluster.\n
",
+ "smithy.api#documentation": "service
and the unique identifier is the cluster name \n and service name. Example: service/default/sample-webapp
.spot-fleet-request
and the unique identifier is the \n Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.instancegroup
and the unique identifier is the cluster ID and instance group ID.\n Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0
.fleet
and the unique identifier is the fleet name.\n Example: fleet/sample-fleet
.table
and the unique identifier is the table name. \n Example: table/my-table
.index
and the unique identifier is the index name. \n Example: table/my-table/index/my-table-index
.cluster
and the unique identifier is the cluster name.\n Example: cluster:my-db-cluster
.variant
and the unique identifier is the resource ID.\n Example: endpoint/my-end-point/variant/KMeansClustering
.OutputValue
from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information\n is available in our GitHub\n repository.arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE
.arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE
.function
and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST
. \n Example: function:my-function:prod
or function:my-function:1
.table
and the unique identifier is the table name. \n Example: keyspace/mykeyspace/table/mytable
.arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5
.replication-group
and the unique identifier is the replication group name.\n Example: replication-group/mycluster
.\n
",
"smithy.api#required": {}
}
},
"ScalableDimension": {
"target": "com.amazonaws.applicationautoscaling#ScalableDimension",
"traits": {
- "smithy.api#documentation": "service
and the unique identifier is the cluster name \n and service name. Example: service/default/sample-webapp
.spot-fleet-request
and the unique identifier is the \n Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE
.instancegroup
and the unique identifier is the cluster ID and instance group ID.\n Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0
.fleet
and the unique identifier is the fleet name.\n Example: fleet/sample-fleet
.table
and the unique identifier is the table name. \n Example: table/my-table
.index
and the unique identifier is the index name. \n Example: table/my-table/index/my-table-index
.cluster
and the unique identifier is the cluster name.\n Example: cluster:my-db-cluster
.variant
and the unique identifier is the resource ID.\n Example: endpoint/my-end-point/variant/KMeansClustering
.OutputValue
from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information\n is available in our GitHub\n repository.arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE
.arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE
.function
and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST
. \n Example: function:my-function:prod
or function:my-function:1
.table
and the unique identifier is the table name. \n Example: keyspace/mykeyspace/table/mytable
.arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5
.replication-group
and the unique identifier is the replication group name.\n Example: replication-group/mycluster
.cluster
and the unique identifier is the cluster name. Example: cluster:mycluster
.\n
"
+ "smithy.api#documentation": "ecs:service:DesiredCount
- The desired task count of an ECS service.elasticmapreduce:instancegroup:InstanceCount
- The instance count of an EMR Instance Group.ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet request.appstream:fleet:DesiredCapacity
- The desired capacity of an AppStream 2.0 fleet.dynamodb:table:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB table.dynamodb:table:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB table.dynamodb:index:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB global secondary index.dynamodb:index:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB global secondary index.rds:cluster:ReadReplicaCount
- The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an Amazon SageMaker model endpoint variant.custom-resource:ResourceType:Property
- The scalable dimension for a custom resource provided by your own application or service.comprehend:document-classifier-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend document classification endpoint.comprehend:entity-recognizer-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend entity recognizer endpoint.lambda:function:ProvisionedConcurrency
- The provisioned concurrency for a Lambda function.cassandra:table:ReadCapacityUnits
- The provisioned read capacity for an Amazon Keyspaces table.cassandra:table:WriteCapacityUnits
- The provisioned write capacity for an Amazon Keyspaces table.kafka:broker-storage:VolumeSize
- The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.elasticache:replication-group:NodeGroups
- The number of node groups for an Amazon ElastiCache replication group.elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.\n
"
}
},
"StartTime": {
@@ -1914,6 +1922,10 @@
{
"value": "elasticache",
"name": "ELASTICACHE"
+ },
+ {
+ "value": "neptune",
+ "name": "NEPTUNE"
}
]
}
@@ -1975,7 +1987,7 @@
"Cooldown": {
"target": "com.amazonaws.applicationautoscaling#Cooldown",
"traits": {
- "smithy.api#documentation": "ecs:service:DesiredCount
- The desired task count of an ECS service.elasticmapreduce:instancegroup:InstanceCount
- The instance count of an EMR Instance Group.ec2:spot-fleet-request:TargetCapacity
- The target capacity of a Spot Fleet.appstream:fleet:DesiredCapacity
- The desired capacity of an AppStream 2.0 fleet.dynamodb:table:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB table.dynamodb:table:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB table.dynamodb:index:ReadCapacityUnits
- The provisioned read capacity for a DynamoDB global secondary index.dynamodb:index:WriteCapacityUnits
- The provisioned write capacity for a DynamoDB global secondary index.rds:cluster:ReadReplicaCount
- The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.sagemaker:variant:DesiredInstanceCount
- The number of EC2 instances for an SageMaker model endpoint variant.custom-resource:ResourceType:Property
- The scalable dimension for a custom resource provided by your own application or service.comprehend:document-classifier-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend document classification endpoint.comprehend:entity-recognizer-endpoint:DesiredInferenceUnits
- The number of inference units for an Amazon Comprehend entity recognizer endpoint.lambda:function:ProvisionedConcurrency
- The provisioned concurrency for a Lambda function.cassandra:table:ReadCapacityUnits
- The provisioned read capacity for an Amazon Keyspaces table.cassandra:table:WriteCapacityUnits
- The provisioned write capacity for an Amazon Keyspaces table.kafka:broker-storage:VolumeSize
- The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.elasticache:replication-group:NodeGroups
- The number of node groups for an Amazon ElastiCache replication group.elasticache:replication-group:Replicas
- The number of replicas per node group for an Amazon ElastiCache replication group.neptune:cluster:ReadReplicaCount
- The count of read replicas in an Amazon Neptune DB cluster.\n
\n \n
"
+ "smithy.api#documentation": "\n
\n \n
"
}
},
"MetricAggregationType": {
@@ -2040,13 +2052,13 @@
"ScaleOutCooldown": {
"target": "com.amazonaws.applicationautoscaling#Cooldown",
"traits": {
- "smithy.api#documentation": "\n
\n \n
"
+ "smithy.api#documentation": "\n
\n \n
"
}
},
"ScaleInCooldown": {
"target": "com.amazonaws.applicationautoscaling#Cooldown",
"traits": {
- "smithy.api#documentation": "\n
\n \n
"
+ "smithy.api#documentation": "\n
\n \n
"
}
},
"DisableScaleIn": {
diff --git a/codegen/sdk-codegen/aws-models/backup.2018-11-15.json b/codegen/sdk-codegen/aws-models/backup.2018-11-15.json
index c6c512628f53..bd5b2f6d5632 100644
--- a/codegen/sdk-codegen/aws-models/backup.2018-11-15.json
+++ b/codegen/sdk-codegen/aws-models/backup.2018-11-15.json
@@ -350,7 +350,7 @@
}
},
"traits": {
- "smithy.api#documentation": "BackupRule
\n objects, each of which specifies a backup rule. Each rule in a backup plan is a separate\n scheduled task and can back up a different selection of Amazon Web Services resources.\n BackupRule
\n objects, each of which specifies a backup rule. Each rule in a backup plan is a separate\n scheduled task. true
, Vault Lock prevents delete and update\n operations on the recovery points in the selected vault.BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT
\n RESOURCE_COMPLIANCE_REPORT | CONTROL_COMPLIANCE_REPORT | BACKUP_JOB_REPORT |\n COPY_JOB_REPORT | RESTORE_JOB_REPORT
\n RESOURCE_COMPLIANCE_REPORT
or\n CONTROL_COMPLIANCE_REPORT
, this API resource also describes the report\n coverage by Amazon Web Services Regions and frameworks.CreationTime
is accurate to milliseconds. For\n example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087\n AM.InvalidRequestException
if you attempt\n to do so. For more information, see Vault Lock in the\n Backup Developer Guide.True
means that Vault Lock causes delete or update\n operations on the recovery points stored in the vault to fail.\n
"
+ "smithy.api#documentation": "DynamoDB
for Amazon DynamoDBEBS
for Amazon Elastic Block StoreEC2
for Amazon Elastic Compute CloudEFS
for Amazon Elastic File SystemRDS
for Amazon Relational Database ServiceAurora
for Amazon AuroraStorage Gateway
for Storage Gateway\n
"
}
}
}
@@ -5597,6 +5708,69 @@
}
}
},
+ "com.amazonaws.backup#PutBackupVaultLockConfiguration": {
+ "type": "operation",
+ "input": {
+ "target": "com.amazonaws.backup#PutBackupVaultLockConfigurationInput"
+ },
+ "errors": [
+ {
+ "target": "com.amazonaws.backup#InvalidParameterValueException"
+ },
+ {
+ "target": "com.amazonaws.backup#InvalidRequestException"
+ },
+ {
+ "target": "com.amazonaws.backup#MissingParameterValueException"
+ },
+ {
+ "target": "com.amazonaws.backup#ResourceNotFoundException"
+ },
+ {
+ "target": "com.amazonaws.backup#ServiceUnavailableException"
+ }
+ ],
+ "traits": {
+ "smithy.api#documentation": "Aurora
for Amazon AuroraDynamoDB
for Amazon DynamoDBEBS
for Amazon Elastic Block StoreEC2
for Amazon Elastic Compute CloudEFS
for Amazon Elastic File SystemFSX
for Amazon FSxRDS
for Amazon Relational Database ServiceStorage Gateway
for Storage GatewayChangeableForDays
to 30 on Jan. 1, 2022 at\n 8pm UTC will set the lock date to Jan. 31, 2022 at 8pm UTC.ChangeableForDays
to 3 or\n greater.DeleteBackupVaultLockConfiguration
or change the Vault Lock configuration\n using PutBackupVaultLockConfiguration
. On and after the lock date, the Vault\n Lock becomes immutable and cannot be changed or deleted.DeleteBackupVaultLockConfiguration
or change the Vault Lock configuration\n using PutBackupVaultLockConfiguration
at any time.BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT
\n RESOURCE_COMPLIANCE_REPORT | CONTROL_COMPLIANCE_REPORT | BACKUP_JOB_REPORT |\n COPY_JOB_REPORT | RESTORE_JOB_REPORT
\n BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT
\n RESOURCE_COMPLIANCE_REPORT | CONTROL_COMPLIANCE_REPORT | BACKUP_JOB_REPORT |\n COPY_JOB_REPORT | RESTORE_JOB_REPORT
\n RESOURCE_COMPLIANCE_REPORT
or\n CONTROL_COMPLIANCE_REPORT
, this API resource also describes the report\n coverage by Amazon Web Services Regions and frameworks.BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT
\n RESOURCE_COMPLIANCE_REPORT | CONTROL_COMPLIANCE_REPORT | BACKUP_JOB_REPORT |\n COPY_JOB_REPORT | RESTORE_JOB_REPORT
\n BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT
\n RESOURCE_COMPLIANCE_REPORT | CONTROL_COMPLIANCE_REPORT | BACKUP_JOB_REPORT |\n COPY_JOB_REPORT | RESTORE_JOB_REPORT
\n RESOURCE_COMPLIANCE_REPORT
or\n CONTROL_COMPLIANCE_REPORT
, this API resource also describes the report\n coverage by Amazon Web Services Regions and frameworks.AttendeeId
\nand \nJoinToken
\n. The \nJoinToken
\nallows a client to authenticate and join as the specified attendee. The \nJoinToken
\nexpires when the meeting ends or when \nDeleteAttendee\nis called. After that, the attendee is unable to join the meeting.\nJoinToken
from your server application\n to the client so that no other client has access to the token except for the one\n authorized to represent the attendee.SourceType
must be ChimeSdkMeeting
.SourceType
must be ChimeSdkMeeting
.SourceType
must be ChimeSdkMeeting
.\n
\n ASCENDING
: List the build IDs in ascending order by build\n ID.DESCENDING
: List the build IDs in descending order by build\n ID.\n
\n ASCENDING
: List the build identifiers in ascending order, by build number.DESCENDING
: List the build identifiers in descending order, by build number.\n
"
+ }
}
},
"traits": {
@@ -6252,7 +6273,7 @@
"secondaryArtifacts": {
"target": "com.amazonaws.codebuild#ProjectArtifactsList",
"traits": {
- "smithy.api#documentation": "ProjectSource
objects. ProjectArtifact
objects. cancelled
.\n
"
+ }
+ },
+ "com.amazonaws.ec2#CancelCapacityReservationFleetsRequest": {
+ "type": "structure",
+ "members": {
+ "DryRun": {
+ "target": "com.amazonaws.ec2#Boolean",
+ "traits": {
+ "smithy.api#documentation": "cancelled
.DryRunOperation
. Otherwise, it is UnauthorizedOperation
.\n
",
+ "smithy.api#xmlName": "state"
+ }
+ },
+ "TotalTargetCapacity": {
+ "target": "com.amazonaws.ec2#Integer",
+ "traits": {
+ "aws.protocols#ec2QueryName": "TotalTargetCapacity",
+ "smithy.api#documentation": "submitted
- The Capacity Reservation Fleet request has been submitted \n\t\t\t\t\tand Amazon Elastic Compute Cloud is preparing to create the Capacity Reservations.modifying
- The Capacity Reservation Fleet is being modified. The Fleet \n\t\t\t\t\tremains in this state until the modification is complete.active
- The Capacity Reservation Fleet has fulfilled its total target \n\t\t\t\t\tcapacity and it is attempting to maintain this capacity. The Fleet remains in this \n\t\t\t\t\tstate until it is modified or deleted.partially_fulfilled
- The Capacity Reservation Fleet has partially \n\t\t\t\t\tfulfilled its total target capacity. There is insufficient Amazon EC2 to \n\t\t\t\t\tfulfill the total target capacity. The Fleet is attempting to asynchronously fulfill \n\t\t\t\t\tits total target capacity.expiring
- The Capacity Reservation Fleet has reach its end date and it \n\t\t\t\t\tis in the process of expiring. One or more of its Capacity reservations might still \n\t\t\t\t\tbe active.expired
- The Capacity Reservation Fleet has reach its end date. The Fleet \n\t\t\t\t\tand its Capacity Reservations are expired. The Fleet can't create new Capacity \n\t\t\t\t\tReservations.cancelling
- The Capacity Reservation Fleet is in the process of being \n\t\t\t\t\tcancelled. One or more of its Capacity reservations might still be active.cancelled
- The Capacity Reservation Fleet has been manually cancelled. \n\t\t\t\t\tThe Fleet and its Capacity Reservations are cancelled and the Fleet can't create new \n\t\t\t\t\tCapacity Reservations.failed
- The Capacity Reservation Fleet failed to reserve capacity for \n\t\t\t\t\tthe specified instance types.\n
",
+ "smithy.api#xmlName": "tenancy"
+ }
+ },
+ "EndDate": {
+ "target": "com.amazonaws.ec2#MillisecondDateTime",
+ "traits": {
+ "aws.protocols#ec2QueryName": "EndDate",
+ "smithy.api#documentation": "default
- The Capacity Reservation Fleet is created on hardware that is \n\t\t\t\t\tshared with other Amazon Web Services accounts.dedicated
- The Capacity Reservation Fleet is created on single-tenant \n\t\t\t\t\thardware that is dedicated to a single Amazon Web Services account.open
instance matching criteria \n\t\t\tonly. This means that instances that have matching attributes (instance type, platform, and \n\t\t\tAvailability Zone) run in the Capacity Reservations automatically. Instances do not need to \n\t\t\texplicitly target a Capacity Reservation Fleet to use its reserved capacity.prioritized
\n\t\t\tallocation strategy is supported. For more information, see \n\t\t\t\tAllocation strategy in the Amazon EC2 User Guide.prioritized
\n \n
"
+ }
+ },
+ "TotalTargetCapacity": {
+ "target": "com.amazonaws.ec2#Integer",
+ "traits": {
+ "smithy.api#documentation": "default
- The Capacity Reservation Fleet is created on hardware \n\t\t\t\t\tthat is shared with other Amazon Web Services accounts.dedicated
- The Capacity Reservations are created on single-tenant \n\t\t\t\t\thardware that is dedicated to a single Amazon Web Services account.expired
and all of the Capacity \n\t\t\tReservations in the Fleet expire.5/31/2019
, 13:30:55
, the Capacity Reservation Fleet \n\t\t\tis guaranteed to expire between 13:30:55
and 14:30:55
on \n\t\t\t5/31/2019
.\n\t\topen
instance matching criteria \n\t\t\tonly. This means that instances that have matching attributes (instance type, platform, and \n\t\t\tAvailability Zone) run in the Capacity Reservations automatically. Instances do not need to \n\t\t\texplicitly target a Capacity Reservation Fleet to use its reserved capacity.DryRunOperation
. Otherwise, it is UnauthorizedOperation
.nextToken
value. This value can be between 5 and 500. If maxResults
is given a larger value than 500, you receive an error.\n
",
+ "smithy.api#xmlName": "Filter"
+ }
+ },
+ "DryRun": {
+ "target": "com.amazonaws.ec2#Boolean",
+ "traits": {
+ "smithy.api#documentation": "state
- The state of the Fleet (submitted
| modifying
| active
| \n\t\t\t\t\tpartially_fulfilled
| expiring
| expired
| cancelling
| \n\t\t\t\t\tcancelled
| failed
).instance-match-criteria
- The instance matching criteria for the Fleet. Only open
is supported.tenancy
- The tenancy of the Fleet (default
| dedicated
).allocation-strategy
- The allocation strategy used by the Fleet. Only prioritized
is supported.DryRunOperation
. Otherwise, it is UnauthorizedOperation
.null
when there are no more results to return.expired
and all of the Capacity Reservations in the \n\t\t\tFleet expire.5/31/2019
, 13:30:55
, the Capacity Reservation Fleet is guaranteed \n\t\t\tto expire between 13:30:55
and 14:30:55
on 5/31/2019
.DryRunOperation
. Otherwise, it is UnauthorizedOperation
.true
if the request succeeds; otherwise, it returns an error.2.10
and 2.12
.FileSystemTypeVersion
because it will\n be applied using the backup's FileSystemTypeVersion
setting.\n If you choose to specify FileSystemTypeVersion
when creating from backup, the\n value must match the backup's FileSystemTypeVersion
setting.2.10
and 2.12
.\n
\n 2.10
to create a Lustre 2.10\n file system.2.12
to create a Lustre 2.12\n file system.2.10
.2.10
or 2.12
.ConnectionInput
object defining the connection\n to create.CreateWorkspace
to modify an existing workspace. Instead, \n use UpdateWorkspace.ORGANIZATION
, you must\n specify which organizational units the workspace can access in the\n workspaceOrganizationalUnits
parameter.Service Managed
, Amazon Managed Grafana automatically creates\n the IAM roles and provisions the permissions that the workspace needs to use\n Amazon Web Services data sources and notification channels.CUSTOMER_MANAGED
, you will manage those roles and\n permissions yourself. If you are creating this workspace in a member account of an\n organization that is not a delegated administrator account, and you want the workspace to access data sources in other Amazon Web Services\n accounts in the organization, you must choose CUSTOMER_MANAGED
.workspaceDataSources
or\n workspaceNotificationDestinations
, a new IAM role with the necessary permissions is \n automatically created.url
parameter, or by specifying the full metadata\n in XML format in the xml
parameter.Admin
and \n Editor
roles in this workspace. If you use this \n operation without specifying userId
or groupId
, the operation returns\n the roles of all users\n and groups. If you specify a userId
or a groupId
, only the roles\n for that user or group are returned. If you do this, you can specify only one userId
or \n one groupId
.ListPermissions
operation.SSO_USER
, then only the permissions of Amazon Web Services SSO users\n are returned. If you specify SSO_GROUP
, only the permissions of Amazon Web Services SSO groups\n are returned.ListPermissions
operation to return\n the next set of results.ListWorkspaces
operation.)Admin
\n or Editor
role.Admin
\n or Editor
role that they have.Editor
role to.Admin
role to.Admin
and Editor
roles in the workspace.Admin
and Editor
roles in the workspace.users
.Admin
or Editor
roles.Admin
and Editor
Grafana roles, \n use UpdatePermissions.Admin
and Editor
roles in the workspace.Admin
and Editor
roles\n in the workspace.ORGANIZATION
, you must\n specify which organizational units the workspace can access in the\n workspaceOrganizationalUnits
parameter.Service Managed
, Amazon Managed Grafana automatically creates\n the IAM roles and provisions the permissions that the workspace needs to use\n Amazon Web Services data sources and notification channels.CUSTOMER_MANAGED
, you will manage those roles and\n permissions yourself. If you are creating this workspace in a member account of an\n organization and that account is not a delegated administrator account, and you want the workspace to access data sources in other Amazon Web Services\n accounts in the organization, you must choose CUSTOMER_MANAGED
.workspaceDataSources
or\n workspaceNotificationDestinations
, a new IAM role with the necessary permissions is \n automatically created.ORGANIZATION
, the\n workspaceOrganizationalUnits
parameter specifies which organizational units\n the workspace can access.Service Managed
, Amazon Managed Grafana automatically creates the IAM roles \n and provisions the permissions that the workspace needs to use Amazon Web Services data sources and notification channels.CUSTOMER_MANAGED
, you manage those roles and permissions\n yourself. If you are creating this workspace in a member account of an organization and that account is not a\n delegated administrator account, and\n you want the workspace to access data sources in other Amazon Web Services accounts in the\n organization, you must choose CUSTOMER_MANAGED
.Integer
or\n Long
.Date
or\n Long
.Integer
\n or Long
.Date
\n or Long
.Integer
or\n Long
.Date
or\n Long
.Integer
or\n Long
.Date
or\n Long
.AndAllFilters
or\n OrAllFilters
, filters you can use 2 layers under the\n first attribute filter. For example, you can use:
\n \n
\n
\n
\n ValidationException
exception with the message\n \"AttributeFilter
cannot have a depth of more than\n 2.\"ValidationException
exception with the message \n \"AttributeFilter
cannot have a length of more than 10\".AndAllFilters
or\n OrAllFilters
, filters you can use 2 layers under the\n first attribute filter. For example, you can use:
\n \n
\n
\n
\n ValidationException
exception with the message\n \"AttributeFilter
cannot have a depth of more \n than 2.\"AndAllFilters
or OrAllFilters
, you receive \n a ValidationException
with the message \n \"AttributeFilter
cannot have a length of more than 10\".CreateDataSource
is a synchronous operation. The\n operation returns 200 if the data source was successfully created.\n Otherwise, an exception is raised.CreateDataSource
is a synchronous operation. The\n operation returns 200 if the data source was successfully created.\n Otherwise, an exception is raised.CreateDataSource
operation with\n the same client token will create only one data source.CreateFaqRequest
operation with the same client token will create only\n one FAQ. \n
"
+ "smithy.api#documentation": "\n
"
+ }
+ },
+ "UserGroupResolutionConfiguration": {
+ "target": "com.amazonaws.kendra#UserGroupResolutionConfiguration",
+ "traits": {
+ "smithy.api#documentation": "_user_id
and _group_ids
or\n you can provide user and group information in UserContext
.\n CreateThesaurus
operation \n with the same client token will create only one index.\n CreateThesaurus
operation \n with the same client token will create only one thesaurus.\n ACTIVE
the data source is ready to use.Status
field value is FAILED
, the\n ErrorMessage
field contains a description of the error that\n caused the data source to fail.dataSourceId
is optional. The value of type
\n for a group is always GROUP
and for a user it is \n always USER
.GetDataSourceSyncJobHistory
was truncated, include the\n NextToken
to fetch the next set of jobs.GetDataSourceSyncJobHistory
operation returns a page\n of vocabularies at a time. The maximum size of the page is set by the\n MaxResults
parameter. If there are more jobs in the list\n than the page size, Amazon Kendra returns the NextPage token. Include the\n token in the next request to the GetDataSourceSyncJobHistory
\n operation to return in the next page of jobs.ListFaqs
was truncated, include\n the NextToken
to fetch the next set of FAQs.ListFaqs
operation returns a page of FAQs at a time. The maximum size\n of the page is set by the MaxResults
parameter. If there are more jobs in\n the list than the page size, Amazon Kendra returns the NextPage
token.\n Include the token in the next request to the ListFaqs
operation to return\n the next page of FAQs.PUT
actions for a group are currently \n processing, a validation exception is thrown.PUT
actions for a group are currently \n processing, a validation exception is thrown.\n
\n \n
\n Disabled
. To enable the KMS key, use EnableKey. Disabled
. To enable the KMS key, use EnableKey. \n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n \n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n kmsuser
crypto\n user (CU) must not be logged into the cluster. This prevents KMS from using this\n account to log in.kmsuser
CU, and rotates its password.ConnectCustomKeyStore
operation might fail for various reasons. To find\n the reason, use the DescribeCustomKeyStores operation and see the\n ConnectionErrorCode
in the response. For help interpreting the\n ConnectionErrorCode
, see CustomKeyStoresListEntry.ConnectCustomKeyStore
again.\n
"
+ "smithy.api#documentation": "kmsuser
crypto\n user (CU) must not be logged into the cluster. This prevents KMS from using this\n account to log in.kmsuser
CU, and rotates its password.ConnectCustomKeyStore
operation might fail for various reasons. To find\n the reason, use the DescribeCustomKeyStores operation and see the\n ConnectionErrorCode
in the response. For help interpreting the\n ConnectionErrorCode
, see CustomKeyStoresListEntry.ConnectCustomKeyStore
again.\n
"
}
},
"com.amazonaws.kms#ConnectCustomKeyStoreRequest": {
@@ -433,7 +433,7 @@
}
],
"traits": {
- "smithy.api#documentation": "\n
\n \n
"
+ "smithy.api#documentation": "\n
\n \n
"
}
},
"com.amazonaws.kms#CreateAliasRequest": {
@@ -442,14 +442,14 @@
"AliasName": {
"target": "com.amazonaws.kms#AliasNameType",
"traits": {
- "smithy.api#documentation": "alias/
followed by a\n name, such as alias/ExampleAlias
. AliasName
value must be string of 1-256 characters. It can contain only alphanumeric characters,\n forward slashes (/), underscores (_), and dashes (-). The alias name cannot begin with alias/aws/
. The alias/aws/
prefix is reserved\n for Amazon Web Services managed keys.alias/
followed by a\n name, such as alias/ExampleAlias
. AliasName
value must be string of 1-256 characters. It can contain only\n alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). The alias name\n cannot begin with alias/aws/
. The alias/aws/
prefix is reserved for\n Amazon Web Services managed\n keys.\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n \n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n CreateGrant
operation returns a GrantToken
and a\n GrantId
.\n
\n GrantToken
that CreateGrant
returns. For details, see Using a grant\n token in the \n Key Management Service Developer Guide\n .CreateGrant
operation also returns a GrantId
. You can use the\n GrantId
and a key identifier to identify the grant in the RetireGrant and RevokeGrant operations. To find the grant\n ID, use the ListGrants or ListRetirableGrants\n operations.KeyId
parameter. \n
"
+ "smithy.api#documentation": "CreateGrant
operation returns a GrantToken
and a\n GrantId
.\n
\n GrantToken
that CreateGrant
returns. For details, see Using a\n grant token in the \n Key Management Service Developer Guide\n .CreateGrant
operation also returns a GrantId
. You can\n use the GrantId
and a key identifier to identify the grant in the RetireGrant and RevokeGrant operations. To find the grant\n ID, use the ListGrants or ListRetirableGrants\n operations.KeyId
parameter. \n
"
}
},
"com.amazonaws.kms#CreateGrantRequest": {
@@ -578,34 +578,34 @@
"KeyId": {
"target": "com.amazonaws.kms#KeyIdType",
"traits": {
- "smithy.api#documentation": "\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n \n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n ValidationError
exception. For details, see Grant operations in the\n Key Management Service Developer Guide.ValidationError
exception. For details, see Grant\n operations in the Key Management Service Developer Guide.EncryptionContextEquals
and\n EncryptionContextSubset
grant constraints. Each constraint value can include up\n to 8 encryption context pairs. The encryption context value in each constraint cannot exceed\n 384 characters.EncryptionContextEquals
) or includes\n (EncryptionContextSubset
) the encryption context specified in this structure.\n For information about grant constraints, see Using grant\n constraints in the Key Management Service Developer Guide. For more information about encryption context,\n see Encryption\n Context in the \n Key Management Service Developer Guide\n . EncryptionContextEquals
and\n EncryptionContextSubset
grant constraints. Each constraint value can include up\n to 8 encryption context pairs. The encryption context value in each constraint cannot exceed\n 384 characters.EncryptionContextEquals
) or includes\n (EncryptionContextSubset
) the encryption context specified in this structure.\n For information about grant constraints, see Using grant\n constraints in the Key Management Service Developer Guide. For more information about encryption context,\n see Encryption\n Context in the \n Key Management Service Developer Guide\n . CreateGrant
requests result in a new grant\n with a unique GrantId
even if all the supplied parameters are identical. This can\n result in unintended duplicates when you retry the CreateGrant
request.CreateGrant
request with\n identical parameters; if the grant already exists, the original GrantId
is\n returned without creating a new grant. Note that the returned grant token is unique with every\n CreateGrant
request, even when a duplicate GrantId
is returned.\n All grant tokens for the same grant ID can be used interchangeably.CreateGrant
requests result in a new grant\n with a unique GrantId
even if all the supplied parameters are identical. This can\n result in unintended duplicates when you retry the CreateGrant
request.CreateGrant
request with\n identical parameters; if the grant already exists, the original GrantId
is\n returned without creating a new grant. Note that the returned grant token is unique with every\n CreateGrant
request, even when a duplicate GrantId
is returned.\n All grant tokens for the same grant ID can be used interchangeably.CreateKey
operation to create symmetric or asymmetric KMS keys.\n
\n \n
\n KeySpec
parameter to specify\n the type of key material in the KMS key. Then, use the KeyUsage
parameter\n to determine whether the KMS key will be used to encrypt and decrypt or sign and verify.\n You can't change these properties after the KMS key is created.KeySpec
or KeyUsage
parameters. The default value for\n KeySpec
, SYMMETRIC_DEFAULT
, and the default value for\n KeyUsage
, ENCRYPT_DECRYPT
, are the only valid values for\n symmetric KMS keys. MultiRegion
parameter with a value of True
. To create\n a multi-Region replica key, that is, a KMS key with the same key ID and\n key material as a primary key, but in a different Amazon Web Services Region, use the ReplicateKey operation. To change a replica key to a primary key, and its\n primary key to a replica key, use the UpdatePrimaryRegion\n operation.Origin
parameter of CreateKey
\n with a value of EXTERNAL
. Next, use GetParametersForImport operation to get a public key and import token, and use the public key to encrypt\n your key material. Then, use ImportKeyMaterial with your import token\n to import the key material. For step-by-step instructions, see Importing Key Material in the \n Key Management Service Developer Guide\n . You\n cannot import the key material into an asymmetric KMS key.Origin
parameter of CreateKey
with a value of\n EXTERNAL
and the MultiRegion
parameter with a value of\n True
. To create replicas of the multi-Region primary key, use the ReplicateKey operation. For more information about multi-Region keys, see Using multi-Region keys in the Key Management Service Developer Guide.CustomKeyStoreId
parameter to specify the custom key store. You must also\n use the Origin
parameter with a value of AWS_CLOUDHSM
. The\n CloudHSM cluster that is associated with the custom key store must have at least two active\n HSMs in different Availability Zones in the Amazon Web Services Region. Tags
parameter, kms:TagResource (IAM policy). For examples and information about related\n permissions, see Allow a user to create KMS keys in the Key Management Service Developer Guide.\n
"
+ "smithy.api#documentation": "CreateKey
operation to create symmetric or asymmetric KMS\n keys.\n
\n \n
\n KeySpec
parameter to specify\n the type of key material in the KMS key. Then, use the KeyUsage
parameter\n to determine whether the KMS key will be used to encrypt and decrypt or sign and verify.\n You can't change these properties after the KMS key is created.KeySpec
or KeyUsage
parameters. The default value for\n KeySpec
, SYMMETRIC_DEFAULT
, and the default value for\n KeyUsage
, ENCRYPT_DECRYPT
, are the only valid values for\n symmetric KMS keys. MultiRegion
parameter with a value of True
. To create\n a multi-Region replica key, that is, a KMS key with the same key ID\n and key material as a primary key, but in a different Amazon Web Services Region, use the ReplicateKey operation. To change a replica key to a primary key, and its\n primary key to a replica key, use the UpdatePrimaryRegion\n operation.Origin
parameter of CreateKey
\n with a value of EXTERNAL
. Next, use GetParametersForImport operation to get a public key and import token, and use the public key to encrypt\n your key material. Then, use ImportKeyMaterial with your import token\n to import the key material. For step-by-step instructions, see Importing Key Material in the \n Key Management Service Developer Guide\n . You\n cannot import the key material into an asymmetric KMS key.Origin
parameter of CreateKey
with a value of\n EXTERNAL
and the MultiRegion
parameter with a value of\n True
. To create replicas of the multi-Region primary key, use the ReplicateKey operation. For more information about multi-Region keys, see Using multi-Region keys in the Key Management Service Developer Guide.CustomKeyStoreId
parameter to specify the custom key store. You must also\n use the Origin
parameter with a value of AWS_CLOUDHSM
. The\n CloudHSM cluster that is associated with the custom key store must have at least two active\n HSMs in different Availability Zones in the Amazon Web Services Region. Tags
parameter, kms:TagResource (IAM policy). For examples and information about related\n permissions, see Allow a user to create\n KMS keys in the Key Management Service Developer Guide.\n
"
}
},
"com.amazonaws.kms#CreateKeyRequest": {
@@ -689,19 +689,19 @@
"Policy": {
"target": "com.amazonaws.kms#PolicyType",
"traits": {
- "smithy.api#documentation": "\n
\n BypassPolicyLockoutSafetyCheck
to true, the key policy\n must allow the principal that is making the CreateKey
request to make a\n subsequent PutKeyPolicy request on the KMS key. This reduces the risk that\n the KMS key becomes unmanageable. For more information, refer to the scenario in the Default Key Policy section of the \n Key Management Service Developer Guide\n .\n
\n BypassPolicyLockoutSafetyCheck
to true, the key policy\n must allow the principal that is making the CreateKey
request to make a\n subsequent PutKeyPolicy request on the KMS key. This reduces the risk\n that the KMS key becomes unmanageable. For more information, refer to the scenario in the\n Default Key Policy section of the \n Key Management Service Developer Guide\n .ENCRYPT_DECRYPT
. This parameter is required only for asymmetric KMS keys. You can't\n change the KeyUsage
value after the KMS key is created.\n
"
+ "smithy.api#documentation": "ENCRYPT_DECRYPT
.ENCRYPT_DECRYPT
or\n SIGN_VERIFY
.SIGN_VERIFY
.ENCRYPT_DECRYPT
. This parameter is required only for asymmetric KMS keys. You\n can't change the KeyUsage
value after the KMS key is created.\n
"
}
},
"CustomerMasterKeySpec": {
@@ -710,43 +710,43 @@
"smithy.api#deprecated": {
"message": "This parameter has been deprecated. Instead, use the KeySpec parameter."
},
- "smithy.api#documentation": "ENCRYPT_DECRYPT
.ENCRYPT_DECRYPT
or\n SIGN_VERIFY
.SIGN_VERIFY
.KeySpec
parameter.KeySpec
and CustomerMasterKeySpec
parameters work the same way. Only the names differ. We recommend that you use KeySpec
parameter in your code. However, to avoid breaking changes, KMS will support both parameters.KeySpec
parameter.KeySpec
and CustomerMasterKeySpec
parameters work the same\n way. Only the names differ. We recommend that you use KeySpec
parameter in your\n code. However, to avoid breaking changes, KMS will support both parameters.SYMMETRIC_DEFAULT
,\n creates a KMS key with a 256-bit symmetric key for encryption and decryption. For help choosing a\n key spec for your KMS key, see How to Choose Your KMS key\n Configuration in the \n Key Management Service Developer Guide\n .KeySpec
determines whether the KMS key contains a symmetric key or an\n asymmetric key pair. It also determines the encryption algorithms or signing algorithms that\n the KMS key supports. You can't change the KeySpec
after the KMS key is created.\n To further restrict the algorithms that can be used with the KMS key, use a condition key in\n its key policy or IAM policy. For more information, see kms:EncryptionAlgorithm or kms:Signing Algorithm in the \n Key Management Service Developer Guide\n .\n
"
+ "smithy.api#documentation": "\n
\n SYMMETRIC_DEFAULT
(AES-256-GCM)\n
\n RSA_2048
\n RSA_3072
\n RSA_4096
\n \n
\n ECC_NIST_P256
(secp256r1)ECC_NIST_P384
(secp384r1)ECC_NIST_P521
(secp521r1)\n
\n ECC_SECG_P256K1
(secp256k1), commonly used for\n cryptocurrencies.SYMMETRIC_DEFAULT
, creates a KMS key with a 256-bit symmetric key for encryption\n and decryption. For help choosing a key spec for your KMS key, see How to Choose Your KMS key\n Configuration in the \n Key Management Service Developer Guide\n .KeySpec
determines whether the KMS key contains a symmetric key or an\n asymmetric key pair. It also determines the encryption algorithms or signing algorithms that\n the KMS key supports. You can't change the KeySpec
after the KMS key is created.\n To further restrict the algorithms that can be used with the KMS key, use a condition key in\n its key policy or IAM policy. For more information, see kms:EncryptionAlgorithm or kms:Signing Algorithm in the \n Key Management Service Developer Guide\n .\n
"
}
},
"Origin": {
"target": "com.amazonaws.kms#OriginType",
"traits": {
- "smithy.api#documentation": "\n
\n SYMMETRIC_DEFAULT
(AES-256-GCM)\n
\n RSA_2048
\n RSA_3072
\n RSA_4096
\n \n
\n ECC_NIST_P256
(secp256r1)ECC_NIST_P384
(secp384r1)ECC_NIST_P521
(secp521r1)\n
\n ECC_SECG_P256K1
(secp256k1), commonly used for\n cryptocurrencies.AWS_KMS
, which means that KMS creates the key\n material.EXTERNAL
. For more information about importing key material into KMS, see\n Importing Key\n Material in the Key Management Service Developer Guide. This value is valid only for symmetric KMS keys.AWS_CLOUDHSM
. You must also use the\n CustomKeyStoreId
parameter to identify the custom key store. This value is\n valid only for symmetric KMS keys.AWS_KMS
, which means that KMS creates the\n key material.EXTERNAL
. For more information about importing key material into KMS, see\n Importing Key\n Material in the Key Management Service Developer Guide. This value is valid only for symmetric KMS\n keys.AWS_CLOUDHSM
. You must also use the\n CustomKeyStoreId
parameter to identify the custom key store. This value is\n valid only for symmetric KMS keys.Origin
parameter with a value of AWS_CLOUDHSM
. The CloudHSM cluster\n that is associated with the custom key store must have at least two active HSMs, each in a\n different Availability Zone in the Region.Origin
parameter with a value of AWS_CLOUDHSM
. The CloudHSM cluster\n that is associated with the custom key store must have at least two active HSMs, each in a\n different Availability Zone in the Region.True
. For a single-Region KMS key,\n omit this parameter or set it to False
. The default value is\n False
.True
. For a single-Region KMS\n key, omit this parameter or set it to False
. The default value is\n False
.CONNECTED
.DISCONNECTED
if the key store has never been connected or you\n use the DisconnectCustomKeyStore operation to disconnect it. If the value is\n CONNECTED
but you are having trouble using the custom key store, make sure that\n its associated CloudHSM cluster is active and contains at least one active HSM.FAILED
indicates that an attempt to connect was unsuccessful. The\n ConnectionErrorCode
field in the response indicates the cause of the failure.\n For help resolving a connection failure, see Troubleshooting a Custom Key Store in the\n Key Management Service Developer Guide.CONNECTED
.DISCONNECTED
if the key store has never been connected or you\n use the DisconnectCustomKeyStore operation to disconnect it. If the value is\n CONNECTED
but you are having trouble using the custom key store, make sure that\n its associated CloudHSM cluster is active and contains at least one active HSM.FAILED
indicates that an attempt to connect was unsuccessful. The\n ConnectionErrorCode
field in the response indicates the cause of the failure.\n For help resolving a connection failure, see Troubleshooting a Custom Key Store in the\n Key Management Service Developer Guide.\n
\n KeyId
parameter is\n optional. KMS can get this information from metadata that it adds to the symmetric\n ciphertext blob. This feature adds durability to your implementation by ensuring that\n authorized users can decrypt ciphertext decades after it was encrypted, even if they've lost\n track of the key ID. However, specifying the KMS key is always recommended as a best practice.\n When you use the KeyId
parameter to specify a KMS key, KMS only uses the KMS key you\n specify. If the ciphertext was encrypted under a different KMS key, the Decrypt
\n operation fails. This practice ensures that you use the KMS key that you intend.Decrypt
operation on a particular KMS key, instead of using IAM policies.\n Otherwise, you might create an IAM user policy that gives the user Decrypt
\n permission on all KMS keys. This user could decrypt ciphertext that was encrypted by KMS keys in other\n accounts if the key policy for the cross-account KMS key permits it. If you must use an IAM policy\n for Decrypt
permissions, limit the user to particular KMS keys or particular trusted\n accounts. For details, see Best practices for IAM policies in the Key Management Service Developer Guide.KeyId
parameter. \n
"
+ "smithy.api#documentation": "\n
\n KeyId
\n parameter is optional. KMS can get this information from metadata that it adds to the\n symmetric ciphertext blob. This feature adds durability to your implementation by ensuring\n that authorized users can decrypt ciphertext decades after it was encrypted, even if they've\n lost track of the key ID. However, specifying the KMS key is always recommended as a best\n practice. When you use the KeyId
parameter to specify a KMS key, KMS only uses\n the KMS key you specify. If the ciphertext was encrypted under a different KMS key, the\n Decrypt
operation fails. This practice ensures that you use the KMS key that\n you intend.Decrypt
operation on a particular KMS key, instead of using IAM policies.\n Otherwise, you might create an IAM user policy that gives the user Decrypt
\n permission on all KMS keys. This user could decrypt ciphertext that was encrypted by KMS keys\n in other accounts if the key policy for the cross-account KMS key permits it. If you must use\n an IAM policy for Decrypt
permissions, limit the user to particular KMS keys or\n particular trusted accounts. For details, see Best practices for IAM\n policies in the Key Management Service Developer Guide.KeyId
parameter. \n
"
}
},
"com.amazonaws.kms#DecryptRequest": {
@@ -1068,13 +1068,13 @@
"KeyId": {
"target": "com.amazonaws.kms#KeyIdType",
"traits": {
- "smithy.api#documentation": "\"alias/\"
. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n alias/ExampleAlias
\n arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
\n \"alias/\"
. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n alias/ExampleAlias
\n arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
\n Decrypt
operation fails.SYMMETRIC_DEFAULT
, represents the only supported algorithm\n that is valid for symmetric KMS keys.Decrypt
operation fails.SYMMETRIC_DEFAULT
, represents the only supported\n algorithm that is valid for symmetric KMS keys.\n
\n \n
"
+ "smithy.api#documentation": "\n
\n \n
"
}
},
"com.amazonaws.kms#DeleteAliasRequest": {
@@ -1160,7 +1160,7 @@
}
],
"traits": {
- "smithy.api#documentation": "ScheduleKeyDeletion
operation deletes the KMS keys. Then it makes a best\n effort to delete the key material from the associated cluster. However, you might need to\n manually delete the orphaned key\n material from the cluster and its backups.\n
"
+ "smithy.api#documentation": "ScheduleKeyDeletion
\n operation deletes the KMS keys. Then it makes a best effort to delete the key material from\n the associated cluster. However, you might need to manually delete the orphaned key\n material from the cluster and its backups.\n
"
}
},
"com.amazonaws.kms#DeleteCustomKeyStoreRequest": {
@@ -1205,7 +1205,7 @@
}
],
"traits": {
- "smithy.api#documentation": "PendingDeletion
state, this operation does\n not change the KMS key's state. Otherwise, it changes the KMS key's state to\n PendingImport
.\n
"
+ "smithy.api#documentation": "PendingDeletion
state, this operation\n does not change the KMS key's state. Otherwise, it changes the KMS key's state to\n PendingImport
.\n
"
}
},
"com.amazonaws.kms#DeleteImportedKeyMaterialRequest": {
@@ -1214,7 +1214,7 @@
"KeyId": {
"target": "com.amazonaws.kms#KeyIdType",
"traits": {
- "smithy.api#documentation": "Origin
of the KMS key must be EXTERNAL
.\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n Origin
of the KMS key must be EXTERNAL
.\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n CustomKeyStoreName
or CustomKeyStoreId
parameter (but not\n both).ConnectionState
element in the response. If an attempt to connect the custom\n key store failed, the ConnectionState
value is FAILED
and the\n ConnectionErrorCode
element in the response indicates the cause of the failure.\n For help interpreting the ConnectionErrorCode
, see CustomKeyStoresListEntry.DISCONNECTED
connection state if the key store has\n never been connected or you use the DisconnectCustomKeyStore operation to\n disconnect it. If your custom key store state is CONNECTED
but you are having\n trouble using it, make sure that its associated CloudHSM cluster is active and contains the\n minimum number of HSMs required for the operation, if any.\n
"
+ "smithy.api#documentation": "CustomKeyStoreName
or CustomKeyStoreId
parameter (but\n not both).ConnectionState
element in the response. If an attempt to connect the custom\n key store failed, the ConnectionState
value is FAILED
and the\n ConnectionErrorCode
element in the response indicates the cause of the failure.\n For help interpreting the ConnectionErrorCode
, see CustomKeyStoresListEntry.DISCONNECTED
connection state if the key store has\n never been connected or you use the DisconnectCustomKeyStore operation to\n disconnect it. If your custom key store state is CONNECTED
but you are having\n trouble using it, make sure that its associated CloudHSM cluster is active and contains the\n minimum number of HSMs required for the operation, if any.\n
"
}
},
"com.amazonaws.kms#DescribeCustomKeyStoresRequest": {
@@ -1335,7 +1335,7 @@
}
],
"traits": {
- "smithy.api#documentation": "DescribeKey
on a customer managed key or an Amazon Web Services managed key.KeySpec
, that help you distinguish symmetric from\n asymmetric KMS keys. It also provides information that is particularly important to asymmetric\n keys, such as the key usage (encryption or signing) and the encryption algorithms or signing\n algorithms that the KMS key supports. For KMS keys in custom key stores, it includes information about\n the custom key store, such as the key store ID and the CloudHSM cluster ID. For multi-Region\n keys, it displays the primary key and all related replica keys. DescribeKey
does not return the following information:\n
\n DescribeKey
operation on a predefined Amazon Web Services alias, that is, an Amazon Web Services alias with no key ID, KMS creates an Amazon Web Services managed key.\n Then, it associates the alias with the new KMS key, and returns the KeyId
and\n Arn
of the new KMS key in the response.KeyId
parameter.\n
"
+ "smithy.api#documentation": "DescribeKey
on a\n customer managed\n key or an Amazon Web Services managed key.KeySpec
, that help you distinguish symmetric from\n asymmetric KMS keys. It also provides information that is particularly important to asymmetric\n keys, such as the key usage (encryption or signing) and the encryption algorithms or signing\n algorithms that the KMS key supports. For KMS keys in custom key stores, it includes\n information about the custom key store, such as the key store ID and the CloudHSM cluster ID. For\n multi-Region keys, it displays the primary key and all related replica keys. DescribeKey
does not return the following information:\n
\n DescribeKey
operation on a predefined Amazon Web Services\n alias, that is, an Amazon Web Services alias with no key ID, KMS creates an Amazon Web Services managed\n key. Then, it associates the alias with the new KMS key, and returns the\n KeyId
and Arn
of the new KMS key in the response.KeyId
parameter.\n
"
}
},
"com.amazonaws.kms#DescribeKeyRequest": {
@@ -1344,7 +1344,7 @@
"KeyId": {
"target": "com.amazonaws.kms#KeyIdType",
"traits": {
- "smithy.api#documentation": "KeyId
and Arn
in the\n response.\"alias/\"
. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n alias/ExampleAlias
\n arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
\n KeyId
and Arn
in the response.\"alias/\"
. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n alias/ExampleAlias
\n arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
\n \n
"
+ "smithy.api#documentation": "\n
"
}
},
"com.amazonaws.kms#DisableKeyRotationRequest": {
@@ -1452,7 +1452,7 @@
"KeyId": {
"target": "com.amazonaws.kms#KeyIdType",
"traits": {
- "smithy.api#documentation": "\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n \n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n \n
"
+ "smithy.api#documentation": "\n
"
}
},
"com.amazonaws.kms#DisconnectCustomKeyStoreRequest": {
@@ -1540,7 +1540,7 @@
}
],
"traits": {
- "smithy.api#documentation": "\n
"
+ "smithy.api#documentation": "\n
"
}
},
"com.amazonaws.kms#EnableKeyRotationRequest": {
@@ -1593,7 +1593,7 @@
"KeyId": {
"target": "com.amazonaws.kms#KeyIdType",
"traits": {
- "smithy.api#documentation": "\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n \n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n Encrypt
operation has two primary use cases:\n
\n\n Encrypt
operation to move encrypted data from one Amazon Web Services Region to another. For example, in Region A, generate a data key and use the plaintext key to encrypt\n your data. Then, in Region A, use the Encrypt
operation to encrypt the\n plaintext data key under a KMS key in Region B. Now, you can move the encrypted data and the\n encrypted data key to Region B. When necessary, you can decrypt the encrypted data key and\n the encrypted data entirely within in Region B.Encrypt
operation to encrypt a data key. The GenerateDataKey and GenerateDataKeyPair operations return a\n plaintext data key and an encrypted copy of that data key.KeyUsage
value of\n ENCRYPT_DECRYPT.
To find the KeyUsage
of a KMS key, use the DescribeKey operation. EncryptionContext
when encrypting\n data, you must specify the same encryption context (a case-sensitive exact match) when\n decrypting the data. Otherwise, the request to decrypt fails with an\n InvalidCiphertextException
. For more information, see Encryption\n Context in the Key Management Service Developer Guide.\n
\n \n
\n SYMMETRIC_DEFAULT
: 4096 bytesRSA_2048
\n \n
\n RSAES_OAEP_SHA_1
: 214 bytesRSAES_OAEP_SHA_256
: 190 bytesRSA_3072
\n \n
\n RSAES_OAEP_SHA_1
: 342 bytesRSAES_OAEP_SHA_256
: 318 bytesRSA_4096
\n \n
\n RSAES_OAEP_SHA_1
: 470 bytesRSAES_OAEP_SHA_256
: 446 bytesKeyId
parameter.\n
"
+ "smithy.api#documentation": "Encrypt
operation\n has two primary use cases:\n
\n\n Encrypt
operation to move encrypted data from one Amazon Web Services\n Region to another. For example, in Region A, generate a data key and use the plaintext key\n to encrypt your data. Then, in Region A, use the Encrypt
operation to encrypt\n the plaintext data key under a KMS key in Region B. Now, you can move the encrypted data\n and the encrypted data key to Region B. When necessary, you can decrypt the encrypted data\n key and the encrypted data entirely within in Region B.Encrypt
operation to encrypt a data key. The GenerateDataKey and GenerateDataKeyPair operations return a\n plaintext data key and an encrypted copy of that data key.KeyUsage
value of\n ENCRYPT_DECRYPT.
To find the KeyUsage
of a KMS key, use the DescribeKey operation. EncryptionContext
when\n encrypting data, you must specify the same encryption context (a case-sensitive exact match)\n when decrypting the data. Otherwise, the request to decrypt fails with an\n InvalidCiphertextException
. For more information, see Encryption\n Context in the Key Management Service Developer Guide.\n
\n \n
\n SYMMETRIC_DEFAULT
: 4096 bytesRSA_2048
\n \n
\n RSAES_OAEP_SHA_1
: 214 bytesRSAES_OAEP_SHA_256
: 190 bytesRSA_3072
\n \n
\n RSAES_OAEP_SHA_1
: 342 bytesRSAES_OAEP_SHA_256
: 318 bytesRSA_4096
\n \n
\n RSAES_OAEP_SHA_1
: 470 bytesRSAES_OAEP_SHA_256
: 446 bytesKeyId
parameter.\n
"
}
},
"com.amazonaws.kms#EncryptRequest": {
@@ -1643,7 +1643,7 @@
"KeyId": {
"target": "com.amazonaws.kms#KeyIdType",
"traits": {
- "smithy.api#documentation": "\"alias/\"
. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n alias/ExampleAlias
\n arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
\n \"alias/\"
. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n alias/ExampleAlias
\n arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
\n SYMMETRIC_DEFAULT
, is the algorithm used for symmetric KMS keys. If you are using\n an asymmetric KMS key, we recommend RSAES_OAEP_SHA_256.SYMMETRIC_DEFAULT
, is the algorithm used for symmetric KMS keys. If you are\n using an asymmetric KMS key, we recommend RSAES_OAEP_SHA_256.GenerateDataKey
returns a unique data key for each request. The bytes in the\n plaintext key are not related to the caller or the KMS key.KeySpec
or NumberOfBytes
parameters (but not both).\n For 128-bit and 256-bit data keys, use the KeySpec
parameter. EncryptionContext
, you must specify the same\n encryption context (a case-sensitive exact match) when decrypting the encrypted data key.\n Otherwise, the request to decrypt fails with an InvalidCiphertextException
. For more information, see Encryption Context in the\n Key Management Service Developer Guide.\n
\n GenerateDataKey
operation to get a data key.Plaintext
field of the response) to\n encrypt your data outside of KMS. Then erase the plaintext data key from memory.CiphertextBlob
field of the\n response) with the encrypted data.\n
\n KeyId
parameter.\n
"
+ "smithy.api#documentation": "GenerateDataKey
returns a unique data key for each request. The bytes in the\n plaintext key are not related to the caller or the KMS key.KeySpec
or NumberOfBytes
parameters\n (but not both). For 128-bit and 256-bit data keys, use the KeySpec
parameter. EncryptionContext
, you must specify the same\n encryption context (a case-sensitive exact match) when decrypting the encrypted data key.\n Otherwise, the request to decrypt fails with an InvalidCiphertextException
. For more information, see Encryption Context in the\n Key Management Service Developer Guide.\n
\n GenerateDataKey
operation to get a data key.Plaintext
field of the response) to\n encrypt your data outside of KMS. Then erase the plaintext data key from memory.CiphertextBlob
field of the\n response) with the encrypted data.\n
\n KeyId
parameter.\n
"
}
},
"com.amazonaws.kms#GenerateDataKeyPair": {
@@ -1848,7 +1848,7 @@
}
],
"traits": {
- "smithy.api#documentation": "GenerateDataKeyPair
\n operation returns a plaintext public key, a plaintext private key, and a copy of the private\n key that is encrypted under the symmetric KMS key you specify. You can use the data key pair to\n perform asymmetric cryptography and implement digital signatures outside of KMS.GenerateDataKeyPair
returns to encrypt data\n or verify a signature outside of KMS. Then, store the encrypted private key with the data.\n When you are ready to decrypt data or sign a message, you can use the Decrypt operation to decrypt the encrypted private key.KeyPairSpec
parameter to choose an RSA or Elliptic Curve (ECC) data\n key pair. KMS recommends that your use ECC key pairs for signing, and use RSA key pairs\n for either encryption or signing, but not both. However, KMS cannot enforce any restrictions\n on the use of data key pairs outside of KMS.GenerateDataKeyPairWithoutPlaintext
returns a plaintext public key and an\n encrypted private key, but omits the plaintext private key that you need only to decrypt\n ciphertext or sign a message. Later, when you need to decrypt the data or sign a message, use\n the Decrypt operation to decrypt the encrypted private key in the data key\n pair.GenerateDataKeyPair
returns a unique data key pair for each request. The\n bytes in the keys are not related to the caller or the KMS key that is used to encrypt the private\n key. The public key is a DER-encoded X.509 SubjectPublicKeyInfo, as specified in RFC 5280. The\n private key is a DER-encoded PKCS8 PrivateKeyInfo, as specified in RFC\n 5958.EncryptionContext
, you must specify the same\n encryption context (a case-sensitive exact match) when decrypting the encrypted data key.\n Otherwise, the request to decrypt fails with an InvalidCiphertextException
. For more information, see Encryption Context in the\n Key Management Service Developer Guide.KeyId
parameter.\n
"
+ "smithy.api#documentation": "GenerateDataKeyPair
\n operation returns a plaintext public key, a plaintext private key, and a copy of the private\n key that is encrypted under the symmetric KMS key you specify. You can use the data key pair\n to perform asymmetric cryptography and implement digital signatures outside of KMS.GenerateDataKeyPair
returns to encrypt data\n or verify a signature outside of KMS. Then, store the encrypted private key with the data.\n When you are ready to decrypt data or sign a message, you can use the Decrypt operation to decrypt the encrypted private key.KeyPairSpec
parameter to choose an RSA or Elliptic Curve (ECC) data\n key pair. KMS recommends that your use ECC key pairs for signing, and use RSA key pairs for\n either encryption or signing, but not both. However, KMS cannot enforce any restrictions on\n the use of data key pairs outside of KMS.GenerateDataKeyPairWithoutPlaintext
returns a plaintext public key and an\n encrypted private key, but omits the plaintext private key that you need only to decrypt\n ciphertext or sign a message. Later, when you need to decrypt the data or sign a message, use\n the Decrypt operation to decrypt the encrypted private key in the data key\n pair.GenerateDataKeyPair
returns a unique data key pair for each request. The\n bytes in the keys are not related to the caller or the KMS key that is used to encrypt the\n private key. The public key is a DER-encoded X.509 SubjectPublicKeyInfo, as specified in\n RFC 5280. The private key is a\n DER-encoded PKCS8 PrivateKeyInfo, as specified in RFC 5958.EncryptionContext
, you must specify the same\n encryption context (a case-sensitive exact match) when decrypting the encrypted data key.\n Otherwise, the request to decrypt fails with an InvalidCiphertextException
. For more information, see Encryption Context in the\n Key Management Service Developer Guide.KeyId
parameter.\n
"
}
},
"com.amazonaws.kms#GenerateDataKeyPairRequest": {
@@ -1863,7 +1863,7 @@
"KeyId": {
"target": "com.amazonaws.kms#KeyIdType",
"traits": {
- "smithy.api#documentation": "\"alias/\"
. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n alias/ExampleAlias
\n arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
\n \"alias/\"
. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n alias/ExampleAlias
\n arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
\n GenerateDataKeyPairWithoutPlaintext
operation returns a plaintext public key\n and a copy of the private key that is encrypted under the symmetric KMS key you specify. Unlike\n GenerateDataKeyPair, this operation does not return a plaintext private\n key. GenerateDataKeyPairWithoutPlaintext
returns\n to encrypt data or verify a signature outside of KMS. Then, store the encrypted private key\n with the data. When you are ready to decrypt data or sign a message, you can use the Decrypt operation to decrypt the encrypted private key.KeyPairSpec
parameter to choose an RSA or Elliptic Curve (ECC) data\n key pair. KMS recommends that your use ECC key pairs for signing, and use RSA key pairs\n for either encryption or signing, but not both. However, KMS cannot enforce any restrictions\n on the use of data key pairs outside of KMS.GenerateDataKeyPairWithoutPlaintext
returns a unique data key pair for each\n request. The bytes in the key are not related to the caller or KMS key that is used to encrypt the\n private key. The public key is a DER-encoded X.509 SubjectPublicKeyInfo, as specified in\n RFC 5280.EncryptionContext
, you must specify the same\n encryption context (a case-sensitive exact match) when decrypting the encrypted data key.\n Otherwise, the request to decrypt fails with an InvalidCiphertextException
. For more information, see Encryption Context in the\n Key Management Service Developer Guide.KeyId
parameter.\n
"
+ "smithy.api#documentation": "GenerateDataKeyPairWithoutPlaintext
operation returns a plaintext public key\n and a copy of the private key that is encrypted under the symmetric KMS key you specify.\n Unlike GenerateDataKeyPair, this operation does not return a plaintext\n private key. GenerateDataKeyPairWithoutPlaintext
returns\n to encrypt data or verify a signature outside of KMS. Then, store the encrypted private key\n with the data. When you are ready to decrypt data or sign a message, you can use the Decrypt operation to decrypt the encrypted private key.KeyPairSpec
parameter to choose an RSA or Elliptic Curve (ECC) data\n key pair. KMS recommends that your use ECC key pairs for signing, and use RSA key pairs for\n either encryption or signing, but not both. However, KMS cannot enforce any restrictions on\n the use of data key pairs outside of KMS.GenerateDataKeyPairWithoutPlaintext
returns a unique data key pair for each\n request. The bytes in the key are not related to the caller or KMS key that is used to encrypt\n the private key. The public key is a DER-encoded X.509 SubjectPublicKeyInfo, as specified in\n RFC 5280.EncryptionContext
, you must specify the same\n encryption context (a case-sensitive exact match) when decrypting the encrypted data key.\n Otherwise, the request to decrypt fails with an InvalidCiphertextException
. For more information, see Encryption Context in the\n Key Management Service Developer Guide.KeyId
parameter.\n
"
}
},
"com.amazonaws.kms#GenerateDataKeyPairWithoutPlaintextRequest": {
@@ -1970,7 +1970,7 @@
"KeyId": {
"target": "com.amazonaws.kms#KeyIdType",
"traits": {
- "smithy.api#documentation": "\"alias/\"
. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n alias/ExampleAlias
\n arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
\n \"alias/\"
. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n alias/ExampleAlias
\n arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
\n GenerateDataKeyWithoutPlaintext
is identical to the GenerateDataKey operation except that returns only the encrypted copy of the\n data key. This operation is useful for systems that need to encrypt data at some point, but\n not immediately. When you need to encrypt the data, you call the Decrypt\n operation on the encrypted copy of the key. GenerateDataKeyWithoutPlaintext
returns a unique data key for each request.\n The bytes in the keys are not related to the caller or KMS key that is used to encrypt the private\n key.CiphertextBlob
field.EncryptionContext
, you must specify the same\n encryption context (a case-sensitive exact match) when decrypting the encrypted data key.\n Otherwise, the request to decrypt fails with an InvalidCiphertextException
. For more information, see Encryption Context in the\n Key Management Service Developer Guide.KeyId
parameter.\n
"
+ "smithy.api#documentation": "GenerateDataKeyWithoutPlaintext
is identical to the GenerateDataKey operation except that returns only the encrypted copy of the\n data key. This operation is useful for systems that need to encrypt data at some point, but\n not immediately. When you need to encrypt the data, you call the Decrypt\n operation on the encrypted copy of the key. GenerateDataKeyWithoutPlaintext
returns a unique data key for each request.\n The bytes in the keys are not related to the caller or KMS key that is used to encrypt the\n private key.CiphertextBlob
field.EncryptionContext
, you must specify the same\n encryption context (a case-sensitive exact match) when decrypting the encrypted data key.\n Otherwise, the request to decrypt fails with an InvalidCiphertextException
. For more information, see Encryption Context in the\n Key Management Service Developer Guide.KeyId
parameter.\n
"
}
},
"com.amazonaws.kms#GenerateDataKeyWithoutPlaintextRequest": {
@@ -2121,7 +2121,7 @@
"KeyId": {
"target": "com.amazonaws.kms#KeyIdType",
"traits": {
- "smithy.api#documentation": "\"alias/\"
. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n alias/ExampleAlias
\n arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
\n \"alias/\"
. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n alias/ExampleAlias
\n arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
\n false
.\n
\n false
and KMS does not rotate the key material. If you cancel the\n deletion, the original key rotation status is restored.KeyId
parameter.\n
"
+ "smithy.api#documentation": "false
.\n
\n false
and KMS does not rotate the key material. If you cancel the\n deletion, the original key rotation status is restored.KeyId
parameter.\n
"
}
},
"com.amazonaws.kms#GetKeyRotationStatusRequest": {
@@ -2319,7 +2319,7 @@
"KeyId": {
"target": "com.amazonaws.kms#KeyIdType",
"traits": {
- "smithy.api#documentation": "\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n \n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n Origin
must be EXTERNAL
. You must also specify the\n wrapping algorithm and type of wrapping key (public key) that you will use to encrypt the key\n material. You cannot perform this operation on an asymmetric KMS key or on any KMS key in a different Amazon Web Services account.GetParametersForImport
response. You cannot use an expired token in an ImportKeyMaterial request. If your key and token expire, send another\n GetParametersForImport
request.\n
"
+ "smithy.api#documentation": "Origin
must be EXTERNAL
. You must also\n specify the wrapping algorithm and type of wrapping key (public key) that you will use to\n encrypt the key material. You cannot perform this operation on an asymmetric KMS key or on any KMS key in a different Amazon Web Services account.GetParametersForImport
response. You cannot use an expired token in an ImportKeyMaterial request. If your key and token expire, send another\n GetParametersForImport
request.\n
"
}
},
"com.amazonaws.kms#GetParametersForImportRequest": {
@@ -2374,7 +2374,7 @@
"KeyId": {
"target": "com.amazonaws.kms#KeyIdType",
"traits": {
- "smithy.api#documentation": "Origin
of the KMS key must be EXTERNAL
.\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n Origin
of the KMS key must be EXTERNAL
.\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n GetParametersForImport
\n request.GetParametersForImport
\n request.kms:GetPublicKey
permission\n can download the public key of an asymmetric KMS key. You can share the public key to allow others\n to encrypt messages and verify signatures outside of KMS. For information about symmetric and asymmetric KMS keys, see Using Symmetric and Asymmetric KMS keys in the Key Management Service Developer Guide.GetPublicKey
returns\n important information about the public key in the response, including:\n
\n RSA_4096
or ECC_NIST_P521
.KeyId
parameter.kms:GetPublicKey
\n permission can download the public key of an asymmetric KMS key. You can share the public key\n to allow others to encrypt messages and verify signatures outside of KMS.\n For information about symmetric and asymmetric KMS keys, see Using Symmetric and Asymmetric KMS keys in the Key Management Service Developer Guide.GetPublicKey
returns\n important information about the public key in the response, including:\n
\n RSA_4096
or ECC_NIST_P521
.KeyId
parameter.KeySpec
field in the GetPublicKey
response.KeySpec
and CustomerMasterKeySpec
fields have the same value. We recommend that you use the KeySpec
field in your code. However, to avoid breaking changes, KMS will support both fields.KeySpec
field in the GetPublicKey
\n response.KeySpec
and CustomerMasterKeySpec
fields have the same\n value. We recommend that you use the KeySpec
field in your code. However, to\n avoid breaking changes, KMS will support both fields.GetParametersForImport
\n response.\n
\n Origin
must be\n EXTERNAL
.Origin
parameter to EXTERNAL
. To get the\n Origin
of a KMS key, call DescribeKey.)GetParametersForImport
response.PendingImport
to Enabled
, and you can use the KMS key.\n
"
+ "smithy.api#documentation": "GetParametersForImport
\n response.\n
\n Origin
must\n be EXTERNAL
.Origin
parameter to EXTERNAL
. To get the\n Origin
of a KMS key, call DescribeKey.)GetParametersForImport
response.PendingImport
to Enabled
, and you can use the KMS key.\n
"
}
},
"com.amazonaws.kms#ImportKeyMaterialRequest": {
@@ -2782,7 +2782,7 @@
"KeyId": {
"target": "com.amazonaws.kms#KeyIdType",
"traits": {
- "smithy.api#documentation": "Origin
must be EXTERNAL
. This must be the same KMS key specified in\n the KeyID
parameter of the corresponding GetParametersForImport\n request.\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n Origin
must be EXTERNAL
. This must be the same KMS key\n specified in the KeyID
parameter of the corresponding GetParametersForImport request.\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n ExpirationModel
parameter is set to KEY_MATERIAL_DOES_NOT_EXPIRE
.\n Otherwise it is required.ExpirationModel
parameter is set to\n KEY_MATERIAL_DOES_NOT_EXPIRE
. Otherwise it is required.KeyId
in a Decrypt request and the SourceKeyId
\n in a ReEncrypt request must identify the same KMS key that was used to encrypt\n the ciphertext.KeyId
in a Decrypt request and the SourceKeyId
\n in a ReEncrypt request must identify the same KMS key that was used to\n encrypt the ciphertext.\n
\n KeyUsage
value of the KMS key is incompatible with the API\n operation.(KeySpec
).KeyUsage
must be ENCRYPT_DECRYPT
. For signing and verifying, the\n KeyUsage
must be SIGN_VERIFY
. To find the KeyUsage
of\n a KMS key, use the DescribeKey operation.\n
\n KeyUsage
value of the KMS key is incompatible with the API\n operation.(KeySpec
).KeyUsage
must be ENCRYPT_DECRYPT
. For signing and verifying, the\n KeyUsage
must be SIGN_VERIFY
. To find the KeyUsage
of\n a KMS key, use the DescribeKey operation.KeyState
is Enabled
\n this value is true, otherwise it is false.KeyState
is\n Enabled
this value is true, otherwise it is false.KeyState
is\n PendingDeletion
.PendingReplicaDeletion
and the length of its waiting\n period is displayed in the PendingDeletionWindowInDays
field.KeyState
is\n PendingDeletion
.PendingReplicaDeletion
and the length of its waiting\n period is displayed in the PendingDeletionWindowInDays
field.Origin
is EXTERNAL
and whose ExpirationModel
is\n KEY_MATERIAL_EXPIRES
, otherwise this value is omitted.Origin
is EXTERNAL
and whose ExpirationModel
\n is KEY_MATERIAL_EXPIRES
, otherwise this value is omitted.AWS_KMS
, KMS\n created the key material. When this value is EXTERNAL
, the key material was\n imported or the KMS key doesn't have any key material. When\n this value is AWS_CLOUDHSM
, the key material was created in the CloudHSM cluster\n associated with a custom key store.AWS_KMS
,\n KMS created the key material. When this value is EXTERNAL
, the key material was\n imported or the KMS key doesn't have any key material. When this value is\n AWS_CLOUDHSM
, the key material was created in the CloudHSM cluster associated with\n a custom key store.KeySpec
field.KeySpec
and CustomerMasterKeySpec
fields have the same value. We recommend that you use the KeySpec
field in your code. However, to avoid breaking changes, KMS will support both fields.KeySpec
field.KeySpec
and CustomerMasterKeySpec
fields have the same\n value. We recommend that you use the KeySpec
field in your code. However, to\n avoid breaking changes, KMS will support both fields.KeyUsage
of the KMS key is\n SIGN_VERIFY
.KeyUsage
of the KMS key is\n SIGN_VERIFY
.MultiRegion
field is True
.\n
"
+ "smithy.api#documentation": "MultiRegionKeyType
indicates whether the KMS key is a PRIMARY
or\n REPLICA
key.PrimaryKey
displays the key ARN and Region of the primary key. This field\n displays the current KMS key if it is the primary key.ReplicaKeys
displays the key ARNs and Regions of all replica keys. This\n field includes the current KMS key if it is a replica key.MultiRegion
field is True
.\n
"
}
},
"PendingDeletionWindowInDays": {
"target": "com.amazonaws.kms#PendingWindowInDaysType",
"traits": {
- "smithy.api#documentation": "MultiRegionKeyType
indicates whether the KMS key is a\n PRIMARY
or REPLICA
key.PrimaryKey
displays the key ARN and Region of the primary key. This field\n displays the current KMS key if it is the primary key.ReplicaKeys
displays the key ARNs and Regions of all replica keys. This\n field includes the current KMS key if it is a replica key.KeyState
of the KMS key is PendingReplicaDeletion
. That indicates\n that the KMS key is the primary key in a multi-Region key, it is scheduled for deletion, and it\n still has existing replica keys.DeletionDate
field. However, when the primary\n key in a multi-Region key is scheduled for deletion, its waiting period doesn't begin until\n all of its replica keys are deleted. This value displays that waiting period. When the last\n replica key in the multi-Region key is deleted, the KeyState
of the scheduled\n primary key changes from PendingReplicaDeletion
to PendingDeletion
\n and the deletion date appears in the DeletionDate
field.KeyState
of the KMS key is PendingReplicaDeletion
. That\n indicates that the KMS key is the primary key in a multi-Region key, it is scheduled for\n deletion, and it still has existing replica keys.DeletionDate
field. However, when the primary\n key in a multi-Region key is scheduled for deletion, its waiting period doesn't begin until\n all of its replica keys are deleted. This value displays that waiting period. When the last\n replica key in the multi-Region key is deleted, the KeyState
of the scheduled\n primary key changes from PendingReplicaDeletion
to PendingDeletion
\n and the deletion date appears in the DeletionDate
field.ListAliases
operation returns all aliases in the account and\n region. To get only the aliases associated with a particular KMS key, use\n the KeyId
parameter.ListAliases
response can include aliases that you created and associated\n with your customer managed keys, and aliases that Amazon Web Services created and associated with Amazon Web Services managed keys in your account. You can recognize Amazon Web Services aliases because their names have the format\n aws/
, such as aws/dynamodb
.TargetKeyId
field. These\n are predefined aliases that Amazon Web Services has created but has not yet associated with a KMS key. Aliases\n that Amazon Web Services creates in your account, including predefined aliases, do not count against your\n KMS aliases\n quota.ListAliases
does not\n return aliases in other Amazon Web Services accounts.\n
",
+ "smithy.api#documentation": "ListAliases
operation returns all aliases in the account and\n region. To get only the aliases associated with a particular KMS key, use the\n KeyId
parameter.ListAliases
response can include aliases that you created and associated\n with your customer managed keys, and aliases that Amazon Web Services created and associated with Amazon Web Services\n managed keys in your account. You can recognize Amazon Web Services aliases because their names have the\n format aws/
, such as aws/dynamodb
.TargetKeyId
field. These\n are predefined aliases that Amazon Web Services has created but has not yet associated with a KMS key.\n Aliases that Amazon Web Services creates in your account, including predefined aliases, do not count against\n your KMS aliases\n quota.ListAliases
does not\n return aliases in other Amazon Web Services accounts.\n
",
"smithy.api#paginated": {
"inputToken": "Marker",
"outputToken": "NextMarker",
@@ -3438,7 +3438,7 @@
"KeyId": {
"target": "com.amazonaws.kms#KeyIdType",
"traits": {
- "smithy.api#documentation": "ListAliases
returns all aliases\n in the account and Region.\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n ListAliases
returns all aliases\n in the account and Region.\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n GranteePrincipal
field in the ListGrants
response usually contains the\n user or role designated as the grantee principal in the grant. However, when the grantee\n principal in the grant is an Amazon Web Services service, the GranteePrincipal
field contains\n the service\n principal, which might represent several different grantee principals.KeyId
parameter.\n
",
+ "smithy.api#documentation": "GranteePrincipal
field in the ListGrants
response usually contains the\n user or role designated as the grantee principal in the grant. However, when the grantee\n principal in the grant is an Amazon Web Services service, the GranteePrincipal
field contains\n the service\n principal, which might represent several different grantee principals.KeyId
parameter.\n
",
"smithy.api#paginated": {
"inputToken": "Marker",
"outputToken": "NextMarker",
@@ -3537,7 +3537,7 @@
"KeyId": {
"target": "com.amazonaws.kms#KeyIdType",
"traits": {
- "smithy.api#documentation": "\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n \n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n default
. \n
",
+ "smithy.api#documentation": "default
. \n
",
"smithy.api#paginated": {
"inputToken": "Marker",
"outputToken": "NextMarker",
@@ -3680,7 +3680,7 @@
}
],
"traits": {
- "smithy.api#documentation": "\n
",
+ "smithy.api#documentation": "\n
",
"smithy.api#paginated": {
"inputToken": "Marker",
"outputToken": "NextMarker",
@@ -3752,7 +3752,7 @@
}
],
"traits": {
- "smithy.api#documentation": "\n
"
+ "smithy.api#documentation": "\n
"
}
},
"com.amazonaws.kms#ListResourceTagsRequest": {
@@ -3828,7 +3828,7 @@
}
],
"traits": {
- "smithy.api#documentation": "kms:ListRetirableGrants
permission (or any other additional permission) in any\n Amazon Web Services account other than your own.\n
"
+ "smithy.api#documentation": "kms:ListRetirableGrants
permission (or any other additional permission) in any\n Amazon Web Services account other than your own.\n
"
}
},
"com.amazonaws.kms#ListRetirableGrantsRequest": {
@@ -3849,7 +3849,7 @@
"RetiringPrincipal": {
"target": "com.amazonaws.kms#PrincipalIdType",
"traits": {
- "smithy.api#documentation": "PRIMARY
or REPLICA
key.PRIMARY
or REPLICA
\n key.\n
\n BypassPolicyLockoutSafetyCheck
to true, the key policy\n must allow the principal that is making the PutKeyPolicy
request to make a\n subsequent PutKeyPolicy
request on the KMS key. This reduces the risk that the KMS key becomes unmanageable. For more information, refer to the scenario in the Default Key Policy section of the Key Management Service Developer Guide.\n
\n BypassPolicyLockoutSafetyCheck
to true, the key policy\n must allow the principal that is making the PutKeyPolicy
request to make a\n subsequent PutKeyPolicy
request on the KMS key. This reduces the risk that\n the KMS key becomes unmanageable. For more information, refer to the scenario in the\n Default Key Policy section of the Key Management Service Developer Guide.PutKeyPolicy
request on the KMS key.PutKeyPolicy
request on the KMS key.ReEncrypt
operation can decrypt ciphertext that was encrypted by using an\n KMS KMS key in an KMS operation, such as Encrypt or GenerateDataKey. It can also decrypt ciphertext that was encrypted by using the\n public key of an asymmetric KMS key outside of KMS. However, it cannot decrypt ciphertext\n produced by other libraries, such as the Amazon Web Services Encryption SDK or Amazon S3 client-side encryption.\n These libraries return a ciphertext format that is incompatible with KMS.ReEncrypt
operation, you need to provide information for the\n decrypt operation and the subsequent encrypt operation.\n
\n \n \n \n SourceKeyId
parameter to identify the KMS key that encrypted the ciphertext.\n You must also supply the encryption algorithm that was used. This information is required\n to decrypt the data.SourceKeyId
\n parameter is optional. KMS can get this information from metadata that it adds to the\n symmetric ciphertext blob. This feature adds durability to your implementation by ensuring\n that authorized users can decrypt ciphertext decades after it was encrypted, even if\n they've lost track of the key ID. However, specifying the source KMS key is always recommended\n as a best practice. When you use the SourceKeyId
parameter to specify a KMS key,\n KMS uses only the KMS key you specify. If the ciphertext was encrypted under a different KMS key, the ReEncrypt
operation fails. This practice ensures that you use the KMS key that you intend.DestinationKeyId
parameter\n specify the KMS key that re-encrypts the data after it is decrypted. You can select a\n symmetric or asymmetric KMS key. If the destination KMS key is an asymmetric KMS key, you must also\n provide the encryption algorithm. The algorithm that you choose must be compatible with\n the KMS key.\n
\n \"kms:ReEncrypt*\"
\n permission in your key policy. This permission is\n automatically included in the key policy when you use the console to create a KMS key. But you\n must include it manually when you create a KMS key programmatically or when you use the PutKeyPolicy operation to set a key policy.\n
"
+ "smithy.api#documentation": "ReEncrypt
operation can decrypt ciphertext that was encrypted by using an\n KMS KMS key in an KMS operation, such as Encrypt or GenerateDataKey. It can also decrypt ciphertext that was encrypted by using the\n public key of an asymmetric KMS key\n outside of KMS. However, it cannot decrypt ciphertext produced by other libraries, such as\n the Amazon Web Services Encryption SDK or\n Amazon S3\n client-side encryption. These libraries return a ciphertext format that is\n incompatible with KMS.ReEncrypt
operation, you need to provide information for the\n decrypt operation and the subsequent encrypt operation.\n
\n SourceKeyId
parameter to identify the KMS key that encrypted the\n ciphertext. You must also supply the encryption algorithm that was used. This information\n is required to decrypt the data.SourceKeyId
parameter is optional. KMS can get this information from\n metadata that it adds to the symmetric ciphertext blob. This feature adds durability to\n your implementation by ensuring that authorized users can decrypt ciphertext decades after\n it was encrypted, even if they've lost track of the key ID. However, specifying the source\n KMS key is always recommended as a best practice. When you use the\n SourceKeyId
parameter to specify a KMS key, KMS uses only the KMS key you\n specify. If the ciphertext was encrypted under a different KMS key, the\n ReEncrypt
operation fails. This practice ensures that you use the KMS key\n that you intend.DestinationKeyId
parameter\n specify the KMS key that re-encrypts the data after it is decrypted. You can select a\n symmetric or asymmetric KMS key. If the destination KMS key is an asymmetric KMS key, you\n must also provide the encryption algorithm. The algorithm that you choose must be\n compatible with the KMS key.\n
\n \"kms:ReEncrypt*\"
\n permission in your key policy. This permission is\n automatically included in the key policy when you use the console to create a KMS key. But you\n must include it manually when you create a KMS key programmatically or when you use the PutKeyPolicy operation to set a key policy.\n
"
}
},
"com.amazonaws.kms#ReEncryptRequest": {
@@ -4211,32 +4211,32 @@
"SourceKeyId": {
"target": "com.amazonaws.kms#KeyIdType",
"traits": {
- "smithy.api#documentation": "\"alias/\"
. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n alias/ExampleAlias
\n arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
\n \"alias/\"
. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n alias/ExampleAlias
\n arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
\n KeyUsage
value of ENCRYPT_DECRYPT
. To find the\n KeyUsage
value of a KMS key, use the DescribeKey\n operation.\"alias/\"
. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n alias/ExampleAlias
\n arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
\n KeyUsage
value of\n ENCRYPT_DECRYPT
. To find the KeyUsage
value of a KMS key, use the\n DescribeKey operation.\"alias/\"
. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n alias/ExampleAlias
\n arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
\n SYMMETRIC_DEFAULT
, represents the algorithm\n used for symmetric KMS keys.SYMMETRIC_DEFAULT
, represents the algorithm\n used for symmetric KMS keys.SYMMETRIC_DEFAULT
, represents the encryption\n algorithm used for symmetric KMS keys.SYMMETRIC_DEFAULT
, represents the encryption\n algorithm used for symmetric KMS keys.Creating
. This key state changes to Enabled
(or\n PendingImport
) after a few seconds when the process of creating the new replica\n key is complete. While the key state is Creating
, you can manage key, but you\n cannot yet use it in cryptographic operations. If you are creating and using the replica key\n programmatically, retry on KMSInvalidStateException
or call\n DescribeKey
to check its KeyState
value before using it. For\n details about the Creating
key state, see Key state: Effect on your KMS key in the\n Key Management Service Developer Guide.ReplicateKey
operation records a\n ReplicateKey
operation in the primary key's Region and a CreateKey operation in the replica key's Region.ReplicateKey
uses different default values for the KeyPolicy
and\n Tags
parameters than those used in the KMS console. For details, see the\n parameter descriptions.\n
\n kms:ReplicateKey
on the primary key (in the primary key's Region). Include this\n permission in the primary key's key policy.kms:CreateKey
in an IAM policy in the replica Region.Tags
parameter, kms:TagResource
in an IAM policy\n in the replica Region.\n
"
+ "smithy.api#documentation": "Creating
. This key state changes to Enabled
(or\n PendingImport
) after a few seconds when the process of creating the new replica\n key is complete. While the key state is Creating
, you can manage key, but you\n cannot yet use it in cryptographic operations. If you are creating and using the replica key\n programmatically, retry on KMSInvalidStateException
or call\n DescribeKey
to check its KeyState
value before using it. For\n details about the Creating
key state, see Key state: Effect on your KMS key in the\n Key Management Service Developer Guide.ReplicateKey
operation records a\n ReplicateKey
operation in the primary key's Region and a CreateKey operation in the replica key's Region.ReplicateKey
uses different default values for the KeyPolicy
\n and Tags
parameters than those used in the KMS console. For details, see the\n parameter descriptions.\n
\n kms:ReplicateKey
on the primary key (in the primary key's Region).\n Include this permission in the primary key's key policy.kms:CreateKey
in an IAM policy in the replica Region.Tags
parameter, kms:TagResource
in an IAM policy\n in the replica Region.\n
"
}
},
"com.amazonaws.kms#ReplicateKeyRequest": {
@@ -4342,7 +4342,7 @@
"KeyId": {
"target": "com.amazonaws.kms#KeyIdType",
"traits": {
- "smithy.api#documentation": "MultiRegionKeyType
property.\n
\n mrk-1234abcd12ab34cd56ef1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab
\n MultiRegionKeyType
property.\n
\n mrk-1234abcd12ab34cd56ef1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab
\n \n
"
+ "smithy.api#documentation": "BypassPolicyLockoutSafetyCheck
to true, the key policy\n must give the caller kms:PutKeyPolicy
permission on the replica key. This reduces the\n risk that the KMS key becomes unmanageable. For more information, refer to the scenario in the\n Default Key Policy section of the \n Key Management Service Developer Guide\n .\n
"
}
},
"BypassPolicyLockoutSafetyCheck": {
"target": "com.amazonaws.kms#BooleanType",
"traits": {
- "smithy.api#documentation": "BypassPolicyLockoutSafetyCheck
to true, the key policy\n must give the caller kms:PutKeyPolicy
permission on the replica key. This\n reduces the risk that the KMS key becomes unmanageable. For more information, refer to the\n scenario in the Default Key Policy section of the \n Key Management Service Developer Guide\n .PutKeyPolicy
request on the KMS key.PutKeyPolicy
request on the KMS key.RetireGrant
\n operation, and by the Amazon Web Services account (root user) in which the grant is created. It can also be\n called by principals to whom permission for retiring a grant is delegated. For details, see\n Retiring and\n revoking grants in the Key Management Service Developer Guide.\n
"
+ "smithy.api#documentation": "RetireGrant
\n operation, and by the Amazon Web Services account (root user) in which the grant is created. It can also be\n called by principals to whom permission for retiring a grant is delegated. For details, see\n Retiring and\n revoking grants in the Key Management Service Developer Guide.\n
"
}
},
"com.amazonaws.kms#RetireGrantRequest": {
@@ -4440,7 +4440,7 @@
"GrantToken": {
"target": "com.amazonaws.kms#GrantTokenType",
"traits": {
- "smithy.api#documentation": "\n
"
+ "smithy.api#documentation": "\n
"
}
}
}
@@ -4483,7 +4483,7 @@
}
],
"traits": {
- "smithy.api#documentation": "KeyId
parameter.\n
"
+ "smithy.api#documentation": "KeyId
parameter.\n
"
}
},
"com.amazonaws.kms#RevokeGrantRequest": {
@@ -4492,14 +4492,14 @@
"KeyId": {
"target": "com.amazonaws.kms#KeyIdType",
"traits": {
- "smithy.api#documentation": "\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n \n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n PendingDeletion
and the key can't\n be used in any cryptographic operations. It remains in this state for the duration of the\n waiting period. Before the waiting period ends, you can use CancelKeyDeletion to cancel the deletion of the KMS key. After the waiting period ends, KMS deletes the KMS key,\n its key material, and all KMS data associated with it, including all aliases that refer to\n it.ScheduleKeyDeletion
deletes the KMS key from KMS. Then KMS makes a best\n effort to delete the key material from the associated CloudHSM cluster. However, you might need\n to manually delete the orphaned key\n material from the cluster and its backups.PendingReplicaDeletion
and it cannot be replicated or used in cryptographic\n operations. This status can continue indefinitely. When the last of its replicas keys is\n deleted (not just scheduled), the key state of the primary key changes to\n PendingDeletion
and its waiting period (PendingWindowInDays
)\n begins. For details, see Deleting multi-Region keys in the Key Management Service Developer Guide. \n
"
+ "smithy.api#documentation": "PendingDeletion
and the key can't be used\n in any cryptographic operations. It remains in this state for the duration of the waiting\n period. Before the waiting period ends, you can use CancelKeyDeletion to\n cancel the deletion of the KMS key. After the waiting period ends, KMS deletes the KMS key,\n its key material, and all KMS data associated with it, including all aliases that refer to\n it.ScheduleKeyDeletion
deletes the KMS key from KMS. Then KMS makes a\n best effort to delete the key material from the associated CloudHSM cluster. However, you might\n need to manually delete the orphaned key\n material from the cluster and its backups.PendingReplicaDeletion
and it cannot be replicated or used in cryptographic\n operations. This status can continue indefinitely. When the last of its replicas keys is\n deleted (not just scheduled), the key state of the primary key changes to\n PendingDeletion
and its waiting period (PendingWindowInDays
)\n begins. For details, see Deleting multi-Region keys in the\n Key Management Service Developer Guide. \n
"
}
},
"com.amazonaws.kms#ScheduleKeyDeletionRequest": {
@@ -4540,14 +4540,14 @@
"KeyId": {
"target": "com.amazonaws.kms#KeyIdType",
"traits": {
- "smithy.api#documentation": "\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n \n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n Sign
operation, provide the following information:\n
\n KeyId
parameter to identify an asymmetric KMS key with a\n KeyUsage
value of SIGN_VERIFY
. To get the\n KeyUsage
value of a KMS key, use the DescribeKey operation.\n The caller must have kms:Sign
permission on the KMS key.Message
parameter to specify the message or message digest to\n sign. You can submit messages of up to 4096 bytes. To sign a larger message, generate a\n hash digest of the message, and then provide the hash digest in the Message
\n parameter. To indicate whether the message is a full message or a digest, use the\n MessageType
parameter.KeyId
parameter.Sign
operation, provide the following information:\n
\n KeyId
parameter to identify an asymmetric KMS key with a\n KeyUsage
value of SIGN_VERIFY
. To get the\n KeyUsage
value of a KMS key, use the DescribeKey\n operation. The caller must have kms:Sign
permission on the KMS key.Message
parameter to specify the message or message digest to\n sign. You can submit messages of up to 4096 bytes. To sign a larger message, generate a\n hash digest of the message, and then provide the hash digest in the Message
\n parameter. To indicate whether the message is a full message or a digest, use the\n MessageType
parameter.KeyId
parameter.KeyUsage
type of the KMS key must be SIGN_VERIFY
. To find\n the KeyUsage
of a KMS key, use the DescribeKey operation.\"alias/\"
. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n alias/ExampleAlias
\n arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
\n KeyUsage
type of the KMS key must be\n SIGN_VERIFY
. To find the KeyUsage
of a KMS key, use the DescribeKey operation.\"alias/\"
. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n alias/ExampleAlias
\n arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
\n \n
"
+ "smithy.api#documentation": "\n
"
}
},
"com.amazonaws.kms#TagResourceRequest": {
@@ -5007,7 +5007,7 @@
"name": "kms"
},
"aws.protocols#awsJson1_1": {},
- "smithy.api#documentation": "\n
\n \n
",
+ "smithy.api#documentation": "\n
\n \n
",
"smithy.api#title": "AWS Key Management Service",
"smithy.api#xmlNamespace": {
"uri": "https://trent.amazonaws.com/doc/2014-11-01/"
@@ -5063,7 +5063,7 @@
}
],
"traits": {
- "smithy.api#documentation": "UntagResource
operation doesn't return any output.\n Also, if the specified tag key isn't found on the KMS key, it doesn't throw an exception or return\n a response. To confirm that the operation worked, use the ListResourceTags operation.\n
"
+ "smithy.api#documentation": "UntagResource
operation doesn't return any output.\n Also, if the specified tag key isn't found on the KMS key, it doesn't throw an exception or\n return a response. To confirm that the operation worked, use the ListResourceTags operation.\n
"
}
},
"com.amazonaws.kms#UntagResourceRequest": {
@@ -5108,7 +5108,7 @@
}
],
"traits": {
- "smithy.api#documentation": "ENCRYPT_DECRYPT
or SIGN_VERIFY
).\n This restriction prevents errors in code that uses aliases. If you must assign an alias to a\n different type of KMS key, use DeleteAlias to delete the old alias and CreateAlias to create a new alias.UpdateAlias
to change an alias name. To change an alias name,\n use DeleteAlias to delete the old alias and CreateAlias to\n create a new alias.\n
\n \n
"
+ "smithy.api#documentation": "ENCRYPT_DECRYPT
or SIGN_VERIFY
).\n This restriction prevents errors in code that uses aliases. If you must assign an alias to a\n different type of KMS key, use DeleteAlias to delete the old alias and CreateAlias to create a new alias.UpdateAlias
to change an alias name. To change an alias name,\n use DeleteAlias to delete the old alias and CreateAlias to\n create a new alias.\n
\n \n
"
}
},
"com.amazonaws.kms#UpdateAliasRequest": {
@@ -5124,7 +5124,7 @@
"TargetKeyId": {
"target": "com.amazonaws.kms#KeyIdType",
"traits": {
- "smithy.api#documentation": "\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n \n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n CustomKeyStoreId
\n parameter to identify the custom key store you want to edit. Use the remaining parameters to\n change the properties of the custom key store.UpdateCustomKeyStore
to edit your keystore\n settings.\n
\n kmsuser
crypto\n user (CU) in the associated CloudHSM cluster. You can use this parameter to fix\n connection failures that occur when KMS cannot log into the associated cluster\n because the kmsuser
password has changed. This value does not change the\n password in the CloudHSM cluster.\n
"
+ "smithy.api#documentation": "CustomKeyStoreId
\n parameter to identify the custom key store you want to edit. Use the remaining parameters to\n change the properties of the custom key store.CustomKeyStoreId
parameter is required in all commands. Use the other\n parameters of UpdateCustomKeyStore
to edit your key store settings.\n
\n NewCustomKeyStoreName
parameter to change the friendly name of\n the custom key store to the value that you specify.KeyStorePassword
parameter tell KMS the current password of the\n \n kmsuser
crypto user (CU) in the associated CloudHSM cluster. You\n can use this parameter to fix connection\n failures that occur when KMS cannot log into the associated cluster because\n the kmsuser
password has changed. This value does not change the password in\n the CloudHSM cluster.CloudHsmClusterId
parameter to associate the custom key store\n with a different, but related, CloudHSM cluster. You can use this parameter to repair a\n custom key store if its CloudHSM cluster becomes corrupted or is deleted, or when you need to\n create or restore a cluster from a backup. \n
"
}
},
"com.amazonaws.kms#UpdateCustomKeyStoreRequest": {
@@ -5225,7 +5225,7 @@
}
],
"traits": {
- "smithy.api#documentation": "\n
"
+ "smithy.api#documentation": "\n
"
}
},
"com.amazonaws.kms#UpdateKeyDescriptionRequest": {
@@ -5234,7 +5234,7 @@
"KeyId": {
"target": "com.amazonaws.kms#KeyIdType",
"traits": {
- "smithy.api#documentation": "\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n \n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n us-east-1
and a replica key in eu-west-2
. If you run\n UpdatePrimaryRegion
with a PrimaryRegion
value of\n eu-west-2
, the primary key is now the key in eu-west-2
, and the\n key in us-east-1
becomes a replica key. For details, see Updating the primary Region in the Key Management Service Developer Guide.DescribeKey
might\n display both the old and new primary keys as replicas. The old and new primary keys have a\n transient key state of Updating
. The original key state is restored when the\n update is complete. While the key state is Updating
, you can use the keys in\n cryptographic operations, but you cannot replicate the new primary key or perform certain\n management operations, such as enabling or disabling these keys. For details about the\n Updating
key state, see Key state:\n Effect on your KMS key in the Key Management Service Developer Guide.\n
\n kms:UpdatePrimaryRegion
on the current primary key (in the primary key's\n Region). Include this permission primary key's key policy.kms:UpdatePrimaryRegion
on the current replica key (in the replica key's\n Region). Include this permission in the replica key's key policy.\n
"
+ "smithy.api#documentation": "us-east-1
and a replica key in eu-west-2
. If you run\n UpdatePrimaryRegion
with a PrimaryRegion
value of\n eu-west-2
, the primary key is now the key in eu-west-2
, and the\n key in us-east-1
becomes a replica key. For details, see Updating the primary Region in the Key Management Service Developer Guide.DescribeKey
might\n display both the old and new primary keys as replicas. The old and new primary keys have a\n transient key state of Updating
. The original key state is restored when the\n update is complete. While the key state is Updating
, you can use the keys in\n cryptographic operations, but you cannot replicate the new primary key or perform certain\n management operations, such as enabling or disabling these keys. For details about the\n Updating
key state, see Key state:\n Effect on your KMS key in the Key Management Service Developer Guide.\n
\n kms:UpdatePrimaryRegion
on the current primary key (in the primary key's\n Region). Include this permission primary key's key policy.kms:UpdatePrimaryRegion
on the current replica key (in the replica key's\n Region). Include this permission in the replica key's key policy.\n
"
}
},
"com.amazonaws.kms#UpdatePrimaryRegionRequest": {
@@ -5282,14 +5282,14 @@
"KeyId": {
"target": "com.amazonaws.kms#KeyIdType",
"traits": {
- "smithy.api#documentation": "\n
\n mrk-1234abcd12ab34cd56ef1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab
\n \n
\n mrk-1234abcd12ab34cd56ef1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab
\n us-east-1
\n or ap-southeast-2
. There must be an existing replica key in this Region. us-east-1
or ap-southeast-2
. There must be an existing replica key\n in this Region. SignatureValid
field in the response is\n True
. If the signature verification fails, the Verify
operation\n fails with an KMSInvalidSignatureException
exception.Verify
operation. Specify the\n same asymmetric KMS key, message, and signing algorithm that were used to produce the\n signature.Verify
operation is that it is performed within KMS. As\n a result, it's easy to call, the operation is performed within the FIPS boundary, it is logged\n in CloudTrail, and you can use key policy and IAM policy to determine who is authorized to use\n the KMS key to verify signatures.KeyId
parameter. SignatureValid
field in the response is\n True
. If the signature verification fails, the Verify
operation\n fails with an KMSInvalidSignatureException
exception.Verify
operation. Specify the\n same asymmetric KMS key, message, and signing algorithm that were used to produce the\n signature.Verify
operation is that it is performed within KMS. As\n a result, it's easy to call, the operation is performed within the FIPS boundary, it is logged\n in CloudTrail, and you can use key policy and IAM policy to determine who is authorized to use\n the KMS key to verify signatures.KeyId
parameter. \"alias/\"
. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n alias/ExampleAlias
\n arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
\n \"alias/\"
. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.\n
\n 1234abcd-12ab-34cd-56ef-1234567890ab
\n arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
\n alias/ExampleAlias
\n arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
\n PositionFiltering
property of the tracker. \n When PositionFiltering
is set to TimeBased
, updates are evaluated against linked geofence collections, \n and location data is stored at a maximum of one position per 30 second interval. If your update frequency is more often than \n every 30 seconds, only one update per 30 seconds is stored for each unique device ID.\n When PositionFiltering
is set to DistanceBased
filtering, location data is stored and evaluated against linked geofence \n collections only if the device has moved more than 30 m (98.4 ft).[longitude, latitude]
.\n
\n [-123.115, 49.285]
\n [-180 to 180,-90 to 90]
\n [longitude, latitude]
.\n
\n [-123.115, 49.285]
\n 400 RoutesValidationException
error.[-180 to 180,-90 to 90]
\n \n
\n DeparturePosition
\n [-123.115, 49.285]
, the route follows the order that the waypoint\n positions are given [[-122.757, 49.0021],[-122.349, 47.620]]
\n 400 ValidationException
\n error.[-180 to 180,-90 to 90]
\n \n
\n DeparturePosition
\n [-123.115, 49.285]
, the route follows the order that the waypoint\n positions are given [[-122.757, 49.0021],[-122.349, 47.620]]
\n 400 ValidationException
\n error.400 RoutesValidationException
error.[-180 to 180,-90 to 90]
\n [min x, min y, max x, max y]
.bbox
parameters describe the lower southwest corner: \n
\n bbox
position is the X coordinate or longitude of the\n lower southwest corner. bbox
position is the Y coordinate or latitude of the\n lower southwest corner. bbox
parameters describe the upper northeast corner: \n
",
+ "smithy.api#documentation": "bbox
position is the X coordinate, or longitude of the\n upper northeast corner. bbox
position is the Y coordinate, or longitude of the\n upper northeast corner. [min x, min y, max x, max y]
.bbox
parameters describe the lower southwest corner: \n
\n bbox
position is the X coordinate or longitude of the\n lower southwest corner. bbox
position is the Y coordinate or latitude of the\n lower southwest corner. bbox
parameters describe the upper northeast corner: \n
",
"smithy.api#required": {}
}
},
@@ -1047,7 +1047,7 @@
"Distance": {
"target": "smithy.api#Double",
"traits": {
- "smithy.api#documentation": "bbox
position is the X coordinate, or longitude of the\n upper northeast corner. bbox
position is the Y coordinate, or latitude of the\n upper northeast corner. distance
can't be greater than 250 km. If the route exceeds\n 250 km, the response returns a 400 RoutesValidationException
\n error.400 RoutesValidationException
error.HERE
returns an error.\n
\n Esri
– For additional information about Esri's coverage in your\n region of interest, see Esri details on geocoding coverage.Here
– For additional information about HERE Technologies's\n coverage in your region of interest, see HERE details on goecoding coverage.HERE
returns an error.\n
\n Esri
– For additional information about Esri's coverage in your\n region of interest, see Esri details on geocoding coverage.Here
– For additional information about HERE Technologies'\n coverage in your region of interest, see HERE details on goecoding coverage.HERE
returns an error.\n
\n Esri
– For additional information about Esri's coverage in your region of interest, see Esri details on street networks and traffic coverage.Here
– For additional information about HERE\n Technologies's coverage in your region of interest, see HERE car routing coverage and HERE truck routing coverage.HERE
returns an error. Route calculators that use Esri as a data source \n only calculate routes that are shorter than 400 km.\n
\n Esri
– For additional information about Esri's coverage in your region of interest, see Esri details on street networks and traffic coverage.Here
– For additional information about HERE\n Technologies' coverage in your region of interest, see HERE car routing coverage and HERE truck routing coverage.\n
\n MobileAssetTracking\n
| MobileAssetManagement
\n PricingPlanDataSource
to calculate billing for your tracker resource. Your data will not be shared with the data provider, and will remain in your AWS account or Region unless you move it.Esri
| Here
\n \n
\n MobileAssetTracking\n
| MobileAssetManagement
\n PricingPlanDataSource
to calculate billing for your tracker resource. Your data will not be shared with the data provider, and will remain in your AWS account or Region unless you move it.Esri
| Here
\n \"key\" : \"value\"
\n \n
"
}
+ },
+ "PositionFiltering": {
+ "target": "com.amazonaws.location#PositionFiltering",
+ "traits": {
+ "smithy.api#documentation": "\n
\n TimeBased
- Location updates are evaluated against linked geofence collections, \n but not every location update is stored. If your update frequency is more often than 30 seconds, \n only one update per 30 seconds is stored for each unique device ID.\n DistanceBased
- If the device has moved less than 30 m (98.4 ft), location updates are \n ignored. Location updates within this distance are neither evaluated against linked geofence collections, nor stored. \n This helps control costs by reducing the number of geofence evaluations and device positions to retrieve. \n Distance-based filtering can also reduce the jitter effect when displaying device trajectory on a map.\n TimeBased
.\n
\n Esri
\n Here
\n \n
\n Esri
\n Here
\n Noto Sans Regular, Arial Unicode
.\n
\n Ubuntu Medium Italic
| Ubuntu\n Medium
| Ubuntu Italic
| Ubuntu Regular
|\n Ubuntu Bold
\n Ubuntu Italic
| Ubuntu\n Regular
| Ubuntu Light
| Ubuntu Bold
\n Noto Sans Italic
| Noto Sans\n Regular
| Noto Sans Bold
| Noto Serif\n Regular
| Roboto Condensed Light Italic
\n Arial Regular
| Arial Italic
|\n Arial Bold
\n Arial Regular
| Arial Italic
\n | Arial Bold
\n \n
",
+ "smithy.api#documentation": "VectorHereBerlin
– Fira GO Regular
| Fira GO\n Bold
\n Noto Sans Regular, Arial Unicode
.\n
\n Ubuntu Medium Italic
| Ubuntu\n Medium
| Ubuntu Italic
| Ubuntu Regular
|\n Ubuntu Bold
\n Ubuntu Italic
| Ubuntu\n Regular
| Ubuntu Light
| Ubuntu Bold
\n Noto Sans Italic
| Noto Sans\n Regular
| Noto Sans Bold
| Noto Serif\n Regular
| Roboto Condensed Light Italic
\n Arial Regular
| Arial Italic
|\n Arial Bold
\n Arial Regular
| Arial Italic
\n | Arial Bold
\n \n
",
"smithy.api#httpLabel": {},
"smithy.api#required": {}
}
@@ -4097,7 +4109,7 @@
"PricingPlan": {
"target": "com.amazonaws.location#PricingPlan",
"traits": {
- "smithy.api#documentation": "Fira GO Regular
| Fira GO\n Bold
\n \n
\n Esri
\n Here
\n \n
\n Esri
\n Here
\n \n
\n VectorEsriDarkGrayCanvas
– The Esri Dark Gray Canvas map style. A\n vector basemap with a dark gray, neutral background with minimal colors, labels,\n and features that's designed to draw attention to your thematic content. RasterEsriImagery
– The Esri Imagery map style. A raster basemap\n that provides one meter or better satellite and aerial imagery in many parts of\n the world and lower resolution satellite imagery worldwide. VectorEsriLightGrayCanvas
– The Esri Light Gray Canvas map style,\n which provides a detailed vector basemap with a light gray, neutral background\n style with minimal colors, labels, and features that's designed to draw\n attention to your thematic content. VectorEsriTopographic
– The Esri Light map style, which provides\n a detailed vector basemap with a classic Esri map style.VectorEsriStreets
– The Esri World Streets map style, which\n provides a detailed vector basemap for the world symbolized with a classic Esri\n street map style. The vector tile layer is similar in content and style to the\n World Street Map raster map.VectorEsriNavigation
– The Esri World Navigation map style, which\n provides a detailed basemap for the world symbolized with a custom navigation\n map style that's designed for use during the day in mobile devices.\n
",
+ "smithy.api#documentation": "VectorHereBerlin
– The HERE Berlin map style is a high contrast\n detailed base map of the world that blends 3D and 2D rendering.VectorHereBerlin
, you may not use HERE Technologies maps\n for Asset Management. See the AWS Service Terms\n for Amazon Location Service.\n
\n VectorEsriDarkGrayCanvas
– The Esri Dark Gray Canvas map style. A\n vector basemap with a dark gray, neutral background with minimal colors, labels,\n and features that's designed to draw attention to your thematic content. RasterEsriImagery
– The Esri Imagery map style. A raster basemap\n that provides one meter or better satellite and aerial imagery in many parts of\n the world and lower resolution satellite imagery worldwide. VectorEsriLightGrayCanvas
– The Esri Light Gray Canvas map style,\n which provides a detailed vector basemap with a light gray, neutral background\n style with minimal colors, labels, and features that's designed to draw\n attention to your thematic content. VectorEsriTopographic
– The Esri Light map style, which provides\n a detailed vector basemap with a classic Esri map style.VectorEsriStreets
– The Esri World Streets map style, which\n provides a detailed vector basemap for the world symbolized with a classic Esri\n street map style. The vector tile layer is similar in content and style to the\n World Street Map raster map.VectorEsriNavigation
– The Esri World Navigation map style, which\n provides a detailed basemap for the world symbolized with a custom navigation\n map style that's designed for use during the day in mobile devices.\n
",
"smithy.api#required": {}
}
}
@@ -4943,6 +4955,21 @@
"smithy.api#sensitive": {}
}
},
+ "com.amazonaws.location#PositionFiltering": {
+ "type": "string",
+ "traits": {
+ "smithy.api#enum": [
+ {
+ "value": "TimeBased",
+ "documentation": "Filtering device position updates based on time"
+ },
+ {
+ "value": "DistanceBased",
+ "documentation": "Filtering device position updates based on distance"
+ }
+ ]
+ }
+ },
"com.amazonaws.location#PricingPlan": {
"type": "string",
"traits": {
@@ -5273,7 +5300,7 @@
"DataSource": {
"target": "smithy.api#String",
"traits": {
- "smithy.api#documentation": "VectorHereBerlin
– The HERE Berlin map style is a high contrast\n detailed base map of the world that blends 3D and 2D rendering.VectorHereBerlin
, you may not use HERE Technologies maps\n for Asset Management. See the AWS Service Terms\n for Amazon Location Service.\n
\n \n
\n \n
\n \n
\n \n
"
+ }
}
}
},
diff --git a/codegen/sdk-codegen/aws-models/sagemaker.2017-07-24.json b/codegen/sdk-codegen/aws-models/sagemaker.2017-07-24.json
index 345aab661ec1..95f0d01b701f 100644
--- a/codegen/sdk-codegen/aws-models/sagemaker.2017-07-24.json
+++ b/codegen/sdk-codegen/aws-models/sagemaker.2017-07-24.json
@@ -402,7 +402,6 @@
"TrainingInputMode": {
"target": "com.amazonaws.sagemaker#TrainingInputMode",
"traits": {
- "smithy.api#documentation": "TimeBased
- Location updates are evaluated against linked geofence collections, \n but not every location update is stored. If your update frequency is more often than 30 seconds, \n only one update per 30 seconds is stored for each unique device ID.\n DistanceBased
- If the device has moved less than 30 m (98.4 ft), location updates are \n ignored. Location updates within this distance are neither evaluated against linked geofence collections, nor stored. \n This helps control costs by reducing the number of geofence evaluations and device positions to retrieve. \n Distance-based filtering can also reduce the jitter effect when displaying device trajectory on a map.\n File
input mode, Amazon SageMaker\n downloads the training data from S3 to the provisioned ML storage Volume, and mounts the\n directory to docker volume for training container. If an algorithm supports the\n Pipe
input mode, Amazon SageMaker streams data directly from S3 to the container. Domain
used by Amazon SageMaker Studio. A domain consists of an associated\n Amazon Elastic File System (EFS) volume, a list of authorized users, and a variety of security, application,\n policy, and Amazon Virtual Private Cloud (VPC) configurations. An Amazon Web Services account is limited to one domain per region.\n Users within a domain can share notebook files and other artifacts with each other.AppNetworkAccessType
\n parameter. AppNetworkAccessType
corresponds to the network access type that you\n choose when you onboard to Studio. The following options are available:\n
\n PublicInternetOnly
- Non-EFS traffic goes through a VPC managed by\n Amazon SageMaker, which allows internet access. This is the default value.VpcOnly
- All Studio traffic is through the specified VPC and subnets.\n Internet access is disabled by default. To allow internet access, you must specify a\n NAT gateway.Domain
used by Amazon SageMaker Studio. A domain consists of an associated\n Amazon Elastic File System (EFS) volume, a list of authorized users, and a variety of security, application,\n policy, and Amazon Virtual Private Cloud (VPC) configurations. An Amazon Web Services account is limited to one domain per region.\n Users within a domain can share notebook files and other artifacts with each other.AppNetworkAccessType
\n parameter. AppNetworkAccessType
corresponds to the network access type that you\n choose when you onboard to Studio. The following options are available:\n
\n PublicInternetOnly
- Non-EFS traffic goes through a VPC managed by\n Amazon SageMaker, which allows internet access. This is the default value.VpcOnly
- All Studio traffic is through the specified VPC and subnets.\n Internet access is disabled by default. To allow internet access, you must specify a\n NAT gateway.EndpointConfig
that is in use by an endpoint\n that is live or while the UpdateEndpoint
or CreateEndpoint
\n operations are being performed on the endpoint. To update an endpoint, you must\n create a new EndpointConfig
.Eventually Consistent Reads
\n , the response might not\n reflect the results of a recently completed write operation. The response might\n include some stale data. If the dependent entities are not yet in DynamoDB, this\n causes a validation error. If you repeat your read request after a short time, the\n response should return the latest data. So retry logic is recommended to handle\n these possible issues. We also recommend that customers call DescribeEndpointConfig before calling CreateEndpoint to minimize the potential impact of a DynamoDB eventually consistent read.Creating
. After it creates the endpoint, it sets the status to\n InService
. Amazon SageMaker can then process incoming requests for inferences. To\n check the status of an endpoint, use the DescribeEndpoint\n API.\n
\n\n AmazonSageMakerFullAccess
policy.\"Action\": [\"sagemaker:CreateEndpoint\",\n \"sagemaker:CreateEndpointConfig\"]
\n \"Resource\": [
\n \"arn:aws:sagemaker:region:account-id:endpoint/endpointName\"
\n \"arn:aws:sagemaker:region:account-id:endpoint-config/endpointConfigName\"
\n ]
\n EndpointConfig
that is in use by an endpoint\n that is live or while the UpdateEndpoint
or CreateEndpoint
\n operations are being performed on the endpoint. To update an endpoint, you must\n create a new EndpointConfig
.Eventually Consistent Reads
\n , the response might not\n reflect the results of a recently completed write operation. The response might\n include some stale data. If the dependent entities are not yet in DynamoDB, this\n causes a validation error. If you repeat your read request after a short time, the\n response should return the latest data. So retry logic is recommended to handle\n these possible issues. We also recommend that customers call DescribeEndpointConfig before calling CreateEndpoint to minimize the potential impact of a DynamoDB eventually consistent read.Creating
. After it creates the endpoint, it sets the status to\n InService
. Amazon SageMaker can then process incoming requests for inferences. To\n check the status of an endpoint, use the DescribeEndpoint\n API.\n
\n\n AmazonSageMakerFullAccess
policy.\"Action\": [\"sagemaker:CreateEndpoint\",\n \"sagemaker:CreateEndpointConfig\"]
\n \"Resource\": [
\n \"arn:aws:sagemaker:region:account-id:endpoint/endpointName\"
\n \"arn:aws:sagemaker:region:account-id:endpoint-config/endpointConfigName\"
\n ]
\n OfflineFeatureStore
. This parameter allows you to\n specify:\n
\n OfflineStore
.OfflineStore
.OfflineFeatureStore
. This parameter allows you to\n specify:\n
\n OfflineStore
.OfflineStore
. If KMS encryption key is not specified, by default we encrypt all data at rest using \n Amazon Web Services KMS key. By defining your bucket-level key for SSE, \n you can reduce Amazon Web Services KMS requests costs by up to 99 percent.CreatePresignedDomainUrl
has a default timeout of 5 minutes. You can configure this value using ExpiresInSeconds
. If you try to use the URL after the timeout limit expires, you\n are directed to the Amazon Web Services console sign-in page.CreatePresignedDomainUrl
has a default timeout of 5 minutes. You can configure this value using ExpiresInSeconds
. If you try to use the URL after the timeout limit expires, you\n are directed to the Amazon Web Services console sign-in page.None
and Input
. The default value is None
,\n which specifies not to join the input with the transformed data. If you want the batch\n transform job to join the original input data with the transformed data, set\n JoinSource
to Input
. You can specify\n OutputFilter
as an additional filter to select a portion of the joined\n dataset and store it in the output file.SageMakerOutput
. The joined\n result for JSON must be a key-value pair object. If the input is not a key-value pair\n object, Amazon SageMaker creates a new JSON file. In the new JSON file, and the input data is stored\n under the SageMakerInput
key and the results are stored in\n SageMakerOutput
.None
and Input
. The default value is None
,\n which specifies not to join the input with the transformed data. If you want the batch\n transform job to join the original input data with the transformed data, set\n JoinSource
to Input
. You can specify\n OutputFilter
as an additional filter to select a portion of the joined\n dataset and store it in the output file.SageMakerOutput
. The joined\n result for JSON must be a key-value pair object. If the input is not a key-value pair\n object, SageMaker creates a new JSON file. In the new JSON file, and the input data is stored\n under the SageMakerInput
key and the results are stored in\n SageMakerOutput
.LastUserActivityTimestamp
is also updated when SageMaker performs health checks without user activity. As a result, this value is set to the same value as LastHealthCheckTimestamp
.BillableTimeInSeconds
by the number of instances\n (InstanceCount
) in your training cluster to get the total compute time\n Amazon SageMaker will bill you if you run distributed training. The formula is as follows:\n BillableTimeInSeconds * InstanceCount
.(1 - BillableTimeInSeconds / TrainingTimeInSeconds) * 100
. For example,\n if BillableTimeInSeconds
is 100 and TrainingTimeInSeconds
is\n 500, the savings is 80%.BillableTimeInSeconds
by the number of instances\n (InstanceCount
) in your training cluster to get the total compute time\n SageMaker will bill you if you run distributed training. The formula is as follows:\n BillableTimeInSeconds * InstanceCount
.(1 - BillableTimeInSeconds / TrainingTimeInSeconds) * 100
. For example,\n if BillableTimeInSeconds
is 100 and TrainingTimeInSeconds
is\n 500, the savings is 80%.Pipe
or File
is used as the input mode for\n transfering data for the monitoring job. Pipe
mode is recommended for large\n datasets. File
mode is useful for small files that fit in memory. Defaults to\n File
.Pipe
or File
is used as the input mode for\n transferring data for the monitoring job. Pipe
mode is recommended for large\n datasets. File
mode is useful for small files that fit in memory. Defaults to\n File
.SIGTERM
signal, which delays\n job termination for 120 seconds. Algorithms can use this 120-second window to save the\n model artifacts, so the results of training are not lost. CreateModel
.SIGTERM
signal, which delays\n job termination for 120 seconds. Algorithms can use this 120-second window to save the\n model artifacts, so the results of training are not lost. CreateModel
.Pipe
mode, Amazon SageMaker streams data directly\n from Amazon S3 to the container.File
mode, SageMaker\n downloads the training data from S3 to the provisioned ML storage volume, and mounts the\n directory to the Docker volume for the training container.FastFile
mode, SageMaker streams data directly\n from S3 to the container with no code changes, and provides file system access to\n the data. Users can author their training script to interact with these files as if\n they were stored on disk.FastFile
mode works best when the data is read sequentially.\n Augmented manifest files aren't supported.\n The startup time is lower when there are fewer files in the S3 bucket provided.File
input mode, Amazon SageMaker downloads the training\n data from S3 to the provisioned ML storage Volume, and mounts the directory to docker\n volume for training container. If an algorithm supports the Pipe
input\n mode, Amazon SageMaker streams data directly from S3 to the container.