The name of either the enterprise or organization that will send webhook events to CodeBuild, depending on if the webhook is a global or organization webhook respectively.
", + "smithy.api#documentation": "The name of either the group, enterprise, or organization that will send webhook events to CodeBuild, depending on the type of webhook.
", "smithy.api#required": {} } }, "domain": { "target": "com.amazonaws.codebuild#String", "traits": { - "smithy.api#documentation": "The domain of the GitHub Enterprise organization. Note that this parameter is only required if your project's source type is GITHUB_ENTERPRISE
" + "smithy.api#documentation": "The domain of the GitHub Enterprise organization or the GitLab Self Managed group. Note that this parameter is only required if your project's source type is GITHUB_ENTERPRISE or GITLAB_SELF_MANAGED.
" } }, "scope": { "target": "com.amazonaws.codebuild#WebhookScopeType", "traits": { - "smithy.api#documentation": "The type of scope for a GitHub webhook.
", + "smithy.api#documentation": "The type of scope for a GitHub or GitLab webhook.
", "smithy.api#required": {} } } @@ -9206,6 +9206,12 @@ "traits": { "smithy.api#enumValue": "GITHUB_GLOBAL" } + }, + "GITLAB_GROUP": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "GITLAB_GROUP" + } } } }, diff --git a/codegen/sdk-codegen/aws-models/ecr.json b/codegen/sdk-codegen/aws-models/ecr.json index 01682344f84..fe5e547ed20 100644 --- a/codegen/sdk-codegen/aws-models/ecr.json +++ b/codegen/sdk-codegen/aws-models/ecr.json @@ -3499,7 +3499,7 @@ "encryptionType": { "target": "com.amazonaws.ecr#EncryptionType", "traits": { - "smithy.api#documentation": "The encryption type to use.
\nIf you use the KMS encryption type, the contents of the repository will\n be encrypted using server-side encryption with Key Management Service key stored in KMS. When you\n use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key\n for Amazon ECR, or specify your own KMS key, which you already created.
If you use the KMS_DSSE encryption type, the contents of the repository\n will be encrypted with two layers of encryption using server-side encryption with the\n KMS Management Service key stored in KMS. Similar to the KMS encryption type, you\n can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS\n key, which you've already created.
If you use the AES256 encryption type, Amazon ECR uses server-side encryption\n with Amazon S3-managed encryption keys which encrypts the images in the repository using an\n AES256 encryption algorithm. For more information, see Protecting data using\n server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the\n Amazon Simple Storage Service Console Developer Guide.
The encryption type to use.
\nIf you use the KMS encryption type, the contents of the repository will\n be encrypted using server-side encryption with Key Management Service key stored in KMS. When you\n use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key\n for Amazon ECR, or specify your own KMS key, which you already created.
If you use the KMS_DSSE encryption type, the contents of the repository\n will be encrypted with two layers of encryption using server-side encryption with the\n KMS Management Service key stored in KMS. Similar to the KMS encryption type, you\n can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS\n key, which you've already created.
If you use the AES256 encryption type, Amazon ECR uses server-side encryption\n with Amazon S3-managed encryption keys which encrypts the images in the repository using an\n AES256 encryption algorithm.
For more information, see Amazon ECR encryption at\n rest in the Amazon Elastic Container Registry User Guide.
", "smithy.api#required": {} } }, @@ -3651,6 +3651,18 @@ "traits": { "smithy.api#documentation": "The date and time the finding was last updated at.
" } + }, + "fixAvailable": { + "target": "com.amazonaws.ecr#FixAvailable", + "traits": { + "smithy.api#documentation": "Details on whether a fix is available through a version update. This value can be\n YES, NO, or PARTIAL. A PARTIAL\n fix means that some, but not all, of the packages identified in the finding have fixes\n available through updated versions.
If a finding discovered in your environment has an exploit available.
" + } } }, "traits": { @@ -3675,6 +3687,9 @@ "com.amazonaws.ecr#ExpirationTimestamp": { "type": "timestamp" }, + "com.amazonaws.ecr#ExploitAvailable": { + "type": "string" + }, "com.amazonaws.ecr#FilePath": { "type": "string" }, @@ -3737,6 +3752,12 @@ "target": "com.amazonaws.ecr#SeverityCount" } }, + "com.amazonaws.ecr#FixAvailable": { + "type": "string" + }, + "com.amazonaws.ecr#FixedInVersion": { + "type": "string" + }, "com.amazonaws.ecr#ForceFlag": { "type": "boolean", "traits": { @@ -8639,6 +8660,12 @@ "traits": { "smithy.api#documentation": "The version of the vulnerable package.
" } + }, + "fixedInVersion": { + "target": "com.amazonaws.ecr#FixedInVersion", + "traits": { + "smithy.api#documentation": "The version of the package that contains the vulnerability fix.
" + } } }, "traits": { diff --git a/codegen/sdk-codegen/aws-models/ecs.json b/codegen/sdk-codegen/aws-models/ecs.json index c65b3d1beb7..22284c4de10 100644 --- a/codegen/sdk-codegen/aws-models/ecs.json +++ b/codegen/sdk-codegen/aws-models/ecs.json @@ -2279,13 +2279,13 @@ "name": { "target": "com.amazonaws.ecs#String", "traits": { - "smithy.api#documentation": "The name of a container. If you're linking multiple containers together in a task\n\t\t\tdefinition, the name of one container can be entered in the\n\t\t\t\tlinks of another container to connect the containers.\n\t\t\tUp to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. This parameter maps to name in tthe docker conainer create command and the\n\t\t\t\t--name option to docker\n\t\t\trun.
The name of a container. If you're linking multiple containers together in a task\n\t\t\tdefinition, the name of one container can be entered in the\n\t\t\t\tlinks of another container to connect the containers.\n\t\t\tUp to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. This parameter maps to name in the docker container create command and the\n\t\t\t\t--name option to docker\n\t\t\trun.
The image used to start a container. This string is passed directly to the Docker\n\t\t\tdaemon. By default, images in the Docker Hub registry are available. Other repositories\n\t\t\tare specified with either \n repository-url/image:tag\n or \n repository-url/image@digest\n . Up to 255 letters (uppercase and lowercase), numbers, hyphens, underscores, colons, periods, forward slashes, and number signs are allowed. This parameter maps to Image in the docker conainer create command and the\n\t\t\t\tIMAGE parameter of docker\n\t\t\t\trun.
When a new task starts, the Amazon ECS container agent pulls the latest version of\n\t\t\t\t\tthe specified image and tag for the container to use. However, subsequent\n\t\t\t\t\tupdates to a repository image aren't propagated to already running tasks.
\nImages in Amazon ECR repositories can be specified by either using the full\n\t\t\t\t\t\tregistry/repository:tag or\n\t\t\t\t\t\tregistry/repository@digest. For example,\n\t\t\t\t\t\t012345678910.dkr.ecr.\n\t\t\t\t\tor\n\t\t\t\t\t\t012345678910.dkr.ecr..\n\t\t\t\t
Images in official repositories on Docker Hub use a single name (for example,\n\t\t\t\t\t\tubuntu or mongo).
Images in other repositories on Docker Hub are qualified with an organization\n\t\t\t\t\tname (for example, amazon/amazon-ecs-agent).
Images in other online repositories are qualified further by a domain name\n\t\t\t\t\t(for example, quay.io/assemblyline/ubuntu).
The image used to start a container. This string is passed directly to the Docker\n\t\t\tdaemon. By default, images in the Docker Hub registry are available. Other repositories\n\t\t\tare specified with either \n repository-url/image:tag\n or \n repository-url/image@digest\n . Up to 255 letters (uppercase and lowercase), numbers, hyphens, underscores, colons, periods, forward slashes, and number signs are allowed. This parameter maps to Image in the docker container create command and the\n\t\t\t\tIMAGE parameter of docker\n\t\t\t\trun.
When a new task starts, the Amazon ECS container agent pulls the latest version of\n\t\t\t\t\tthe specified image and tag for the container to use. However, subsequent\n\t\t\t\t\tupdates to a repository image aren't propagated to already running tasks.
\nImages in Amazon ECR repositories can be specified by either using the full\n\t\t\t\t\t\tregistry/repository:tag or\n\t\t\t\t\t\tregistry/repository@digest. For example,\n\t\t\t\t\t\t012345678910.dkr.ecr.\n\t\t\t\t\tor\n\t\t\t\t\t\t012345678910.dkr.ecr..\n\t\t\t\t
Images in official repositories on Docker Hub use a single name (for example,\n\t\t\t\t\t\tubuntu or mongo).
Images in other repositories on Docker Hub are qualified with an organization\n\t\t\t\t\tname (for example, amazon/amazon-ecs-agent).
Images in other online repositories are qualified further by a domain name\n\t\t\t\t\t(for example, quay.io/assemblyline/ubuntu).
The number of cpu units reserved for the container. This parameter maps\n\t\t\tto CpuShares in the docker conainer create commandand the --cpu-shares option to docker run.
This field is optional for tasks using the Fargate launch type, and the\n\t\t\tonly requirement is that the total amount of CPU reserved for all containers within a\n\t\t\ttask be lower than the task-level cpu value.
You can determine the number of CPU units that are available per EC2 instance type\n\t\t\t\tby multiplying the vCPUs listed for that instance type on the Amazon EC2 Instances detail page\n\t\t\t\tby 1,024.
\nLinux containers share unallocated CPU units with other containers on the container\n\t\t\tinstance with the same ratio as their allocated amount. For example, if you run a\n\t\t\tsingle-container task on a single-core instance type with 512 CPU units specified for\n\t\t\tthat container, and that's the only task running on the container instance, that\n\t\t\tcontainer could use the full 1,024 CPU unit share at any given time. However, if you\n\t\t\tlaunched another copy of the same task on that container instance, each task is\n\t\t\tguaranteed a minimum of 512 CPU units when needed. Moreover, each container could float\n\t\t\tto higher CPU usage if the other container was not using it. If both tasks were 100%\n\t\t\tactive all of the time, they would be limited to 512 CPU units.
\nOn Linux container instances, the Docker daemon on the container instance uses the CPU\n\t\t\tvalue to calculate the relative CPU share ratios for running containers. The minimum valid CPU share value\n\t\t\tthat the Linux kernel allows is 2, and the\n\t\t\tmaximum valid CPU share value that the Linux kernel allows is 262144. However, the CPU parameter isn't required, and you\n\t\t\tcan use CPU values below 2 or above 262144 in your container definitions. For CPU values below 2\n\t\t\t(including null) or above 262144, the behavior varies based on your Amazon ECS container agent\n\t\t\tversion:
\n\n Agent versions less than or equal to 1.1.0:\n\t\t\t\t\tNull and zero CPU values are passed to Docker as 0, which Docker then converts\n\t\t\t\t\tto 1,024 CPU shares. CPU values of 1 are passed to Docker as 1, which the Linux\n\t\t\t\t\tkernel converts to two CPU shares.
\n\n Agent versions greater than or equal to 1.2.0:\n\t\t\t\t\tNull, zero, and CPU values of 1 are passed to Docker as 2.
\n\n Agent versions greater than or equal to\n\t\t\t\t\t\t1.84.0: CPU values greater than 256 vCPU are passed to Docker as\n\t\t\t\t\t256, which is equivalent to 262144 CPU shares.
\nOn Windows container instances, the CPU limit is enforced as an absolute limit, or a\n\t\t\tquota. Windows containers only have access to the specified amount of CPU that's\n\t\t\tdescribed in the task definition. A null or zero CPU value is passed to Docker as\n\t\t\t\t0, which Windows interprets as 1% of one CPU.
The number of cpu units reserved for the container. This parameter maps\n\t\t\tto CpuShares in the docker container create commandand the --cpu-shares option to docker run.
This field is optional for tasks using the Fargate launch type, and the\n\t\t\tonly requirement is that the total amount of CPU reserved for all containers within a\n\t\t\ttask be lower than the task-level cpu value.
You can determine the number of CPU units that are available per EC2 instance type\n\t\t\t\tby multiplying the vCPUs listed for that instance type on the Amazon EC2 Instances detail page\n\t\t\t\tby 1,024.
\nLinux containers share unallocated CPU units with other containers on the container\n\t\t\tinstance with the same ratio as their allocated amount. For example, if you run a\n\t\t\tsingle-container task on a single-core instance type with 512 CPU units specified for\n\t\t\tthat container, and that's the only task running on the container instance, that\n\t\t\tcontainer could use the full 1,024 CPU unit share at any given time. However, if you\n\t\t\tlaunched another copy of the same task on that container instance, each task is\n\t\t\tguaranteed a minimum of 512 CPU units when needed. Moreover, each container could float\n\t\t\tto higher CPU usage if the other container was not using it. If both tasks were 100%\n\t\t\tactive all of the time, they would be limited to 512 CPU units.
\nOn Linux container instances, the Docker daemon on the container instance uses the CPU\n\t\t\tvalue to calculate the relative CPU share ratios for running containers. The minimum valid CPU share value\n\t\t\tthat the Linux kernel allows is 2, and the\n\t\t\tmaximum valid CPU share value that the Linux kernel allows is 262144. However, the CPU parameter isn't required, and you\n\t\t\tcan use CPU values below 2 or above 262144 in your container definitions. For CPU values below 2\n\t\t\t(including null) or above 262144, the behavior varies based on your Amazon ECS container agent\n\t\t\tversion:
\n\n Agent versions less than or equal to 1.1.0:\n\t\t\t\t\tNull and zero CPU values are passed to Docker as 0, which Docker then converts\n\t\t\t\t\tto 1,024 CPU shares. CPU values of 1 are passed to Docker as 1, which the Linux\n\t\t\t\t\tkernel converts to two CPU shares.
\n\n Agent versions greater than or equal to 1.2.0:\n\t\t\t\t\tNull, zero, and CPU values of 1 are passed to Docker as 2.
\n\n Agent versions greater than or equal to\n\t\t\t\t\t\t1.84.0: CPU values greater than 256 vCPU are passed to Docker as\n\t\t\t\t\t256, which is equivalent to 262144 CPU shares.
\nOn Windows container instances, the CPU limit is enforced as an absolute limit, or a\n\t\t\tquota. Windows containers only have access to the specified amount of CPU that's\n\t\t\tdescribed in the task definition. A null or zero CPU value is passed to Docker as\n\t\t\t\t0, which Windows interprets as 1% of one CPU.
The amount (in MiB) of memory to present to the container. If your container attempts\n\t\t\tto exceed the memory specified here, the container is killed. The total amount of memory\n\t\t\treserved for all containers within a task must be lower than the task\n\t\t\t\tmemory value, if one is specified. This parameter maps to\n\t\t\tMemory in thethe docker conainer create command and the --memory option to docker run.
If using the Fargate launch type, this parameter is optional.
\nIf using the EC2 launch type, you must specify either a task-level\n\t\t\tmemory value or a container-level memory value. If you specify both a container-level\n\t\t\t\tmemory and memoryReservation value, memory\n\t\t\tmust be greater than memoryReservation. If you specify\n\t\t\t\tmemoryReservation, then that value is subtracted from the available\n\t\t\tmemory resources for the container instance where the container is placed. Otherwise,\n\t\t\tthe value of memory is used.
The Docker 20.10.0 or later daemon reserves a minimum of 6 MiB of memory for a\n\t\t\tcontainer. So, don't specify less than 6 MiB of memory for your containers.
\nThe Docker 19.03.13-ce or earlier daemon reserves a minimum of 4 MiB of memory for a\n\t\t\tcontainer. So, don't specify less than 4 MiB of memory for your containers.
" + "smithy.api#documentation": "The amount (in MiB) of memory to present to the container. If your container attempts\n\t\t\tto exceed the memory specified here, the container is killed. The total amount of memory\n\t\t\treserved for all containers within a task must be lower than the task\n\t\t\t\tmemory value, if one is specified. This parameter maps to\n\t\t\tMemory in the docker container create command and the --memory option to docker run.
If using the Fargate launch type, this parameter is optional.
\nIf using the EC2 launch type, you must specify either a task-level\n\t\t\tmemory value or a container-level memory value. If you specify both a container-level\n\t\t\t\tmemory and memoryReservation value, memory\n\t\t\tmust be greater than memoryReservation. If you specify\n\t\t\t\tmemoryReservation, then that value is subtracted from the available\n\t\t\tmemory resources for the container instance where the container is placed. Otherwise,\n\t\t\tthe value of memory is used.
The Docker 20.10.0 or later daemon reserves a minimum of 6 MiB of memory for a\n\t\t\tcontainer. So, don't specify less than 6 MiB of memory for your containers.
\nThe Docker 19.03.13-ce or earlier daemon reserves a minimum of 4 MiB of memory for a\n\t\t\tcontainer. So, don't specify less than 4 MiB of memory for your containers.
" } }, "memoryReservation": { "target": "com.amazonaws.ecs#BoxedInteger", "traits": { - "smithy.api#documentation": "The soft limit (in MiB) of memory to reserve for the container. When system memory is\n\t\t\tunder heavy contention, Docker attempts to keep the container memory to this soft limit.\n\t\t\tHowever, your container can consume more memory when it needs to, up to either the hard\n\t\t\tlimit specified with the memory parameter (if applicable), or all of the\n\t\t\tavailable memory on the container instance, whichever comes first. This parameter maps\n\t\t\tto MemoryReservation in the the docker conainer create command and the --memory-reservation option to docker run.
If a task-level memory value is not specified, you must specify a non-zero integer for\n\t\t\tone or both of memory or memoryReservation in a container\n\t\t\tdefinition. If you specify both, memory must be greater than\n\t\t\t\tmemoryReservation. If you specify memoryReservation, then\n\t\t\tthat value is subtracted from the available memory resources for the container instance\n\t\t\twhere the container is placed. Otherwise, the value of memory is\n\t\t\tused.
For example, if your container normally uses 128 MiB of memory, but occasionally\n\t\t\tbursts to 256 MiB of memory for short periods of time, you can set a\n\t\t\t\tmemoryReservation of 128 MiB, and a memory hard limit of\n\t\t\t300 MiB. This configuration would allow the container to only reserve 128 MiB of memory\n\t\t\tfrom the remaining resources on the container instance, but also allow the container to\n\t\t\tconsume more memory resources when needed.
The Docker 20.10.0 or later daemon reserves a minimum of 6 MiB of memory for a\n\t\t\tcontainer. So, don't specify less than 6 MiB of memory for your containers.
\nThe Docker 19.03.13-ce or earlier daemon reserves a minimum of 4 MiB of memory for a\n\t\t\tcontainer. So, don't specify less than 4 MiB of memory for your containers.
" + "smithy.api#documentation": "The soft limit (in MiB) of memory to reserve for the container. When system memory is\n\t\t\tunder heavy contention, Docker attempts to keep the container memory to this soft limit.\n\t\t\tHowever, your container can consume more memory when it needs to, up to either the hard\n\t\t\tlimit specified with the memory parameter (if applicable), or all of the\n\t\t\tavailable memory on the container instance, whichever comes first. This parameter maps\n\t\t\tto MemoryReservation in the docker container create command and the --memory-reservation option to docker run.
If a task-level memory value is not specified, you must specify a non-zero integer for\n\t\t\tone or both of memory or memoryReservation in a container\n\t\t\tdefinition. If you specify both, memory must be greater than\n\t\t\t\tmemoryReservation. If you specify memoryReservation, then\n\t\t\tthat value is subtracted from the available memory resources for the container instance\n\t\t\twhere the container is placed. Otherwise, the value of memory is\n\t\t\tused.
For example, if your container normally uses 128 MiB of memory, but occasionally\n\t\t\tbursts to 256 MiB of memory for short periods of time, you can set a\n\t\t\t\tmemoryReservation of 128 MiB, and a memory hard limit of\n\t\t\t300 MiB. This configuration would allow the container to only reserve 128 MiB of memory\n\t\t\tfrom the remaining resources on the container instance, but also allow the container to\n\t\t\tconsume more memory resources when needed.
The Docker 20.10.0 or later daemon reserves a minimum of 6 MiB of memory for a\n\t\t\tcontainer. So, don't specify less than 6 MiB of memory for your containers.
\nThe Docker 19.03.13-ce or earlier daemon reserves a minimum of 4 MiB of memory for a\n\t\t\tcontainer. So, don't specify less than 4 MiB of memory for your containers.
" } }, "links": { "target": "com.amazonaws.ecs#StringList", "traits": { - "smithy.api#documentation": "The links parameter allows containers to communicate with each other\n\t\t\twithout the need for port mappings. This parameter is only supported if the network mode\n\t\t\tof a task definition is bridge. The name:internalName\n\t\t\tconstruct is analogous to name:alias in Docker links.\n\t\t\tUp to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed.. This parameter maps to Links in the docker conainer create command and the\n\t\t\t\t--link option to docker\n\t\t\trun.
This parameter is not supported for Windows containers.
\nContainers that are collocated on a single container instance may be able to\n\t\t\t\tcommunicate with each other without requiring links or host port mappings. Network\n\t\t\t\tisolation is achieved on the container instance using security groups and VPC\n\t\t\t\tsettings.
\nThe links parameter allows containers to communicate with each other\n\t\t\twithout the need for port mappings. This parameter is only supported if the network mode\n\t\t\tof a task definition is bridge. The name:internalName\n\t\t\tconstruct is analogous to name:alias in Docker links.\n\t\t\tUp to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed.. This parameter maps to Links in the docker container create command and the\n\t\t\t\t--link option to docker\n\t\t\trun.
This parameter is not supported for Windows containers.
\nContainers that are collocated on a single container instance may be able to\n\t\t\t\tcommunicate with each other without requiring links or host port mappings. Network\n\t\t\t\tisolation is achieved on the container instance using security groups and VPC\n\t\t\t\tsettings.
\nThe list of port mappings for the container. Port mappings allow containers to access\n\t\t\tports on the host container instance to send or receive traffic.
\nFor task definitions that use the awsvpc network mode, only specify the\n\t\t\t\tcontainerPort. The hostPort can be left blank or it must\n\t\t\tbe the same value as the containerPort.
Port mappings on Windows use the NetNAT gateway address rather than\n\t\t\t\tlocalhost. There's no loopback for port mappings on Windows, so you\n\t\t\tcan't access a container's mapped port from the host itself.
This parameter maps to PortBindings in the\n\t\t\tthe docker conainer create command and the\n\t\t\t\t--publish option to docker\n\t\t\t\trun. If the network mode of a task definition is set to none,\n\t\t\tthen you can't specify port mappings. If the network mode of a task definition is set to\n\t\t\t\thost, then host ports must either be undefined or they must match the\n\t\t\tcontainer port in the port mapping.
After a task reaches the RUNNING status, manual and automatic host\n\t\t\t\tand container port assignments are visible in the Network\n\t\t\t\t\tBindings section of a container description for a selected task in\n\t\t\t\tthe Amazon ECS console. The assignments are also visible in the\n\t\t\t\tnetworkBindings section DescribeTasks\n\t\t\t\tresponses.
The list of port mappings for the container. Port mappings allow containers to access\n\t\t\tports on the host container instance to send or receive traffic.
\nFor task definitions that use the awsvpc network mode, only specify the\n\t\t\t\tcontainerPort. The hostPort can be left blank or it must\n\t\t\tbe the same value as the containerPort.
Port mappings on Windows use the NetNAT gateway address rather than\n\t\t\t\tlocalhost. There's no loopback for port mappings on Windows, so you\n\t\t\tcan't access a container's mapped port from the host itself.
This parameter maps to PortBindings in the\n\t\t\tthe docker container create command and the\n\t\t\t\t--publish option to docker\n\t\t\t\trun. If the network mode of a task definition is set to none,\n\t\t\tthen you can't specify port mappings. If the network mode of a task definition is set to\n\t\t\t\thost, then host ports must either be undefined or they must match the\n\t\t\tcontainer port in the port mapping.
After a task reaches the RUNNING status, manual and automatic host\n\t\t\t\tand container port assignments are visible in the Network\n\t\t\t\t\tBindings section of a container description for a selected task in\n\t\t\t\tthe Amazon ECS console. The assignments are also visible in the\n\t\t\t\tnetworkBindings section DescribeTasks\n\t\t\t\tresponses.
Early versions of the Amazon ECS container agent don't properly handle\n\t\t\t\t\tentryPoint parameters. If you have problems using\n\t\t\t\t\tentryPoint, update your container agent or enter your commands and\n\t\t\t\targuments as command array items instead.
The entry point that's passed to the container. This parameter maps to\n\t\t\tEntrypoint in tthe docker conainer create command and the --entrypoint option to docker run.
Early versions of the Amazon ECS container agent don't properly handle\n\t\t\t\t\tentryPoint parameters. If you have problems using\n\t\t\t\t\tentryPoint, update your container agent or enter your commands and\n\t\t\t\targuments as command array items instead.
The entry point that's passed to the container. This parameter maps to\n\t\t\tEntrypoint in the docker container create command and the --entrypoint option to docker run.
The command that's passed to the container. This parameter maps to Cmd in\n\t\t\tthe docker conainer create command and the\n\t\t\t\tCOMMAND parameter to docker\n\t\t\t\trun. If there are multiple arguments, each\n\t\t\targument is a separated string in the array.
The command that's passed to the container. This parameter maps to Cmd in\n\t\t\tthe docker container create command and the\n\t\t\t\tCOMMAND parameter to docker\n\t\t\t\trun. If there are multiple arguments, each\n\t\t\targument is a separated string in the array.
The environment variables to pass to a container. This parameter maps to\n\t\t\tEnv in the docker conainer create command and the --env option to docker run.
We don't recommend that you use plaintext environment variables for sensitive\n\t\t\t\tinformation, such as credential data.
\nThe environment variables to pass to a container. This parameter maps to\n\t\t\tEnv in the docker container create command and the --env option to docker run.
We don't recommend that you use plaintext environment variables for sensitive\n\t\t\t\tinformation, such as credential data.
\nThe mount points for data volumes in your container.
\nThis parameter maps to Volumes in the the docker conainer create command and the --volume option to docker run.
Windows containers can mount whole directories on the same drive as\n\t\t\t\t$env:ProgramData. Windows containers can't mount directories on a\n\t\t\tdifferent drive, and mount point can't be across drives.
The mount points for data volumes in your container.
\nThis parameter maps to Volumes in the docker container create command and the --volume option to docker run.
Windows containers can mount whole directories on the same drive as\n\t\t\t\t$env:ProgramData. Windows containers can't mount directories on a\n\t\t\tdifferent drive, and mount point can't be across drives.
Data volumes to mount from another container. This parameter maps to\n\t\t\tVolumesFrom in tthe docker conainer create command and the --volumes-from option to docker run.
Data volumes to mount from another container. This parameter maps to\n\t\t\tVolumesFrom in the docker container create command and the --volumes-from option to docker run.
Time duration (in seconds) to wait before the container is forcefully killed if it\n\t\t\tdoesn't exit normally on its own.
\nFor tasks using the Fargate launch type, the task or service requires\n\t\t\tthe following platforms:
\nLinux platform version 1.3.0 or later.
Windows platform version 1.0.0 or later.
The max stop timeout value is 120 seconds and if the parameter is not specified, the\n\t\t\tdefault value of 30 seconds is used.
\nFor tasks that use the EC2 launch type, if the stopTimeout\n\t\t\tparameter isn't specified, the value set for the Amazon ECS container agent configuration\n\t\t\tvariable ECS_CONTAINER_STOP_TIMEOUT is used. If neither the\n\t\t\t\tstopTimeout parameter or the ECS_CONTAINER_STOP_TIMEOUT\n\t\t\tagent configuration variable are set, then the default values of 30 seconds for Linux\n\t\t\tcontainers and 30 seconds on Windows containers are used. Your container instances\n\t\t\trequire at least version 1.26.0 of the container agent to use a container stop timeout\n\t\t\tvalue. However, we recommend using the latest container agent version. For information\n\t\t\tabout checking your agent version and updating to the latest version, see Updating the Amazon ECS Container Agent in the Amazon Elastic Container Service Developer Guide. If you're using\n\t\t\tan Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the\n\t\t\t\tecs-init package. If your container instances are launched from version\n\t\t\t\t20190301 or later, then they contain the required versions of the\n\t\t\tcontainer agent and ecs-init. For more information, see Amazon ECS-optimized Linux AMI in the Amazon Elastic Container Service Developer Guide.
The valid values are 2-120 seconds.
" + "smithy.api#documentation": "Time duration (in seconds) to wait before the container is forcefully killed if it\n\t\t\tdoesn't exit normally on its own.
\nFor tasks using the Fargate launch type, the task or service requires\n\t\t\tthe following platforms:
\nLinux platform version 1.3.0 or later.
Windows platform version 1.0.0 or later.
For tasks that use the Fargate launch type, the max stop timeout value is 120 seconds and if the parameter is not specified, the\n\t\t\tdefault value of 30 seconds is used.
\nFor tasks that use the EC2 launch type, if the stopTimeout\n\t\t\tparameter isn't specified, the value set for the Amazon ECS container agent configuration\n\t\t\tvariable ECS_CONTAINER_STOP_TIMEOUT is used. If neither the\n\t\t\t\tstopTimeout parameter or the ECS_CONTAINER_STOP_TIMEOUT\n\t\t\tagent configuration variable are set, then the default values of 30 seconds for Linux\n\t\t\tcontainers and 30 seconds on Windows containers are used. Your container instances\n\t\t\trequire at least version 1.26.0 of the container agent to use a container stop timeout\n\t\t\tvalue. However, we recommend using the latest container agent version. For information\n\t\t\tabout checking your agent version and updating to the latest version, see Updating the Amazon ECS Container Agent in the Amazon Elastic Container Service Developer Guide. If you're using\n\t\t\tan Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the\n\t\t\t\tecs-init package. If your container instances are launched from version\n\t\t\t\t20190301 or later, then they contain the required versions of the\n\t\t\tcontainer agent and ecs-init. For more information, see Amazon ECS-optimized Linux AMI in the Amazon Elastic Container Service Developer Guide.
The valid values for Fargate are 2-120 seconds.
" } }, "hostname": { "target": "com.amazonaws.ecs#String", "traits": { - "smithy.api#documentation": "The hostname to use for your container. This parameter maps to Hostname\n\t\t\tin thethe docker conainer create command and the\n\t\t\t\t--hostname option to docker\n\t\t\t\trun.
The hostname parameter is not supported if you're using the\n\t\t\t\t\tawsvpc network mode.
The hostname to use for your container. This parameter maps to Hostname\n\t\t\tin the docker container create command and the\n\t\t\t\t--hostname option to docker\n\t\t\t\trun.
The hostname parameter is not supported if you're using the\n\t\t\t\t\tawsvpc network mode.
The user to use inside the container. This parameter maps to User in the docker conainer create command and the\n\t\t\t\t--user option to docker\n\t\t\trun.
When running tasks using the host network mode, don't run containers\n\t\t\t\tusing the root user (UID 0). We recommend using a non-root user for better\n\t\t\t\tsecurity.
You can specify the user using the following formats. If specifying a UID\n\t\t\tor GID, you must specify it as a positive integer.
\n user\n
\n user:group\n
\n uid\n
\n uid:gid\n
\n user:gid\n
\n uid:group\n
This parameter is not supported for Windows containers.
\nThe user to use inside the container. This parameter maps to User in the docker container create command and the\n\t\t\t\t--user option to docker\n\t\t\trun.
When running tasks using the host network mode, don't run containers\n\t\t\t\tusing the root user (UID 0). We recommend using a non-root user for better\n\t\t\t\tsecurity.
You can specify the user using the following formats. If specifying a UID\n\t\t\tor GID, you must specify it as a positive integer.
\n user\n
\n user:group\n
\n uid\n
\n uid:gid\n
\n user:gid\n
\n uid:group\n
This parameter is not supported for Windows containers.
\nThe working directory to run commands inside the container in. This parameter maps to\n\t\t\tWorkingDir in the docker conainer create command and the --workdir option to docker run.
The working directory to run commands inside the container in. This parameter maps to\n\t\t\tWorkingDir in the docker container create command and the --workdir option to docker run.
When this parameter is true, networking is off within the container. This parameter\n\t\t\tmaps to NetworkDisabled in the docker conainer create command.
This parameter is not supported for Windows containers.
\nWhen this parameter is true, networking is off within the container. This parameter\n\t\t\tmaps to NetworkDisabled in the docker container create command.
This parameter is not supported for Windows containers.
\nWhen this parameter is true, the container is given elevated privileges on the host\n\t\t\tcontainer instance (similar to the root user). This parameter maps to\n\t\t\tPrivileged in the the docker conainer create command and the --privileged option to docker run
This parameter is not supported for Windows containers or tasks run on Fargate.
\nWhen this parameter is true, the container is given elevated privileges on the host\n\t\t\tcontainer instance (similar to the root user). This parameter maps to\n\t\t\tPrivileged in the docker container create command and the --privileged option to docker run
This parameter is not supported for Windows containers or tasks run on Fargate.
\nWhen this parameter is true, the container is given read-only access to its root file\n\t\t\tsystem. This parameter maps to ReadonlyRootfs in the docker conainer create command and the\n\t\t\t\t--read-only option to docker\n\t\t\t\trun.
This parameter is not supported for Windows containers.
\nWhen this parameter is true, the container is given read-only access to its root file\n\t\t\tsystem. This parameter maps to ReadonlyRootfs in the docker container create command and the\n\t\t\t\t--read-only option to docker\n\t\t\t\trun.
This parameter is not supported for Windows containers.
\nA list of DNS servers that are presented to the container. This parameter maps to\n\t\t\tDns in the the docker conainer create command and the --dns option to docker run.
This parameter is not supported for Windows containers.
\nA list of DNS servers that are presented to the container. This parameter maps to\n\t\t\tDns in the docker container create command and the --dns option to docker run.
This parameter is not supported for Windows containers.
\nA list of DNS search domains that are presented to the container. This parameter maps\n\t\t\tto DnsSearch in the docker conainer create command and the --dns-search option to docker run.
This parameter is not supported for Windows containers.
\nA list of DNS search domains that are presented to the container. This parameter maps\n\t\t\tto DnsSearch in the docker container create command and the --dns-search option to docker run.
This parameter is not supported for Windows containers.
\nA list of hostnames and IP address mappings to append to the /etc/hosts\n\t\t\tfile on the container. This parameter maps to ExtraHosts in the docker conainer create command and the\n\t\t\t\t--add-host option to docker\n\t\t\t\trun.
This parameter isn't supported for Windows containers or tasks that use the\n\t\t\t\t\tawsvpc network mode.
A list of hostnames and IP address mappings to append to the /etc/hosts\n\t\t\tfile on the container. This parameter maps to ExtraHosts in the docker container create command and the\n\t\t\t\t--add-host option to docker\n\t\t\t\trun.
This parameter isn't supported for Windows containers or tasks that use the\n\t\t\t\t\tawsvpc network mode.
A list of strings to provide custom configuration for multiple security systems. This field isn't valid for containers in tasks\n\t\t\tusing the Fargate launch type.
\nFor Linux tasks on EC2, this parameter can be used to reference custom\n\t\t\tlabels for SELinux and AppArmor multi-level security systems.
\nFor any tasks on EC2, this parameter can be used to reference a\n\t\t\tcredential spec file that configures a container for Active Directory authentication.\n\t\t\tFor more information, see Using gMSAs for Windows\n\t\t\t\tContainers and Using gMSAs for Linux\n\t\t\t\tContainers in the Amazon Elastic Container Service Developer Guide.
\nThis parameter maps to SecurityOpt in the docker conainer create command and the\n\t\t\t\t--security-opt option to docker\n\t\t\t\trun.
The Amazon ECS container agent running on a container instance must register with the\n\t\t\t\t\tECS_SELINUX_CAPABLE=true or ECS_APPARMOR_CAPABLE=true\n\t\t\t\tenvironment variables before containers placed on that instance can use these\n\t\t\t\tsecurity options. For more information, see Amazon ECS Container\n\t\t\t\t\tAgent Configuration in the Amazon Elastic Container Service Developer Guide.
Valid values: \"no-new-privileges\" | \"apparmor:PROFILE\" | \"label:value\" |\n\t\t\t\"credentialspec:CredentialSpecFilePath\"
" + "smithy.api#documentation": "A list of strings to provide custom configuration for multiple security systems. This field isn't valid for containers in tasks\n\t\t\tusing the Fargate launch type.
\nFor Linux tasks on EC2, this parameter can be used to reference custom\n\t\t\tlabels for SELinux and AppArmor multi-level security systems.
\nFor any tasks on EC2, this parameter can be used to reference a\n\t\t\tcredential spec file that configures a container for Active Directory authentication.\n\t\t\tFor more information, see Using gMSAs for Windows\n\t\t\t\tContainers and Using gMSAs for Linux\n\t\t\t\tContainers in the Amazon Elastic Container Service Developer Guide.
\nThis parameter maps to SecurityOpt in the docker container create command and the\n\t\t\t\t--security-opt option to docker\n\t\t\t\trun.
The Amazon ECS container agent running on a container instance must register with the\n\t\t\t\t\tECS_SELINUX_CAPABLE=true or ECS_APPARMOR_CAPABLE=true\n\t\t\t\tenvironment variables before containers placed on that instance can use these\n\t\t\t\tsecurity options. For more information, see Amazon ECS Container\n\t\t\t\t\tAgent Configuration in the Amazon Elastic Container Service Developer Guide.
Valid values: \"no-new-privileges\" | \"apparmor:PROFILE\" | \"label:value\" |\n\t\t\t\"credentialspec:CredentialSpecFilePath\"
" } }, "interactive": { "target": "com.amazonaws.ecs#BoxedBoolean", "traits": { - "smithy.api#documentation": "When this parameter is true, you can deploy containerized applications\n\t\t\tthat require stdin or a tty to be allocated. This parameter\n\t\t\tmaps to OpenStdin in the docker conainer create command and the --interactive option to docker run.
When this parameter is true, you can deploy containerized applications\n\t\t\tthat require stdin or a tty to be allocated. This parameter\n\t\t\tmaps to OpenStdin in the docker container create command and the --interactive option to docker run.
When this parameter is true, a TTY is allocated. This parameter maps to\n\t\t\tTty in tthe docker conainer create command and the --tty option to docker run.
When this parameter is true, a TTY is allocated. This parameter maps to\n\t\t\tTty in the docker container create command and the --tty option to docker run.
A key/value map of labels to add to the container. This parameter maps to\n\t\t\tLabels in the docker conainer create command and the --label option to docker run. This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'\n
A key/value map of labels to add to the container. This parameter maps to\n\t\t\tLabels in the docker container create command and the --label option to docker run. This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'\n
A list of ulimits to set in the container. If a ulimit value\n\t\t\tis specified in a task definition, it overrides the default values set by Docker. This\n\t\t\tparameter maps to Ulimits in tthe docker conainer create command and the --ulimit option to docker run. Valid naming values are displayed\n\t\t\tin the Ulimit data type.
Amazon ECS tasks hosted on Fargate use the default\n\t\t\t\t\t\t\tresource limit values set by the operating system with the exception of\n\t\t\t\t\t\t\tthe nofile resource limit parameter which Fargate\n\t\t\t\t\t\t\toverrides. The nofile resource limit sets a restriction on\n\t\t\t\t\t\t\tthe number of open files that a container can use. The default\n\t\t\t\t\t\t\t\tnofile soft limit is 65535 and the default hard limit\n\t\t\t\t\t\t\tis 65535.
This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'\n
This parameter is not supported for Windows containers.
\nA list of ulimits to set in the container. If a ulimit value\n\t\t\tis specified in a task definition, it overrides the default values set by Docker. This\n\t\t\tparameter maps to Ulimits in the docker container create command and the --ulimit option to docker run. Valid naming values are displayed\n\t\t\tin the Ulimit data type.
Amazon ECS tasks hosted on Fargate use the default\n\t\t\t\t\t\t\tresource limit values set by the operating system with the exception of\n\t\t\t\t\t\t\tthe nofile resource limit parameter which Fargate\n\t\t\t\t\t\t\toverrides. The nofile resource limit sets a restriction on\n\t\t\t\t\t\t\tthe number of open files that a container can use. The default\n\t\t\t\t\t\t\t\tnofile soft limit is 65535 and the default hard limit\n\t\t\t\t\t\t\tis 65535.
This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'\n
This parameter is not supported for Windows containers.
\nThe log configuration specification for the container.
\nThis parameter maps to LogConfig in the docker conainer create command and the\n\t\t\t\t--log-driver option to docker\n\t\t\t\trun. By default, containers use the same logging driver that the Docker\n\t\t\tdaemon uses. However the container can use a different logging driver than the Docker\n\t\t\tdaemon by specifying a log driver with this parameter in the container definition. To\n\t\t\tuse a different logging driver for a container, the log system must be configured\n\t\t\tproperly on the container instance (or on a different log server for remote logging\n\t\t\toptions).
Amazon ECS currently supports a subset of the logging drivers available to the Docker\n\t\t\t\tdaemon (shown in the LogConfiguration data type). Additional log\n\t\t\t\tdrivers may be available in future releases of the Amazon ECS container agent.
\nThis parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'\n
The Amazon ECS container agent running on a container instance must register the\n\t\t\t\tlogging drivers available on that instance with the\n\t\t\t\t\tECS_AVAILABLE_LOGGING_DRIVERS environment variable before\n\t\t\t\tcontainers placed on that instance can use these log configuration options. For more\n\t\t\t\tinformation, see Amazon ECS Container\n\t\t\t\t\tAgent Configuration in the Amazon Elastic Container Service Developer Guide.
The log configuration specification for the container.
\nThis parameter maps to LogConfig in the docker container create command and the\n\t\t\t\t--log-driver option to docker\n\t\t\t\trun. By default, containers use the same logging driver that the Docker\n\t\t\tdaemon uses. However the container can use a different logging driver than the Docker\n\t\t\tdaemon by specifying a log driver with this parameter in the container definition. To\n\t\t\tuse a different logging driver for a container, the log system must be configured\n\t\t\tproperly on the container instance (or on a different log server for remote logging\n\t\t\toptions).
Amazon ECS currently supports a subset of the logging drivers available to the Docker\n\t\t\t\tdaemon (shown in the LogConfiguration data type). Additional log\n\t\t\t\tdrivers may be available in future releases of the Amazon ECS container agent.
\nThis parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'\n
The Amazon ECS container agent running on a container instance must register the\n\t\t\t\tlogging drivers available on that instance with the\n\t\t\t\t\tECS_AVAILABLE_LOGGING_DRIVERS environment variable before\n\t\t\t\tcontainers placed on that instance can use these log configuration options. For more\n\t\t\t\tinformation, see Amazon ECS Container\n\t\t\t\t\tAgent Configuration in the Amazon Elastic Container Service Developer Guide.
The container health check command and associated configuration parameters for the\n\t\t\tcontainer. This parameter maps to HealthCheck in the docker conainer create command and the\n\t\t\t\tHEALTHCHECK parameter of docker\n\t\t\t\trun.
The container health check command and associated configuration parameters for the\n\t\t\tcontainer. This parameter maps to HealthCheck in the docker container create command and the\n\t\t\t\tHEALTHCHECK parameter of docker\n\t\t\t\trun.
A list of namespaced kernel parameters to set in the container. This parameter maps to\n\t\t\tSysctls in tthe docker conainer create command and the --sysctl option to docker run. For example, you can configure\n\t\t\t\tnet.ipv4.tcp_keepalive_time setting to maintain longer lived\n\t\t\tconnections.
A list of namespaced kernel parameters to set in the container. This parameter maps to\n\t\t\tSysctls in the docker container create command and the --sysctl option to docker run. For example, you can configure\n\t\t\t\tnet.ipv4.tcp_keepalive_time setting to maintain longer lived\n\t\t\tconnections.
If a service is using the rolling update (ECS) deployment type, the\n\t\t\t\tmaximumPercent parameter represents an upper limit on the number of\n\t\t\tyour service's tasks that are allowed in the RUNNING or\n\t\t\t\tPENDING state during a deployment, as a percentage of the\n\t\t\t\tdesiredCount (rounded down to the nearest integer). This parameter\n\t\t\tenables you to define the deployment batch size. For example, if your service is using\n\t\t\tthe REPLICA service scheduler and has a desiredCount of four\n\t\t\ttasks and a maximumPercent value of 200%, the scheduler may start four new\n\t\t\ttasks before stopping the four older tasks (provided that the cluster resources required\n\t\t\tto do this are available). The default maximumPercent value for a service\n\t\t\tusing the REPLICA service scheduler is 200%.
If a service is using either the blue/green (CODE_DEPLOY) or\n\t\t\t\tEXTERNAL deployment types and tasks that use the EC2\n\t\t\tlaunch type, the maximum percent value is set to the\n\t\t\tdefault value and is used to define the upper limit on the number of the tasks in the\n\t\t\tservice that remain in the RUNNING state while the container instances are\n\t\t\tin the DRAINING state. If the tasks in the service use the\n\t\t\tFargate launch type, the maximum percent value is not used, although it is\n\t\t\treturned when describing your service.
If a service is using the rolling update (ECS) deployment type, the\n\t\t\t\tmaximumPercent parameter represents an upper limit on the number of\n\t\t\tyour service's tasks that are allowed in the RUNNING or\n\t\t\t\tPENDING state during a deployment, as a percentage of the\n\t\t\t\tdesiredCount (rounded down to the nearest integer). This parameter\n\t\t\tenables you to define the deployment batch size. For example, if your service is using\n\t\t\tthe REPLICA service scheduler and has a desiredCount of four\n\t\t\ttasks and a maximumPercent value of 200%, the scheduler may start four new\n\t\t\ttasks before stopping the four older tasks (provided that the cluster resources required\n\t\t\tto do this are available). The default maximumPercent value for a service\n\t\t\tusing the REPLICA service scheduler is 200%.
If a service is using either the blue/green (CODE_DEPLOY) or\n\t\t\t\tEXTERNAL deployment types, and tasks in the service use the EC2\n\t\t\tlaunch type, the maximum percent value is set to the\n\t\t\tdefault value. The maximum percent value is used to define the upper limit on the number of the tasks in the\n\t\t\tservice that remain in the RUNNING state while the container instances are\n\t\t\tin the DRAINING state.
You can't specify a custom maximumPercent value for a service that uses either the blue/green (CODE_DEPLOY) or\n\t\t\tEXTERNAL deployment types and has tasks that use the EC2 launch type.
If the tasks in the service use the\n\t\t\tFargate launch type, the maximum percent value is not used, although it is\n\t\t\treturned when describing your service.
" } }, "minimumHealthyPercent": { "target": "com.amazonaws.ecs#BoxedInteger", "traits": { - "smithy.api#documentation": "If a service is using the rolling update (ECS) deployment type, the\n\t\t\t\tminimumHealthyPercent represents a lower limit on the number of your\n\t\t\tservice's tasks that must remain in the RUNNING state during a deployment,\n\t\t\tas a percentage of the desiredCount (rounded up to the nearest integer).\n\t\t\tThis parameter enables you to deploy without using additional cluster capacity. For\n\t\t\texample, if your service has a desiredCount of four tasks and a\n\t\t\t\tminimumHealthyPercent of 50%, the service scheduler may stop two\n\t\t\texisting tasks to free up cluster capacity before starting two new tasks.
For services that do not use a load balancer, the following\n\t\t\tshould be noted:
\nA service is considered healthy if all essential containers within the tasks\n\t\t\t\t\tin the service pass their health checks.
\nIf a task has no essential containers with a health check defined, the service\n\t\t\t\t\tscheduler will wait for 40 seconds after a task reaches a RUNNING\n\t\t\t\t\tstate before the task is counted towards the minimum healthy percent\n\t\t\t\t\ttotal.
If a task has one or more essential containers with a health check defined,\n\t\t\t\t\tthe service scheduler will wait for the task to reach a healthy status before\n\t\t\t\t\tcounting it towards the minimum healthy percent total. A task is considered\n\t\t\t\t\thealthy when all essential containers within the task have passed their health\n\t\t\t\t\tchecks. The amount of time the service scheduler can wait for is determined by\n\t\t\t\t\tthe container health check settings.
\nFor services that do use a load balancer, the following should be\n\t\t\tnoted:
\nIf a task has no essential containers with a health check defined, the service\n\t\t\t\t\tscheduler will wait for the load balancer target group health check to return a\n\t\t\t\t\thealthy status before counting the task towards the minimum healthy percent\n\t\t\t\t\ttotal.
\nIf a task has an essential container with a health check defined, the service\n\t\t\t\t\tscheduler will wait for both the task to reach a healthy status and the load\n\t\t\t\t\tbalancer target group health check to return a healthy status before counting\n\t\t\t\t\tthe task towards the minimum healthy percent total.
\nThe default value for a replica service for minimumHealthyPercent is\n\t\t\t100%. The default minimumHealthyPercent value for a service using the\n\t\t\t\tDAEMON service schedule is 0% for the CLI, the Amazon Web Services SDKs, and the\n\t\t\tAPIs and 50% for the Amazon Web Services Management Console.
The minimum number of healthy tasks during a deployment is the\n\t\t\t\tdesiredCount multiplied by the minimumHealthyPercent/100,\n\t\t\trounded up to the nearest integer value.
If a service is using either the blue/green (CODE_DEPLOY) or\n\t\t\t\tEXTERNAL deployment types and is running tasks that use the\n\t\t\tEC2 launch type, the minimum healthy\n\t\t\t\tpercent value is set to the default value and is used to define the lower\n\t\t\tlimit on the number of the tasks in the service that remain in the RUNNING\n\t\t\tstate while the container instances are in the DRAINING state. If a service\n\t\t\tis using either the blue/green (CODE_DEPLOY) or EXTERNAL\n\t\t\tdeployment types and is running tasks that use the Fargate launch type,\n\t\t\tthe minimum healthy percent value is not used, although it is returned when describing\n\t\t\tyour service.
If a service is using the rolling update (ECS) deployment type, the\n\t\t\t\tminimumHealthyPercent represents a lower limit on the number of your\n\t\t\tservice's tasks that must remain in the RUNNING state during a deployment,\n\t\t\tas a percentage of the desiredCount (rounded up to the nearest integer).\n\t\t\tThis parameter enables you to deploy without using additional cluster capacity. For\n\t\t\texample, if your service has a desiredCount of four tasks and a\n\t\t\t\tminimumHealthyPercent of 50%, the service scheduler may stop two\n\t\t\texisting tasks to free up cluster capacity before starting two new tasks.
For services that do not use a load balancer, the following\n\t\t\tshould be noted:
\nA service is considered healthy if all essential containers within the tasks\n\t\t\t\t\tin the service pass their health checks.
\nIf a task has no essential containers with a health check defined, the service\n\t\t\t\t\tscheduler will wait for 40 seconds after a task reaches a RUNNING\n\t\t\t\t\tstate before the task is counted towards the minimum healthy percent\n\t\t\t\t\ttotal.
If a task has one or more essential containers with a health check defined,\n\t\t\t\t\tthe service scheduler will wait for the task to reach a healthy status before\n\t\t\t\t\tcounting it towards the minimum healthy percent total. A task is considered\n\t\t\t\t\thealthy when all essential containers within the task have passed their health\n\t\t\t\t\tchecks. The amount of time the service scheduler can wait for is determined by\n\t\t\t\t\tthe container health check settings.
\nFor services that do use a load balancer, the following should be\n\t\t\tnoted:
\nIf a task has no essential containers with a health check defined, the service\n\t\t\t\t\tscheduler will wait for the load balancer target group health check to return a\n\t\t\t\t\thealthy status before counting the task towards the minimum healthy percent\n\t\t\t\t\ttotal.
\nIf a task has an essential container with a health check defined, the service\n\t\t\t\t\tscheduler will wait for both the task to reach a healthy status and the load\n\t\t\t\t\tbalancer target group health check to return a healthy status before counting\n\t\t\t\t\tthe task towards the minimum healthy percent total.
\nThe default value for a replica service for minimumHealthyPercent is\n\t\t\t100%. The default minimumHealthyPercent value for a service using the\n\t\t\t\tDAEMON service schedule is 0% for the CLI, the Amazon Web Services SDKs, and the\n\t\t\tAPIs and 50% for the Amazon Web Services Management Console.
The minimum number of healthy tasks during a deployment is the\n\t\t\t\tdesiredCount multiplied by the minimumHealthyPercent/100,\n\t\t\trounded up to the nearest integer value.
If a service is using either the blue/green (CODE_DEPLOY) or\n\t\t\t\tEXTERNAL deployment types and is running tasks that use the\n\t\t\tEC2 launch type, the minimum healthy\n\t\t\t\tpercent value is set to the default value. The minimum healthy percent value is used to define the lower\n\t\t\tlimit on the number of the tasks in the service that remain in the RUNNING\n\t\t\tstate while the container instances are in the DRAINING state.
You can't specify a custom minimumHealthyPercent value for a service that uses either the blue/green (CODE_DEPLOY) or\n\t\t\tEXTERNAL deployment types and has tasks that use the EC2 launch type.
If a service\n\t\t\tis using either the blue/green (CODE_DEPLOY) or EXTERNAL\n\t\t\tdeployment types and is running tasks that use the Fargate launch type,\n\t\t\tthe minimum healthy percent value is not used, although it is returned when describing\n\t\t\tyour service.
The Docker volume driver to use. The driver value must match the driver name provided\n\t\t\tby Docker because it is used for task placement. If the driver was installed using the\n\t\t\tDocker plugin CLI, use docker plugin ls to retrieve the driver name from\n\t\t\tyour container instance. If the driver was installed using another method, use Docker\n\t\t\tplugin discovery to retrieve the driver name. This parameter maps to Driver in the docker conainer create command and the\n\t\t\t\txxdriver option to docker\n\t\t\t\tvolume create.
The Docker volume driver to use. The driver value must match the driver name provided\n\t\t\tby Docker because it is used for task placement. If the driver was installed using the\n\t\t\tDocker plugin CLI, use docker plugin ls to retrieve the driver name from\n\t\t\tyour container instance. If the driver was installed using another method, use Docker\n\t\t\tplugin discovery to retrieve the driver name. This parameter maps to Driver in the docker container create command and the\n\t\t\t\txxdriver option to docker\n\t\t\t\tvolume create.
Custom metadata to add to your Docker volume. This parameter maps to\n\t\t\t\tLabels in the docker conainer create command and the xxlabel option to docker\n\t\t\t\tvolume create.
Custom metadata to add to your Docker volume. This parameter maps to\n\t\t\t\tLabels in the docker container create command and the xxlabel option to docker\n\t\t\t\tvolume create.
A string array representing the command that the container runs to determine if it is\n\t\t\thealthy. The string array must start with CMD to run the command arguments\n\t\t\tdirectly, or CMD-SHELL to run the command with the container's default\n\t\t\tshell.
When you use the Amazon Web Services Management Console JSON panel, the Command Line Interface, or the APIs, enclose the list\n\t\t\tof commands in double quotes and brackets.
\n\n [ \"CMD-SHELL\", \"curl -f http://localhost/ || exit 1\" ]\n
You don't include the double quotes and brackets when you use the Amazon Web Services Management Console.
\n\n CMD-SHELL, curl -f http://localhost/ || exit 1\n
An exit code of 0 indicates success, and non-zero exit code indicates failure. For\n\t\t\tmore information, see HealthCheck in tthe docker conainer create command
A string array representing the command that the container runs to determine if it is\n\t\t\thealthy. The string array must start with CMD to run the command arguments\n\t\t\tdirectly, or CMD-SHELL to run the command with the container's default\n\t\t\tshell.
When you use the Amazon Web Services Management Console JSON panel, the Command Line Interface, or the APIs, enclose the list\n\t\t\tof commands in double quotes and brackets.
\n\n [ \"CMD-SHELL\", \"curl -f http://localhost/ || exit 1\" ]\n
You don't include the double quotes and brackets when you use the Amazon Web Services Management Console.
\n\n CMD-SHELL, curl -f http://localhost/ || exit 1\n
An exit code of 0 indicates success, and non-zero exit code indicates failure. For\n\t\t\tmore information, see HealthCheck in the docker container create command
The Linux capabilities for the container that have been added to the default\n\t\t\tconfiguration provided by Docker. This parameter maps to CapAdd in the docker conainer create command and the\n\t\t\t\t--cap-add option to docker\n\t\t\t\trun.
Tasks launched on Fargate only support adding the SYS_PTRACE kernel\n\t\t\t\tcapability.
Valid values: \"ALL\" | \"AUDIT_CONTROL\" | \"AUDIT_WRITE\" | \"BLOCK_SUSPEND\" |\n\t\t\t\t\"CHOWN\" | \"DAC_OVERRIDE\" | \"DAC_READ_SEARCH\" | \"FOWNER\" | \"FSETID\" | \"IPC_LOCK\" |\n\t\t\t\t\"IPC_OWNER\" | \"KILL\" | \"LEASE\" | \"LINUX_IMMUTABLE\" | \"MAC_ADMIN\" | \"MAC_OVERRIDE\" |\n\t\t\t\t\"MKNOD\" | \"NET_ADMIN\" | \"NET_BIND_SERVICE\" | \"NET_BROADCAST\" | \"NET_RAW\" | \"SETFCAP\"\n\t\t\t\t| \"SETGID\" | \"SETPCAP\" | \"SETUID\" | \"SYS_ADMIN\" | \"SYS_BOOT\" | \"SYS_CHROOT\" |\n\t\t\t\t\"SYS_MODULE\" | \"SYS_NICE\" | \"SYS_PACCT\" | \"SYS_PTRACE\" | \"SYS_RAWIO\" |\n\t\t\t\t\"SYS_RESOURCE\" | \"SYS_TIME\" | \"SYS_TTY_CONFIG\" | \"SYSLOG\" |\n\t\t\t\"WAKE_ALARM\"\n
The Linux capabilities for the container that have been added to the default\n\t\t\tconfiguration provided by Docker. This parameter maps to CapAdd in the docker container create command and the\n\t\t\t\t--cap-add option to docker\n\t\t\t\trun.
Tasks launched on Fargate only support adding the SYS_PTRACE kernel\n\t\t\t\tcapability.
Valid values: \"ALL\" | \"AUDIT_CONTROL\" | \"AUDIT_WRITE\" | \"BLOCK_SUSPEND\" |\n\t\t\t\t\"CHOWN\" | \"DAC_OVERRIDE\" | \"DAC_READ_SEARCH\" | \"FOWNER\" | \"FSETID\" | \"IPC_LOCK\" |\n\t\t\t\t\"IPC_OWNER\" | \"KILL\" | \"LEASE\" | \"LINUX_IMMUTABLE\" | \"MAC_ADMIN\" | \"MAC_OVERRIDE\" |\n\t\t\t\t\"MKNOD\" | \"NET_ADMIN\" | \"NET_BIND_SERVICE\" | \"NET_BROADCAST\" | \"NET_RAW\" | \"SETFCAP\"\n\t\t\t\t| \"SETGID\" | \"SETPCAP\" | \"SETUID\" | \"SYS_ADMIN\" | \"SYS_BOOT\" | \"SYS_CHROOT\" |\n\t\t\t\t\"SYS_MODULE\" | \"SYS_NICE\" | \"SYS_PACCT\" | \"SYS_PTRACE\" | \"SYS_RAWIO\" |\n\t\t\t\t\"SYS_RESOURCE\" | \"SYS_TIME\" | \"SYS_TTY_CONFIG\" | \"SYSLOG\" |\n\t\t\t\"WAKE_ALARM\"\n
The Linux capabilities for the container that have been removed from the default\n\t\t\tconfiguration provided by Docker. This parameter maps to CapDrop in the docker conainer create command and the\n\t\t\t\t--cap-drop option to docker\n\t\t\t\trun.
Valid values: \"ALL\" | \"AUDIT_CONTROL\" | \"AUDIT_WRITE\" | \"BLOCK_SUSPEND\" |\n\t\t\t\t\"CHOWN\" | \"DAC_OVERRIDE\" | \"DAC_READ_SEARCH\" | \"FOWNER\" | \"FSETID\" | \"IPC_LOCK\" |\n\t\t\t\t\"IPC_OWNER\" | \"KILL\" | \"LEASE\" | \"LINUX_IMMUTABLE\" | \"MAC_ADMIN\" | \"MAC_OVERRIDE\" |\n\t\t\t\t\"MKNOD\" | \"NET_ADMIN\" | \"NET_BIND_SERVICE\" | \"NET_BROADCAST\" | \"NET_RAW\" | \"SETFCAP\"\n\t\t\t\t| \"SETGID\" | \"SETPCAP\" | \"SETUID\" | \"SYS_ADMIN\" | \"SYS_BOOT\" | \"SYS_CHROOT\" |\n\t\t\t\t\"SYS_MODULE\" | \"SYS_NICE\" | \"SYS_PACCT\" | \"SYS_PTRACE\" | \"SYS_RAWIO\" |\n\t\t\t\t\"SYS_RESOURCE\" | \"SYS_TIME\" | \"SYS_TTY_CONFIG\" | \"SYSLOG\" |\n\t\t\t\"WAKE_ALARM\"\n
The Linux capabilities for the container that have been removed from the default\n\t\t\tconfiguration provided by Docker. This parameter maps to CapDrop in the docker container create command and the\n\t\t\t\t--cap-drop option to docker\n\t\t\t\trun.
Valid values: \"ALL\" | \"AUDIT_CONTROL\" | \"AUDIT_WRITE\" | \"BLOCK_SUSPEND\" |\n\t\t\t\t\"CHOWN\" | \"DAC_OVERRIDE\" | \"DAC_READ_SEARCH\" | \"FOWNER\" | \"FSETID\" | \"IPC_LOCK\" |\n\t\t\t\t\"IPC_OWNER\" | \"KILL\" | \"LEASE\" | \"LINUX_IMMUTABLE\" | \"MAC_ADMIN\" | \"MAC_OVERRIDE\" |\n\t\t\t\t\"MKNOD\" | \"NET_ADMIN\" | \"NET_BIND_SERVICE\" | \"NET_BROADCAST\" | \"NET_RAW\" | \"SETFCAP\"\n\t\t\t\t| \"SETGID\" | \"SETPCAP\" | \"SETUID\" | \"SYS_ADMIN\" | \"SYS_BOOT\" | \"SYS_CHROOT\" |\n\t\t\t\t\"SYS_MODULE\" | \"SYS_NICE\" | \"SYS_PACCT\" | \"SYS_PTRACE\" | \"SYS_RAWIO\" |\n\t\t\t\t\"SYS_RESOURCE\" | \"SYS_TIME\" | \"SYS_TTY_CONFIG\" | \"SYSLOG\" |\n\t\t\t\"WAKE_ALARM\"\n
Any host devices to expose to the container. This parameter maps to\n\t\t\tDevices in tthe docker conainer create command and the --device option to docker run.
If you're using tasks that use the Fargate launch type, the\n\t\t\t\t\tdevices parameter isn't supported.
Any host devices to expose to the container. This parameter maps to\n\t\t\tDevices in the docker container create command and the --device option to docker run.
If you're using tasks that use the Fargate launch type, the\n\t\t\t\t\tdevices parameter isn't supported.
The log configuration for the container. This parameter maps to LogConfig\n\t\t\tin the docker conainer create command and the\n\t\t\t\t--log-driver option to docker\n\t\t\t\t\trun.
By default, containers use the same logging driver that the Docker daemon uses.\n\t\t\tHowever, the container might use a different logging driver than the Docker daemon by\n\t\t\tspecifying a log driver configuration in the container definition.
\nUnderstand the following when specifying a log configuration for your\n\t\t\tcontainers.
\nAmazon ECS currently supports a subset of the logging drivers available to the\n\t\t\t\t\tDocker daemon. Additional log drivers may be available in future releases of the\n\t\t\t\t\tAmazon ECS container agent.
\nFor tasks on Fargate, the supported log drivers are awslogs,\n\t\t\t\t\t\tsplunk, and awsfirelens.
For tasks hosted on Amazon EC2 instances, the supported log drivers are\n\t\t\t\t\t\tawslogs, fluentd, gelf,\n\t\t\t\t\t\tjson-file, journald,syslog,\n\t\t\t\t\t\tsplunk, and awsfirelens.
This parameter requires version 1.18 of the Docker Remote API or greater on\n\t\t\t\t\tyour container instance.
\nFor tasks that are hosted on Amazon EC2 instances, the Amazon ECS container agent must\n\t\t\t\t\tregister the available logging drivers with the\n\t\t\t\t\t\tECS_AVAILABLE_LOGGING_DRIVERS environment variable before\n\t\t\t\t\tcontainers placed on that instance can use these log configuration options. For\n\t\t\t\t\tmore information, see Amazon ECS container agent configuration in the\n\t\t\t\t\tAmazon Elastic Container Service Developer Guide.
For tasks that are on Fargate, because you don't have access to the\n\t\t\t\t\tunderlying infrastructure your tasks are hosted on, any additional software\n\t\t\t\t\tneeded must be installed outside of the task. For example, the Fluentd output\n\t\t\t\t\taggregators or a remote host running Logstash to send Gelf logs to.
\nThe log configuration for the container. This parameter maps to LogConfig\n\t\t\tin the docker container create command and the\n\t\t\t\t--log-driver option to docker\n\t\t\t\t\trun.
By default, containers use the same logging driver that the Docker daemon uses.\n\t\t\tHowever, the container might use a different logging driver than the Docker daemon by\n\t\t\tspecifying a log driver configuration in the container definition.
\nUnderstand the following when specifying a log configuration for your\n\t\t\tcontainers.
\nAmazon ECS currently supports a subset of the logging drivers available to the\n\t\t\t\t\tDocker daemon. Additional log drivers may be available in future releases of the\n\t\t\t\t\tAmazon ECS container agent.
\nFor tasks on Fargate, the supported log drivers are awslogs,\n\t\t\t\t\t\tsplunk, and awsfirelens.
For tasks hosted on Amazon EC2 instances, the supported log drivers are\n\t\t\t\t\t\tawslogs, fluentd, gelf,\n\t\t\t\t\t\tjson-file, journald,syslog,\n\t\t\t\t\t\tsplunk, and awsfirelens.
This parameter requires version 1.18 of the Docker Remote API or greater on\n\t\t\t\t\tyour container instance.
\nFor tasks that are hosted on Amazon EC2 instances, the Amazon ECS container agent must\n\t\t\t\t\tregister the available logging drivers with the\n\t\t\t\t\t\tECS_AVAILABLE_LOGGING_DRIVERS environment variable before\n\t\t\t\t\tcontainers placed on that instance can use these log configuration options. For\n\t\t\t\t\tmore information, see Amazon ECS container agent configuration in the\n\t\t\t\t\tAmazon Elastic Container Service Developer Guide.
For tasks that are on Fargate, because you don't have access to the\n\t\t\t\t\tunderlying infrastructure your tasks are hosted on, any additional software\n\t\t\t\t\tneeded must be installed outside of the task. For example, the Fluentd output\n\t\t\t\t\taggregators or a remote host running Logstash to send Gelf logs to.
\nPort mappings allow containers to access ports on the host container instance to send\n\t\t\tor receive traffic. Port mappings are specified as part of the container\n\t\t\tdefinition.
\nIf you use containers in a task with the awsvpc or host\n\t\t\tnetwork mode, specify the exposed ports using containerPort. The\n\t\t\t\thostPort can be left blank or it must be the same value as the\n\t\t\t\tcontainerPort.
Most fields of this parameter (containerPort, hostPort,\n\t\t\tprotocol) maps to PortBindings in the docker conainer create command and the\n\t\t\t\t--publish option to docker\n\t\t\t\t\trun. If the network mode of a task definition is set to\n\t\t\t\thost, host ports must either be undefined or match the container port\n\t\t\tin the port mapping.
You can't expose the same container port for multiple protocols. If you attempt\n\t\t\t\tthis, an error is returned.
\nAfter a task reaches the RUNNING status, manual and automatic host and\n\t\t\tcontainer port assignments are visible in the networkBindings section of\n\t\t\tDescribeTasks API responses.
Port mappings allow containers to access ports on the host container instance to send\n\t\t\tor receive traffic. Port mappings are specified as part of the container\n\t\t\tdefinition.
\nIf you use containers in a task with the awsvpc or host\n\t\t\tnetwork mode, specify the exposed ports using containerPort. The\n\t\t\t\thostPort can be left blank or it must be the same value as the\n\t\t\t\tcontainerPort.
Most fields of this parameter (containerPort, hostPort,\n\t\t\tprotocol) maps to PortBindings in the docker container create command and the\n\t\t\t\t--publish option to docker\n\t\t\t\t\trun. If the network mode of a task definition is set to\n\t\t\t\thost, host ports must either be undefined or match the container port\n\t\t\tin the port mapping.
You can't expose the same container port for multiple protocols. If you attempt\n\t\t\t\tthis, an error is returned.
\nAfter a task reaches the RUNNING status, manual and automatic host and\n\t\t\tcontainer port assignments are visible in the networkBindings section of\n\t\t\tDescribeTasks API responses.
The Amazon ECS account setting name to modify.
\nThe following are the valid values for the account setting name.
\n\n serviceLongArnFormat - When modified, the Amazon Resource Name\n\t\t\t\t\t(ARN) and resource ID format of the resource type for a specified user, role, or\n\t\t\t\t\tthe root user for an account is affected. The opt-in and opt-out account setting\n\t\t\t\t\tmust be set for each Amazon ECS resource separately. The ARN and resource ID format\n\t\t\t\t\tof a resource is defined by the opt-in status of the user or role that created\n\t\t\t\t\tthe resource. You must turn on this setting to use Amazon ECS features such as\n\t\t\t\t\tresource tagging.
\n taskLongArnFormat - When modified, the Amazon Resource Name (ARN)\n\t\t\t\t\tand resource ID format of the resource type for a specified user, role, or the\n\t\t\t\t\troot user for an account is affected. The opt-in and opt-out account setting must\n\t\t\t\t\tbe set for each Amazon ECS resource separately. The ARN and resource ID format of a\n\t\t\t\t\tresource is defined by the opt-in status of the user or role that created the\n\t\t\t\t\tresource. You must turn on this setting to use Amazon ECS features such as resource\n\t\t\t\t\ttagging.
\n containerInstanceLongArnFormat - When modified, the Amazon\n\t\t\t\t\tResource Name (ARN) and resource ID format of the resource type for a specified\n\t\t\t\t\tuser, role, or the root user for an account is affected. The opt-in and opt-out\n\t\t\t\t\taccount setting must be set for each Amazon ECS resource separately. The ARN and\n\t\t\t\t\tresource ID format of a resource is defined by the opt-in status of the user or\n\t\t\t\t\trole that created the resource. You must turn on this setting to use Amazon ECS\n\t\t\t\t\tfeatures such as resource tagging.
\n awsvpcTrunking - When modified, the elastic network interface\n\t\t\t\t\t(ENI) limit for any new container instances that support the feature is changed.\n\t\t\t\t\tIf awsvpcTrunking is turned on, any new container instances that\n\t\t\t\t\tsupport the feature are launched have the increased ENI limits available to\n\t\t\t\t\tthem. For more information, see Elastic\n\t\t\t\t\t\tNetwork Interface Trunking in the Amazon Elastic Container Service Developer Guide.
\n containerInsights - When modified, the default setting indicating\n\t\t\t\t\twhether Amazon Web Services CloudWatch Container Insights is turned on for your clusters is changed.\n\t\t\t\t\tIf containerInsights is turned on, any new clusters that are\n\t\t\t\t\tcreated will have Container Insights turned on unless you disable it during\n\t\t\t\t\tcluster creation. For more information, see CloudWatch Container Insights in the Amazon Elastic Container Service Developer Guide.
\n dualStackIPv6 - When turned on, when using a VPC in dual stack\n\t\t\t\t\tmode, your tasks using the awsvpc network mode can have an IPv6\n\t\t\t\t\taddress assigned. For more information on using IPv6 with tasks launched on\n\t\t\t\t\tAmazon EC2 instances, see Using a VPC in dual-stack mode. For more information on using IPv6\n\t\t\t\t\twith tasks launched on Fargate, see Using a VPC in dual-stack mode.
\n fargateFIPSMode - If you specify fargateFIPSMode,\n\t\t\t\t\tFargate FIPS 140 compliance is affected.
\n fargateTaskRetirementWaitPeriod - When Amazon Web Services determines that a\n\t\t\t\t\tsecurity or infrastructure update is needed for an Amazon ECS task hosted on\n\t\t\t\t\tFargate, the tasks need to be stopped and new tasks launched to replace them.\n\t\t\t\t\tUse fargateTaskRetirementWaitPeriod to configure the wait time to\n\t\t\t\t\tretire a Fargate task. For information about the Fargate tasks maintenance,\n\t\t\t\t\tsee Amazon Web Services Fargate\n\t\t\t\t\t\ttask maintenance in the Amazon ECS Developer\n\t\t\t\t\tGuide.
\n tagResourceAuthorization - Amazon ECS is introducing tagging\n\t\t\t\t\tauthorization for resource creation. Users must have permissions for actions\n\t\t\t\t\tthat create the resource, such as ecsCreateCluster. If tags are\n\t\t\t\t\tspecified when you create a resource, Amazon Web Services performs additional authorization to\n\t\t\t\t\tverify if users or roles have permissions to create tags. Therefore, you must\n\t\t\t\t\tgrant explicit permissions to use the ecs:TagResource action. For\n\t\t\t\t\tmore information, see Grant permission to tag resources on creation in the\n\t\t\t\t\t\tAmazon ECS Developer Guide.
\n guardDutyActivate - The guardDutyActivate parameter is read-only in Amazon ECS and indicates whether\n\t\t\tAmazon ECS Runtime Monitoring is enabled or disabled by your security administrator in your\n\t\t\tAmazon ECS account. Amazon GuardDuty controls this account setting on your behalf. For more information, see Protecting Amazon ECS workloads with Amazon ECS Runtime Monitoring.
The Amazon ECS account setting name to modify.
\nThe following are the valid values for the account setting name.
\n\n serviceLongArnFormat - When modified, the Amazon Resource Name\n\t\t\t\t\t(ARN) and resource ID format of the resource type for a specified user, role, or\n\t\t\t\t\tthe root user for an account is affected. The opt-in and opt-out account setting\n\t\t\t\t\tmust be set for each Amazon ECS resource separately. The ARN and resource ID format\n\t\t\t\t\tof a resource is defined by the opt-in status of the user or role that created\n\t\t\t\t\tthe resource. You must turn on this setting to use Amazon ECS features such as\n\t\t\t\t\tresource tagging.
\n taskLongArnFormat - When modified, the Amazon Resource Name (ARN)\n\t\t\t\t\tand resource ID format of the resource type for a specified user, role, or the\n\t\t\t\t\troot user for an account is affected. The opt-in and opt-out account setting must\n\t\t\t\t\tbe set for each Amazon ECS resource separately. The ARN and resource ID format of a\n\t\t\t\t\tresource is defined by the opt-in status of the user or role that created the\n\t\t\t\t\tresource. You must turn on this setting to use Amazon ECS features such as resource\n\t\t\t\t\ttagging.
\n containerInstanceLongArnFormat - When modified, the Amazon\n\t\t\t\t\tResource Name (ARN) and resource ID format of the resource type for a specified\n\t\t\t\t\tuser, role, or the root user for an account is affected. The opt-in and opt-out\n\t\t\t\t\taccount setting must be set for each Amazon ECS resource separately. The ARN and\n\t\t\t\t\tresource ID format of a resource is defined by the opt-in status of the user or\n\t\t\t\t\trole that created the resource. You must turn on this setting to use Amazon ECS\n\t\t\t\t\tfeatures such as resource tagging.
\n awsvpcTrunking - When modified, the elastic network interface\n\t\t\t\t\t(ENI) limit for any new container instances that support the feature is changed.\n\t\t\t\t\tIf awsvpcTrunking is turned on, any new container instances that\n\t\t\t\t\tsupport the feature are launched have the increased ENI limits available to\n\t\t\t\t\tthem. For more information, see Elastic\n\t\t\t\t\t\tNetwork Interface Trunking in the Amazon Elastic Container Service Developer Guide.
\n containerInsights - When modified, the default setting indicating\n\t\t\t\t\twhether Amazon Web Services CloudWatch Container Insights is turned on for your clusters is changed.\n\t\t\t\t\tIf containerInsights is turned on, any new clusters that are\n\t\t\t\t\tcreated will have Container Insights turned on unless you disable it during\n\t\t\t\t\tcluster creation. For more information, see CloudWatch Container Insights in the Amazon Elastic Container Service Developer Guide.
\n dualStackIPv6 - When turned on, when using a VPC in dual stack\n\t\t\t\t\tmode, your tasks using the awsvpc network mode can have an IPv6\n\t\t\t\t\taddress assigned. For more information on using IPv6 with tasks launched on\n\t\t\t\t\tAmazon EC2 instances, see Using a VPC in dual-stack mode. For more information on using IPv6\n\t\t\t\t\twith tasks launched on Fargate, see Using a VPC in dual-stack mode.
\n fargateTaskRetirementWaitPeriod - When Amazon Web Services determines that a\n\t\t\t\t\tsecurity or infrastructure update is needed for an Amazon ECS task hosted on\n\t\t\t\t\tFargate, the tasks need to be stopped and new tasks launched to replace them.\n\t\t\t\t\tUse fargateTaskRetirementWaitPeriod to configure the wait time to\n\t\t\t\t\tretire a Fargate task. For information about the Fargate tasks maintenance,\n\t\t\t\t\tsee Amazon Web Services Fargate\n\t\t\t\t\t\ttask maintenance in the Amazon ECS Developer\n\t\t\t\t\tGuide.
\n tagResourceAuthorization - Amazon ECS is introducing tagging\n\t\t\t\t\tauthorization for resource creation. Users must have permissions for actions\n\t\t\t\t\tthat create the resource, such as ecsCreateCluster. If tags are\n\t\t\t\t\tspecified when you create a resource, Amazon Web Services performs additional authorization to\n\t\t\t\t\tverify if users or roles have permissions to create tags. Therefore, you must\n\t\t\t\t\tgrant explicit permissions to use the ecs:TagResource action. For\n\t\t\t\t\tmore information, see Grant permission to tag resources on creation in the\n\t\t\t\t\t\tAmazon ECS Developer Guide.
\n guardDutyActivate - The guardDutyActivate parameter is read-only in Amazon ECS and indicates whether\n\t\t\tAmazon ECS Runtime Monitoring is enabled or disabled by your security administrator in your\n\t\t\tAmazon ECS account. Amazon GuardDuty controls this account setting on your behalf. For more information, see Protecting Amazon ECS workloads with Amazon ECS Runtime Monitoring.
A list of namespaced kernel parameters to set in the container. This parameter maps to\n\t\t\tSysctls in tthe docker conainer create command and the --sysctl option to docker run. For example, you can configure\n\t\t\t\tnet.ipv4.tcp_keepalive_time setting to maintain longer lived\n\t\t\tconnections.
We don't recommend that you specify network-related systemControls\n\t\t\tparameters for multiple containers in a single task that also uses either the\n\t\t\t\tawsvpc or host network mode. Doing this has the following\n\t\t\tdisadvantages:
For tasks that use the awsvpc network mode including Fargate,\n\t\t\t\t\tif you set systemControls for any container, it applies to all\n\t\t\t\t\tcontainers in the task. If you set different systemControls for\n\t\t\t\t\tmultiple containers in a single task, the container that's started last\n\t\t\t\t\tdetermines which systemControls take effect.
For tasks that use the host network mode, the network namespace\n\t\t\t\t\t\tsystemControls aren't supported.
If you're setting an IPC resource namespace to use for the containers in the task, the\n\t\t\tfollowing conditions apply to your system controls. For more information, see IPC mode.
\nFor tasks that use the host IPC mode, IPC namespace\n\t\t\t\t\t\tsystemControls aren't supported.
For tasks that use the task IPC mode, IPC namespace\n\t\t\t\t\t\tsystemControls values apply to all containers within a\n\t\t\t\t\ttask.
This parameter is not supported for Windows containers.
\nThis parameter is only supported for tasks that are hosted on\n Fargate if the tasks are using platform version 1.4.0 or later\n (Linux). This isn't supported for Windows containers on\n Fargate.
A list of namespaced kernel parameters to set in the container. This parameter maps to\n\t\t\tSysctls in the docker container create command and the --sysctl option to docker run. For example, you can configure\n\t\t\t\tnet.ipv4.tcp_keepalive_time setting to maintain longer lived\n\t\t\tconnections.
We don't recommend that you specify network-related systemControls\n\t\t\tparameters for multiple containers in a single task that also uses either the\n\t\t\t\tawsvpc or host network mode. Doing this has the following\n\t\t\tdisadvantages:
For tasks that use the awsvpc network mode including Fargate,\n\t\t\t\t\tif you set systemControls for any container, it applies to all\n\t\t\t\t\tcontainers in the task. If you set different systemControls for\n\t\t\t\t\tmultiple containers in a single task, the container that's started last\n\t\t\t\t\tdetermines which systemControls take effect.
For tasks that use the host network mode, the network namespace\n\t\t\t\t\t\tsystemControls aren't supported.
If you're setting an IPC resource namespace to use for the containers in the task, the\n\t\t\tfollowing conditions apply to your system controls. For more information, see IPC mode.
\nFor tasks that use the host IPC mode, IPC namespace\n\t\t\t\t\t\tsystemControls aren't supported.
For tasks that use the task IPC mode, IPC namespace\n\t\t\t\t\t\tsystemControls values apply to all containers within a\n\t\t\t\t\ttask.
This parameter is not supported for Windows containers.
\nThis parameter is only supported for tasks that are hosted on\n Fargate if the tasks are using platform version 1.4.0 or later\n (Linux). This isn't supported for Windows containers on\n Fargate.
The task launch types the task definition validated against during task definition\n\t\t\tregistration. For more information, see Amazon ECS launch types\n\t\t\tin the Amazon Elastic Container Service Developer Guide.
" + "smithy.api#documentation": "Amazon ECS validates the task definition parameters with those supported by the launch type. For\n\t\t\tmore information, see Amazon ECS launch types\n\t\t\tin the Amazon Elastic Container Service Developer Guide.
" } }, "runtimePlatform": { @@ -12351,7 +12351,7 @@ "target": "com.amazonaws.ecs#Integer", "traits": { "smithy.api#default": 0, - "smithy.api#documentation": "The soft limit for the ulimit type.
The soft limit for the ulimit type. The value can be specified in bytes, seconds, or as a count, depending on the type of the ulimit.
The hard limit for the ulimit type.
The hard limit for the ulimit type. The value can be specified in bytes, seconds, or as a count, depending on the type of the ulimit.
Deletes a resource-based policy from a function.
", + "smithy.api#http": { + "method": "DELETE", + "uri": "/2024-09-16/resource-policy/{ResourceArn}", + "code": 204 + } + } + }, + "com.amazonaws.lambda#DeleteResourcePolicyRequest": { + "type": "structure", + "members": { + "ResourceArn": { + "target": "com.amazonaws.lambda#PolicyResourceArn", + "traits": { + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the function you want to delete the policy from. You can use either a qualified or an unqualified ARN, \n but the value you specify must be a complete ARN and wildcard characters are not accepted.
", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + }, + "RevisionId": { + "target": "com.amazonaws.lambda#RevisionId", + "traits": { + "smithy.api#documentation": "Delete the existing policy only if its revision ID matches the string you specify. To find the revision ID of the policy currently attached \n to your function, use the GetResourcePolicy action.
", + "smithy.api#httpQuery": "RevisionId" + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, "com.amazonaws.lambda#Description": { "type": "string", "traits": { @@ -6100,6 +6175,134 @@ "smithy.api#output": {} } }, + "com.amazonaws.lambda#GetPublicAccessBlockConfig": { + "type": "operation", + "input": { + "target": "com.amazonaws.lambda#GetPublicAccessBlockConfigRequest" + }, + "output": { + "target": "com.amazonaws.lambda#GetPublicAccessBlockConfigResponse" + }, + "errors": [ + { + "target": "com.amazonaws.lambda#InvalidParameterValueException" + }, + { + "target": "com.amazonaws.lambda#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.lambda#ServiceException" + }, + { + "target": "com.amazonaws.lambda#TooManyRequestsException" + } + ], + "traits": { + "smithy.api#documentation": "Retrieve the public-access settings for a function.
", + "smithy.api#http": { + "method": "GET", + "uri": "/2024-09-16/public-access-block/{ResourceArn}", + "code": 200 + } + } + }, + "com.amazonaws.lambda#GetPublicAccessBlockConfigRequest": { + "type": "structure", + "members": { + "ResourceArn": { + "target": "com.amazonaws.lambda#PublicAccessBlockResourceArn", + "traits": { + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the function you want to retrieve public-access settings for.
", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.lambda#GetPublicAccessBlockConfigResponse": { + "type": "structure", + "members": { + "PublicAccessBlockConfig": { + "target": "com.amazonaws.lambda#PublicAccessBlockConfig", + "traits": { + "smithy.api#documentation": "The public-access settings configured for the function you specified
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.lambda#GetResourcePolicy": { + "type": "operation", + "input": { + "target": "com.amazonaws.lambda#GetResourcePolicyRequest" + }, + "output": { + "target": "com.amazonaws.lambda#GetResourcePolicyResponse" + }, + "errors": [ + { + "target": "com.amazonaws.lambda#InvalidParameterValueException" + }, + { + "target": "com.amazonaws.lambda#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.lambda#ServiceException" + }, + { + "target": "com.amazonaws.lambda#TooManyRequestsException" + } + ], + "traits": { + "smithy.api#documentation": "Retrieves the resource-based policy attached to a function.
", + "smithy.api#http": { + "method": "GET", + "uri": "/2024-09-16/resource-policy/{ResourceArn}", + "code": 200 + } + } + }, + "com.amazonaws.lambda#GetResourcePolicyRequest": { + "type": "structure", + "members": { + "ResourceArn": { + "target": "com.amazonaws.lambda#PolicyResourceArn", + "traits": { + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the function you want to retrieve the policy for. You can use either a qualified or an unqualified ARN, \n but the value you specify must be a complete ARN and wildcard characters are not accepted.
", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.lambda#GetResourcePolicyResponse": { + "type": "structure", + "members": { + "Policy": { + "target": "com.amazonaws.lambda#ResourcePolicy", + "traits": { + "smithy.api#documentation": "The resource-based policy attached to the function you specified.
" + } + }, + "RevisionId": { + "target": "com.amazonaws.lambda#RevisionId", + "traits": { + "smithy.api#documentation": "The revision ID of the policy.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.lambda#GetRuntimeManagementConfig": { "type": "operation", "input": { @@ -8886,6 +9089,16 @@ "smithy.api#httpError": 400 } }, + "com.amazonaws.lambda#PolicyResourceArn": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 0, + "max": 256 + }, + "smithy.api#pattern": "^arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}:\\d{12}:function:[a-zA-Z0-9-_]+(:(\\$LATEST|[a-zA-Z0-9-_])+)?$" + } + }, "com.amazonaws.lambda#PositiveInteger": { "type": "integer", "traits": { @@ -9027,6 +9240,55 @@ } } }, + "com.amazonaws.lambda#PublicAccessBlockConfig": { + "type": "structure", + "members": { + "BlockPublicPolicy": { + "target": "com.amazonaws.lambda#NullableBoolean", + "traits": { + "smithy.api#documentation": "To block the creation of resource-based policies that would grant public access to your function, set BlockPublicPolicy \n to true. To allow the creation of resource-based policies that would grant public access to your function, set BlockPublicPolicy \n to false.
To block public access to your function, even if its resource-based policy allows it, set RestrictPublicResource to true. To \n allow public access to a function with a resource-based policy that permits it, set RestrictPublicResource to false.
An object that defines the public-access settings for a function.
" + } + }, + "com.amazonaws.lambda#PublicAccessBlockResourceArn": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 0, + "max": 170 + }, + "smithy.api#pattern": "^arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}:\\d{12}:function:[a-zA-Z0-9-_]+$" + } + }, + "com.amazonaws.lambda#PublicPolicyException": { + "type": "structure", + "members": { + "Type": { + "target": "com.amazonaws.lambda#String", + "traits": { + "smithy.api#documentation": "The exception type.
" + } + }, + "Message": { + "target": "com.amazonaws.lambda#String" + } + }, + "traits": { + "smithy.api#documentation": "Lambda prevented your policy from being created because it would grant public access to your function. If you intended to \n create a public policy, use the PutPublicAccessBlockConfig API action to configure your function's public-access settings \n to allow public policies.
", + "smithy.api#error": "client", + "smithy.api#httpError": 400 + } + }, "com.amazonaws.lambda#PublishLayerVersion": { "type": "operation", "input": { @@ -9639,6 +9901,169 @@ "smithy.api#output": {} } }, + "com.amazonaws.lambda#PutPublicAccessBlockConfig": { + "type": "operation", + "input": { + "target": "com.amazonaws.lambda#PutPublicAccessBlockConfigRequest" + }, + "output": { + "target": "com.amazonaws.lambda#PutPublicAccessBlockConfigResponse" + }, + "errors": [ + { + "target": "com.amazonaws.lambda#InvalidParameterValueException" + }, + { + "target": "com.amazonaws.lambda#ResourceConflictException" + }, + { + "target": "com.amazonaws.lambda#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.lambda#ServiceException" + }, + { + "target": "com.amazonaws.lambda#TooManyRequestsException" + } + ], + "traits": { + "smithy.api#documentation": "Configure your function's public-access settings.
\nTo control public access to a Lambda function, you can choose whether to allow the creation of \n resource-based policies that \n allow public access to that function. You can also block public access to a function, even if it has an existing resource-based \n policy that allows it.
", + "smithy.api#http": { + "method": "PUT", + "uri": "/2024-09-16/public-access-block/{ResourceArn}", + "code": 200 + } + } + }, + "com.amazonaws.lambda#PutPublicAccessBlockConfigRequest": { + "type": "structure", + "members": { + "ResourceArn": { + "target": "com.amazonaws.lambda#PublicAccessBlockResourceArn", + "traits": { + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the function you want to configure public-access settings for. Public-access settings \n are applied at the function level, so you can't apply different settings to function versions or aliases.
", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + }, + "PublicAccessBlockConfig": { + "target": "com.amazonaws.lambda#PublicAccessBlockConfig", + "traits": { + "smithy.api#documentation": "An object defining the public-access settings you want to apply.
\nTo block the creation of resource-based policies that would grant public access to your function, set BlockPublicPolicy \n to true. To allow the creation of resource-based policies that would grant public access to your function, set BlockPublicPolicy \n to false.
To block public access to your function, even if its resource-based policy allows it, set RestrictPublicResource to true. To \n allow public access to a function with a resource-based policy that permits it, set RestrictPublicResource to false.
The default setting for both BlockPublicPolicy and RestrictPublicResource is true.
The public-access settings Lambda applied to your function.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.lambda#PutResourcePolicy": { + "type": "operation", + "input": { + "target": "com.amazonaws.lambda#PutResourcePolicyRequest" + }, + "output": { + "target": "com.amazonaws.lambda#PutResourcePolicyResponse" + }, + "errors": [ + { + "target": "com.amazonaws.lambda#InvalidParameterValueException" + }, + { + "target": "com.amazonaws.lambda#PolicyLengthExceededException" + }, + { + "target": "com.amazonaws.lambda#PreconditionFailedException" + }, + { + "target": "com.amazonaws.lambda#PublicPolicyException" + }, + { + "target": "com.amazonaws.lambda#ResourceConflictException" + }, + { + "target": "com.amazonaws.lambda#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.lambda#ServiceException" + }, + { + "target": "com.amazonaws.lambda#TooManyRequestsException" + } + ], + "traits": { + "smithy.api#documentation": "Adds a resource-based policy \n to a function. You can use resource-based policies to grant access to other \n Amazon Web Services accounts, \n organizations, or \n services. Resource-based policies \n apply to a single function, version, or alias.
\nAdding a resource-based policy using this API action replaces any existing policy you've previously created. This means that if \n you've previously added resource-based permissions to a function using the AddPermission action, those \n permissions will be overwritten by your new policy.
\nThe Amazon Resource Name (ARN) of the function you want to add the policy to. You can use either a qualified or an unqualified ARN, \n but the value you specify must be a complete ARN and wildcard characters are not accepted.
", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + }, + "Policy": { + "target": "com.amazonaws.lambda#ResourcePolicy", + "traits": { + "smithy.api#documentation": "The JSON resource-based policy you want to add to your function.
\nTo learn more about creating resource-based policies for controlling access to \n Lambda, see Working with resource-based IAM policies in Lambda in the \n Lambda Developer Guide.
", + "smithy.api#required": {} + } + }, + "RevisionId": { + "target": "com.amazonaws.lambda#RevisionId", + "traits": { + "smithy.api#documentation": "Replace the existing policy only if its revision ID matches the string you specify. To find the revision ID of the policy currently attached \n to your function, use the GetResourcePolicy action.
" + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.lambda#PutResourcePolicyResponse": { + "type": "structure", + "members": { + "Policy": { + "target": "com.amazonaws.lambda#ResourcePolicy", + "traits": { + "smithy.api#documentation": "The policy Lambda added to your function.
" + } + }, + "RevisionId": { + "target": "com.amazonaws.lambda#RevisionId", + "traits": { + "smithy.api#documentation": "The revision ID of the policy Lambda added to your function.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.lambda#PutRuntimeManagementConfig": { "type": "operation", "input": { @@ -10060,6 +10485,16 @@ "smithy.api#httpError": 502 } }, + "com.amazonaws.lambda#ResourcePolicy": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 1, + "max": 20480 + }, + "smithy.api#pattern": "^[\\s\\S]+$" + } + }, "com.amazonaws.lambda#ResponseStreamingInvocationType": { "type": "enum", "members": { @@ -10077,6 +10512,16 @@ } } }, + "com.amazonaws.lambda#RevisionId": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 36, + "max": 36 + }, + "smithy.api#pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$" + } + }, "com.amazonaws.lambda#RoleArn": { "type": "string", "traits": { diff --git a/codegen/sdk-codegen/aws-models/rds.json b/codegen/sdk-codegen/aws-models/rds.json index c16e013e67b..347818e5791 100644 --- a/codegen/sdk-codegen/aws-models/rds.json +++ b/codegen/sdk-codegen/aws-models/rds.json @@ -5023,7 +5023,7 @@ "LicenseModel": { "target": "com.amazonaws.rds#String", "traits": { - "smithy.api#documentation": "The license model information for this DB instance.
\nLicense models for RDS for Db2 require additional configuration. The Bring Your\n Own License (BYOL) model requires a custom parameter group. The Db2 license through\n Amazon Web Services Marketplace model requires an Amazon Web Services Marketplace subscription. For more\n information, see RDS for Db2 licensing\n options in the Amazon RDS User Guide.
\nThe default for RDS for Db2 is bring-your-own-license.
This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.
\nValid Values:
\nRDS for Db2 - bring-your-own-license | marketplace-license\n
RDS for MariaDB - general-public-license\n
RDS for Microsoft SQL Server - license-included\n
RDS for MySQL - general-public-license\n
RDS for Oracle - bring-your-own-license | license-included\n
RDS for PostgreSQL - postgresql-license\n
The license model information for this DB instance.
\nLicense models for RDS for Db2 require additional configuration. The Bring Your\n Own License (BYOL) model requires a custom parameter group and an Amazon Web Services License Manager self-managed license. The Db2 license through\n Amazon Web Services Marketplace model requires an Amazon Web Services Marketplace subscription. For more\n information, see Amazon RDS for Db2 licensing\n options in the Amazon RDS User Guide.
\nThe default for RDS for Db2 is bring-your-own-license.
This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.
\nValid Values:
\nRDS for Db2 - bring-your-own-license | marketplace-license\n
RDS for MariaDB - general-public-license\n
RDS for Microsoft SQL Server - license-included\n
RDS for MySQL - general-public-license\n
RDS for Oracle - bring-your-own-license | license-included\n
RDS for PostgreSQL - postgresql-license\n
License model information for the restored DB instance.
\nLicense models for RDS for Db2 require additional configuration. The Bring Your\n Own License (BYOL) model requires a custom parameter group. The Db2 license through\n Amazon Web Services Marketplace model requires an Amazon Web Services Marketplace subscription. For more\n information, see RDS for Db2 licensing\n options in the Amazon RDS User Guide.
\nThis setting doesn't apply to Amazon Aurora or RDS Custom DB instances.
\nValid Values:
\nRDS for Db2 - bring-your-own-license | marketplace-license\n
RDS for MariaDB - general-public-license\n
RDS for Microsoft SQL Server - license-included\n
RDS for MySQL - general-public-license\n
RDS for Oracle - bring-your-own-license | license-included\n
RDS for PostgreSQL - postgresql-license\n
Default: Same as the source.
" + "smithy.api#documentation": "License model information for the restored DB instance.
\nLicense models for RDS for Db2 require additional configuration. The Bring Your\n Own License (BYOL) model requires a custom parameter group and an Amazon Web Services License Manager self-managed license. The Db2 license through\n Amazon Web Services Marketplace model requires an Amazon Web Services Marketplace subscription. For more\n information, see Amazon RDS for Db2 licensing\n options in the Amazon RDS User Guide.
\nThis setting doesn't apply to Amazon Aurora or RDS Custom DB instances.
\nValid Values:
\nRDS for Db2 - bring-your-own-license | marketplace-license\n
RDS for MariaDB - general-public-license\n
RDS for Microsoft SQL Server - license-included\n
RDS for MySQL - general-public-license\n
RDS for Oracle - bring-your-own-license | license-included\n
RDS for PostgreSQL - postgresql-license\n
Default: Same as the source.
" } }, "DBName": { @@ -28773,7 +28773,7 @@ "LicenseModel": { "target": "com.amazonaws.rds#String", "traits": { - "smithy.api#documentation": "The license model information for the restored DB instance.
\nLicense models for RDS for Db2 require additional configuration. The Bring Your\n Own License (BYOL) model requires a custom parameter group. The Db2 license through\n Amazon Web Services Marketplace model requires an Amazon Web Services Marketplace subscription. For more\n information, see RDS for Db2 licensing\n options in the Amazon RDS User Guide.
\nThis setting doesn't apply to Amazon Aurora or RDS Custom DB instances.
\nValid Values:
\nRDS for Db2 - bring-your-own-license | marketplace-license\n
RDS for MariaDB - general-public-license\n
RDS for Microsoft SQL Server - license-included\n
RDS for MySQL - general-public-license\n
RDS for Oracle - bring-your-own-license | license-included\n
RDS for PostgreSQL - postgresql-license\n
Default: Same as the source.
" + "smithy.api#documentation": "The license model information for the restored DB instance.
\nLicense models for RDS for Db2 require additional configuration. The Bring Your\n Own License (BYOL) model requires a custom parameter group and an Amazon Web Services License Manager self-managed license. The Db2 license through\n Amazon Web Services Marketplace model requires an Amazon Web Services Marketplace subscription. For more\n information, see Amazon RDS for Db2 licensing\n options in the Amazon RDS User Guide.
\nThis setting doesn't apply to Amazon Aurora or RDS Custom DB instances.
\nValid Values:
\nRDS for Db2 - bring-your-own-license | marketplace-license\n
RDS for MariaDB - general-public-license\n
RDS for Microsoft SQL Server - license-included\n
RDS for MySQL - general-public-license\n
RDS for Oracle - bring-your-own-license | license-included\n
RDS for PostgreSQL - postgresql-license\n
Default: Same as the source.
" } }, "DBName": { diff --git a/codegen/sdk-codegen/aws-models/ssm.json b/codegen/sdk-codegen/aws-models/ssm.json index 892e047223a..1e1a78ef1ee 100644 --- a/codegen/sdk-codegen/aws-models/ssm.json +++ b/codegen/sdk-codegen/aws-models/ssm.json @@ -3193,7 +3193,7 @@ "Values": { "target": "com.amazonaws.ssm#AttachmentsSourceValues", "traits": { - "smithy.api#documentation": "The value of a key-value pair that identifies the location of an attachment to a document.\n The format for Value depends on the type of key you\n specify.
\nFor the key SourceUrl, the value is an S3 bucket location. For\n example:
\n\n \"Values\": [ \"s3://doc-example-bucket/my-folder\" ]\n
For the key S3FileUrl, the value is a file in an S3 bucket. For\n example:
\n\n \"Values\": [ \"s3://doc-example-bucket/my-folder/my-file.py\" ]\n
For the key AttachmentReference, the value is constructed from the\n name of another SSM document in your account, a version number of that document, and a file\n attached to that document version that you want to reuse. For example:
\n\n \"Values\": [ \"MyOtherDocument/3/my-other-file.py\" ]\n
However, if the SSM document is shared with you from another account, the full SSM\n document ARN must be specified instead of the document name only. For example:
\n\n \"Values\": [\n \"arn:aws:ssm:us-east-2:111122223333:document/OtherAccountDocument/3/their-file.py\"\n ]\n
The value of a key-value pair that identifies the location of an attachment to a document.\n The format for Value depends on the type of key you\n specify.
\nFor the key SourceUrl, the value is an S3 bucket location. For\n example:
\n\n \"Values\": [ \"s3://amzn-s3-demo-bucket/my-prefix\" ]\n
For the key S3FileUrl, the value is a file in an S3 bucket. For\n example:
\n\n \"Values\": [ \"s3://amzn-s3-demo-bucket/my-prefix/my-file.py\" ]\n
For the key AttachmentReference, the value is constructed from the\n name of another SSM document in your account, a version number of that document, and a file\n attached to that document version that you want to reuse. For example:
\n\n \"Values\": [ \"MyOtherDocument/3/my-other-file.py\" ]\n
However, if the SSM document is shared with you from another account, the full SSM\n document ARN must be specified instead of the document name only. For example:
\n\n \"Values\": [\n \"arn:aws:ssm:us-east-2:111122223333:document/OtherAccountDocument/3/their-file.py\"\n ]\n
The CloudWatch alarm that was invoked by the automation.
" } }, + "TargetLocationsURL": { + "target": "com.amazonaws.ssm#TargetLocationsURL", + "traits": { + "smithy.api#documentation": "A publicly accessible URL for a file that contains the TargetLocations body.\n Currently, only files in presigned Amazon S3 buckets are supported
Use this filter with DescribeAutomationExecutions. Specify either Local or\n CrossAccount. CrossAccount is an Automation that runs in multiple Amazon Web Services Regions and\n Amazon Web Services accounts. For more information, see Running Automation workflows in multiple Amazon Web Services Regions and accounts in the\n Amazon Web Services Systems Manager User Guide.
" + "smithy.api#documentation": "Use this filter with DescribeAutomationExecutions. Specify either Local or\n CrossAccount. CrossAccount is an Automation that runs in multiple Amazon Web Services Regions and\n Amazon Web Services accounts. For more information, see Running automations in multiple Amazon Web Services Regions and accounts in the\n Amazon Web Services Systems Manager User Guide.
" } }, "AlarmConfiguration": { @@ -3852,6 +3858,12 @@ "smithy.api#documentation": "The CloudWatch alarm that was invoked by the automation.
" } }, + "TargetLocationsURL": { + "target": "com.amazonaws.ssm#TargetLocationsURL", + "traits": { + "smithy.api#documentation": "A publicly accessible URL for a file that contains the TargetLocations body.\n Currently, only files in presigned Amazon S3 buckets are supported
A list of explicitly approved patches for the baseline.
\nFor information about accepted formats for lists of approved patches and rejected patches,\n see About\n package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
" + "smithy.api#documentation": "A list of explicitly approved patches for the baseline.
\nFor information about accepted formats for lists of approved patches and rejected patches,\n see Package\n name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
" } }, "ApprovedPatchesComplianceLevel": { @@ -4191,7 +4203,7 @@ "RejectedPatches": { "target": "com.amazonaws.ssm#PatchIdList", "traits": { - "smithy.api#documentation": "A list of explicitly rejected patches for the baseline.
\nFor information about accepted formats for lists of approved patches and rejected patches,\n see About\n package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
" + "smithy.api#documentation": "A list of explicitly rejected patches for the baseline.
\nFor information about accepted formats for lists of approved patches and rejected patches,\n see Package\n name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
" } }, "RejectedPatchesAction": { @@ -4635,7 +4647,7 @@ "value": { "target": "com.amazonaws.ssm#CommandFilterValue", "traits": { - "smithy.api#documentation": "The filter value. Valid values for each filter key are as follows:
\n\n InvokedAfter: Specify a timestamp to limit your results.\n For example, specify 2021-07-07T00:00:00Z to see a list of command executions\n occurring July 7, 2021, and later.
\n InvokedBefore: Specify a timestamp to limit your results.\n For example, specify 2021-07-07T00:00:00Z to see a list of command executions from\n before July 7, 2021.
\n Status: Specify a valid command status to see a list of\n all command executions with that status. The status choices depend on the API you call.
\nThe status values you can specify for ListCommands are:
\n Pending\n
\n InProgress\n
\n Success\n
\n Cancelled\n
\n Failed\n
\n TimedOut (this includes both Delivery and Execution time outs)
\n AccessDenied\n
\n DeliveryTimedOut\n
\n ExecutionTimedOut\n
\n Incomplete\n
\n NoInstancesInTag\n
\n LimitExceeded\n
The status values you can specify for ListCommandInvocations are:
\n Pending\n
\n InProgress\n
\n Delayed\n
\n Success\n
\n Cancelled\n
\n Failed\n
\n TimedOut (this includes both Delivery and Execution time outs)
\n AccessDenied\n
\n DeliveryTimedOut\n
\n ExecutionTimedOut\n
\n Undeliverable\n
\n InvalidPlatform\n
\n Terminated\n
\n DocumentName: Specify name of the Amazon Web Services Systems Manager document (SSM\n document) for which you want to see command execution results. For example, specify\n AWS-RunPatchBaseline to see command executions that used this SSM document to\n perform security patching operations on managed nodes.
\n ExecutionStage: Specify one of the following values\n (ListCommands operations only):
\n Executing: Returns a list of command executions that are currently still\n running.
\n Complete: Returns a list of command executions that have already completed.\n
The filter value. Valid values for each filter key are as follows:
\n\n InvokedAfter: Specify a timestamp to limit your results.\n For example, specify 2024-07-07T00:00:00Z to see a list of command executions\n occurring July 7, 2021, and later.
\n InvokedBefore: Specify a timestamp to limit your results.\n For example, specify 2024-07-07T00:00:00Z to see a list of command executions from\n before July 7, 2021.
\n Status: Specify a valid command status to see a list of\n all command executions with that status. The status choices depend on the API you call.
\nThe status values you can specify for ListCommands are:
\n Pending\n
\n InProgress\n
\n Success\n
\n Cancelled\n
\n Failed\n
\n TimedOut (this includes both Delivery and Execution time outs)
\n AccessDenied\n
\n DeliveryTimedOut\n
\n ExecutionTimedOut\n
\n Incomplete\n
\n NoInstancesInTag\n
\n LimitExceeded\n
The status values you can specify for ListCommandInvocations are:
\n Pending\n
\n InProgress\n
\n Delayed\n
\n Success\n
\n Cancelled\n
\n Failed\n
\n TimedOut (this includes both Delivery and Execution time outs)
\n AccessDenied\n
\n DeliveryTimedOut\n
\n ExecutionTimedOut\n
\n Undeliverable\n
\n InvalidPlatform\n
\n Terminated\n
\n DocumentName: Specify name of the Amazon Web Services Systems Manager document (SSM\n document) for which you want to see command execution results. For example, specify\n AWS-RunPatchBaseline to see command executions that used this SSM document to\n perform security patching operations on managed nodes.
\n ExecutionStage: Specify one of the following values\n (ListCommands operations only):
\n Executing: Returns a list of command executions that are currently still\n running.
\n Complete: Returns a list of command executions that have already completed.\n
The S3 bucket where the responses to the command executions should be stored. This was\n requested when issuing the command. For example, in the following response:
\n\n doc-example-bucket/ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix/i-02573cafcfEXAMPLE/awsrunShellScript\n
\n doc-example-bucket is the name of the S3 bucket;
\n ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix is the name of the S3 prefix;
\n i-02573cafcfEXAMPLE is the managed node ID;
\n awsrunShellScript is the name of the plugin.
The S3 bucket where the responses to the command executions should be stored. This was\n requested when issuing the command. For example, in the following response:
\n\n amzn-s3-demo-bucket/my-prefix/i-02573cafcfEXAMPLE/awsrunShellScript\n
\n amzn-s3-demo-bucket is the name of the S3 bucket;
\n my-prefix is the name of the S3 prefix;
\n i-02573cafcfEXAMPLE is the managed node ID;
\n awsrunShellScript is the name of the plugin.
The S3 directory path inside the bucket where the responses to the command executions should\n be stored. This was requested when issuing the command. For example, in the following\n response:
\n\n doc-example-bucket/ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix/i-02573cafcfEXAMPLE/awsrunShellScript\n
\n doc-example-bucket is the name of the S3 bucket;
\n ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix is the name of the S3 prefix;
\n i-02573cafcfEXAMPLE is the managed node ID;
\n awsrunShellScript is the name of the plugin.
The S3 directory path inside the bucket where the responses to the command executions should\n be stored. This was requested when issuing the command. For example, in the following\n response:
\n\n amzn-s3-demo-bucket/my-prefix/i-02573cafcfEXAMPLE/awsrunShellScript\n
\n amzn-s3-demo-bucket is the name of the S3 bucket;
\n my-prefix is the name of the S3 prefix;
\n i-02573cafcfEXAMPLE is the managed node ID;
\n awsrunShellScript is the name of the plugin.
Generates an activation code and activation ID you can use to register your on-premises\n servers, edge devices, or virtual machine (VM) with Amazon Web Services Systems Manager. Registering these machines with\n Systems Manager makes it possible to manage them using Systems Manager capabilities. You use the activation code and\n ID when installing SSM Agent on machines in your hybrid environment. For more information about\n requirements for managing on-premises machines using Systems Manager, see Setting up\n Amazon Web Services Systems Manager for hybrid and multicloud environments in the\n Amazon Web Services Systems Manager User Guide.
\nAmazon Elastic Compute Cloud (Amazon EC2) instances, edge devices, and on-premises servers and VMs that are\n configured for Systems Manager are all called managed nodes.
\nGenerates an activation code and activation ID you can use to register your on-premises\n servers, edge devices, or virtual machine (VM) with Amazon Web Services Systems Manager. Registering these machines with\n Systems Manager makes it possible to manage them using Systems Manager capabilities. You use the activation code and\n ID when installing SSM Agent on machines in your hybrid environment. For more information about\n requirements for managing on-premises machines using Systems Manager, see Using Amazon Web Services Systems Manager in\n hybrid and multicloud environments in the Amazon Web Services Systems Manager User Guide.
\nAmazon Elastic Compute Cloud (Amazon EC2) instances, edge devices, and on-premises servers and VMs that are\n configured for Systems Manager are all called managed nodes.
\nThe name of the Identity and Access Management (IAM) role that you want to assign to\n the managed node. This IAM role must provide AssumeRole permissions for the\n Amazon Web Services Systems Manager service principal ssm.amazonaws.com. For more information, see Create an\n IAM service role for a hybrid and multicloud environment in the\n Amazon Web Services Systems Manager User Guide.
You can't specify an IAM service-linked role for this parameter. You must\n create a unique role.
\nThe name of the Identity and Access Management (IAM) role that you want to assign to\n the managed node. This IAM role must provide AssumeRole permissions for the\n Amazon Web Services Systems Manager service principal ssm.amazonaws.com. For more information, see Create the IAM service role required for Systems Manager in a hybrid and multicloud\n environments in the Amazon Web Services Systems Manager User Guide.
You can't specify an IAM service-linked role for this parameter. You must\n create a unique role.
\nThe date by which this activation request should expire, in timestamp format, such as\n \"2021-07-07T00:00:00\". You can specify a date up to 30 days in advance. If you don't provide an\n expiration date, the activation code expires in 24 hours.
" + "smithy.api#documentation": "The date by which this activation request should expire, in timestamp format, such as\n \"2024-07-07T00:00:00\". You can specify a date up to 30 days in advance. If you don't provide an\n expiration date, the activation code expires in 24 hours.
" } }, "Tags": { @@ -6025,7 +6037,7 @@ "Targets": { "target": "com.amazonaws.ssm#Targets", "traits": { - "smithy.api#documentation": "The targets for the association. You can target managed nodes by using tags, Amazon Web Services resource\n groups, all managed nodes in an Amazon Web Services account, or individual managed node IDs. You can target all\n managed nodes in an Amazon Web Services account by specifying the InstanceIds key with a value of\n *. For more information about choosing targets for an association, see About targets and rate controls in State Manager associations in the\n Amazon Web Services Systems Manager User Guide.
The targets for the association. You can target managed nodes by using tags, Amazon Web Services resource\n groups, all managed nodes in an Amazon Web Services account, or individual managed node IDs. You can target all\n managed nodes in an Amazon Web Services account by specifying the InstanceIds key with a value of\n *. For more information about choosing targets for an association, see Understanding targets and rate controls in State Manager associations in the\n Amazon Web Services Systems Manager User Guide.
Creates a Amazon Web Services Systems Manager (SSM document). An SSM document defines the actions that Systems Manager performs\n on your managed nodes. For more information about SSM documents, including information about\n supported schemas, features, and syntax, see Amazon Web Services Systems Manager Documents in the\n Amazon Web Services Systems Manager User Guide.
" + "smithy.api#documentation": "Creates a Amazon Web Services Systems Manager (SSM document). An SSM document defines the actions that Systems Manager performs\n on your managed nodes. For more information about SSM documents, including information about\n supported schemas, features, and syntax, see Amazon Web Services Systems Manager Documents in the\n Amazon Web Services Systems Manager User Guide.
" } }, "com.amazonaws.ssm#CreateDocumentRequest": { @@ -6662,7 +6674,7 @@ "ApprovedPatches": { "target": "com.amazonaws.ssm#PatchIdList", "traits": { - "smithy.api#documentation": "A list of explicitly approved patches for the baseline.
\nFor information about accepted formats for lists of approved patches and rejected patches,\n see About\n package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
" + "smithy.api#documentation": "A list of explicitly approved patches for the baseline.
\nFor information about accepted formats for lists of approved patches and rejected patches,\n see Package\n name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
" } }, "ApprovedPatchesComplianceLevel": { @@ -6681,7 +6693,7 @@ "RejectedPatches": { "target": "com.amazonaws.ssm#PatchIdList", "traits": { - "smithy.api#documentation": "A list of explicitly rejected patches for the baseline.
\nFor information about accepted formats for lists of approved patches and rejected patches,\n see About\n package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
" + "smithy.api#documentation": "A list of explicitly rejected patches for the baseline.
\nFor information about accepted formats for lists of approved patches and rejected patches,\n see Package\n name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
" } }, "RejectedPatchesAction": { @@ -6757,7 +6769,7 @@ } ], "traits": { - "smithy.api#documentation": "A resource data sync helps you view data from multiple sources in a single location.\n Amazon Web Services Systems Manager offers two types of resource data sync: SyncToDestination and\n SyncFromSource.
You can configure Systems Manager Inventory to use the SyncToDestination type to\n synchronize Inventory data from multiple Amazon Web Services Regions to a single Amazon Simple Storage Service (Amazon S3) bucket. For more information, see Configuring resource data\n sync for Inventory in the Amazon Web Services Systems Manager User Guide.
You can configure Systems Manager Explorer to use the SyncFromSource type to synchronize\n operational work items (OpsItems) and operational data (OpsData) from multiple Amazon Web Services Regions to a\n single Amazon S3 bucket. This type can synchronize OpsItems and OpsData from multiple\n Amazon Web Services accounts and Amazon Web Services Regions or EntireOrganization by using Organizations. For more\n information, see Setting up Systems Manager\n Explorer to display data from multiple accounts and Regions in the\n Amazon Web Services Systems Manager User Guide.
A resource data sync is an asynchronous operation that returns immediately. After a\n successful initial sync is completed, the system continuously syncs data. To check the status of\n a sync, use the ListResourceDataSync.
\nBy default, data isn't encrypted in Amazon S3. We strongly recommend that you\n enable encryption in Amazon S3 to ensure secure data storage. We also recommend that you\n secure access to the Amazon S3 bucket by creating a restrictive bucket policy.
\nA resource data sync helps you view data from multiple sources in a single location.\n Amazon Web Services Systems Manager offers two types of resource data sync: SyncToDestination and\n SyncFromSource.
You can configure Systems Manager Inventory to use the SyncToDestination type to\n synchronize Inventory data from multiple Amazon Web Services Regions to a single Amazon Simple Storage Service (Amazon S3) bucket. For more information, see Creatinga a\n resource data sync for Inventory in the Amazon Web Services Systems Manager User Guide.
You can configure Systems Manager Explorer to use the SyncFromSource type to synchronize\n operational work items (OpsItems) and operational data (OpsData) from multiple Amazon Web Services Regions to a\n single Amazon S3 bucket. This type can synchronize OpsItems and OpsData from multiple\n Amazon Web Services accounts and Amazon Web Services Regions or EntireOrganization by using Organizations. For more\n information, see Setting up Systems Manager\n Explorer to display data from multiple accounts and Regions in the\n Amazon Web Services Systems Manager User Guide.
A resource data sync is an asynchronous operation that returns immediately. After a\n successful initial sync is completed, the system continuously syncs data. To check the status of\n a sync, use the ListResourceDataSync.
\nBy default, data isn't encrypted in Amazon S3. We strongly recommend that you\n enable encryption in Amazon S3 to ensure secure data storage. We also recommend that you\n secure access to the Amazon S3 bucket by creating a restrictive bucket policy.
\nA summary of the delete operation. For more information about this summary, see Understanding the delete inventory summary in the\n Amazon Web Services Systems Manager User Guide.
" + "smithy.api#documentation": "A summary of the delete operation. For more information about this summary, see Deleting custom inventory in the Amazon Web Services Systems Manager User Guide.
" } } }, @@ -9030,7 +9042,7 @@ "Filters": { "target": "com.amazonaws.ssm#PatchOrchestratorFilterList", "traits": { - "smithy.api#documentation": "Each element in the array is a structure containing a key-value pair.
\nSupported keys for DescribeInstancePatchesinclude the following:
\n \n Classification\n \n
Sample values: Security | SecurityUpdates\n
\n \n KBId\n \n
Sample values: KB4480056 | java-1.7.0-openjdk.x86_64\n
\n \n Severity\n \n
Sample values: Important | Medium | Low\n
\n \n State\n \n
Sample values: Installed | InstalledOther |\n InstalledPendingReboot\n
For lists of all State values, see Understanding\n patch compliance state values in the Amazon Web Services Systems Manager User Guide.
Each element in the array is a structure containing a key-value pair.
\nSupported keys for DescribeInstancePatchesinclude the following:
\n \n Classification\n \n
Sample values: Security | SecurityUpdates\n
\n \n KBId\n \n
Sample values: KB4480056 | java-1.7.0-openjdk.x86_64\n
\n \n Severity\n \n
Sample values: Important | Medium | Low\n
\n \n State\n \n
Sample values: Installed | InstalledOther |\n InstalledPendingReboot\n
For lists of all State values, see Patch compliance\n state values in the Amazon Web Services Systems Manager User Guide.
Each entry in the array is a structure containing:
\nKey. A string between 1 and 128 characters. Supported keys include\n ExecutedBefore and ExecutedAfter.
Values. An array of strings, each between 1 and 256 characters. Supported values are\n date/time strings in a valid ISO 8601 date/time format, such as\n 2021-11-04T05:00:00Z.
Each entry in the array is a structure containing:
\nKey. A string between 1 and 128 characters. Supported keys include\n ExecutedBefore and ExecutedAfter.
Values. An array of strings, each between 1 and 256 characters. Supported values are\n date/time strings in a valid ISO 8601 date/time format, such as\n 2024-11-04T05:00:00Z.
The Amazon Resource Name (ARN) of the IAM service role for\n Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a\n service role ARN, Systems Manager uses a service-linked role in your account. If no\n appropriate service-linked role for Systems Manager exists in your account, it is created when\n you run RegisterTaskWithMaintenanceWindow.
However, for an improved security posture, we strongly recommend creating a custom\n policy and custom service role for running your maintenance window tasks. The policy\n can be crafted to provide only the permissions needed for your particular\n maintenance window tasks. For more information, see Setting up maintenance windows in the in the\n Amazon Web Services Systems Manager User Guide.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the IAM service role for\n Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a\n service role ARN, Systems Manager uses a service-linked role in your account. If no\n appropriate service-linked role for Systems Manager exists in your account, it is created when\n you run RegisterTaskWithMaintenanceWindow.
However, for an improved security posture, we strongly recommend creating a custom\n policy and custom service role for running your maintenance window tasks. The policy\n can be crafted to provide only the permissions needed for your particular\n maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the\n Amazon Web Services Systems Manager User Guide.
" } }, "TaskType": { @@ -13845,7 +13879,7 @@ "Name": { "target": "com.amazonaws.ssm#PSParameterName", "traits": { - "smithy.api#documentation": "The name or Amazon Resource Name (ARN) of the parameter that you want to query. For\n parameters shared with you from another account, you must use the full ARN.
\nTo query by parameter label, use \"Name\": \"name:label\". To query by parameter\n version, use \"Name\": \"name:version\".
For more information about shared parameters, see Working with shared parameters in\n the Amazon Web Services Systems Manager User Guide.
", + "smithy.api#documentation": "The name or Amazon Resource Name (ARN) of the parameter that you want to query. For\n parameters shared with you from another account, you must use the full ARN.
\nTo query by parameter label, use \"Name\": \"name:label\". To query by parameter\n version, use \"Name\": \"name:version\".
For more information about shared parameters, see Working with\n shared parameters in the Amazon Web Services Systems Manager User Guide.
", "smithy.api#required": {} } }, @@ -14815,7 +14849,7 @@ "Name": { "target": "com.amazonaws.ssm#String", "traits": { - "smithy.api#documentation": "The name assigned to an on-premises server, edge device, or virtual machine (VM) when it is\n activated as a Systems Manager managed node. The name is specified as the DefaultInstanceName\n property using the CreateActivation command. It is applied to the managed node\n by specifying the Activation Code and Activation ID when you install SSM Agent on the node, as\n explained in Install SSM Agent for a\n hybrid and multicloud environment (Linux) and Install SSM Agent for a\n hybrid and multicloud environment (Windows). To retrieve the Name tag of an\n EC2 instance, use the Amazon EC2 DescribeInstances operation. For information, see DescribeInstances in the Amazon EC2 API Reference or describe-instances in the Amazon Web Services CLI Command Reference.
The name assigned to an on-premises server, edge device, or virtual machine (VM) when it is\n activated as a Systems Manager managed node. The name is specified as the DefaultInstanceName\n property using the CreateActivation command. It is applied to the managed node\n by specifying the Activation Code and Activation ID when you install SSM Agent on the node, as\n explained in How to\n install SSM Agent on hybrid Linux nodes and How to\n install SSM Agent on hybrid Windows Server nodes. To retrieve the Name tag\n of an EC2 instance, use the Amazon EC2 DescribeInstances operation. For information, see\n DescribeInstances in the Amazon EC2 API Reference or describe-instances in the Amazon Web Services CLI Command Reference.
An https URL or an Amazon Simple Storage Service (Amazon S3) path-style URL to a list of\n patches to be installed. This patch installation list, which you maintain in an S3 bucket in YAML\n format and specify in the SSM document AWS-RunPatchBaseline, overrides the patches\n specified by the default patch baseline.
For more information about the InstallOverrideList parameter, see About the\n AWS-RunPatchBaseline SSM document\n in the\n Amazon Web Services Systems Manager User Guide.
An https URL or an Amazon Simple Storage Service (Amazon S3) path-style URL to a list of\n patches to be installed. This patch installation list, which you maintain in an S3 bucket in YAML\n format and specify in the SSM document AWS-RunPatchBaseline, overrides the patches\n specified by the default patch baseline.
For more information about the InstallOverrideList parameter, see SSM Command\n document for patching: AWS-RunPatchBaseline\n in the\n Amazon Web Services Systems Manager User Guide.
Information about the delete operation. For more information about this summary, see Understanding the delete inventory summary in the\n Amazon Web Services Systems Manager User Guide.
" + "smithy.api#documentation": "Information about the delete operation. For more information about this summary, see Understanding the delete inventory summary in the\n Amazon Web Services Systems Manager User Guide.
" } }, "LastStatusUpdateTime": { @@ -16775,7 +16809,7 @@ "Type": { "target": "com.amazonaws.ssm#InventoryQueryOperatorType", "traits": { - "smithy.api#documentation": "The type of filter.
\nThe Exists filter must be used with aggregators. For more information, see\n Aggregating inventory\n data in the Amazon Web Services Systems Manager User Guide.
The type of filter.
\nThe Exists filter must be used with aggregators. For more information, see\n Aggregating inventory data in the Amazon Web Services Systems Manager User Guide.
The Amazon Resource Name (ARN) of the IAM service role for\n Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a\n service role ARN, Systems Manager uses a service-linked role in your account. If no\n appropriate service-linked role for Systems Manager exists in your account, it is created when\n you run RegisterTaskWithMaintenanceWindow.
However, for an improved security posture, we strongly recommend creating a custom\n policy and custom service role for running your maintenance window tasks. The policy\n can be crafted to provide only the permissions needed for your particular\n maintenance window tasks. For more information, see Setting up maintenance windows in the in the\n Amazon Web Services Systems Manager User Guide.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the IAM service role for\n Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a\n service role ARN, Systems Manager uses a service-linked role in your account. If no\n appropriate service-linked role for Systems Manager exists in your account, it is created when\n you run RegisterTaskWithMaintenanceWindow.
However, for an improved security posture, we strongly recommend creating a custom\n policy and custom service role for running your maintenance window tasks. The policy\n can be crafted to provide only the permissions needed for your particular\n maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the\n Amazon Web Services Systems Manager User Guide.
" } }, "TimeoutSeconds": { @@ -19710,7 +19744,7 @@ "ServiceRoleArn": { "target": "com.amazonaws.ssm#ServiceRole", "traits": { - "smithy.api#documentation": "The Amazon Resource Name (ARN) of the IAM service role for\n Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a\n service role ARN, Systems Manager uses a service-linked role in your account. If no\n appropriate service-linked role for Systems Manager exists in your account, it is created when\n you run RegisterTaskWithMaintenanceWindow.
However, for an improved security posture, we strongly recommend creating a custom\n policy and custom service role for running your maintenance window tasks. The policy\n can be crafted to provide only the permissions needed for your particular\n maintenance window tasks. For more information, see Setting up maintenance windows in the in the\n Amazon Web Services Systems Manager User Guide.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the IAM service role for\n Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a\n service role ARN, Systems Manager uses a service-linked role in your account. If no\n appropriate service-linked role for Systems Manager exists in your account, it is created when\n you run RegisterTaskWithMaintenanceWindow.
However, for an improved security posture, we strongly recommend creating a custom\n policy and custom service role for running your maintenance window tasks. The policy\n can be crafted to provide only the permissions needed for your particular\n maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the\n Amazon Web Services Systems Manager User Guide.
" } }, "MaxConcurrency": { @@ -20790,7 +20824,7 @@ "Status": { "target": "com.amazonaws.ssm#OpsItemStatus", "traits": { - "smithy.api#documentation": "The OpsItem status. Status can be Open, In Progress, or\n Resolved. For more information, see Editing OpsItem details in the Amazon Web Services Systems Manager User Guide.
The OpsItem status. For more information, see Editing OpsItem details in the Amazon Web Services Systems Manager User Guide.
" } }, "OpsItemId": { @@ -21922,7 +21956,7 @@ "Status": { "target": "com.amazonaws.ssm#OpsItemStatus", "traits": { - "smithy.api#documentation": "The OpsItem status. Status can be Open, In Progress, or\n Resolved.
The OpsItem status.
" } }, "OpsItemId": { @@ -23343,7 +23377,7 @@ "State": { "target": "com.amazonaws.ssm#PatchComplianceDataState", "traits": { - "smithy.api#documentation": "The state of the patch on the managed node, such as INSTALLED or FAILED.
\nFor descriptions of each patch state, see About patch compliance in the Amazon Web Services Systems Manager User Guide.
", + "smithy.api#documentation": "The state of the patch on the managed node, such as INSTALLED or FAILED.
\nFor descriptions of each patch state, see About\n patch compliance in the Amazon Web Services Systems Manager User Guide.
", "smithy.api#required": {} } }, @@ -23997,13 +24031,13 @@ "target": "com.amazonaws.ssm#ApproveAfterDays", "traits": { "smithy.api#default": null, - "smithy.api#documentation": "The number of days after the release date of each patch matched by the rule that the patch\n is marked as approved in the patch baseline. For example, a value of 7 means that\n patches are approved seven days after they are released.
This parameter is marked as not required, but your request must include a value\n for either ApproveAfterDays or ApproveUntilDate.
Not supported for Debian Server or Ubuntu Server.
" + "smithy.api#documentation": "The number of days after the release date of each patch matched by the rule that the patch\n is marked as approved in the patch baseline. For example, a value of 7 means that\n patches are approved seven days after they are released.
This parameter is marked as Required: No, but your request must include a value\n for either ApproveAfterDays or ApproveUntilDate.
Not supported for Debian Server or Ubuntu Server.
\nUse caution when setting this value for Windows Server patch baselines. Because patch\n updates that are replaced by later updates are removed, setting too broad a value for this\n parameter can result in crucial patches not being installed. For more information, see the\n Windows Server tab in the topic How security\n patches are selected in the Amazon Web Services Systems Manager User Guide.
\nThe cutoff date for auto approval of released patches. Any patches released on or before\n this date are installed automatically.
\nEnter dates in the format YYYY-MM-DD. For example,\n 2021-12-31.
This parameter is marked as not required, but your request must include a value\n for either ApproveUntilDate or ApproveAfterDays.
Not supported for Debian Server or Ubuntu Server.
" + "smithy.api#documentation": "The cutoff date for auto approval of released patches. Any patches released on or before\n this date are installed automatically.
\nEnter dates in the format YYYY-MM-DD. For example,\n 2024-12-31.
This parameter is marked as Required: No, but your request must include a value\n for either ApproveUntilDate or ApproveAfterDays.
Not supported for Debian Server or Ubuntu Server.
\nUse caution when setting this value for Windows Server patch baselines. Because patch\n updates that are replaced by later updates are removed, setting too broad a value for this\n parameter can result in crucial patches not being installed. For more information, see the\n Windows Server tab in the topic How security\n patches are selected in the Amazon Web Services Systems Manager User Guide.
\nThe Amazon Resource Name (ARN) of the IAM service role for\n Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a\n service role ARN, Systems Manager uses a service-linked role in your account. If no\n appropriate service-linked role for Systems Manager exists in your account, it is created when\n you run RegisterTaskWithMaintenanceWindow.
However, for an improved security posture, we strongly recommend creating a custom\n policy and custom service role for running your maintenance window tasks. The policy\n can be crafted to provide only the permissions needed for your particular\n maintenance window tasks. For more information, see Setting up maintenance windows in the in the\n Amazon Web Services Systems Manager User Guide.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the IAM service role for\n Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a\n service role ARN, Systems Manager uses a service-linked role in your account. If no\n appropriate service-linked role for Systems Manager exists in your account, it is created when\n you run RegisterTaskWithMaintenanceWindow.
However, for an improved security posture, we strongly recommend creating a custom\n policy and custom service role for running your maintenance window tasks. The policy\n can be crafted to provide only the permissions needed for your particular\n maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the\n Amazon Web Services Systems Manager User Guide.
" } }, "TaskType": { @@ -27005,7 +27039,7 @@ "value": { "target": "com.amazonaws.ssm#SessionFilterValue", "traits": { - "smithy.api#documentation": "The filter value. Valid values for each filter key are as follows:
\nInvokedAfter: Specify a timestamp to limit your results. For example, specify\n 2018-08-29T00:00:00Z to see sessions that started August 29, 2018, and later.
\nInvokedBefore: Specify a timestamp to limit your results. For example, specify\n 2018-08-29T00:00:00Z to see sessions that started before August 29, 2018.
\nTarget: Specify a managed node to which session connections have been made.
\nOwner: Specify an Amazon Web Services user to see a list of sessions started by that user.
\nStatus: Specify a valid session status to see a list of all sessions with that status.\n Status values you can specify include:
\nConnected
\nConnecting
\nDisconnected
\nTerminated
\nTerminating
\nFailed
\nSessionId: Specify a session ID to return details about the session.
\nThe filter value. Valid values for each filter key are as follows:
\nInvokedAfter: Specify a timestamp to limit your results. For example, specify\n 2024-08-29T00:00:00Z to see sessions that started August 29, 2024, and later.
\nInvokedBefore: Specify a timestamp to limit your results. For example, specify\n 2024-08-29T00:00:00Z to see sessions that started before August 29, 2024.
\nTarget: Specify a managed node to which session connections have been made.
\nOwner: Specify an Amazon Web Services user to see a list of sessions started by that user.
\nStatus: Specify a valid session status to see a list of all sessions with that status.\n Status values you can specify include:
\nConnected
\nConnecting
\nDisconnected
\nTerminated
\nTerminating
\nFailed
\nSessionId: Specify a session ID to return details about the session.
\nA key-value mapping to target resources. Required if you specify TargetParameterName.
" + "smithy.api#documentation": "A key-value mapping to target resources. Required if you specify TargetParameterName.
\nIf both this parameter and the TargetLocation:Targets parameter are supplied,\n TargetLocation:Targets takes precedence.
The maximum number of targets allowed to run this task in parallel. You can specify a\n number, such as 10, or a percentage, such as 10%. The default value is 10.
The maximum number of targets allowed to run this task in parallel. You can specify a\n number, such as 10, or a percentage, such as 10%. The default value is 10.
If both this parameter and the TargetLocation:TargetsMaxConcurrency are\n supplied, TargetLocation:TargetsMaxConcurrency takes precedence.
The number of errors that are allowed before the system stops running the automation on\n additional targets. You can specify either an absolute number of errors, for example 10, or a\n percentage of the target set, for example 10%. If you specify 3, for example, the system stops\n running the automation when the fourth error is received. If you specify 0, then the system stops\n running the automation on additional targets after the first error result is returned. If you run\n an automation on 50 resources and set max-errors to 10%, then the system stops running the\n automation on additional targets when the sixth error is received.
\nExecutions that are already running an automation when max-errors is reached are allowed to\n complete, but some of these executions may fail as well. If you need to ensure that there won't\n be more than max-errors failed executions, set max-concurrency to 1 so the executions proceed one\n at a time.
" + "smithy.api#documentation": "The number of errors that are allowed before the system stops running the automation on\n additional targets. You can specify either an absolute number of errors, for example 10, or a\n percentage of the target set, for example 10%. If you specify 3, for example, the system stops\n running the automation when the fourth error is received. If you specify 0, then the system stops\n running the automation on additional targets after the first error result is returned. If you run\n an automation on 50 resources and set max-errors to 10%, then the system stops running the\n automation on additional targets when the sixth error is received.
\nExecutions that are already running an automation when max-errors is reached are allowed to\n complete, but some of these executions may fail as well. If you need to ensure that there won't\n be more than max-errors failed executions, set max-concurrency to 1 so the executions proceed one\n at a time.
\nIf this parameter and the TargetLocation:TargetsMaxErrors parameter are both\n supplied, TargetLocation:TargetsMaxErrors takes precedence.
A location is a combination of Amazon Web Services Regions and/or Amazon Web Services accounts where you want to run the\n automation. Use this operation to start an automation in multiple Amazon Web Services Regions and multiple\n Amazon Web Services accounts. For more information, see Running Automation workflows in multiple Amazon Web Services Regions and Amazon Web Services accounts in the\n Amazon Web Services Systems Manager User Guide.
" + "smithy.api#documentation": "A location is a combination of Amazon Web Services Regions and/or Amazon Web Services accounts where you want to run the\n automation. Use this operation to start an automation in multiple Amazon Web Services Regions and multiple\n Amazon Web Services accounts. For more information, see Running automations in multiple Amazon Web Services Regions and accounts in the\n Amazon Web Services Systems Manager User Guide.
" } }, "Tags": { @@ -27575,6 +27609,12 @@ "traits": { "smithy.api#documentation": "The CloudWatch alarm you want to apply to your automation.
" } + }, + "TargetLocationsURL": { + "target": "com.amazonaws.ssm#TargetLocationsURL", + "traits": { + "smithy.api#documentation": "Specify a publicly accessible URL for a file that contains the TargetLocations\n body. Currently, only files in presigned Amazon S3 buckets are supported.
Indicates whether to include child organizational units (OUs) that are children of the\n targeted OUs. The default is false.
Amazon Web Services accounts or organizational units to exclude as expanded targets.
" + } + }, + "Targets": { + "target": "com.amazonaws.ssm#Targets", + "traits": { + "smithy.api#documentation": "A list of key-value mappings to target resources. If you specify values for this data type,\n you must also specify a value for TargetParameterName.
This Targets parameter takes precedence over the\n StartAutomationExecution:Targets parameter if both are supplied.
The maximum number of targets allowed to run this task in parallel. This\n TargetsMaxConcurrency takes precedence over the\n StartAutomationExecution:MaxConcurrency parameter if both are supplied.
The maximum number of errors that are allowed before the system stops running the automation\n on additional targets. This TargetsMaxErrors parameter takes precedence over the\n StartAutomationExecution:MaxErrors parameter if both are supplied.
The specified target managed node for the session isn't fully configured for use with Session Manager.\n For more information, see Getting started with\n Session Manager in the Amazon Web Services Systems Manager User Guide. This error is also returned if you\n attempt to start a session on a managed node that is located in a different account or\n Region
", + "smithy.api#documentation": "The specified target managed node for the session isn't fully configured for use with Session Manager.\n For more information, see Setting up\n Session Manager in the Amazon Web Services Systems Manager User Guide. This error is also returned if you\n attempt to start a session on a managed node that is located in a different account or\n Region
", "smithy.api#error": "client" } }, @@ -29686,7 +29763,7 @@ "ServiceRoleArn": { "target": "com.amazonaws.ssm#ServiceRole", "traits": { - "smithy.api#documentation": "The Amazon Resource Name (ARN) of the IAM service role for\n Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a\n service role ARN, Systems Manager uses a service-linked role in your account. If no\n appropriate service-linked role for Systems Manager exists in your account, it is created when\n you run RegisterTaskWithMaintenanceWindow.
However, for an improved security posture, we strongly recommend creating a custom\n policy and custom service role for running your maintenance window tasks. The policy\n can be crafted to provide only the permissions needed for your particular\n maintenance window tasks. For more information, see Setting up maintenance windows in the in the\n Amazon Web Services Systems Manager User Guide.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the IAM service role for\n Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a\n service role ARN, Systems Manager uses a service-linked role in your account. If no\n appropriate service-linked role for Systems Manager exists in your account, it is created when\n you run RegisterTaskWithMaintenanceWindow.
However, for an improved security posture, we strongly recommend creating a custom\n policy and custom service role for running your maintenance window tasks. The policy\n can be crafted to provide only the permissions needed for your particular\n maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the\n Amazon Web Services Systems Manager User Guide.
" } }, "TaskParameters": { @@ -29792,7 +29869,7 @@ "ServiceRoleArn": { "target": "com.amazonaws.ssm#ServiceRole", "traits": { - "smithy.api#documentation": "The Amazon Resource Name (ARN) of the IAM service role for\n Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a\n service role ARN, Systems Manager uses a service-linked role in your account. If no\n appropriate service-linked role for Systems Manager exists in your account, it is created when\n you run RegisterTaskWithMaintenanceWindow.
However, for an improved security posture, we strongly recommend creating a custom\n policy and custom service role for running your maintenance window tasks. The policy\n can be crafted to provide only the permissions needed for your particular\n maintenance window tasks. For more information, see Setting up maintenance windows in the in the\n Amazon Web Services Systems Manager User Guide.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the IAM service role for\n Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a\n service role ARN, Systems Manager uses a service-linked role in your account. If no\n appropriate service-linked role for Systems Manager exists in your account, it is created when\n you run RegisterTaskWithMaintenanceWindow.
However, for an improved security posture, we strongly recommend creating a custom\n policy and custom service role for running your maintenance window tasks. The policy\n can be crafted to provide only the permissions needed for your particular\n maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the\n Amazon Web Services Systems Manager User Guide.
" } }, "TaskParameters": { @@ -29894,7 +29971,7 @@ "IamRole": { "target": "com.amazonaws.ssm#IamRole", "traits": { - "smithy.api#documentation": "The name of the Identity and Access Management (IAM) role that you want to assign to\n the managed node. This IAM role must provide AssumeRole permissions for the\n Amazon Web Services Systems Manager service principal ssm.amazonaws.com. For more information, see Create an\n IAM service role for a hybrid and multicloud environment in the\n Amazon Web Services Systems Manager User Guide.
You can't specify an IAM service-linked role for this parameter. You must\n create a unique role.
\nThe name of the Identity and Access Management (IAM) role that you want to assign to\n the managed node. This IAM role must provide AssumeRole permissions for the\n Amazon Web Services Systems Manager service principal ssm.amazonaws.com. For more information, see Create the IAM service role required for Systems Manager in hybrid and multicloud\n environments in the Amazon Web Services Systems Manager User Guide.
You can't specify an IAM service-linked role for this parameter. You must\n create a unique role.
\nThe OpsItem status. Status can be Open, In Progress, or\n Resolved. For more information, see Editing OpsItem details in the Amazon Web Services Systems Manager User Guide.
The OpsItem status. For more information, see Editing OpsItem details in the Amazon Web Services Systems Manager User Guide.
" } }, "OpsItemId": { @@ -30178,7 +30255,7 @@ "ApprovedPatches": { "target": "com.amazonaws.ssm#PatchIdList", "traits": { - "smithy.api#documentation": "A list of explicitly approved patches for the baseline.
\nFor information about accepted formats for lists of approved patches and rejected patches,\n see About\n package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
" + "smithy.api#documentation": "A list of explicitly approved patches for the baseline.
\nFor information about accepted formats for lists of approved patches and rejected patches,\n see Package\n name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
" } }, "ApprovedPatchesComplianceLevel": { @@ -30197,7 +30274,7 @@ "RejectedPatches": { "target": "com.amazonaws.ssm#PatchIdList", "traits": { - "smithy.api#documentation": "A list of explicitly rejected patches for the baseline.
\nFor information about accepted formats for lists of approved patches and rejected patches,\n see About\n package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
" + "smithy.api#documentation": "A list of explicitly rejected patches for the baseline.
\nFor information about accepted formats for lists of approved patches and rejected patches,\n see Package\n name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
" } }, "RejectedPatchesAction": {